Installing Linux

• Choose "Install Linux Mint alongside Windows Boot Manager".
  
  I think this is a bad choice because partitioning and maybe resizing Windows partition will happen automatically.
  
  Can you also choose "Encrypt the new Linux Mint installation" ? Yes.
  
  If only one partition slot is empty on an MBR system (3 used out of 4), will installer be smart enough to have no swap partition ?
  
  
• Choose "Something else" (create or resize partitions yourself).
  
  Can you also choose "Encrypt the new Linux Mint installation" ?
  Dell install instructions for Ubuntu say no, encryption available only if you choose automatic partitioning.
  
  Create root (logical, use as "ext4", "/" mount point),
  swap (logical, use as "swap"),
  and /home (logical, use as "ext4", "/home" mount point) partitions.
  Boot gets created automatically, or uses existing boot partition ?
  
  Set "Device for bootloader installation" to the device with the "type" set to "EFI".
  [True whether you have Legacy BIOS or UEFI ?]
  [Will this overwrite the Windows bootloader and put GRUB in there, even on an MBR system ? Or maybe Windows bootloader is in first blocks of Windows main partition, doesn't get overwritten.]
  
  If you don't create a partition for swap, you'll get a warning message, but just click "Continue without swap space".

• Booting in UEFI or BIOS mode ?
  
  If UEFI, /sys/firmware/efi/efivars or (old) /sys/firmware/efi/vars exists and has files in it.
  
  
• Secure Boot enabled ?
  
  

  
  sudo mokutil --sb-state
  sudo mokutil --list-enrolled
  
  dpkg -l '*shim*'
  dnf list --installed | grep shim
  yay -Si shim
  pacman -Ss shim
  zypper search shim
  
  for m in `lsmod | cut -d' ' -f1 | grep -v 'Module'`; do modinfo "$m" -F name; modinfo "$m" -F signer; done
  

  
  
  
• Are / and /home separate partitions, or do you have a / partition and /home is a directory in the / partition ?
  
  "sudo df -khT | grep /home" will show a /home partition (volume) if it exists. If it's on a real device, you have separate partitions. If it's Btrfs on a map device (such as /dev/dm-0), it's on a Btrfs sub-volume, and "sudo df -khT | grep /dev/dm" will show both / and /home on same map device.
  
  
• What got encrypted ? Check order and number of passwords you have to give when you boot:
  
  It's complicated, there can be many passwords:
  

  1. BIOS password.
  2. Disk hardware encryption password.
  3. Maybe disk software encryption (LUKS) password (if /boot/grub is inside encrypted partition; openSUSE at least).
  4. Bootloader password.
  5. Disk software encryption (LUKS) password.
  6. Linux user account password.

  
  The typical cases are 1+6 or 1+5+6.
  
  
  • If you don't have to type a BIOS password, then there is no password set in your BIOS. You probably should change that. Following steps assume you have a BIOS password.
    
    
  • If you have to type BIOS password, then another password before you see anything about GRUB or Linux, you probably have hardware (in disk controller) or software (ZFS ?) full-disk encryption. Following steps assume you don't have this.
    
    
  • If you have to type BIOS password, maybe see GRUB menu, see prompt such as "Please unlock disk sdaN_crypt" or "Enter passphrase", then type disk password, see Linux user name, then type Linux user password, you have full-Linux-extended-partition (LVM) encryption.
    
    The boot partitions will be unencrypted ("sudo df -khT | grep boot" shows that).
    
    There is an LVM encrypted volume group (in "/dev/sda6" or "/dev/nvme0n1p3" on my systems), and your root, swap and other volumes/filesystems are inside that encrypted volume group ("lsblk -f /dev/sda" or "lsblk -f /dev/nvme0n1" shows that).
    
    This will use dm-crypt ("device mapper") to make mapped devices ("sudo df -khT | grep -E '/dm|/mapper'" shows that). The encryption framework/header usually will be LUKS ("sudo cat /etc/crypttab" shows that), but also could be other (plain dm-crypt, loop-AES, TrueCrypt/VeraCrypt, BitLocker). To see if "luks" in there means LUKS1 or LUKS2, do "sudo cryptsetup luksDump /dev/sda6 | grep 'Version:'" or "sudo cryptsetup luksDump /dev/nvme0n1p3 | grep 'Version:'". Also see cryptsetup.
    
    But many different ciphers can be used within the LUKS framework, which just calls kernel encryption functions. To see the cipher used, do "sudo cryptsetup luksDump /dev/sda6 | grep -i cipher" or "sudo cryptsetup luksDump /dev/nvme0n1p3 | grep -i cipher". Probably it will be "aes-xts-plain64", which is AES-256 or equivalent. Run "cryptsetup benchmark" to see all algorithms available in your kernel ?
    
    If using LUKS on SSD:
    Add "discard" to end of line (4th field) in /etc/crypttab
    
    Once you get through the mapping and encryption, the decrypted block device contains a standard filesystem such as "ext4" ("sudo df -khT | grep '/$'" shows that).
    
    Make a backup of your LUKS header: see LUKS encryption section of my "Linux Storage" page.
    
    
  • If you only have to type BIOS password, maybe see GRUB menu, see Linux user name, then type Linux user password, you have either:
    
    
    • User-home-directory encryption.
      
      "sudo df -khT | grep /home/" will show a /home/USERNAME/.Private volume with type "ecryptfs". Also do "ls /home/.ecryptfs" ?
      
      "ecryptfs" is a filesystem type with encryption built in. It actually stacks on top of a directory and replaces it with a filesystem, it doesn't handle a partition. ArchWiki's "eCryptfs"
      
      Make a backup record of your eCryptfs mount passphrase (which is derived from your password). "ecryptfs-unwrap-passphrase"
      
      See eCryptfs section of my "Linux Storage" page.
      
      
    • No encryption.
      
      
• Is there any free (wasted, un-partitioned) space left on disk ?
  
  "sudo parted /dev/sda print" or "sudo parted /dev/nvme0n1 print".
  Maybe you will see a few small (less than 1 MB) interstitial free spaces needed to adjust alignment.
  
  "sudo fdisk --list /dev/sda" or "sudo fdisk --list /dev/nvme0n1"
  
  Maybe (do this carefully): "sudo parted /dev/sda" or "sudo parted /dev/nvme0n1" to get into interactive mode, "p" to list partitions, "align-check opt N" to check alignment for each partition, "q" to quit.
  
  Maybe (do this VERY carefully): "sudo fdisk /dev/sda" or "sudo fdisk /dev/nvme0n1" to get into interactive mode, "n" to try to create a new partition, see message saying "No free sectors available", "q" to quit without saving. On a GPT disk there probably WILL be free sectors below sector 2048.
  
  Scott McBrien's "Where did my disk space go?"
  
  
  
• What kind of swap is implemented ?
  
  "swapon --show"
  
  See "Swap" section of my Using Linux page.
  
  
  
• What kind of init is implemented ?
  
  "/sbin/init --version"
  
  
• If there were errors during install, maybe there are installer log files.
  
  Anaconda Logging
  
  
  

• I was planning to disable all snaps and flatpaks. But I decided to leave them in use, and see how well they functioned.
  
  
• If you want to replace existing snaps with non-snaps:
  
  Maybe follow instructions in Kevin Custer's "Disabling Snaps in Ubuntu 20.04", or:

  
  snap list
  snap remove [packages]
  apt install [packages]
  

  And then to prevent re-installation of snap, create /etc/apt/preferences.d/99-Prohibit-Snapd :

  
  Package: snapd
  Pin: release a=*
  Pin-Priority: -10
  

  
  
• Pratik's "How to Remove Snap From Ubuntu"
  Maybe some of:

  
  # remove Ubuntu's default store
  snap remove snap-store
  # install a store that can handle snaps, debs and flatpaks
  sudo apt install gnome-software
  
  # Optional: show and install flatpaks in the software center.
  # Note: some distros (Fedora) have their own Flatpak hub.
  # Look first in the Store application for a way to turn on Flatpak.
  sudo apt install gnome-software-plugin-flatpak
  flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
  flatpak remote-add --if-not-exists flathubbeta https://flathub.org/beta-repo/flathub-beta.flatpakrepo
  # then reboot
  

  
  
  

cat /etc/machine-id
cat /var/lib/dbus/machine-id # maybe link to /etc/machine-id
man machine-id
hostnamectl

# could change to generic value (the Whonix ID):
#    b08dfa6083e7567a1921a715000001fb

# after changing, system journal fails until reboot

# See if a report has already been sent:
ls -l $HOME/.cache/ubuntu-report
# If a report has already been sent, you could do:
ubuntu-report -f send no
# See history of crash-reports sent from this machine:
xdg-open https://errors.ubuntu.com/user/$(sudo cat /var/lib/whoopsie/whoopsie-id)
# Apparently popularity-contest has been broken since 18.04 anyway.
# Remove stuff:
sudo apt remove popularity-contest ubuntu-report
sudo chmod a-x /etc/cron.daily/popularity-contest

# apport is for bug-reporting; I wouldn't remove it.
# Same with KDE's drkonqi.

sudo sed -i "s/ENABLED=1/ENABLED=0/" /etc/default/motd-news
sudo systemctl disable motd-news.timer
sudo systemctl disable motd-news.service

# new "apt news" facility ?  not sure this is right:
apt-config dump | grep -i news
sudo pro config set apt_news=false

# Ubuntu Pro:
pro status

sudo apt remove popcon python3-popcon

sudo dnf remove collectd fedora-coreos-pinger

If you install Firefox from distro's repo, it may come with an "about:config" setting "app.partner.DISTRONAME" set to distro's name. There seems to be no way to delete this setting; all you can do is change the value, but the name still reveals what distro you're using.

Also there are some "distribution.*" settings that show your distro type and version; some can be deleted, others can't.

Also maybe "mozilla.partner.id" ?

Also maybe "browser.partnerlink.*" ?

And there is a distro-specific Google API key, so if you set browser to use Google's features (maybe "block dangerous content" ?), you're telling Google what distro you're using.

And there is a distro-specific Mozilla API key, so if you set browser to use Mozilla's location service, you're telling Mozilla what distro you're using.

Maybe all of this is not a big problem, but the only way to stop it is to install a generic Firefox from Mozilla's site.

From someone on reddit 8/2022:
"the telemetry of snap is just the list of snaps installed, their version, the country you are in, and maybe hardware info, all of which is anonymized, it's mostly for update and global stats."

According to the "Metrics" section of https://snapcraft.io/blog/tour-of-the-snap-developer-account-in-the-snap-store all that is known (about your machine) to the snap's dev is what distro the snap is being used on.

Snapcraft's "Snap Store metrics" says this is stored on your machine: "an anonymous identifier, the device-serial, ... the identifier persists for the lifespan of the machine."

See and change that device-serial ID stored on your computer:

snap model

sudo jq .data.auth.device.serial /var/lib/snapd/state.json

sudo sed -i "s/OLDVALUE/NEWVALUE/" /var/lib/snapd/state.json

I think you'd want to change it periodically, maybe once a week ? But they still could track you by IP address if they wanted to.

• Ubuntu Software - Installed is very slow when removing apps; wait for it to ask for sudo password, and it might take 15 seconds before asking, then more time to actually remove.
  
  
• How to install GNOME shell extensions ?
  
  See install GNOME shell extensions.
  
  Install "GNOME Tweaks" application, which will give lots of controls (but not scrollbar width, apparently that's in theme) and will manage extensions once you get them installed.
  
  
• Decided I can't live without Mint's Pix app. Installed it in Ubuntu; see Pix section of my Using Linux page.
  
  
  

sudo apt install gnome-software gnome-software-plugin-snap gnome-software-plugin-flatpak