![[JHG]](../JHGlogo.png)
Linux Laptop – Ubuntu
2018/11/24
Linux Laptop – Ubuntu
Test the default installation of a popular Linux distribution, in this case, Ubuntu 16.04.5 (32bit).
I have been installing Linux since 1995. I have been formally trained in UNIX administration. I have developed all sorts of installation and usage habits which are of no interest to ordinary people who might be tempted to install Linux. The install instructions for my regular computers show all sorts of customizations I like to do.
I want to know how easy it is for an ordinary mortal to install Linux. I will do a standard installation. I will customize only if something important is missing. I will not use vi.1 I will use the editor nano if absolutely necessary, but I will use easily located graphical administration tools whenever possible.
The OS is Ubuntu 16.04.5 (32bit), downloaded from Ubuntu’s website, 2018/08/25 The installation was on 2018/08/26.
This document is copyright © 2018 by Howard Gibson. You may post this on web pages and bulletin boards free of charge. All other rights are reserved.
GNU/Linux is Free Software. Your computer should not be encumbered by copyrights and Digital Rights Management (DRM). Proprietary software publishers are trying so hard to prevent unathorized copying that they can prevent you from installing and using copies you purchased, and are authorized to use. Also, if you cannot run the application you used to create your data, you don’t own your data!
GNU/Linux is not hard to install on most computers. The latest “bleeding edge” video and sound cards may give you trouble. If you are buying a new computer, you should do some research on the hardware. If your computer is older, GNU/Linux should have all the drivers you need. You need to research GNU/Linux support on printers and scanners. Not everything works.
A basic GNU/Linux install will include some very good graphics programs, particularly GIMP, a good substitute for Adobe Photoshop. Just about every programming tool is available for GNU/Linux, except for the proprietary Microsoft ones like Visual Basic and C#.
GNU/Linux can run efficiently on older, slower computers, because you can select smaller, faster user interfaces and applications. Install the window managers XFCE and LXDE. Libre Office is a credible alternative to Microsoft Office because it is just about as bloated as Microsoft Office. Try the word processor AbiWord, and the spreadsheet Gnumeric. You could learn to use LaTeX, whose files are edited with a text editor.2
GNU/Linux is less capable at video games and multimedia. There are lots of Free Software computer games out there, but the best stuff is commercial and proprietary. Few publishers support GNU/Linux.
The big problem with GNU/Linux and multi-media is ideological. Most media formats are proprietary. GNU and Linux are the work of Free Software people, who are reluctant to support proprietary formats. If you spend an hour or so surfing GNU.org, you will understand who you are dealing with. The GNU “Copyleft” really is a copyright. All copyrights are supported by the Free Software community.
GNU/Linux can be made to support multi-media. I watch YouTube and Netflix on my GNU/Linux box. I can watch most commercial DVDs. Don’t expect the Free Software community to knock itself out to help you.
For more information on the thinking behind Free Software, just follow the links. You can get support for most media formats. Just search Google for Linux multi-media support.
A default new installation of Ubuntu took about an hour, and it was easy. The machine will have properly configured user accounts, and a working firewall. There are some nasty UNIX tricks that will improve security, but these are not absolutely necessary.
I downloaded and installed Ubuntu 16.04.5, but when I logged in the first time, it offered to upgrade to 18.04 ‘Bionic Beaver’.3 Great! With a 32 bit computer, you cannot download the latest version, but you can upgrade to it.4
Ubuntu’s default behaviour is to install a /boot primary partition, and a logical partition containing only a root partition. I strongly prefer a separate /home partition. This is where all the user’s working files are stored. The new Ubuntu user must plan a backup strategy to copy /home off the hard drive and onto some external media like an optical disk, or an external USB drive. See my notes below on Backups .
Ubuntu sets up user directories with read-write access for the user, and read access for everyone else. Fedora allows access of any kind only to the user. I strongly prefer Ubuntu’s approach. If you are setting your file systems up for a work group or for your family, you should trust everybody. Folders containing private stuff can be locked down by the users. Email tools generally keep non-users out of email folders.
Download install ISO images from the internet. These can be burned to DVDs, or copied to USB sticks. New computers generally do not have DVDs or Blue-rays. There are instructions on the internet for creating bootable USB sticks from ISO files.
If you are interested in Linux, buy one of the books. You get documentation, and you support the community. David Clinton’s and Christopher Negus’ Ubuntu Bible continues to be updated as of 2021. I cannot find a Linux Bible or a Fedora Bible less than ten years old. I have not seen these in a book store lately. They can be ordered online. Make sure you are buying something recent. There are lots of older books for sale.
If you are buying a new hard drive for an old computer, you need to read the following carefully.
New computers are being shipped with GPT formatted hard drives, and motherboards that can use them. GPT is a more advanced disk format. Among other things, it allows many more primary partitions. The old MBR format5 only allows four. For my Fedora 26 install onto my new hard drive, this was a very nasty surprise. My Gigabyte GA-990FXA-UD3 Version 1.1, motherboard6 did not work with my new hard drive, a Western Digital WD2003FZEX-0. The installed system showed the boot screens, then “Loading Operating System ...”, then it stopped. After a week of futile hacking, I bought a new 2TB hard drive, and now everything works! the WD drive now is my /archive drive. It works. I just cannot boot from it.
If you are installing Linux on an old clunker computer and an old drive, you should have no problems. If you are installing Linux on a new computer with a new, GPT capable motherboard and GPT formatted drive, you should have no problems. The fun starts when you replace the hard drive on your old clunker.
If you are buying a new hard drive for your old computer, ask questions at the store. My non-functional drives were from Western Digital. My functional drive is from Seagate.
A crude rule of thumb is that if your “new” machine is working with whatever operating system you have, your Linux install will work.
This is a Lenovo Thinkpad T400. I purchased it second hand at Laptops for Less, at 3358 Lakeshore Blvd, in Etobicoke, Ontario.
The machine has a double density DVD burner, an Ethernet connection, and three USB ports.
Lenovo Thinkpad Model 6475GZ5, Serial Number R8-GEFYN 09/11
Intel Core 2 Duo CPU P8400 2.26GHz
It came with 4GB, in the form of two 2048MB DDR3 SD-RAM.
ATA HDD0: Hitachi HTS723216L9SA60-(S1) listed at 160GB.
ATAPI CD0: Matshita DVD-RAM UJ862A-(S2)
Intel HD graphics with up to 1.6 GB of shared video memory. This supports an external monitor 1920x1200 16 million colours.
14.1” 1280x800, and 16 million colours
Realtek codec ALC269 with 2-channel High-Definition (HD) audio
Protocols & Specifications: ITU V.90, Max Transfer Rate: 56.0Kbps, Features: V.92 upgradable.
This is a “soft” modem requiring drivers, as opposed to a hardware modem that just works. Linux drivers probably are available, but they are not Free Software. When was the last time you used a modem?
I have gotten these modems working way back in the distant past.
Laptop keyboard with touch-pad and nipple. Cool! Also, there are two sets of mouse buttons. The buttons near the nipple include a middle button. With the X Windows System graphical user interface, this is very good indeed.
Oh oh!
1.3 megapixels with digital microphone. This camera has an LED that goes on when the camera is running.
Gnome comes with something called cheese to operate webcams.
I have tried running cheese remotely, using another computer as the display. It could not find a device. This is good. We do not want the webcam running remotely.
Recent articles in the news show that webcams and impressionable young girls are a bad combination. I don’t have a young girl, impressionable or otherwise, so there is no problem for me. I will refrain from taking my clothes off when asked. I promise!
Facebook is being blamed for recent teen suicides. Facebook does not have a live “please take your clothes off” feature. I suspect that the real culprit is Skype, which is available for Linux.
Like all other web-enabled devices, the webcam in your daughter’s bedroom will be inaccessible to the internet if it does not exist. My newer Lenovo laptop does not have a webcam.
Integrated 10/100 Ethernet LAN
Atheros XSPAN BGN (802.11BGN) wireless
Bluetooth V2.1 technology
Wireless: 802.11 a/b/g/n (draft), Bluetooth 2.0, Network Interface: Gigabit Ethernet
6-cell Lithium ion
I have replaced this with a higher capacity battery, which give me a lifespan of around four and a half hours.
ExpressCard/54
I have replaced this machine with a newer, faster laptop. This now is a play toy.
Newer machines all are 64 bit. Linux is a good way to extend the functional life of older machines. Google Chrome is available for Linux in 64 bit, only.
I will treat this as a user’s primary computer. The machine must have email and web surfing tools, as well as a Microsoft Windows compatible office suite. The ability to read and to save files in Microsoft DOCX, XLSX and PPTX is necessary.7
The user may have a family, and they may want to create extra accounts.
Programming is not necessary, but I will look at this as an option.
This machine is a laptop. I expect it to be transported out of the home, and connected to the internet in coffee shops, and in schools and colleges.8 Even if the machine is kept at home, it may be plugged directly into an internet modem. Wireless routers act as firewalls, but not everybody has one. We will activate and test the firewall.
If your laptop gets stolen, the best thing you can have is an encrypted hard drive. The bad guy will have your hardware, but your data will not be accessible. An encrypted installation is not necessary for a desktop or server that stays at home, but this is a laptop.
Linux installers break the hard drive up into separate partitions.
There are two important issues with partitioning. I assume you plan to use your computer for a fairly long time. Eventually, you will want to re-install Linux to get a more advanced version, or perhaps, a different distribution.
You need a root partition large enough to hold the newer version of the OS.
You do not want to harm your /home partition. This is where all of your data will be stored.
Ubuntu’s default behaviour is to create a primary partition called /boot, and an encrypted logical partition9 containing the root partition, only. There is no separate /home partition.
I am a Fedora guy. Fedora does not reliably upgrade to new versions. I prefer to blow away root and reinstall the new OS. Maybe Ubuntu is better at this. Maybe, someday, you will want to install a different Linux, like Fedora or Debian, or one of those GNU/Linuxes that are completely Free Software.
I will accept the standard Ubuntu single partition install. You need some means of copying /home onto some external media if you want to do a re-install.
There are two ways to administer UNIX/Linux. You can have a root account, or you can use sudo.
Historically, UNIX type systems are installed with a super user account called root. This account has complete write access to everything on the computer. This is dangerous. Good practise is not use this account for anything other than system administration. When you are logged in as a regular user, your ability to damage your system is drastically reduced.
When you open any sort of UNIX/Linux terminal or shell, you are prompted by a text string ending in a dollar sign, $.10
When you log in as root, the prompt changes to a pound sign, #, also called a hash sign in the computer world. This is a sign of danger. The hash sign says you are root, and that you can trash the system if you are not careful.
An alternate approach for all this is to not have a root account. A group of users are designated as administrators. To issue a root command, they go…
$ sudo nano /etc/group
The system prompts for the user password. The resulting increased access continues for several minutes.
This is used on MacOS, Ubuntu and now, Fedora. I would prefer to keep the root account. When I am logged in as root, I can see the hash sign, and I know there is a threat. On a single user machine, like mine, sudo makes administration easier, and reduces the number of strong passwords I need to track. This may be one of those six of one, half dozen other issues.
The files you download from the distribution websites are ISO files. These are used to create potable DVDs or USB sticks. I find DVDs easier to manage. If your machine lacks a DVD reader, you will have to search the internet to find out how to install an ISO image onto your USB stick. The ISO for Ubuntu 16.04.5, 32bit, is 1.6GB. Any cheap old USB stick will work. If your computer will not boot from USB, you will have to pick up a USB DVD reader.
This document is written mostly with the text editor vim, a version of vi. This is an extremely efficient and productive editor once you learn it, especially if you are a touch typist, like me. It is especially efficient with large documents, since you can navigate by doing the text seaches through the command line. It is the text editor of UNIX and Linux geeks everywhere. Unfortunately, it is mindbogglingly not user friendly.
Linux newbies need to try something else. You need a text editor that runs in a terminal session. You don’t always have the X Window System running when you do administration.
The text editor nano, is available and strongly recommended. You navigate around the text file using the arrow keys, just like you think it should. It has a CTRL key menu at the bottom of the screen.
When you are told to edit configuration files, use nano.
I mean to do a wireless installation. Plugging into your wired network is faster and way more reliable, but sometimes, you have to do wireless.
You may have to go into your BIOS and select the boot device with your OS on it.
Insert the DVD or USB stick, and boot the machine.
Wait.
Eventually, the GUI window11 comes up, and then the “Welcome” window appears. You can Try Ubuntu or you can Install Ubuntu. Let’s install it.
The “Wireless” window has come up. Select your local WiFi network and hit [Connect].
It worked! Hit [Continue] to get to the next window.
The “Preparing to install Ubuntu” window comes up. There are two choices here,
Download updates while installing Ubuntu,
Install third party software for graphics and Wi-Fi hardware Flash12 MP3 and other media.
The second choice will install all sorts of not-free software. If you want to be a strict Free Software person, you should not select this. Otherwise, select both.
The “Installation Type” screen comes up.
Erase disk and install Ubuntu.
Encrypt the new Ubuntu installation for security.
Use LVM with the new Ubuntu installation.
Something else
Let’s erase the disk, and encrypt the new installation. LVM turns on automatically.13 Don’t worry about this.
The Choose a security key window comes up. This is your hard drive encryption. Read carefully through my notes below under Encryption. Type in your encryption key. Hit [Install now].
You will be prompted asking if changes are to be written to disk. This is your last chance to not wipe everything out and replace it. Hit [Continue]. I did this at 4:40pm.
Now it is asking “Where are you?”. I clicked in the general vicinity of Toronto, Canada. This is what it recognized. Hit [Continue].
The “Keyboard layout” window came up. I left mine at English (US).
Now it wants to know “Who are you?”. Provide your name, pick a name for your computer, then select a password. Now how the installer rates your password. Definitely, require your password to log in. Hit [Continue].
A bunch of windows scroll by, telling you what is being installed. At some point there are notes above the progress bar that talk about “removing” stuff. This has to be the updates we have selected.
The installation completed at some time before 5:05pm. Remove the DVD, then turn your computer off. I had troubles rebooting.
When it reboots, you will be prompted to your encryption key.
I am showing you here how the disk drive got partitioned. There is no need for you to do this.
The following output was done immediately after installing Linux, Note how I use sudo to get into fdisk. This command can wipe out everything on your hard drive, so use it with extreme caution. Here, I read the partition table, then I exited without saving anything. I see no reason why an ordinary user should run fdisk.14
This Ubuntu machine is using Sudo. When you are prompted for an administration password, you type in your account password.
Ubuntu boots. I log in, and find myself in Unity, which is Ubuntu’s version of the Gnome window manager. The window shows a bunch of keyboard shortcuts, but this disappears when I try to do anything.
I see icons down the left hand side of the screen, starting with a file cabinet, and Firefox. I launched Firefox, and I determined that I am connected to my WiFi. Evidently, the WiFi key was saved during installation. Great!
A window has popped asking me if I want to upgrade to a newer version of Ubuntu. Okay. [Yes, upgrade now]. Type in your password. As of 2018/08/28, we are getting Ubuntu 18.04 ‘Bionic Beaver’. This could take a while.
The update program warned me that some packages will be removed, new packages will be installed, and a bunch will be upgraded. The download will take 27 minutes through my wireless connection, and the installation, several hours. Once the download is finished, the process cannot be cancelled. Hit [Start Upgrade]. I will do no configuration until this upgrade is complete. The upgrade process prompted me before it deleted the obsolete packages.
When I completed the upgrade and I logged in, it asked me to set up a Ubuntu account to do security upgrades. I did, and I have run Livepatch.
Unity shows icons down the left hand side of the screen below the word “Activities”. From the top down…
A file cabinet icon – file manager
Firefox – web browser
LibreOffice Writer
LibreOffice Calc
LibreOffice Impress
A briefcase – Ubuntu Software – install new software
A gear and wrench – Settings
Click on “Activities” and look over at the right hand side of the screen. The brings up Unity’s virtual windows. You can scatter your applications across multiple windows, and move from one to another by clicking on “Activities”.
At the bottom of the left hand screen is a 3 × 3 matrix of dots. This shows your available applications. You can show a small list of applications you run frequently, or you can show all of them.
On any machine not located behind a firewall, this is absolutely critical.
I cannot find a Firewall icon. I clicked “Activities” at the top left hand of the screen. I typed firewall in the “Type to search...” window. This brought up a Firewall install window. I installed the graphical configuration tool by clicking [Install]. After it installed, I clicked [Launch].
Under “Zones”, I selected “external”. I went down through Services, Ports, Protocols and Source Ports, and I made sure everything was turned off. The only thing turned on was ssh, the secure remote shell. I turned this off.15 Next to “Configuration” at the top, pull down the button and select [Permanent].
Ubuntu automatically connects to your Ethernet and WiFi networks.
Operating system and desktop developers try hard to make adminstration tasks work from graphic users interfaces (GUIs). The time comes when you must open a terminal and deal with the command line.
On a Gnome desktop, there are two ways to open a terminal.
Hit Alt-Ctrl-F2. A GNU/Linux destop has seven terminals, numbered from 1 to 7. Typically, terminal 1 is your graphical desktop. Terminals 2 to 7 provide you with command line logins. For most distributions, Alt-Ctrl-F1 gets you back to the graphical window. Make sure you logged out of the terminal.
Click on “Activities”. Click on [Show Applications]. Search for a terminal. The terminal may be located under Utilities.
I have written a HOWTO on the UNIX/Linux command line.
Let’s create some user accounts. You have sudo access. Your new users probably should not have this.
Click on “Activities” at the top left of the screen. In the “Type to search...” window, type users. You should see an icon for “Add or remove users and change your password”. Click on this.
The “Users” window should show of your user account. At the top right of the window, you should see an “Unlock” icon. Click on this. Type in your password to get system access.
At the top right, you should be the button [Add User...]. Click on this.
Type in the user name. Type in a password that is strong enough the system will accept it. Verify that the account type is [Standard]. Hit [Add] at the top right of the window.
I have tested it, but I assume that an [Administrator] user has sudo access.
Ubuntu’s default is to leave user accounts readable, but not writable, by the outside world. This is good. You can set more restrictive permissions on files and folders. Your email program probably will lock your email account so that only you, and people with administration access, can read it. Meanwhile, you all can share information.
The user configuration window allows you to attach pictures of your users, or your users to attach pictures of themselves. This is cute, and it is a security hole if your machine is exposed to jerks and assholes.
Open a file manager and try reading the folders of other users. These are found under /home. Ubuntu default behaviour is to allow read access to user folders. This makes sense to me. The other users either are co-workers, friends, or family members. A user can restrict access to folders if necessary. Email tools do this automatically.
I tested Bluetooth. Just pull down the network icons at the top right of the screen, and select Bluetooth. It works!
You probably have one.
If your printer is plugged into your USB, Ubuntu will find it and configure it.16 This takes a while, so be patient. When I set up my Hewlett Packard HP Deskjet 6940, it claimed it was missing drivers. When I launched “Settings” from the left side buttons, I went “Devices”, and “Printer”, and I requested a test page, everything worked!
Click on the [Settings] icon on the left of the screen.
Click Devices.
Click Printers.
The window should indicate at this point that there are no printers. Click [Additional Printer Settings...].17
The “Printers – localhost” window comes up. Hit [Add] in the middle. This gives us a selection of places to find a printer.
Expand “Network Printer”. You will be prompted for the administrator password. This revealed HP Deskjet 6940, my network printer!
I clicked on my printer.
I left “Connection” at the default HPLIP.
I clicked [Forward].
The system went searching for drivers. It found some.
When the “New Printer” window comes up, I recommend naming it lpr. This is the default Linux printer name, and all sorts of applications default to it. Hit [Apply].
Print a test page. If this works, you are done!
Click [Okay].
Click on the “Ubuntu Software” icon. Search through this for cool software packages to install. The GIMP (GNU Image Manipulation Program) is strongly recommend.
GNU/Linux is notoriously a good programmer’s environment. I did a search for make, gcc, g++, perl and python, and I found all of them.
The original GNU text editor Emacs is not installed. If you are serious about programming, you want this.
Open a Terminal .
$ sudo apt-get -y install emacs
Ubuntu’s standard window manager is Unity, a version of Gnome 3. There are other window managers out there that are worth looking at. I don’t like Gnome 3 very much. You may be installing Ubuntu as a way of making an older, slower machine continue working. Some other window managers are smaller, faster, and they behave enough like Microsoft Windows that you understand what they are doing.
When you login, you will see a little gear next to the [Sign In] button. Click on this, and you will see a list of desktops. Let’s add some. You will need to reboot to get these onto the login menu.
In all cases, you need to open a terminal .
XFCE describes itself as a lightweight window manager.
$ sudo apt-get -y install xfce4
When you log into this thing, look carefully at the top menu bar. You have four virtual windows you can click on. This way more convenient than Unity.
This is another lightweight window manager.
$ sudo apt-get -y install lxde
On first login, the virtual windows are at the bottom left of the menu bar. Right click on it. The “Desktop Pager” is configurable.
There are other window managers available for Ubuntu. KDE is the other fancy, heavyweight manager. I run FVWM. You can Google all this stuff if you are interested.
It ain’t *NIX if there is no joke printed at the opening of each command shell.
If worst comes to worst, this is installable from a command line terminal, such as the Gnome terminal. Fedora 38 installs Fortune!
Red Hat (Fedora) | Debian (Ubuntu) |
$ sudo dnf -y install fortune-mod
I activated the fortune cookie by adding the following lines to the very bottom of /etc/profile
$ sudo nano /etc/profile
FORTUNE=/usr/bin/fortune
if [ -x ${FORTUNE} ]; then
${FORTUNE}
fi
| $ sudo apt -y install fortune-mod
I activated the fortune cookie by adding the following lines to the very bottom of /etc/profile
$ sudo nano /etc/profile
FORTUNE=/usr/games/fortune
if [ -x ${FORTUNE} ]; then
${FORTUNE}
fi
|
Make sure you scroll all the way to the bottom of /etc/profile before typing anything in.
The terminal that is launched by Gnome does not automatically run the Fortune Cookie. Pull down the edit menu. Select Preferences. Select Profiles. You should see highlighted a profile called “Unnamed”. Click the Edit button. Select Command. Ensure you have highlighted the button “Run command as a login shell”.
It will be worth it.
We now have a nice machine with separate user accounts, login security, and a firewall. This works fine on a home computer that sits behind a firewall. If your home computer is plugged directly into a DSL or cable modem, or you are using outside Wi-Fi, you can improve security. I have two issues that are fairly easily corrected.
Even with a fully configured firewall, Ubuntu, and other Linux boxes, respond to ping. The ping command tests network addresses to see if there is a computer there. If your machine does not respond to this, crackers18 will need some other way to find out you are there. You have made their lives more difficult.
The login window should not display user names. If a black-hat wants to try to login to your machine, they should have to guess the password and the user name.
Ping is a useful network debugging tool. If your computer sits behind a firewall, you should not disable this. If you are exposed to potentially hostile Wi-Fi, you may want to do the following.
To do this, we need to edit a configuration file. You must use sudo, and you must be very, very careful. You need to edit sysctl.conf, scrolling to the very bottom of the file to add this…
$ sudo nano /etc/sysctl.conf ################################################################### # Disable ping net.ipv4.icmp_echo_ignore_all=1
The standard Gnome/Unity login window shows a list of usernames, and it can display user photos and other graphics. This is fun and cute if the machine resides in a safe area. If it is exposed to unauthorized users, you may want to force them to guess user names.
I investigated, and found out how to turn off user display on GDM, which is what Ubuntu uses. This used to not be possible. I got the following from the help files on http://www.gnome.org.
This all is command line stuff, so you need sudo access, and you need to be very, very careful.
Create the GDM profile /etc/dconf/profile/gdm, with the following…
$ sudo nano /etc/dconf/profile/gdm
user-db:user
system-db:gdm
file-db:/usr/share/gdm/greeter-dconf-defaults
Create the directory /etc/dconf/db/gdm.d.
$ sudo mkdir /etc/dconf/db/gdm.d
Create the keyfile /etc/dconf/db/gdm.d/00-login-screen containing the following…
$ sudo nano /etc/dconf/db/gdm.d/00-login-screen
[org/gnome/login-screen]
# Do not show the user list
disable-user-list=true
Exit any applications you are running. When you restart GDM, you will be logged out.
Update the system databases, and restart GDM…
$ sudo dconf update
$ sudo systemctl restart gdm.service
Weird things can happen if you do not reboot at this point.
This works better if you give yourself a creative, hard to guess user name.
You need a strategy for backing up your hard drive.
I have had an administered, backed up hard drive since 1996. I was taking some college courses, and getting involved in a ski club in 1998. My emails and working files are still on my hard drive, although I used at least one commercial application I cannot get working at the moment.
The primary threat to my data has been me stupidly deleting things, sometimes realizing this months later. My primary hard drive has died on me. I lost no data.
At present, I have two backup devices on my primary computer, a 4 terabyte hard drive, and a Blue-ray burner. My automatic nightly backup is done to the 4TB drive. Periodically, I copy my latest backup to a double density Blue-ray disk, which has a capacity of 50GB. These are stored in my house, away from my computer. If I really wanted to be thorough, I could rent a safety deposit box at the bank, and store my backup Blue-rays there.
Optical disks, like Blue-rays, are disappearing off of new computers. I am concerned that it will become hard to find Blue-ray disks, especially the double density ones. I love Blue-rays because the individual disks are cheap, and suitable for single use. I have recovered data months after having deleted it.
The Blue-ray requires me to limit the disk space I use. My biggest directories are my digital photo directory, and my email, which is archived at least back to 1997. I archive my digital photos to DVD. I am not intensively doing graphical design, or engineering CAD.
The Cloud is an excellent resource for temporary sharing of information. As a long-term backup of information with security issues, it is risky. Ask yourself why such a service is provided free. Assume that data uploaded to a free server is being scanned. Can you say “data mining”? An NDA19 will be worthless when the owners of the server go out of business, and the bailiff sells their equipment to the highest bidder.
Consider how you store your backup media at home. If you are concerned about security, you should store your backups in a locked cabinet or a safe. Once your backup has been transported to another Linux machine, it is accessible to whoever has that root access.
You can encrypt your backups, but this makes it more difficult to do recoveries. I try to avoid compressing my backups, because this takes time, and it can introduce data errors.
I may have to switch to portable USB drives. Tape drives still are available, and they have huge capacity. The tapes do not appear to be particularly cheap.
Maybe you will need to do this.
I was having some problems with an install, and I decided to mount my USB stick. During the install routine, this is fairly easy. Hit ctrl+alt+f4. Log in as root. You should not need a password. Insert your USB stick. You will see a gibberish message on the screen with something like /dev/sdb. This is your USB device. You need to create a file system as a mount point, then mount your stick.
# mdkir /usb # mount /dev/sdb1 -o auto /usb
The mount command, above, specifies the device. Note that it is /dev/sdb1, not /dev/sdb. The -o auto tells Fedora to figure out the file system type. You could specify vfat, which probably is what it is, but why?
Now, you can copy files, or back up data. See my article on the UNIX Command Line.
Now, you need to get back to your installation window. On Fedora and Ubuntu, ctrl+alt+f1 should do it. Anything up to ctrl+alt+f7 will produce a terminal.
These are general comments about encrypted file systems. Most of these comments apply to Microsoft Windows and Apple machines, as well as Linux.
As of 2018/02/07, I have encrypted my entire hard drive. My original Fedora setup was an encrypted /home partition. When I attempted a Ubuntu install, it refused. If the /tmp and swap partitions are not encrypted, some of the naughty stuff on /home can be accessed. Fedora does not care about this, but Ubuntu has a point.
When I first encrypted a file system on Fedora 10 on an older laptop, I mistyped the encryption key. Upon booting, I was unable to decrypt /home. After repeated attempts, the machine shut down the X Window system and prompted me for root’s password. As root, there was no way to change the encryption key or otherwise, decrypt the file system. It was possible to boot into single user mode and log in as root. There was no way to mount the partition. I loaded in the install DVD and tried to repair the install. Again, I was prompted for the /home partition encryption key. It was impossible to re-install Linux without the encryption key.
I booted into single user mode, again without the install DVD. As root, I reformatted the /home partition. I rebooted with the install DVD, and I repeated the entire install process. It would have been possible to format and encrypt the /home partition from the command line, but I did not bother.
If you are running Fedora with an encrypted /home partition, it is not possible to boot the machine into multi-user mode without the encryption key. You can boot into single user mode, but this is just a rescue procedure, and whoever is doing it requires root’s password. No booting at all is possible with a fully encrypted drive, without the encryption key.
Once the machine is booted, anyone with a user password can access your system and read your data.
Anyone who must be able to boot your computer must be told the encryption key. This is not an issue with a personal laptop. It will be an issue on a server if the wrong people are on vacation, out at lunch and/or run over by trucks.
If you write the raw partition out to tape or some other device, the data will be encrypted. There is no convenient way to recover individual files from an encrypted backup. The backup media is unreadable without the encryption key.
If you write /home out to tape or some other device, the data will not be encrupted. If your backup is not encrypted, your backup media is readable by whoever can get at it. Almost all of my backup recoveries have consisted of me recovering individual files I have messed up somehow. If your data must be secure, you must keep your un-encrypted backups in a secure place.
Passwords and encryption keys20 are not the same thing. A password is stored on your drive somewhere, usually encrypted. When you log in, you are prompted for the password, and what you type in is encrypted and compared with the stored, encrypted password.21 You can easily change your password.
An encryption key is used to encrypt your data. If your encryption key is compromised, you must re-install the file system. Be very careful with your encryption key.
Shutting down a laptop such that it must be rebooted in the presence of potential hackers probably is a bad idea. If the laptop is being transported and operated outside a secure environment, it should be put to sleep, rather than shut down.
My old Acer Aspire had a bad keyboard. Often, it took multiple tries to type in the encryption key and get the thing booted. On at least one occasion, I had to give up on using the laptop. If hackers had been watching me, they would have had multiple opportunities to watch me type the key.
An encryption key is more secure if you are a touch typist, and you have a good keyboard.
Even an encrypted /home partition renders a laptop useless to anyone who does not have the key. A thief will be unable to boot the computer, much less read data off of it. If the bad guys have stolen your computer, they can remove your drive, install it in their machine, and hack your encryption key by brute force.
Encrypting a workstation or file server probably is not worth the trouble. Encryption really only works when the machine is shut down. Servers generally are kept running. There should be no need to move these machines out of a secure area. An encryption key must be written out and stored in a company safe, or some other secure area.