![[JHG]](../JHGlogo.png)
Linux Laptop – Fedora
2018/11/24
Linux Laptop – Fedora
Test the default installation of a popular Linux distribution, in this case, Fedora 28 (32bit).
I have been installing Linux since 1995. I have been formally trained in UNIX administration. I have developed all sorts of installation and usage habits which are of no interest to ordinary people who might be tempted to install Linux. The install instructions for my regular computers show all sorts of customizations I like to do.
I want to know how easy it is for an ordinary mortal to install Linux. I will do a standard installation. I will customize only if something important is missing. I will not use vi.1 I will use the editor nano if absolutely necessary, but I will use easily located graphical administration tools whenever possible.
The OS is Fedora 28 (32bit), downloaded from Fedora’s website, 2018/08/31 The installation was on 2018/09/02.
This document is copyright © 2018 by Howard Gibson. You may post this on web pages and bulletin boards free of charge. All other rights are reserved.
GNU/Linux is Free Software. Your computer should not be encumbered by copyrights and Digital Rights Management (DRM). Proprietary software publishers are trying so hard to prevent unathorized copying that they can prevent you from installing and using copies you purchased, and are authorized to use. Also, if you cannot run the application you used to create your data, you don’t own your data!
GNU/Linux is not hard to install on most computers. The latest “bleeding edge” video and sound cards may give you trouble. If you are buying a new computer, you should do some research on the hardware. If your computer is older, GNU/Linux should have all the drivers you need. You need to research GNU/Linux support on printers and scanners. Not everything works.
A basic GNU/Linux install will include some very good graphics programs, particularly GIMP, a good substitute for Adobe Photoshop. Just about every programming tool is available for GNU/Linux, except for the proprietary Microsoft ones like Visual Basic and C#.
GNU/Linux can run efficiently on older, slower computers, because you can select smaller, faster user interfaces and applications. Install the window managers XFCE and LXDE. Libre Office is a credible alternative to Microsoft Office because it is just about as bloated as Microsoft Office. Try the word processor AbiWord, and the spreadsheet Gnumeric. You could learn to use LaTeX, whose files are edited with a text editor.2
GNU/Linux is less capable at video games and multimedia. There are lots of Free Software computer games out there, but the best stuff is commercial and proprietary. Few publishers support GNU/Linux.
The big problem with GNU/Linux and multi-media is ideological. Most media formats are proprietary. GNU and Linux are the work of Free Software people, who are reluctant to support proprietary formats. If you spend an hour or so surfing GNU.org, you will understand who you are dealing with. The GNU “Copyleft” really is a copyright. All copyrights are supported by the Free Software community.
GNU/Linux can be made to support multi-media. I watch YouTube and Netflix on my GNU/Linux box. I can watch most commercial DVDs. Don’t expect the Free Software community to knock itself out to help you.
For more information on the thinking behind Free Software, just follow the links. You can get support for most media formats. Just search Google for Linux multi-media support.
Fedora 28 (32bit) is installed fairly easily by ordinary people. The install software was not absolutely stable. I had to restart the install a couple of times. If it acts weird, exit and start again. Definitely, Ubuntu is more stable and user-friendly.
The machine will have fairly well configured user accounts, and a working firewall. There are some nasty UNIX tricks that will improve security, but these are not absolutely necessary.
Fedora’s default install creates a separate /home partition. This is where your data will be stored. This data can be preserved when you re-install GNU/Linux. This is very good.
Fedora’s default behaviour is to create user folders accessible only to the users. This makes no sense to me. If you are a family or a working group, you want to see each other’s stuff. You can fix this, but it is one more administration step. I prefer Ubuntu’s behaviour on this.
Download install ISO images from the internet. These can be burned to DVDs, or copied to USB sticks. New computers generally do not have DVDs or Blue-rays. There are instructions on the internet for creating bootable USB sticks from ISO files.
If you are interested in Linux, buy one of the books. You get documentation, and you support the community. David Clinton’s and Christopher Negus’ Ubuntu Bible continues to be updated as of 2021. I cannot find a Linux Bible or a Fedora Bible less than ten years old. I have not seen these in a book store lately. They can be ordered online. Make sure you are buying something recent. There are lots of older books for sale.
If you are buying a new hard drive for an old computer, you need to read the following carefully.
New computers are being shipped with GPT formatted hard drives, and motherboards that can use them. GPT is a more advanced disk format. Among other things, it allows many more primary partitions. The old MBR format3 only allows four. For my Fedora 26 install onto my new hard drive, this was a very nasty surprise. My Gigabyte GA-990FXA-UD3 Version 1.1, motherboard4 did not work with my new hard drive, a Western Digital WD2003FZEX-0. The installed system showed the boot screens, then “Loading Operating System ...”, then it stopped. After a week of futile hacking, I bought a new 2TB hard drive, and now everything works! the WD drive now is my /archive drive. It works. I just cannot boot from it.
If you are installing Linux on an old clunker computer and an old drive, you should have no problems. If you are installing Linux on a new computer with a new, GPT capable motherboard and GPT formatted drive, you should have no problems. The fun starts when you replace the hard drive on your old clunker.
If you are buying a new hard drive for your old computer, ask questions at the store. My non-functional drives were from Western Digital. My functional drive is from Seagate.
A crude rule of thumb is that if your “new” machine is working with whatever operating system you have, your Linux install will work.
This is a Lenovo Thinkpad T400. I purchased it second hand at Laptops for Less, at 3358 Lakeshore Blvd, in Etobicoke, Ontario.
The machine has a double density DVD burner, an Ethernet connection, and three USB ports.
Lenovo Thinkpad Model 6475GZ5, Serial Number R8-GEFYN 09/11
Intel Core 2 Duo CPU P8400 2.26GHz
It came with 4GB, in the form of two 2048MB DDR3 SD-RAM.
ATA HDD0: Hitachi HTS723216L9SA60-(S1) listed at 160GB.
ATAPI CD0: Matshita DVD-RAM UJ862A-(S2)
Intel HD graphics with up to 1.6 GB of shared video memory. This supports an external monitor 1920x1200 16 million colours.
14.1” 1280x800, and 16 million colours
Realtek codec ALC269 with 2-channel High-Definition (HD) audio
Protocols & Specifications: ITU V.90, Max Transfer Rate: 56.0Kbps, Features: V.92 upgradable.
This is a “soft” modem requiring drivers, as opposed to a hardware modem that just works. Linux drivers probably are available, but they are not Free Software. When was the last time you used a modem?
I have gotten these modems working way back in the distant past.
Laptop keyboard with touch-pad and nipple. Cool! Also, there are two sets of mouse buttons. The buttons near the nipple include a middle button. With the X Windows System graphical user interface, this is very good indeed.
Oh oh!
1.3 megapixels with digital microphone. This camera has an LED that goes on when the camera is running.
Gnome comes with something called cheese to operate webcams.
I have tried running cheese remotely, using another computer as the display. It could not find a device. This is good. We do not want the webcam running remotely.
Recent articles in the news show that webcams and impressionable young girls are a bad combination. I don’t have a young girl, impressionable or otherwise, so there is no problem for me. I will refrain from taking my clothes off when asked. I promise!
Facebook is being blamed for recent teen suicides. Facebook does not have a live “please take your clothes off” feature. I suspect that the real culprit is Skype, which is available for Linux.
Like all other web-enabled devices, the webcam in your daughter’s bedroom will be inaccessible to the internet if it does not exist. My newer Lenovo laptop does not have a webcam.
Integrated 10/100 Ethernet LAN
Atheros XSPAN BGN (802.11BGN) wireless
Bluetooth V2.1 technology
Wireless: 802.11 a/b/g/n (draft), Bluetooth 2.0, Network Interface: Gigabit Ethernet
6-cell Lithium ion
I have replaced this with a higher capacity battery, which give me a lifespan of around four and a half hours.
ExpressCard/54
I have replaced this machine with a newer, faster laptop. This now is a play toy.
Newer machines all are 64 bit. Linux is a good way to extend the functional life of older machines. Google Chrome is available for Linux in 64 bit, only.
I will treat this as a user’s primary computer. The machine must have email and web surfing tools, as well as a Microsoft Windows compatible office suite. The ability to read and to save files in Microsoft DOCX, XLSX and PPTX is necessary.5
The user may have a family, and they may want to create extra accounts.
Programming is not necessary, but I will look at this as an option.
This machine is a laptop. I expect it to be transported out of the home, and connected to the internet in coffee shops, and in schools and colleges.6 Even if the machine is kept at home, it may be plugged directly into an internet modem. Wireless routers act as firewalls, but not everybody has one. We will activate and test the firewall.
If your laptop gets stolen, the best thing you can have is an encrypted hard drive. The bad guy will have your hardware, but your data will not be accessible. An encrypted installation is not necessary for a desktop or server that stays at home, but this is a laptop.
Linux installers break the hard drive up into separate partitions.
There are two important issues with partitioning. I assume you plan to use your computer for a fairly long time. Eventually, you will want to re-install Linux to get a more advanced version, or perhaps, a different distribution.
You need a root partition large enough to hold the newer version of the OS.
You do not want to harm your /home partition. This is where all of your data will be stored.
Fedora’s default behaviour is to create an extended partition with a root (/), and a /home partition. This means that we can replace the operating system on root, leaving all your working data on /home intact.
There are two ways to administer UNIX/Linux. You can have a root account, or you can use sudo.
Historically, UNIX type systems are installed with a super user account called root. This account has complete write access to everything on the computer. This is dangerous. Good practise is not use this account for anything other than system administration. When you are logged in as a regular user, your ability to damage your system is drastically reduced.
When you open any sort of UNIX/Linux terminal or shell, you are prompted by a text string ending in a dollar sign, $.7
When you log in as root, the prompt changes to a pound sign, #, also called a hash sign in the computer world. This is a sign of danger. The hash sign says you are root, and that you can trash the system if you are not careful.
An alternate approach for all this is to not have a root account. A group of users are designated as administrators. To issue a root command, they go…
$ sudo nano /etc/group
The system prompts for the user password. The resulting increased access continues for several minutes.
This is used on MacOS, Ubuntu and now, Fedora. I would prefer to keep the root account. When I am logged in as root, I can see the hash sign, and I know there is a threat. On a single user machine, like mine, sudo makes administration easier, and reduces the number of strong passwords I need to track. This may be one of those six of one, half dozen other issues.
The files you download from the distribution websites are ISO files. These are used to create potable DVDs or USB sticks. I find DVDs easier to manage. If your machine lacks a DVD reader, you will have to search the internet to find out how to install an ISO image onto your USB stick. The ISO for Ubuntu 16.04.5, 32bit, is 1.6GB. Any cheap old USB stick will work. If your computer will not boot from USB, you will have to pick up a USB DVD reader.
This document is written mostly with the text editor vim, a version of vi. This is an extremely efficient and productive editor once you learn it, especially if you are a touch typist, like me. It is especially efficient with large documents, since you can navigate by doing the text seaches through the command line. It is the text editor of UNIX and Linux geeks everywhere. Unfortunately, it is mindbogglingly not user friendly.
Linux newbies need to try something else. You need a text editor that runs in a terminal session. You don’t always have the X Window System running when you do administration.
The text editor nano, is available and strongly recommended. You navigate around the text file using the arrow keys, just like you think it should. It has a CTRL key menu at the bottom of the screen.
When you are told to edit configuration files, use nano.
I mean to do a wireless installation. Plugging into your wired network is faster and way more reliable, but sometimes, you have to do wireless.
You may have to go into your BIOS and select the boot device with your OS on it.
Insert the DVD or USB stick, and boot the machine.
You have the following options…
Start Fedora-Workstation-Live 28
This this media & Start Fedora-Workstation-Live 28
Troubleshooting
Let’s test the media and start Fedora. The test takes a while, and the boot takes a while longer.
The system boots up into a graphical screen with a window entitled “Welcome to Fedora”. From here you have two options Try Fedora, and Install to Hard Drive. Click on Install.
While the installation program loads, connect to the network.
Click on “Applications” at the top left hand side of your computer screen.
There should be a stack of buttons running down the left hand side of your screen. Click on the bottom one, “Show Applications”.
Locate and click on [Settings].
Click on [Wi-Fi], and select a network.
If you not immediately prompted for a key, click on the sort of wheel/light icon next to your network. When the configuration window comes up, select the “Security” tab.8
Type in your security key.
Click [Apply].
We are now in the first installation window, still titles “Welcome to Fedora”. You have a list of languages to use during the installation. Select one and hit [Continue].
You are now in the “INSTALLATION SUMMARY” window.
| LOCALIZATION | |
| KEYBOARD | TIME & DATE |
| English (US) | America/New York timezone |
| SYSTEM | |
| INSTALLATION DESTINATION | |
| Automatic partitioning selected | |
My keyboard is English (US), so that is okay. Click on “TIME & DATE”.
Click on the map somewhere close to where you live, in my case, Toronto. Click [Done].
Click on “INSTALLATION DESTINATION”
Make sure your hard drive is selected. There should be a check mark on it.
Under “Storage Configuration” you have the choices of Automatic, Custom, and Advanced Custom (Blivet-GUI). Select Automatic, and I would like to make additional disk space available.
Look at the “Encryption” button. See my remarks below on Encryption . If your machine is a laptop and exposed to theft, you should encrypt it. If you have a desktop that stays in a nice, safe computer room, you don’t want to encrypt it. I am setting up a laptop, so I am encrypting.
Click [Done] at the top of the screen.
Since I am encrypting, I get the “DISK ENCRYPTION PASSPHRASE” window. Type in your passphrase, Read my Encryption notes again :).
The “RECLAIM DISK SPACE” window comes up. Click [Delete All], the click [Reclaim Space].
In a few seconds, the error triangle on “INSTALLATION DESTINATION” goes away, and you are ready to start installing. At this point, nothing on your computer has been touched. You can remove the Fedora DVD and reboot back into the old operating system.
Click [Begin Installation]
When the installation is finished, the progress slide will show “Complete”. Hit [Quit] at the bottom right, to get out of the installer.9
Pull down the top right hand menu and click on the power-off icon to reboot. You may have to power your machine off and on again.
Older versions of Fedora ask for a root password and a new user while you are installing.
On your first boot, you get a “Welcome” window. Nothing else shows. You might as well hit [Next].
On the “Privacy” window, you can select or deselect Location Services, and Automatic Problem Reporting. I left these on. You don’t need to.
The “Online Accounts” window comes up. I can connect to my Google, Nextcloud, Microsoft and Facebook accounts. I am puzzled about this, since we have not yet set up a user. I hit [Skip].
“About You” comes up. You must enter your full name and your user name. Don’t bother with [Enterprise Login]. Just hit [Next].
“Password”. Enter one.
The system now is ready for you to login.
I am showing you here how the disk drive got partitioned. There is no need for you to do this.
The following output was done immediately after installing Linux, Note how I use sudo to get into fdisk. This command can wipe out everything on your hard drive, so use it with extreme caution. Here, I read the partition table, then I exited without saving anything. I see no reason why an ordinary user should run fdisk.10
Fedora has separated the /home partition from root. This is good. Fedora has allowed around 51GB for /, and around 97GB for /home.
In a bit!
Gnome 3 shows a blank screen with a title bar across the top. On the left hand side of the screen, you see the word “Activities”. Click on this.
You should see a stack of icons down the left hand side of the screen.
A Firefox logo – web browser
An envelope – Evolution (emai)
A speaker – Rhythmbox
A file cabinet – it says “Files”.
A shopping bag – Software
An array of nine dots – “Show Applications”.
On the right hand side of the screen, you should see the right hand edge of two screens. You can select select these and scatter your running applications between multiple virtual windows.
On any machine not located behind a firewall, this is absolutely critical.
I cannot find a Firewall icon. I clicked “Activities” at the top left hand of the screen. I typed firewall in the “Type to search...” window. This brought up a Firewall install window. I installed the graphical configuration tool by clicking [Install]. After it installed, I clicked [Launch].
Under “Zones”, I selected “external”. I went down through Services, Ports, Protocols and Source Ports, and I made sure everything was turned off. The only thing turned on was ssh, the secure remote shell. I turned this off.11 Next to “Configuration” at the top, pull down the button and select [Permanent].
Ubuntu automatically connects to your Ethernet and WiFi networks.
Operating system and desktop developers try hard to make adminstration tasks work from graphic users interfaces (GUIs). The time comes when you must open a terminal and deal with the command line.
On a Gnome desktop, there are two ways to open a terminal.
Hit Alt-Ctrl-F2. A GNU/Linux destop has seven terminals, numbered from 1 to 7. Typically, terminal 1 is your graphical desktop. Terminals 2 to 7 provide you with command line logins. For most distributions, Alt-Ctrl-F1 gets you back to the graphical window. Make sure you logged out of the terminal.
Click on “Activities”. Click on [Show Applications]. Search for a terminal. The terminal may be located under Utilities.
I have written a HOWTO on the UNIX/Linux command line.
Now that we have a terminal running, we need to do a couple of things. Fedora 28 does not include by default, the editor nano. Also, we want to upgrade your operating system, installation all the latest patches and such. nano
Open a terminal.
Install nano
$ sudo dnf -y install nano
$ sudo dnf -y update
Exit the terminal.
The program dnf is Red Hat’s (Fedora’s) package installer. The -y switch disables the “Are you sure” feature. The update takes a long time.
Let’s create some user accounts. You have sudo access. Your new users probably should not have this.
Click on “Activities” at the top left of the screen. In the “Type to search...” window, type users. You should see an icon for “Add or remove users and change your password”. Click on this.
The “Users” window should show of your user account. At the top right of the window, you should see an “Unlock” icon. Click on this. Type in your password to get system access.
At the top right, you should be the button [Add User...]. Click on this.
Type in the user name. Type in a password that is strong enough the system will accept it. Verify that the account type is [Standard]. Hit [Add] at the top right of the window.
I have tested it, but I assume that an [Administrator] user has sudo access.
Ubuntu’s default is to leave user accounts readable, but not writable, by the outside world. This is good. You can set more restrictive permissions on files and folders. Your email program probably will lock your email account so that only you, and people with administration access, can read it. Meanwhile, you all can share information.
The user configuration window allows you to attach pictures of your users, or your users to attach pictures of themselves. This is cute, and it is a security hole if your machine is exposed to jerks and assholes.
Open a file manager and try reading the folders of other users. These are found under /home. Fedora’s default behaviour is to allow user access only to folders. This is a pain of your users are co-workers, friends, or family members.
I tested Bluetooth. Just pull down the network icons at the top right of the screen, and select Bluetooth. It works!
You probably have one.
If your printer is plugged into your USB, Ubuntu will find it and configure it.12 This takes a while, so be patient. When I set up my Hewlett Packard HP Deskjet 6940, it claimed it was missing drivers. When I launched “Settings” from the left side buttons, I went “Devices”, and “Printer”, and I requested a test page, everything worked!
Click on the [Settings] icon on the left of the screen.
Click Devices.
Click Printers.
The window should indicate at this point that there are no printers. Click [Additional Printer Settings...].13
Click the Un-Lock icon. Enter your password at the prompt.
Hit [Add Printer].
Wait. It found my network printer!
Click on your printer. At this point, you should be able to open an application and print something.
Done!
Click on “Activities”, then click on the [Software]icon. Click [Let’s go shopping] Search through this for cool software packages to install. The GIMP (GNU Image Manipulation Program) is strongly recommend.
You can enable third party software. Some of this is not Free Software, as explained on GNU.org If you want to play proprietary sound and video formats, hit [Enable].
GNU/Linux is notoriously a good programmer’s environment. I did a search and I found make, gcc, perl and python. I did not find g++, GNU’s C++ compiler.
The original GNU text editor Emacs is not installed. If you are serious about programming, you want Emacs and C++.
Open a terminal .
$ sudo dnf -y install emacs gcc-g++
Fedora’s standard window manager is Gnome 3. There are other window managers out there that are worth looking at. I don’t like Gnome 3 very much. You may be installing Fedora as a way of making an older, slower machine continue working. Some other window managers are smaller, faster, and they behave enough like Microsoft Windows that you understand what they are doing.
When you login, you will see a little gear next to the [Sign In] button. Click on this, and you will see a list of desktops. Let’s add some. You will need to reboot to get these onto the login menu.
In all cases below, you need to open a terminal .
XFCE describes itself as a lightweight window manager. Locate and open a terminal…
$ sudo dnf -y install @xfce
When you log into this thing, look carefully at the top menu bar. You have four virtual windows you can click on. This way more convenient than Unity.
This is another lightweight window manager. Again, locate and open a terminal…
$ sudo dnf -y install lxde-common
On first login, the virtual windows are at the bottom left of the menu bar. Right click on it. The “Desktop Pager” is configurable.
There are other window managers available for Ubuntu. KDE is the other fancy, heavyweight manager. I run FVWM. You can Google all this stuff if you are interested.
It ain’t *NIX if there is no joke printed at the opening of each command shell.
If worst comes to worst, this is installable from a command line terminal, such as the Gnome terminal. Fedora 38 installs Fortune!
Red Hat (Fedora) | Debian (Ubuntu) |
$ sudo dnf -y install fortune-mod
I activated the fortune cookie by adding the following lines to the very bottom of /etc/profile
$ sudo nano /etc/profile
FORTUNE=/usr/bin/fortune
if [ -x ${FORTUNE} ]; then
${FORTUNE}
fi
| $ sudo apt -y install fortune-mod
I activated the fortune cookie by adding the following lines to the very bottom of /etc/profile
$ sudo nano /etc/profile
FORTUNE=/usr/games/fortune
if [ -x ${FORTUNE} ]; then
${FORTUNE}
fi
|
Make sure you scroll all the way to the bottom of /etc/profile before typing anything in.
The terminal that is launched by Gnome does not automatically run the Fortune Cookie. Pull down the edit menu. Select Preferences. Select Profiles. You should see highlighted a profile called “Unnamed”. Click the Edit button. Select Command. Ensure you have highlighted the button “Run command as a login shell”.
It will be worth it.
We now have a nice machine with separate user accounts, login security, and a firewall. This works fine on a home computer that sits behind a firewall. If your home computer is plugged directly into a DSL or cable modem, or you are using outside Wi-Fi, you can improve security. I have two issues that are fairly easily corrected.
Even with a fully configured firewall, Ubuntu, and other Linux boxes, respond to ping. The ping command tests network addresses to see if there is a computer there. If your machine does not respond to this, crackers14 will need some other way to find out you are there. You have made their lives more difficult.
The login window should not display user names. If a black-hat wants to try to login to your machine, they should have to guess the password and the user name.
Ping is a useful network debugging tool. If your computer sits behind a firewall, you should not disable this. If you are exposed to potentially hostile Wi-Fi, you may want to do the following.
To do this, we need to edit a configuration file. You must use sudo, and you must be very, very careful. You need to edit sysctl.conf, scrolling to the very bottom of the file to add this…
$ sudo nano /etc/sysctl.conf ################################################################### # Disable ping net.ipv4.icmp_echo_ignore_all=1
The standard Gnome/Unity login window shows a list of usernames, and it can display user photos and other graphics. This is fun and cute if the machine resides in a safe area. If it is exposed to unauthorized users, you may want to force them to guess user names.
I investigated, and found out how to turn off user display on GDM, which is what Ubuntu uses. This used to not be possible. I got the following from the help files on http://www.gnome.org.
This all is command line stuff, so you need sudo access, and you need to be very, very careful.
Create the GDM profile /etc/dconf/profile/gdm, with the following…
$ sudo nano /etc/dconf/profile/gdm
user-db:user
system-db:gdm
file-db:/usr/share/gdm/greeter-dconf-defaults
Create the directory /etc/dconf/db/gdm.d.
$ sudo mkdir /etc/dconf/db/gdm.d
Create the keyfile /etc/dconf/db/gdm.d/00-login-screen containing the following…
$ sudo nano /etc/dconf/db/gdm.d/00-login-screen
[org/gnome/login-screen]
# Do not show the user list
disable-user-list=true
Exit any applications you are running. When you restart GDM, you will be logged out.
Update the system databases, and restart GDM…
$ sudo dconf update
$ sudo systemctl restart gdm.service
Weird things can happen if you do not reboot at this point.
This works better if you give yourself a creative, hard to guess user name.
You need a strategy for backing up your hard drive.
I have had an administered, backed up hard drive since 1996. I was taking some college courses, and getting involved in a ski club in 1998. My emails and working files are still on my hard drive, although I used at least one commercial application I cannot get working at the moment.
The primary threat to my data has been me stupidly deleting things, sometimes realizing this months later. My primary hard drive has died on me. I lost no data.
At present, I have two backup devices on my primary computer, a 4 terabyte hard drive, and a Blue-ray burner. My automatic nightly backup is done to the 4TB drive. Periodically, I copy my latest backup to a double density Blue-ray disk, which has a capacity of 50GB. These are stored in my house, away from my computer. If I really wanted to be thorough, I could rent a safety deposit box at the bank, and store my backup Blue-rays there.
Optical disks, like Blue-rays, are disappearing off of new computers. I am concerned that it will become hard to find Blue-ray disks, especially the double density ones. I love Blue-rays because the individual disks are cheap, and suitable for single use. I have recovered data months after having deleted it.
The Blue-ray requires me to limit the disk space I use. My biggest directories are my digital photo directory, and my email, which is archived at least back to 1997. I archive my digital photos to DVD. I am not intensively doing graphical design, or engineering CAD.
The Cloud is an excellent resource for temporary sharing of information. As a long-term backup of information with security issues, it is risky. Ask yourself why such a service is provided free. Assume that data uploaded to a free server is being scanned. Can you say “data mining”? An NDA15 will be worthless when the owners of the server go out of business, and the bailiff sells their equipment to the highest bidder.
Consider how you store your backup media at home. If you are concerned about security, you should store your backups in a locked cabinet or a safe. Once your backup has been transported to another Linux machine, it is accessible to whoever has that root access.
You can encrypt your backups, but this makes it more difficult to do recoveries. I try to avoid compressing my backups, because this takes time, and it can introduce data errors.
I may have to switch to portable USB drives. Tape drives still are available, and they have huge capacity. The tapes do not appear to be particularly cheap.
Maybe you will need to do this.
I was having some problems with an install, and I decided to mount my USB stick. During the install routine, this is fairly easy. Hit ctrl+alt+f4. Log in as root. You should not need a password. Insert your USB stick. You will see a gibberish message on the screen with something like /dev/sdb. This is your USB device. You need to create a file system as a mount point, then mount your stick.
# mdkir /usb # mount /dev/sdb1 -o auto /usb
The mount command, above, specifies the device. Note that it is /dev/sdb1, not /dev/sdb. The -o auto tells Fedora to figure out the file system type. You could specify vfat, which probably is what it is, but why?
Now, you can copy files, or back up data. See my article on the UNIX Command Line.
Now, you need to get back to your installation window. On Fedora and Ubuntu, ctrl+alt+f1 should do it. Anything up to ctrl+alt+f7 will produce a terminal.
These are general comments about encrypted file systems. Most of these comments apply to Microsoft Windows and Apple machines, as well as Linux.
As of 2018/02/07, I have encrypted my entire hard drive. My original Fedora setup was an encrypted /home partition. When I attempted a Ubuntu install, it refused. If the /tmp and swap partitions are not encrypted, some of the naughty stuff on /home can be accessed. Fedora does not care about this, but Ubuntu has a point.
When I first encrypted a file system on Fedora 10 on an older laptop, I mistyped the encryption key. Upon booting, I was unable to decrypt /home. After repeated attempts, the machine shut down the X Window system and prompted me for root’s password. As root, there was no way to change the encryption key or otherwise, decrypt the file system. It was possible to boot into single user mode and log in as root. There was no way to mount the partition. I loaded in the install DVD and tried to repair the install. Again, I was prompted for the /home partition encryption key. It was impossible to re-install Linux without the encryption key.
I booted into single user mode, again without the install DVD. As root, I reformatted the /home partition. I rebooted with the install DVD, and I repeated the entire install process. It would have been possible to format and encrypt the /home partition from the command line, but I did not bother.
If you are running Fedora with an encrypted /home partition, it is not possible to boot the machine into multi-user mode without the encryption key. You can boot into single user mode, but this is just a rescue procedure, and whoever is doing it requires root’s password. No booting at all is possible with a fully encrypted drive, without the encryption key.
Once the machine is booted, anyone with a user password can access your system and read your data.
Anyone who must be able to boot your computer must be told the encryption key. This is not an issue with a personal laptop. It will be an issue on a server if the wrong people are on vacation, out at lunch and/or run over by trucks.
If you write the raw partition out to tape or some other device, the data will be encrypted. There is no convenient way to recover individual files from an encrypted backup. The backup media is unreadable without the encryption key.
If you write /home out to tape or some other device, the data will not be encrupted. If your backup is not encrypted, your backup media is readable by whoever can get at it. Almost all of my backup recoveries have consisted of me recovering individual files I have messed up somehow. If your data must be secure, you must keep your un-encrypted backups in a secure place.
Passwords and encryption keys16 are not the same thing. A password is stored on your drive somewhere, usually encrypted. When you log in, you are prompted for the password, and what you type in is encrypted and compared with the stored, encrypted password.17 You can easily change your password.
An encryption key is used to encrypt your data. If your encryption key is compromised, you must re-install the file system. Be very careful with your encryption key.
Shutting down a laptop such that it must be rebooted in the presence of potential hackers probably is a bad idea. If the laptop is being transported and operated outside a secure environment, it should be put to sleep, rather than shut down.
My old Acer Aspire had a bad keyboard. Often, it took multiple tries to type in the encryption key and get the thing booted. On at least one occasion, I had to give up on using the laptop. If hackers had been watching me, they would have had multiple opportunities to watch me type the key.
An encryption key is more secure if you are a touch typist, and you have a good keyboard.
Even an encrypted /home partition renders a laptop useless to anyone who does not have the key. A thief will be unable to boot the computer, much less read data off of it. If the bad guys have stolen your computer, they can remove your drive, install it in their machine, and hack your encryption key by brute force.
Encrypting a workstation or file server probably is not worth the trouble. Encryption really only works when the machine is shut down. Servers generally are kept running. There should be no need to move these machines out of a secure area. An encryption key must be written out and stored in a company safe, or some other secure area.