Setting up Ubuntu Desktop

Post-installation

Eventually make things faster (sudo without password) on a desktop env as long as you are the sysadmin of the box,

admin=...
groupadd -g 11 wheel
usermod -a -G wheel $admin

#cat > /etc/sudoers.d/$admin <<-EOF
#$admin  ALL = NOPASSWD: ALL
#EOF
cat >> /etc/sudoers <<-EOF
%wheel  ALL=(ALL:ALL) NOPASSWD: ALL
EOF

Enable ctrl-alt-backspace to kill X like in the old days,

    sudo dpkg-reconfigure keyboard-configuration

Generate your workstation key pair and copy/paste it to the servers you need to maintain,

    ssh-keygen -t ecdsa
    cat ~/.ssh/id_ecdsa.pub

    #ssh-keygen -t ed25519
    #cat ~/.ssh/id_ed25519.pub

eventually store the fingerprint of your public key (MD5 used at GitHub),

    ssh-keygen -lf id_ecdsa.pub > id_ecdsa.pub.sha256
    ssh-keygen -E md5 -lf id_ecdsa.pub > id_ecdsa.pub.md5

also provide the PPK format for e.g. Filezilla, but unless you are willing to compile the dev version, you will have to use RSA or DSA (-t rsa, dsa, rsa1),

    cd ~/.ssh/
    sudo apt install putty-tools
    puttygen pkey -o pkey.ppk

fix the permissions,

    chmod 700 ~/.ssh/
    chmod 600 ~/.ssh/*
    chmod 400 ~/.ssh/id_*

Choose your Desktop Env:

Install a few packages from the Ubuntu Server post-installation guide. You may then add those ones for workstation usage,

    sudo apt install \
    vlc \
    mpv \
    chromium-browser \
    deluge deluged \
    filezilla \
    firefox \
    irssi \
    nautilus-share \
    rxvt \
    terminator \
    thunderbird \
    xterm

    sudo update-alternatives --config x-terminal-emulator

Run (and enable?) indexing,

updatedb

Terminator

do you need Putty-like happy copy/pasting?

cp -pi /usr/share/terminator/terminatorlib/terminal.py /usr/share/terminator/terminatorlib/terminal.py.dist
vi /usr/share/terminator/terminatorlib/terminal.py
/def on_buttonpress
(change 3 to 2 and 2 to 3)

Ref. http://askubuntu.com/questions/211292/a-terminal-which-provides-select-to-copy-and-right-click-to-paste

Java

See Deal with Java.

Eclipse

eventually fetch [Eclipse] (https://eclipse.org/downloads/), extract and install the IDE flavor of your choosing (you can do it from the gui).

Slack.com for Linux

Fetch the latest version and,

ls -lhF slack-desktop-3.*-amd64.deb 
dpkg -i slack-desktop-3.*-amd64.deb 
apt -f install

Skype for Linux

Fetch the latest skype for linux as DEB and install,

    wget https://go.skype.com/skypeforlinux-64.deb
    dpkg -i skypeforlinux-64.deb
    apt -f install

DESTROY and re-initialize gnome keyring,

rm -rf ~/.local/share/keyrings
sudo apt install seahorse
seahorse &

Additional notes

Eventually install & setup Conky.

Eventually setup Netfilter to allow only outbound connections.

Networking

there is a main difference with the Ubuntu Server setup: network. It’s ok to keep using Network Manager on a desktop environment.

workstation

check your network settings handled by Network Manager,

nmcli device show ens2

domain search

three solutions:

  1. Control Center -> Network
  2. dhclient.conf
  3. resolv.conf.d/

  4. use the GUI,

    Control Center -> Network –> (general tab) Domain name: … Control Center -> Network –> (DNs tab) Search domains: …

  5. OR add some domain searches for DHCP sessions, e.g.,

    cd /etc/dhcp/ cp -pi dhclient.conf dhclient.conf.dist vi dhclient.conf

    prepend domain-search “example.com”, “example.local”;

  6. OR change the resolvconf config directly,

      cd /etc/resolvconf/resolv.conf.d
      cp -pi base base.dist
      vi base
    
      search example.com
    

also make sure that the local system hostnames resolves itselfs as FQDN accordingly (127.0.0.1 on a desktop)

CIFS ready

setup your default workgroup when mounting windows file shares,

    sudo apt install smbclient cifs-utils
    #smbfs samba
    vi /etc/samba/smb.conf

Multi-Boot

Reduce the boot-loader timeout,

cp -pi /etc/default/grub /etc/default/grub.dist
vi /etc/default/grub

GRUB_TIMEOUT=3

You can ask GRUB2 to boot the same OS that was booted last time by default,

GRUB_DEFAULT=saved
GRUB_SAVEDEFAULT=true

Troubleshooting

iwl3945 power saving issue

experienced on IBM/Lenovo T60 / R60e

If you get this error in the logs while loosing iwl3945 wireless network connectivity,

BSM uCode verification failed at addr 0x00003800+0 (of 900), is 0xa5a5a5a2, s/b 0xf802020
Unable to set up bootstrap uCode: -5

and this error when trying to UP the wireless network interface,

    SIOCSIFFLAGS: Input/output error

==> disable wlan power saving using NetworkManager,

vi /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf

wifi.powersave = 2

service NetworkManager restart
iwconfig wls3

Kodi / ureadahead

(optional) you might also want to remove that one in case it is installed and not needed (it was spamming my logs),

    sudo apt remove ureadahead
    #sudo apt purge ureadahead

locales

sudo dpkg-reconfigure locales
#sudo locale-gen
sudo update-locale LANG=en_US.UTF-8

OEM Installation

Choose the OEM auto-install if you need to delivery the computer to someone-else: finish-up the process as oem user, then click on the Prepare for shipping and the user will have a little setup wizard next boot.

Finish-up as OEM user, choose preferred mirror for packages,

Control Center -> Software Sources

and apply updates using the little shield button in the systray.

install additional languages depending on target users,

Control Center -> Languages

make sure Firefox is also available language-specific.

You’re now ready to click “Prepare for shipping” on the Desktop and reboot.

Note. few things are missing with this method e.g. Adblock for Firefox.

VirtualBox

DO NOT fetch the latest VirtualBox for Linux. Use the repos instead (well, the thing is already available now within Ubuntu):

deb https://download.virtualbox.org/virtualbox/debian <mydist> contrib

apt update

Access the guests through SSH using the default NAT setup,

VBoxManage modifyvm myserver --natpf1 "ssh,tcp,,3022,,22"
VBoxManage showvminfo myserver | grep 'Rule'
ssh root@localhost -p 3022

Ref. https://stackoverflow.com/questions/5906441/how-to-ssh-to-a-virtualbox-guest-externally-through-a-host

Legacy Adobe Reader

See reader.

Bypassing national restrictions

Install friGate3 add-on on your web browser (tested with Firefox), add the target domain into List of sites e.g.,

rutracker.org

and edit the Proxy Servers e.g. to access https://thepiratebay.org/ from France,

https://ru-92-53-1.friproxy0.biz:443 [RU]
https://ru-85-60-1.friproxy0.eu:443 [RU]
https://ru-82-204-3.friproxy.eu:443 [RU]
https://ru-93-78-1.fri-gate.biz:443 [RU]
https://ru-93-78-3.fri-gate0.eu:443 [RU]
https://ru-92-53-5.friproxy.biz:443 [RU]
https://ru-85-60-5.fri-gate.biz:443 [RU]
https://ru-85-60-3.fri-gate0.biz:443 [RU]
https://ru-92-53-3.fri-gate.biz:443 [RU]
https://ru-93-78-5.fri-gate0.org:443 [RU]
https://ru-82-204-1.fri-gate0.eu:443 [RU]
https://ru-82-204-5.fri-gate0.org:443 [RU]

or access http://rutracker.org from Russia,

https://fr-220-163-3.fri-gate0.eu:443 [FR]
https://uk-170-185-1.fri-gate0.org:443 [UK]
https://fl-170-185-1.fri-gate.biz:443 [FL]
https://fr-221-177-1.friproxy0.eu:443 [FR]

Setting up an external drive

cfdisk ...
mkfs.ext4 -T largefile -m 0 /dev/...
e4label /dev/... NEWNAME
lsblk --fs --ascii