Xubuntu 17 To Debian 9 Update Results

If you followed my last, hastily written, explanatory post HERE, you probably thought that I was a little crazy, trying to update an existing Xubuntu 17.04 system to the new release of Debian, 9.0 named “Stretch”. Well, I followed the instructions that I posted there from start to finish, and the results are: [drum roll – your fingers on your desk will do] it… took a real long time. And some issues were faced after upgrade when using sudo aptitude upgrade -y followed by sudo aptitude -f install. What happened, is they pretty much switched back and forth. Upgrade thought that Debian packages took precedence. -f install thought that Ubuntu, Lubuntu and Xubuntu packages took precedence. So each kept overwriting the changes made by the other.

So, just as a general warning, if you try this and it works for you, -f install is pretty well useless from now on, unless you’re lucky and sudo aptitude upgrade –full-resolver works for you. For the record, I use “aptitude” for everything because it is able to find and to resolve conflicts, or to give choices as to how you want a conflict handled, except for autoremove which requires apt or apt-get.

Anyway, to make a long story short, the process worked, and all updating pulls from the correct places and correctly applies, but at this point, I’m unable to figure out, even after autoremove, clean and autoclean, how to restore my ability to use -f install. So I now have a working Debian 9 install with a few remnants of Ubuntu under the hood. It works fine, and is stable.

Xubuntu to Debian

One of my daughters is running Xubuntu on her laptop. Since the latest release of Debian (9.0 “Stretch”) should, in theory, have packages and kernel which are updated and superior to her 17.04 install of Xubuntu, I’m going to try a direct update from Xubuntu to Debian using dist-upgrade.

First, I will do a complete backup of her Minecraft worlds, music and any documents. Then I will edit her /etc/apt/sources.list to comment out all the Xubuntu/Ubuntu repositories and add entries for the new Debian “Stretch” repositories.

nano /etc/apt/sources.list

And comment out the current Xubuntu/Ubuntu repositories, and add the following:

deb http://ftp.de.debian.org/debian/ stretch main contrib non-free
deb-src http://ftp.de.debian.org/debian/ stretch main contrib non-free

deb http://security.debian.org/ stretch/updates main contrib non-free
deb-src http://security.debian.org/ stretch/updates main contrib non-free

# stretch-updates, previously known as ‘volatile’
deb http://ftp.de.debian.org/debian/ stretch-updates main contrib non-free
deb-src http://ftp.de.debian.org/debian/ stretch-updates main contrib non-free

deb ftp://ftp.deb-multimedia.org stretch main non-free

Then I’ll update the package list:

sudo aptitude update

Finally, I’ll check compatibility of the more… “important” packages, and at last run:

sudo aptitude upgrade -y
sudo aptitude dist-upgrade

It’s likely that this won’t work, but it will still be a fun little experiment, since she wants the latest Debian anyway. Worst case scenario, I wipe the drive and do a fresh install. The only customization that her install really has anyway, is Oracle Java JRE 9 and MultiMC for Minecraft. The rest is standard OpenSource.

I’ll be sure and let you know how it worked out!!! If, by chance, it does work well, I’ll do some testing of essential functions to ensure that everything still works smoothly.

OpenSource Privacy

I’ve blogged a bit about OpenSource, and Linux – I’ve even convinced numerous friends and family members to join me. CentOS and Debian are my distros of choice, but for many of them, moving over from the Windows world; simpler is better. So I’ve set them up mainly with Ubuntu (shudder) and Mint. My own children use Xubuntu. I get asked a lot – “How do you get anything done since (insert overpriced product here) doesn’t run on Linux? Well, I’ve blogged about that too, HERE. But in the wake of US Programmes for spying on the American public, such as PRISM, just using OpenSource and expecting the lack of anything Microsoft to protect you isn’t enough. I’ve touched on configuring TOR, using Off the Record plugins for Pidgeon and other similar privacy enhancements HERE. But I’d like to take a moment to post on a basic level for beginners, about the very bare essentials in protecting their privacy. Simple changes that they can make without having to do any real major configuration to their system.

For this, you need to be a bit more clever, doing things such as changing your search engine, what browser you use, how you email and how you generally make use of any web based products. Read more about giving the NSA the finger HERE, and opting out of global data surveillance HERE.

The “Opting out of Global Data Surveillance” link should pretty much cover what you need, and for Linux users like myself, this specific LINK in the Opt Out information is particularly useful. But at the very basic level, even if you don’t feel a need to install, configure and make use of TOR, at the very minimal, use Firefox and make either https://duckduckgo.com or https://www.startpage.com your go-to for your searches each and every time you search. StartPage has the obvious advantage as it provides Google search results (let’s face it, we call searching “Googling” for a reason) but strips out your personal information so that Google never receives your IP or has a chance to laden your machine with cookies. That’s not to say that DuckDuckGo isn’t useful, but you will note a HUGE difference in the quality of search results.

As to email, while it does not have anywhere near the bells and whistles of Google/Gmail, I highly recommend Autistici-Inventati. Their service does provide all of the following, free, and naturally they accept donations to keep these services available. Find them HERE. The webmail is plain and uses Roundcube, but it’s free, private and secure. Couple it with Thunderbird or Earlybird (HERE‘s how you secure them), and it’s a win! Also, you can use K-9 on your Android phone for the secure email feature.

There are other email alternatives, of course, aside from even those mentioned in the Opt Out link. A friend of mine on Mastodon (more on this in a bit) recommends ProtonMail. I haven’t tried it to date, and as such, cannot comment on it positively or negatively. I do, however; respect his opinion and assume that if he recommends it, it’s worthy of said recommendation. You can read about his move to Linux HERE. You can also read his writeup on online privacy (in which he touches on ProtonMail) HERE.

Anyway, these are the surface level important bits gleaned from the Opt Out information. You can read more details and customize more of your desktop environment with apps and web services as you desire based on their guide. These presented here are just the absolute BASICS for preserving a shred of privacy in an ever increasingly watched, regulated and data mined digital world.

The last subject I’d like to touch on, is… well… a touchy one. Social networking. I know… you’re old and stuck in your ways. Facebook is just familiar and easy. Twitter is comfortable and doesn’t require any configuration. Well – that may be true, but they’re also undoing EVERYTHING that we are trying to accomplish in the entire preceding portion of this blog post. Facebook caches every single search. Whether for people or for products. Every page you like. Every status you like. Every news story that you read from their web app. Twitter does the same. Everything that you do on either site is monitored, collected, and placed into a nice little package that allows them to serve all of those ads that you see all over in the side bars, and in between posts. Your email… your birthday… all of your relationships. This data is all theirs. You gave it to them. And they USE IT.

There are two different options for Social Networking that I highly recommend. The first is older (if you don’t count OpenSource predecessors) and it is called Diaspora. It’s pretty much got all of the functionality of Facebook, but without the clutter, without the ads, and without fear of all of your data being mined and sold to any and all bidders. I’m personally on https://diasp.org username theophilus79@diasp.org, but they have a large pool of “pods” to choose from, and you can join any of them. They allow you to follow people from other “pods”, but they aren’t ruled by a centralized, authoritarian data miner. I know, it’s a pain getting your family and friends to switch, but persistence does pay off! The second is Mastodon I’m personally on https://mastodon.technology username theophilus@mastodon.technology – as my main account. It’s essentially a fuller featured Twitter, which allows more character input as well. Like Diaspora, it’s broken into “instances” and not all housed in a central server somewhere. You can join any instance that you like, and like Diaspora, follow people from other Instances. Again, no centralized authoritarian data miner granting you the right to use a website in exchange for all of your digital data. Both Diaspora and Mastodon have mobile apps that you can use. Both are well worth a try, and both will help you protect / control your own data. That isn’t to say that either is foolproof, but both by far outweigh the negative aspects of Facebook and Twitter.

Linux Commands Post You’ll Want To Bookmark

Here’s an amazingly useful post for Linux Terminal Commands regarding your hardware, finding drives, mounting drives etc. You’ll want to bookmark this one for sure!

 

Attempting Minecraft on PocketC.H.I.P.

My first attempt at installing and running Minecraft on the PocketC.H.I.P. – Fairly successful, but not quite workable yet.

Related links of interest:

How to use Aptitude package tool on Debian, Ubuntu and Mint linux

How to Install JAVA 8 (JDK/JRE 8u77) on Debian 8 & 7 via PPA

 

PocketC.H.I.P. – First Impressions

PocketC.H.I.P.
The new PocketC.H.I.P. by “Next Thing Co.”

FEATURES

  • 4.3″ Resistive touch screen.
  • Full QWERTY keyboard.
  • Removable enclosure and bezel.
  • 3.7-volt LiPo Battery.
  • GPIO Access.
  • WiFi and Bluetooth connectivity.

APPLICATIONS

  • PICO-8 – Play games, change games, and make games with PICO-8!
  • SunVox – The SunVox tracker is a fully featured music production studio.
  • Linux Terminal – A place to type commands directly to the computer for execution and evaluation by the operating system.
  • Write – Write is a minimalist text editor.
  • File Browser – The File Browser provides a visual representation of the files on your PocketC.H.I.P. using icons.
  • Help – A copy of the documentation from the GetChip Website

I received my backer PocketC.H.I.P. today. My apologies, I was much too excited about it after having used my C.H.I.P. received late last year, to bother with any video of unboxing. Those of you that need unboxing therapy, look elsewhere.

It arrived in a beautifully illustrated cardboard box, shrinkwrapped with my VDA and HDMI adapters, as well as a spare battery. As you can see above, the final version is much nicer than beta versions (change not included, placement to illustrate scale only). As expected, it was running an ARM version of Debian. So naturally, I did the apt-get update & upgrade & dist-upgrade. Then I set about to playing with it.

It shipped with only six programmes (noticeable programmes, that is), and after being briefly entertained by them, I set out to creating the server remote that I intended it to be. I installed putty, filezilla and a few other select monitoring programmes for remoting in to my various servers for Who Inc. so that I could pretend that I had a necessary, real world application for this baby.

To be honest, it’s a bit clunkier than I would like. Though the website has various illustrations of the machine in use, nothing really prepares you for its size, or for its weight. That’s not necessarily a bad thing, mind you, it just is unexpected. It’s a kind of hybrid between a phone and a tablet, but with the benefit of being a full Linux operating system. All of the commands that you have come to know and love function. If you’re used to Debian, Ubuntu, Mint etc. you’ll feel right at home with one of these. One of the biggest downers is size of available space, but again, as this is full Linux, that’s a simple matter of sticking a low profile thumb drive into the available USB and creating /home2.

To do this:

  • /sbin/fdisk -l  This tells you your available storage devices with detailed info so you can determine which drive is which by /dev
  • sbin/fdisk /dev/sda This allows you to create a partition on /dev/sda (most likely the secondary thumb device as the primary drive appears to be hidden by the system) after which you will enter the following at the prompt: “n” for new partion, “p” for primary partition, “1” for the first partition (it may tell you that 1 is not available, and give you options beginning with 2), “Enter” for the first AND last cylinders (to make this partition use the entire disk) and finally “w” to save your changes. That has created and saved new partition and it will be called /dev/sda1 (first partition on /dev/sda). The next step is to format it.
  • ext4/4 /dev/sda1 – Choose either ext3 or ext4 – this does the basic format of your thumb drive.
  • Finally, to make it an extension of your /home that came installed on the C.H.I.P., mkdir /home2 followed by mount /dev/sda1 /home2. To make sure that this device will auto mount when you start up your PocketC.H.I.P., use mount -a.

Now that this step is complete, you are able to save files as large as your external storage can handle, as well as install a great deal more programmes, which for me, was an absolute necessity.

My biggest complaint about the PocketC.H.I.P. was not the large size or unexpected weight however; as they did a great job with the contour and counterbalance with the shape of the casing… no, my biggest complaint is the keyboard. I am operating, of course, with the understanding that this is essentially a baseline keyboard which is provided as a bonus for what is essentially a builder computer like the Raspberry Pi. But the keyboard, while nicely configured and familiar, lacked responsiveness. I found myself going back several times to press harder to get a letter to take, or backspacing for a letter that received multiple input though only pressed once. If you can live with that, and I can, then this will be an amazing and useful piece of tech for you to have.

Regardless of its size, it still fits comfortably into a standard back pocket. Its extra features such as a touch screen make it much more enjoyable to use. The screen is sharp and bright. All in all, I’m extremely satisfied with the outcome, and both happy and proud to have backed this fantastic innovation.

P.S. – If you do get one, it does NOT come with a web browser. This is simple to remedy. If you like text browsers, use sudo apt-get install lynx. If you prefer a modern browser, use sudo apt-get install iceweasel. Neither Firefox nor Chrome have a release that will install on this unit out of the box, and Chromium gives the “no release candidate available” reply. Iceweasel is clunky on this device to say the least, and you absolutely MUST use a stylus to get anything done with it. But for the power of a full Linux in the pocket, I’m not complaining. I also highly recommend installing aptitude (sudo apt-get install aptitude) and using it in place of apt-get for automatic resolution of dependencies when installing software.

Configure Your Privacy in Linux

In light of the revelation of government snooping by William Binney, Edward Snowden as well as WikiLeak contributors and others, many people are increasingly concerned for their privacy and for their security. This has many people exploring Linux, as they have “heard” that it is harder to attack, has fewer viruses etc. Many install simple distros such as Mint or Ubuntu, and assume once they have it up and running and drivers installed, that all is well. This simply isn’t the case. I am not going to go into details regarding why this isn’t the case, I am simply going to provide a simple guide to those that want to use the web as anonymously as possible be it for reasons of paranoia, or desire to shop Macey’s online without being tracked and getting a drove of SPAM mail as a result. While some of us may be able to make do with a live distribution built for security, such as TAILS, (used by Edward Snowden), I suspect many people would prefer a persistant operating environment that saves files, settings and more. While TAILS can be configured to do so, it just isn’t the same as a regular desktop experience. So it is the entry level users rather than the power users that this instructional targets.

Step one, they pretty much got correct in switching to Linux, though Ubuntu and similar distros are questionable, and that is, use only programmes which have open source code that anyone can review. Closed source software like Microsoft Windows, or Skype, have been found to have deliberate “backdoors” through which attackers may gain access. Why they were added, one can only speculate, but they are there and they compromise your security. You will want to find software for your Linux distro which is open source so that you know that you have a community constantly pouring through the code, ready to blow a whistle at the slightest provocation.

Step two, is to get the software necessary for securing and anonymizing your internet connection. For this, we naturally look to the Tor Project. While it is not perfect (nothing is), it is well tested, in constant development, and is better than nothing at all. One of the main components of the Tor Project is their Tor Browser Bundle. For details on exactly how it functions, see HERE. Installing is a breeze.

For Debian users, add this line to your/etc/apt/sources.list file:

 

deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main

 

where you put the codename of your distribution (i.e. lenny, sid, saucy or whatever it is) in place of <DISTRIBUTION>. Then add the gpg key used to sign the packages by running the following commands at your command prompt:

 

gpg –keyserver keys.gnupg.net –recv 886DDD89 gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –

 

Now refresh your sources, running the following command (as root) at your command prompt:

 

apt-get update

 

If there are no errors you’re good to continue. To finally install Tor just run:

 

apt-get install tor

 

Once you have successfully installed the Tor Browser Bundle, I recommend using Vidalia for a graphical user interface to control Tor. Installing Vidalia is similarly simple:

To install Vidalia as a Debian user, simply add this line to your /etc/apt/sources.list file:

 

deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main

 

where you substitute the above word (etch, lenny, sid, karmic, jaunty, intrepid, hardy) in place of <DISTRIBUTION>. Then add the gpg key used to sign the packages by running the following commands at your command prompt:

 

gpg –keyserver keys.gnupg.net –recv 886DDD89 gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –

 

Now refresh your sources and install Vidalia by running the following commands at your command prompt:

 

apt-get update apt-get install vidalia deb.torproject.org-keyring

 

Now you will have to configure Firefox (and Thunderbird if you have it) to use the proxy supported by Tor. To do this, open the browser and go into the settings. Under the settings select proxy settings. Select either SOCKS or SOCKS5 as a protocol, and use port 9050. For host, just enter “localhost”. You will also need to install two plugins to FireFox which will lessen your digital footprint. The first is HTTPS Everywhere, and the second is NoScript. They can be configured to allow certain pages, for instance, FaceBook which will essentially be non functional with scripts turned off. Just keep in mind, every allowance is an open door. A few other scripts that are noteworthy: Adblock, Self-Destructing Cookies and Disconnect. They aren’t necessities, but they certainly increase your experience.

As for Thunderbird, if configuring it manually is too much for you, you can try TorBirdy. It will set up your Thunderbird install to rout everything through the Tor Network. This isn’t enough, however; you will still want to install the EnigMail plugin. Enigmail is a security extension to Mozilla Thunderbird. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard. Sending and receiving encrypted and digitally signed email is simple using Enigmail.

Once you have that done and working, you will want to do the same to your instant messaging software. For this, I strongly recommend Pidgin, with the “OTR” Off the Record plugin. It works much the same way. Simply click on your account, select the proxy tab and use the same settings as for your browser. This routs all of your internet communications (FireFox, ThunderBird and Pidgin) through Tor which anonymizes your location, data and details.

Installing Pidgin really couldn’t be easier…

apt-get install pidgin

That’s it. Really. Now you will want to make use of websites that do not track you, so rather than using Google as your goto, try performing searches using DuckDuckGo. The website uses scripts, but it doesn’t track you, or keep record of your searches. It also doesn’t start submitting advertisements based upon your search history.

For securing the contents of your hard drive, I recommend installing BleachBit both for its capabilities and for its ease of use. And lastly, for your passwords, PWSafe. It’s pretty self explanatory.

If you follow this guide, you will have a fairly secure setup with an anonymization cloak. It isn’t foolproof, and it isn’t perfect, but it minimizes your digital footprint and the information that you send each time you use your computer. Please be aware that with these settings, you can expect to have to verify common logins such as Facebook, Google etc. due to their security measures. It will often tell you that you are logging in from an unrecognized location (such as Germany or Romania) and require you to identify photos of friends, or enter a code sent to your phone etc.  If you can live with these little annoyances in the name of privacy, then enjoy!

Have any suggestions to make this guide better? Email or message me! I’ll get it added and credit you as a contributor!