Home Uniquely NZ Travel Howto Pauline Small Firms Search
Global Communications and Computing
Lafite (Clevo N131WU) Ultrabook

Summary of Progress to Date

This page covers the setting up of my Lafite Ultrabook with Linux Mint 19. Mint is built on top of Ubuntu and both sit at the top of the popularity stakes. The Lafite has cutting edge technology in the form of the latest 8th Generation Intel Processor, the i5 6250U, with Kaby Lake architecture and 8 threads and a Samsung 970 EVO 250 Gbyte Solid State Disk (SSD) which is currently reported to be the best of the 'consumer' SSDs.. Both Mint 19 and the latest Ubuntu 18.04 have support for the Kaby Lake architecture as they use the Linux 4.15 Kernel and so should both run 'out of the box' . I much prefer the Cinnamon Desktop which is the major feature of Mint. I also have a conventional 2 Tbyte hard drive so I can handle large ammounts of data which does not requires less frequent accesss.

SSDs also have a number of specific requirements to get maintain their high speeds - most are set up by default in Mint, the others are simple, or can be done at your leisure and are all well documented below. I also cover that in a separate document. Using an SSD friendly file system has however caused me to revisit the sharing between Users, Operating Systems and Machines and new proceedures are included. The other major enhancement is the inclusion of TimeShift by default in Mint 19 which also has has implications on space requirements and hence partition sizes.

The only problems I had were specific to my transfering an existing user from an earlier version of Mint and mainly relate to wine and will not be met by 99.8% of people.


Contents of Lafite Ultrabook Write-up

Why another Laptop?

We spend quite a bit of time away from home and currently Pete has a Chilblast Defiant 13.3 Laptop and Pauline uses a Chillblast Helios LUltrabook. These enable us to keep up to date with most activities and provide music through the WiFi and bluetooth connection on our narrowboat and even watch some TV through a dongle. The Helios version we have is no longer easily supported as the chassis manufacturer has gone bust and the screen is dead. The Defiant is still a excellent and very powerful machine but the keyboard has lost a lot of keys so we are looking for a replacement/extra machine which we both use when away from home.

Specifications of the Lafite III 13" Laptop

The Lafite has a 13.3" 1920x1080 screen and weighs 1.5 kgs including an extra large internal hard drive as well as an SSD plus the weight of a 40 watt power adapter and is similar or higher powered than either machine other than lacking a separate GPU. The chassis and motherboard is manufactured by Clevo as the N131WU and are high quality - my Defiant is also Clevo.

Ultra thin (18mm) lightweight Aluminium Chassis (1.3 kg bare with battery only)
13.3" Matte Full HD IPS LED (1920 x 1080) display
Intel® Core™ i5 Quad Core Processor i5-8250U (1.60GHz, 3.4GHz Turbo) Kaby Lake Refresh 8th Generation Architecture
8GB Corsair 2133MHz SODIMM DDR4 (1 x 8GB)
INTEL® HD GRAPHICS 620 - 1.7GB Max DDR4 Video RAM - DirectX® 12
SSD: SAMSUNG 970 EVO M.2 SSD Drive: 250GB, PCIe NVMe (up to 3400MB/R, 1500MB/W)
Hard Disk: 2TB SEAGATE 7mm SERIAL ATA III 2.5" with 128MB CACHE (5,400rpm)
Ports; 3 x USB 3.0, HDMI and Mini Display Port
Lan, Wireless & Bluetooth 5.0: INTEL® AC-9260 M.2 (1.73Gbps, 802.11AC)
Audio; Intel 2 Channel High Definition Audio + MIC/Headphone Jack
Integrated 6 in 1 Card Reader (SD /Mini SD/ SDHC / SDXC / MMC / RSMMC)
Single Colour Backlit UK keyboard
Integrated 2 Button Touchpad
Integrated 1.0MP Webcam and Microphone
3 Cell Lithium Ion Battery (36Watt) - built in can be changed if you are technically minded.
40W AC Adaptor

The motherboard picture below shows the fixed battery and has a single RAM added. The hard drive is bottom left. The SSD is middle right, in both cases the sockets can be seen on the edge of the motherboard. The keyboard has to be removed to get to this situation.

Motherboard  fitted with 2.5 inch SATA drive - source unknown Motherboard fitted with 2.5 inch SATA drive - source unknown

Summary of actions before installing.

The following is not very different to the approach in The Chillblast Defiant Mini Laptop which was itself based on the Road to Freedom - A progressive migration from Windows to Ubuntu for Safety, Security and Savings in Home Computing except that we will not be making any provision to dual boot with Windows. PC Specialists do however install a Windows system in order to carry out their testing and there is a need to check what has been left on the SSD in the way of existing partitioning before partitioning. PC Specialist also offer partitioning at order time.

So before we do anything about installing we need to:

To enter the BIOS Setuo on the Lafite press F2 repeatedly during the self test period with the logo displaying..

We will now look at those activities in more detail:

Background Review of Optimisation of Disk Drives, in particular Solid State Drives (SSDs)

The first time I had used an SSD was in the Helios and at that time I did considerable background reading which revealed that there were more nuances in getting a good setup than I had realised. I initially corrolated the various pieces of information I had on optimising performance into a checklist. Many areas which do not need action on the Lafite as they are already set up or are now defaults in Mint and Ubuntu. The in depth coverage therefore moved to a dedicated page on The Use of Solid State Drives in Linux and only the links in Bold below will be covered in the appropriate sections of this page, the links here all point to in depth coverage in the dedicated page.

Checklist for the use of Solid State Drives

  1. The SATA controller mode needs to be set to AHCI in the BIOS. AHCI provides a standard method for detecting, configuring, and programming SATA/AHCI adapters. AHCI is separate from the SATA standards, but it exposes SATA's more advanced capabilities that are required in the BIOS to fully support an SSD.
  2. Partition Alignment is critical but should be correct on a recent system is essential for optimal performance and longevity as SSDs are based on flash memory, and thus differ significantly from hard drives. While reading remains possible in a random access fashion on pages of typically 4KiB, erasure is only possible for blocks which are much larger, typically 512KiB, so it is necessary to align the absolute start of Every partition to a multiples of the erase block size.
  3. Use a file system supporting TRIM: in practice this means EXT4 in Linux.
  4. Automate TRIM. A SSD system needs some form of automatic TRIM enabled to assist garbage collection otherwise the speed decreases and the number of writes also increases at the expense of SSD life.
  5. Check Queued TRIM is Blacklisted. A number of drives do not correctly support TRIM reliably and, in particular, the queued TRIM command which may need to be inhibited. The latest kernels take care of this but it is a real issue if updating an existing machine or using an LTS (Long Term Support) Distribution with an elderly kernel.
  6. Overprovision. This is the reserving of some areas of disk and leaving unformatted. This also desirable for similar reasons to TRIM, namely maintaining speed and decreasing disk writes - a certain amount is already reserved by manufacturers (~7% ) but it is best increased by another 10 to 20%.
  7. Control use of Swapping to disk. SSDs have a large but finite number of write cycles and frequent swapping uses that up. The use of swap files is not optimised for desktop machines in Linux for SSDs (or even Hard Drives) and needs to be changed.
  8. Inhibit Hibernation. (suspend to disk): This should be inhibited as it causes a large number of write actions, which is very bad for an SSD. If you are dual booting make sure Windows also has hibernation inhibited - in any case it is catastrophic if both hibernate to the same disk.
  9. Avoid Defragmentation. It is not required in Linux and is never done automatically. It must be avoided because the many write actions it causes will wear an SSD rapidly - make sure a dual booted system does not kill your SSD by defragmentation and avoid the need by maintaining at least 20% spare capacity on each partition, even in Linux this has benefits.
  10. Consider changes to the file access. Changes can be made to reduce the number of 'writes' by options in the configuration files such as noatime. (relatime is the default in Ubuntu and Mint and is the best compromise)
  11. Optimise the disk access scheduler. The scheduler may be optimised for hard drives rather than SSDs. The default scheduler for Ubuntu/Mint is 'deadline' which is acceptable for both but noop may be better if only SSDs are in use. No Action Planned

Only four of the above are likely to need addressing in a dedicated Linux system using Ubuntu or Mint with a single SSD - they are in bold. The first two are factors in the initial partitioning of the SSD and the other two are carried out during the setting up procedure.

Review additional requirements resulting from features and changes in Mint 19

TimeShift Disk Space Requirements

TimeShift is covered more fully below but is mentioned here as it has a major impact on disk space requirements which need to be considered during partitioning. It is fundamental to the update manager philosophy as Timeshift allows one to go back in time and restore your computer to a previous functional system snapshot. This greatly simplifies the maintenance of your computer, since you no longer need to worry about potential regressions. In the eventuality of a critical regression, you can restore a snapshot and still have the ability to apply updates selectively (as you did in previous releases). This comes at a cost as the snapshots take up space. Although TimeShift is extremely efficient my experience so far with using Timeshift means that one needs to allocate at least an extra 2 fold and preferably 3 fold extra storage over what one expects the root file sytem to grow to, especially if you intend to take many extra manual snapshots during early development and before major updates. I have already seen a TimeShift folder reach 21 Gbytes for a 8.9 Gbyte system before pruning manual snapshots.

Create LiveUSB

Download the latest 64 bit Mint (19.0 x64 at present) and put on USB Sticks in advance. This is best done using UNetBootIn (which can also be run under Windows if you do not have a Linux machine already) because it has the major feature of allowing one to configure the LiveUSB to have persistence which makes testing much easier. This is something that can be done in advance. I made it whilst waitiing for my machine to be delivered so I could test them on other machines and set up the Wifi.

Access the BIOS and Set it up for Linux.

To enter BIOS Setup, turn on the computer and press F2 (give the system a few seconds to enter Setup; the F2 on screen will be highlighted to illustrate that the system is processing the request) during the POST (Power On Self Test) . It is possible that the Logo and options will not display if the BIOS has been set into Quiet Mode and you just have to keep tapping F2 until it enters the BIOS. If you get a “Keyboard Error”, (usually because you pressed F2 too quickly) just press F2 again.

The BIOS is a fairly standard one probably by American Megatrends Inc (AMI) but with a very reduced set of options available. There are 5 tabs and you have to navigate using the keyboard. Help Instructions are always shown on the right. There are only three settings you need to check and mine were all correctly set in the Lafite BIOS as supplied. They do need to be checked and correct before you start.

Note: It seems that the Lafite BIOS only supports UEFI as there is no option to change.

In Summary, the only setting you are likely to need to change is to set Secure Boot [Disabled] and possibly Fast Boot [Disabled] as it is often used in Windows systems and may end up set during testing.

PC Systems offer a service to partition the drive and may be prepared to make sure the settings above are correctly set.

Booting the LiveUSB

The boot menu is accessed on the Lafite by pressing F7 during the time the BIOS is doing the POST checks, ie when the initial Logo is being displayed.

You will then see a menu with the Internal Drive at the top followed by two entry points on the USB Sticks which correspond to a conventional and UEFI configuration. One needs to select the UEFI version in the USB boot options as the Lafite BIOS only supports UEFI. If you use the wrong entry it will probably work as a LiveUSB but when you come to do an install you will end up installing the wrong version which will almost certainly not work.

We can now check what the partitioning is currently and change it ready for an installation using gparted which is available through the menu on the LiveUSB

Partition the Disk using GParted

It is now time to discuss partitioning the hard drive.

One must take into account the various constraints from use of an SSD (EXT4 Filesystem, Partition Alignment and Overprovision)) and provide for:

Before starting we need to choose the Partitioning Table Scheme. There are two choice, the old and familiar to me MBR with its various restrictions or the more modern GPT scheme which I recommend.

Again we have a lot of AS (Alphabet Soup) and Wikipedia tells us "A GUID Partition Table (GPT) is a standard for the layout of the partition table on a physical hard disk, using globally unique identifiers (GUID). Although it forms a part of the Unified Extensible Firmware Interface (UEFI) standard (Unified EFI Forum proposed replacement for the PC BIOS), it is also used on some BIOS systems because of the limitations of Master Boot Record (MBR) partition tables, which use 32 bits for storing logical block addresses (LBA) and size information. Most current operating systems support GPT. Some, including OS X and Microsoft Windows on x86, only support booting from GPT partitions on systems with EFI firmware, but FreeBSD and most Linux distributions can boot from GPT partitions on systems with either legacy BIOS firmware interface or EFI."

I have chosen to use the new GPT partitioning rather than the Legacy MBR this time. I used MBR on the Defiant only because Windows had been preinstalled in a non UEFI mode which reduced my flexibility. GPT was designed to support UEFI and gives more flexibility especially if one ever needs to add a Windows Partition in a Dual boot configuration. If you are used to having a MBR scheme note there is no need for an extended partion in GPT as there is no restriction on the number of primary partitions.

The default view in GParted does not show the type of partition table - you can see by View -> Device Information. It can be changed by Device -> Partition Table.

The Lafite disk was already formatted with a GPT and also had the partitioning for the Microsoft Windows system they had used for testing so an efi boot partition was already present. I decided to just reduce the size of the Windows main partition in case the machine had any problems. I left enough to provide my second 'root' partition when I was satisfied with the machine and deleted them at that point.

Adding Partitions is easy via Partition -> New

So this is what I ended up with: Screen Shot

Screen Shot

The screen dump above is from my initial set up with Mint installed so the mount points show but with unallocated space ready for an extra dual booted partition.

The hard disk also uses a GPTt and has a single partition reformatted to ext4 and mounted at /media/DATA

Testing from LiveUSBs for Assessment

This is a step most users will not bother with. I did a number of trials of different systems before the final install which used Mint 19.

Final Install to Disk

So once I had confirmed which system and type of partitioning to install the actual process was simple. The LiveUSB is run again and used for the install. Answer the various questions up to the partitioning section where custom must be selected and the partitioning above set up partition by partition including a home partition ( /home) . The only partition which is formatted is the one set to root ( / ) and uses ext4. I set up my data partition at this time and set the mount point to /media/DATA - it is much better to get all the partitioning set up during the install

NOTE: When you do the [final] install you want to make sure that the use your primary username as the one used during the install - this is important for a number of reasons. This makes subsequent upgrades easier and also cloning the machine. This initial user is special in several ways. To find out more read the sections below and the sections on distribution updates and on mounting files systems for use with Unison and other programs that require timestamps to be updated.

Addition steps if you are already a Linux user and want to transfer an existing User or Users.

This only works well if the user you want to transfer was the first user set up on the other machine and the same user name and password is used on the new machine as it creates a folder in /home for that user an done can then bring in an existing home folder from another machine. I have written about the procedures for doing that under Carrying out a Distribution Update and Backing Up using tar archives. I have done this on my machines over a long period and I suspect my home folder goes back to Ubuntu 6.04 Dapper Drake and it normally works well - this time the change to Mint 19 and and Wine 3 did cause some issues which are covered below..

It is possible to transfer several users but again they must be added in the correct order so their numeric UIDs are the same. If you do not understand what a UID is already then do not even think of try transfering multiple users!

Setting Up the New Machine

Firstly we will look at the two changes required because we are using a SSD, these are best done at an early stage say during the first few days.

Reduce Swapping to Disk.

The changes that are described here are desirable for all disk drives and I have already implemented them on all my systems. They are even more important when it comes to SSDs. A primary way to reduce disk access is to reduce the use of Swap Space which is the area on a hard disk which is part of the Virtual Memory of your machine, which is then a combination of accessible physical memory (RAM) and the Swap space. Swap space temporarily holds memory pages that are inactive. Swap space is used when your system decides that it needs physical memory for active processes and there is insufficient unused physical memory available. If the system happens to need more memory resources or space, inactive pages in physical memory are then moved to the swap space therefore freeing up that physical memory for other uses. This is rarely required these days as most machines have plenty of real memory available. If Swapping is required the system tries to optimise this by making moves in advance of their becoming essential. Note that the access time for swap is much slower, even with an SSD, so it is not a complete replacement for the physical memory. Swap space can be a dedicated Swap partition (normally recommended), a swap file, or a combination of swap partitions and swap files. The hard drive swap space is also used for Hibernating the machine if that feature is implemented

It is normally suggested that the swap partition size is the same as the physical memory, it needs to be if you ever intend to Hibernate (Suspend to disk by copying the entire memory to a file before shutting down completely). It is easy to see how much swap space is being used by using the System Monitor program or by using one of the system monitoring applets. With machines with plenty of memory like my Defiant, Helios and Lafite which all have 8 Gbytes you will rarely see even a few percent of use if the system is set up correctly which brings us to swappiness.

There is a parameter called Swappiness which controls the tendency of the kernel to move processes out of physical memory and on a swap disk. See Performance tuning with ''swappiness'' As even SSD disks are much slower than RAM, this can lead to slower response times for system and applications if processes are too aggressively moved out of memory and also causes wear on solid state disks.

Reducing the default value of swappiness will improve overall performance for a typical installation. There is a consensus that a value of swappiness=10 is recommended for a desktop/laptop and 60 for a server with a hard disk. I have been using a swappiness of 10 on my two MSI U100 Wind computers for many years - they used to have 2 Gbyte of RAM and swap was frequently used. In the case of the Defiant I had 8 Gbytes of memory and Swap was much less likely to be used. The consensus view is that optimum value for swappiness is 1 or even 0 in these circumstances. I have set 1 at present on both the Helios and the Lafite with an SSD to speed them up and minimise disk wear..

To check the swappiness value

cat /proc/sys/vm/swappiness
For a temporary change (lost on reboot) to a swappiness value of 1:

sudo sysctl vm.swappiness=1

To make a change permanent you must edit a configuration file as root:

xed admin:///etc/sysctl.conf

Search for vm.swappiness and change its value as desired. If vm.swappiness does not exist, add it to the end of the file like so:

vm.swappiness=1

Save the file and reboot.

There is another parameter which also has an influence on perceived speed as it influences the inode/dentry cache which is a layer above the block cache, caches directory entries and other filesystem-related things that cost even more to look up than just block device contents. This is even more obscure (especially the name of vfs_cache_pressure) but there are some tests in t https://freeswitch.org/confluence/display/FREESWITCH/SSD+Tuning+for+Linux which indicate that the default (100) can be halved to give an improvement in perceived performance. This is done by adding another line to /etc/sysctl.conf so for the Defiant I have:

vm.swappiness=1
vm.vfs_cache_pressure=50

I have not implemented it on the Helios or the Lafite as the SSD has already gives a huge improvement and extra tuning is unlikely to give any perceivable enhancement.

Inhibit Hibernation

Hibernation (suspend to disk) should be inhibited as it causes a huge amount of write actions, which is very bad for an SSD. If you are dual booting also make sure Windows also has hibernation inhibited - in any case it is catastrophic if both hibernate to the same disk. Ubuntu has inhibited Hibernation but Mint does not and I prefer to change it. An easy way is to, in a terminal, do:

sudo mv -v /etc/polkit-1/localauthority/50-local.d/com.ubuntu.enable-hibernate.pkla /

Note this is a single line and is best copied and pasted it into the terminal.

It moves the settings file that enables hibernation, to the main directory / (root) rendering it ineffective. The new location is a safe storage, from which you can retrieve it again, should you ever wish to restore hibernation. Thanks to https://sites.google.com/site/easylinuxtipsproject/mint-cinnamon-first for this idea. Note:I have not checked and have no views on any of the other information on that page

One needs to reboot before this is active. After the reboot Hibernation should now no longer be one of the options when you close the computer. Applets which try to hibernate will demand root access.

Modifications to GRUB.

No changes are Essential to boot successfully but they save time during booting and give persistence if you have a multiboot system of any sort.

To make these changes we need to edit /etc/default/grub as root:

xed admin:///etc/default/grub

shows /etc/default/grub the start of which typically contains these lines with changed/added lines coloured:

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
# info -f grub -n 'Simple configuration'

GRUB_DEFAULT=saved
GRUB_SAVEDEFAULT=true
#GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=2
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX=""

#...................

GRUB_DEFAULT=0 will boot the first menu item and so on. GRUB_DEFAULT="saved" will boot the same entry as last time which I prefer.
GRUB_SAVEDEFAULT=true - needed to make sure the last used kernel used is saved
GRUB_TIMEOUT=2 will display the grub menu for 2 seconds rather than the default of 10 - life is too short to waste 8 seconds every boot!

After making any changes involving grub you must run sudo update-grub in a Terminal

sudo update-grub

to save the changes into the file actually used during booting - I keep forgetting.

Removing Residual Windows System from boot menu (only if required)

PC Specialists use a windows system for test and even after deleting the partitions they use there may still be an entry in the boot menu because of the residue of the windows boot loader in the UEFI partition.

The easiest solution is to remove the search for other operating systems when the grub menu is created by changing a singe file to be non executable. This is not appropriate if you have a dual boot Linux system as it also does not appear!

This can be done in the file manager and using the write click menu to open the folder /etc/grub.d then right clicking on 30_os -prober -> Properties -> Permisssions tab and unticking the 'Allow Executing file as a Program' box.

You must run sudo update-grub in a Terminal after making any changes involving grub:

sudo update-grub

to save the changes into the file actually used during booting.

Sharing - Users and Operating Systems and between Machines

Mounting Drives for Sharing between users and to optimise security and backup

It is now time for a bit of philosophy about system design. There are a few general principles that I try to adhere to namely:

  1. Keep Data and Operating systems separate - so an operating system can be updated or reloaded independent of users data and configuration ie a separate /home folder under Linux
  2. Provide for multiple Operating systems eg Windows and one or more different Linux systems, and allow them to be selected at boot time.
  3. Allow for multiple users on the same machine selected at login time - so we can take one machine away.
  4. Provide a shared DATA drive for all operating systems and users.
  5. Set up mechanisms to synchronise parts of the shared DATA area between machines as well as users - ie by Unison.
  6. Allow for USB drives to be automounted or left permanently plugged in so all users can access without a reboot.
  7. Provide an additional high capacity Hard Drive for video storage etc if required.

The Partitioning described above covers these points

There are currently some additional technical constraints when implementing the design above.

Solid state disks need to be TRIMed to maintain their writing speed and ntfs file systems do not support that.

We end up with a number of favoured scenarios for a high performance machine:

The various scenarios need different solutions to mounting the shared drives and setting their permissions. In the past I have always had machines dual booted and with a shared ntfs partition and I have documented that solution many times. With SSDs I have to use an ext4 drive and have had to develop a new solution - I thought it would be a common problem but the solutions were few and not entirely satisfactory.

Requirements to correctly mount a 'DATA' Partition

Set up file system to mount an ext4 'DATA' partition to allow sharing by all users using groups.

This is still work in progress and is only required fo multiple users or for syncronising between machines.

Drives of type ext3 and ext4 mounted by fstab are by default owned by root. You can set the owner to the main user but not the group and access rights so other users can access a shared area as you can with an ntfs file system.

You can largely get round this by making sure that all the users belong to all the other users groups if you are prepared to share everything rather than just the DATA drive.

The alternative is to set the group for all files and folders on the DATA drive so it can be accessed by all users. I chose to use the adm group as most users with administrator rights will be a member. An alternative is the sudo group - all sudoers would be able to mount any way so there is no point in keeping them out.

I have a script on the Helios which is run at the correct time during a reboot which sets all the owners, groups [and permissions] after ensuring the file system has been mounted. This is very fast on a small SSD and works well.

My script file is /usr/bin/shareDATAadm which must have execute permission set and should contain:

#!/bin/bash
# shareDATAadm file to set ownership, group [and permissions] of the media/DATA partition mount point
# after a delay to allow the mount to be complete.
# sleep 10
nice -n15 chown 1000:adm -R /media/DATA
# chmod 770 -R /media/DATA
exit 0

The best way is to use the power of systemd to create a service to run our script waiting until the partition has been mounted. The initial idea came from: https://forum.manjaro.org/t/systemd-services-start-too-soon-need-to-wait-for-hard-disk-to-mount/37363/4

First we need to find out the mount points of the drives, so the service can be set up to wait for the /media/DATA drive by:

systemctl list-unit-files | grep .mount

In my case the output looked like:

$ systemctl list-unit-files | grep .mount
proc-sys-fs-binfmt_misc.automount static
-.mount generated
boot-efi.mount generated
dev-hugepages.mount static
dev-mqueue.mount static
home.mount generated
media-DATA.mount generated
proc-sys-fs-binfmt_misc.mount static
sys-fs-fuse-connections.mount static
sys-kernel-config.mount static
sys-kernel-debug.mount static
clean-mount-point@.service static
systemd-remount-fs.service static
umountfs.service masked
umountnfs.service masked
umountroot.service masked
umount.target static
$

and the relevant mount point is media-DATA.mount

We can now create our Unit file for the service which will run our script after the /media/DATA partition has been mounted. So, create a new file in /etc/systemd/system/ as sharedata.service and add the following contents:

[Unit]
Description=Runs script to set owner and group for /media/DATA
Requires=media-DATA.mount
After=mnt-media-DATA.mount

[Service]
Type=oneshot
ExecStart=/usr/bin/shareDATAadm

[Install]
WantedBy=multi-user.target

Note: You need a #!/bin/sh or #!/bin/bash in the first line of the script.

Enable the service to be started on bootup by

systemctl enable sharedata.service

You can check it is all working by

$ systemctl status sharedata.service
Loaded: loaded (/etc/systemd/system/sharedata.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Mon 2018-07-09 01:43:39 BST; 10min ago
Process: 789 ExecStart=/usr/bin/shareDATAadm (code=exited, status=0/SUCCESS)
Main PID: 789 (code=exited, status=0/SUCCESS)
Jul 09 01:43:01 lafite systemd[1]: Starting Runs script to set owner and group for /media/DATA...
Jul 09 01:43:39 lafite systemd[1]: Started Runs script to set owner and group for /media/DATA.
$

Note: This proceedure of using a script works very well on a SSD as everything is very fast but it can take quite a few seconds on large hard drive with tens of thousands of files - see above. It also requires a reboot to trip it when changing users or before a syncronisation using Unison. Because it can take time and resources I have started to use nice to lower the priority for the ownership change in the script and have included it above. For information use man nice

You can easily disable the service from running every boot by

systemctl disable sharedata.service

In practice making sure every user is in every other users groups allows almost everything to work other than some use of Unison so the permissions when the owner and group can be set in a terminal or by running the above script just before synchronisingwith Unison may be better with large hard drives.

Afterwords: The use of a systemd service is a very easy way to start any program at startup which requires root access and is for all users and has wide applicability.

LUKS Encrypted partitions

The above does not work for the situation with LUKS Encrypted partitions mounted at login. I have been considering extending the script with a call which is conditional on the encrypted folder being present and containing files checked as per https://stackoverflow.com/questions/91368/checking-from-shell-script-if-a-directory-contains-files or a known file by https://www.cyberciti.biz/faq/unix-linux-test-existence-of-file-in-bash/. One can also check for a pam_mount like this [ -f /var/run/pam_mount/peter ] && echo "Found" || echo "Not found"

Howto mount an ntfs 'DATA' partition to allow use of unison and other programs which need to set time stamps

The mount point for the DATA partition (/media/DATA) should have been set up during the partitioning but I still find it necessary then edit the file system table /etc/fstab to get it auto-mounting as I want. The problem is that only the owner can reset time stamps on files which is required by some synchronization programs such as Unison. This also makes the choice of initial user important. Again this has been written about in the past at the end of the first reference above and is not of the essence for this write up but for information my section of fstab now looks like.

# /media/DATA was on /dev/sda5 during installation
UUID=2FBF44BB538624C0 /media/DATA ntfs defaults,umask=000,uid=myusername,gid=adm 0 0

The changes firstly set the owner (uid is User id) to the main user who will be the only one who will be able to set timestamps. The second change means that the mask which sets the file permissions allows everyone read write and execute access rather than just the owner and group (adm is a group which most users with administrators will belong to or can be added to) - you may want to keep that tighter.

Change auto-mount point for USB drives back to /media (Advanced and Multiple Users)

Ubuntu (and therefore Mint) have changed the mount points for USB drives from /media/USB_DRIVE_NAME to /media/USERNAME/USB_DRIVE_NAME. This is very logical as it makes it clear who mounted the drive as has permissions to modify it as one switches users. I however have always continued to mount mine to /media/USB_DRIVE_NAME. One can change the behavior by using a udev feature in Ubuntu 13.04 and higher based distributions (needs udisks version 2.0.91 or higher).

Create and edit a new file /etc/udev/rules.d/99-udisks2.rules

xed admin:///etc/udev/rules.d/99-udisks2.rules

and cut and paste into the file

ENV{ID_FS_USAGE}=="filesystem", ENV{UDISKS_FILESYSTEM_SHARED}="1"

then activate the new udev rule by restarting or by

sudo udevadm control --reload

When the drives are now unplugged and plugged back in they will mount at /media/USB_DRIVE_NAME

Optimising some common programs

Googlearth

This has always proved to be a problem in the past but the following proceedure from https://apipeandakeyboard.com/2016/07/03/install-google-earth-with-photos-on-linux-mint-18-64bit/ seemed to work first time on both my machines. I am not sure the lsb-core is required on Mint 19, it seemed to be on 18.x

First open a terminal and enter the following –

sudo apt-get install lsb-core -y -f

Then Download Google Earth

and, if necessary move it to your home folder

and in Terminal run:

sudo dpkg -i google-earth-stable_current_amd64.deb

and it all worked.

See the Helios Ultrabook page for comprehensive list of suggestions.

Functional Tests - Does it all work?

HDMI Output

Video

I use this a lot with HDMI inputs on 1920x1080 TVs at home and on ships and again works fine and one can switch from one to the other or mirrored. I likewise use the HDMI input to my 1920 x 1080 with the Lafite as it does not have a VGA and I can also use an earlier monitor which has 1680x1050 DVI input. If mirroring is set one can unplug and replug the monitor and it sorts itself out automatically. The settings are preserved through a suspend and restart.

Audio

OK

Airplane Mode

Fn F11 has no effect.

Card Reader

Checked and OK

Bluetooth

Checked with several devices and OK

Camera and microphone

I installed cheese to test the video camera which worked fine and used Skype to check both the microphone and camera together and both were fine. Fn F10 toggles the camera as expected.

Power Button and Lid Close

Both work under Mint 19

Function Keys on built in keyboard

The function keys (F1 - F12 etc.) act as hot keys when pressed while the Fn key is held down.

Function Keys & Visual Indicators Action in Windows Action on Laptop built in Keyboard
Fn + F1 Enable or Disable Touchpad Does nothing
Set up Key binding to to Touchpad Toggle using Super F1
Fn + F3 Enable or Disable Sound As expected including screen indicator
Fn + F4 Adjust Keyboard Backlight Cycles through Off, Dim and Bright as expected.
Fn +F5/F6 Decrease or Increase Volume As expected including screen indicator
Fn + F7 Switch Display

Switch's between Screen, HDMI and Mirror
I also have a key binding to 'Displays' in Settings Manager using Super+F7

Fn +F8/F9 Volume As expected including screen indicator
Fn + F10 Toggle camera availability
As expected
Fn + F11 Airplane Mode Does Nothing
Alternative Needed
Set up Key binding 'Airplane Mode On/Off'' to Super+F11
and Super + Shift + F11
Fn + F12 Suspend As expected
Fn + F2 LCD Display on/of As expected

Implementing an Airplane Mode and other Keyboard Shortcuts

Airplane Mode

The lafite has an indicator light for Airplane mode and it can be switched on by Fn F11 under Windows and this turns off all transmitters (Bluetooth and Wifi). It is implemented by a Windows Driver. This does not seem to be a hardware switch but only in software and the light seems just to be an indicator which is unrelated to the hardware. The light does not have any obvious control other than in a dual boot system via windows.

In Mint 15, 16 and 17 the Network Manager -> Settings has a Airplane Mode switch which switches both Wireless and Bluetooth off. But this has been removed in Mint 19 so we need to go back to basics and use rfkill command

So I have set up a keyboard map from Super + F11 to rfkill block all and Alt + F11 to rfkill unblock all

You can see what idt does by

rfkill list

Keyboard Mapping in is found by System Settings -> Hardware section -> Keyboard -> Keyboard Shortcuts tab:

Click Custom Shortcuts then Add custom Shortcut which opens a small window: Set Name to Aircraft Mode and Command: to rfkill block all then Add. Now click on the Aircraft Mode entry which will be in the list and then click twice on space marked unassigned and it will change to New accelerator. Now use the key combination you want to set which is Super + F11

Now we repeat to set up to turn Aircraft Mode Off with rfkill block all and Super +Shift + F11

Display Selection

We can also set up the Display Manager on Super + F7 with command cinnamanon-settings display

Touchpad Toggle

We can We can also set up the Touchpad Toggle on Super + F1 by adding an extra keyboard binding under the existing system -> hardware -> Toggle touchpad state

Performance Tests

Comparison to Helios, Defiant, AMD Athlon 5000+ x64 and MSI Wind U100 i32 performance including 32 versus 64 bit performance differences.

This set of tests has been steadily updated as we gained new machines.

Ubuntu have always recommended running the 32 bit system, certainly for systems of 2 Gbytes memory or under as the additional memory requirements cancel out any gains from the richer instruction set and faster processing. These tests include some comparisons of 32 and 64 bit performance to help separate the differences.

I have done a quick and dirty check on my AMD Athlon 64 dual processor 5000+ with 2 Gbytes of Memory which is on the boundary. Speed in rendering videos (which is a good processor benchmark) was only 5% faster, almost within the measurement noise. Memory use was up 40% on average with quite a wide variation (28% Firefox with many tabs on startup and 54% Thunderbird with many accounts on startup). This is in line with Tests by Phoronix on Ubuntu 13.10 amd64 and i32 where Video and Audio processing showed ~15% gain and only FFTs showed a lot more, in most cases it was a very marginal or none existent gain.

I also used the benchmarks at the end of the System Information program - install hardinfo to access it.

Benchmarks MSI Wind U100 AMD Athlon 5000+ i32 Mint 16 AMD Athlon 5000+ x64 Mint 17.2 Defiant i32 Mint 17.2 Defiant x64
Mint 17.3
Helios x64 Mint 17.3 Lafite x64 Mint 19.0
CPU Blowfish (lower is better) 28.16 8.39 8.07 1.79 1.79 3.11 1.49
CPU CryptoHash (higher is better) 57.7 125.2 145 776 839 407 679
CPU Fibonacci (lower is better) 8.49 2.93 3.53 1.22 1.22 1.51 0.50
CPU N-Queens (lower is better) 17.78 16.09 13.55 0.48 0.45 4.14 6.50
FPU FFT (lower is better) 18.69 6.75 8.16 0.69 0.75 0.88 0.97
FPU Ray tracing (lower is better) 33.82 - 10.28 10.92 3.21 3.71 1.80
GXLSpheres 1920x1080 N/A N/A 11 fps (both quite variable)
18 Mpixels/sec (1680x1050)
Intel Graphics 120 fps 237 Mpixels/sec

Intel: 192 fps
375 Mpixels/sec
Nvidia: 420 fps 830 Mpixels/sec

 

100 fps

198 Mpixels/sec

There is a lot of inconsistencies but the double the number of cores and threads of the Defiant's Core i7 4700MQ 2.4 Ghz (3.4 on Turbo) quad-core (8 thread) processor gives it about a 50% advantage over the Helios's core i5 6200U dual core four thread 2.3 Ghz (2.8 on Turbo) processor. The 8th generation Kaby Lake processor in the Lafite also has a quad core (8 thread) i5 8250 processor and comes close or often betters the 45 watt Core i7 4700MQ processor in these tests.

Video blanking was switched off for GLXSpheres tests by running with:

vblank_mode=0 /opt/VirtualGL/bin/glxspheres64

Battery Life Measurements and and Power Saving Utilities

Saving power on the hard drive (Only for users with a second hard drive)

Recall that I have a second large hard drive mounted as /media/DATA

Use Settings from within the Mint Disks utility [Worthwhile and in use]

The hard drive is used for data and is not in continuous use so there are good reason to optimise its power saving features including the time before it spins down. This is more important on battery as the drive consumes 1.5 - 1.8 watts when powered up fully. The basic control over drives is by hdparm but I note that the Mint Disks utility has a menu item Drive Settings which allows you to set up the same things as hdparam but in a GUI. I have chosen a spin down time of 10 minutes and a APM setting of 131.

Using hdparam directly [Advanced - tested but not in use currently]

Most information indicates adding parameters to /etc/hdparm.conf but examining the options indicate one can set different value for battery and mains power and I tried that as an alternative:

xed admin:///etc/hdparm.conf

To see what you have do

sudo hdparm -I /dev/sda | grep level

SATA Active Link Power Management [Advanced but Worthwhile - In use]

I have just found out about this in https://wiki.archlinux.org/index.php/Power_management#SATA_Active_Link_Power_Management and it does seem to reduce the power but not as much as 1.5 watts probably because of my other power savings already implemented but does seem to add 30 minutes to the battery life.

Warning: Some modes of SATA Active Link Power Management can lead to data loss on some devices. Do not enable this setting unless you initially have frequent backups.

Since Linux 4.15 there is a new setting called med_power_with_dipm that matches the behaviour of Windows IRST driver settings and should not cause data loss with recent SSD/HDD drives. The power saving can be significant, ranging from 1.0 to 1.5 Watts (when idle). It will become a default setting for Intel based laptops in Linux 4.16

The current setting can be read from /sys/class/scsi_host/host*/link_power_management_policy as follows:

cat /sys/class/scsi_host/host*/link_power_management_policy

Available ALPM settings and associated power savings

One needs to implement a new udev rule as a new file /etc/udev/rules.d/hd_power_save.rules with contents:

ACTION=="add", SUBSYSTEM=="scsi_host", KERNEL=="host*", ATTR{link_power_management_policy}="med_power_with_dipm"

The above needs to be cut and pasted as a single line

Note: This adds latency when accessing a drive that has been idle, so it is one of the few settings that may be worth toggling based on whether you are on AC power.

Outcome: Without any special care I am getting about 5 hours battery life playing music over bluetooth with Wifi, keyboard backlight medium and screen brightness set to 30% which is adequate even close to a window in daylight. There seems to be little point in using power saving tools.

Power saving applications - TLP and Laptop Mode Tools

There are also two applications which claim to optimise the power saving settings on linux machines. The are Laptop Mode Tools and TLP. Neither are in the standard repositories and need PPAs to install them. I have tried both and can not truthfully say that either produced any significant savings on the Defiant and I have not bothered on the Helios or Lafite. The main power savings options already seem to be well set up and I am pretty sure I would have seen even a 0.5 watt saving on the Defiant where I have left TLP installed. The links are to Webupd8 articles if you do want to follow up further. The main power savings are gained by turning the brightness down and turning off the keyboard illumination. I got no significant savings from turning Bluetooth off.

Lafite Processor - Power Saving and Turbo Mode Performance

Tests with i7z show that the turbo mode is working and all the cores speed up to ~ 3200 Mhz (see below) and drop to under 700 Mhz on idle.

Screen Shot

The above was obtained with a processor load of about 99% when flat out running a benchmark and both processors are in Turbo mode and running at just over 3200 Mz It shows that the core temperatures are just under 60 degrees and the fan was running at high level like a demented mosquito..

A snapshot can also be obtained like this which was taken when idling:

cat /proc/cpuinfo | grep MHz
cpu MHz : 600.019
cpu MHz : 600.187
cpu MHz : 600.013
cpu MHz : 600.022
cpu MHz : 600.002
cpu MHz : 600.039
cpu MHz : 600.048
cpu MHz : 600.031

Read/Write Performance tests on SSDs

I was interested to find out how much performance gain was coming from the SSD and, in particular, the differences between the Hybrid SATA Hard Drive in the Defiant, the Samsung 850 EVO M2 in the Helios and the latest Samsung 970 EVO mSATA in the Lafite.

systemd-analyze utility

A first check seemed to be the boot time which can be measured is by use of systemd-analyze critical-chain which measures the time taken by the kernel to reach a graphical interface. This is a very real world test although the time here is often masked by the time within the bios and the login times.

The Defiant takes close to 30 seconds under Mint 19 and the 4.15 kernel, the Helios currently running Mint 18.1 with a 4.05 kernel takes just under 2 seconds and the Lafite under Mint 19 with a 4.15 kernel is down to about 1.25 seconds. I have always been disappointed with the Hybrid drive in practice and this just confirms that claims it offers similar performance to an SSD are optimistic.

Since making the initial measurements I have added an SSD to the Defiant and the boot time has dropped to 1.51 seconds althogh part of the drop was disabling theNetworkManager-wait-online.service which was causing a 7 second unrequired wait. I can only think it had got turned on by use of wireless and Bluetooth mice for potential login. So like for like may be an improvement from 22 secs to 1.5 secs. I have added an encrypted home folders to the Lafite and the boot time has increased to 1.95 seconds possible because of that.

Disks utility benchmark

There are few good benchmark programs in Linux but the inbuilt Disks Utility has a useful benchmark built in which I used but for Read performance testing.

Here the Samsung 970 EVO M2 250 Gbyte Read Benchmark recorded an incredible 3.2 Gbyte/sec and very close to the manufacturers specification whilst the older Samsung 850 EVO M2 250 Gbyte achieved 466 Mbyte/sec, only a little less than the specification of up to 540 Mbytes/sec. In contrast the 2 TByte 5400 rpm SATA hard drive achieved an average of 98 Mbytes/sec and seemed to be falling steadily during the test, possibly due to the internal cache.

hdparm utility

The hdparm command line utility has some useful options and enables one to separate the effects of caching.

-t Perform timings of device reads for benchmark and comparison purposes. This displays the speed of reading through the buffer cache to the disk without any prior caching of data. This measurement is an indication of how fast the drive can sustain sequential data reads under Linux, without any filesystem overhead. To ensure accurate measurements, the buffer cache is flushed during the processing.

-T Perform timings of cache reads for benchmark and comparison purposes. This displays the speed of reading directly from the Linux buffer cache without disk access. This measurement is essentially an indication of the throughput of the processor, cache, and memory of the system under test.

@lafite:~$ sudo hdparm -Tt /dev/nvme0n1p7 //Lafite Samsung EVO 970 M2 SSD
/dev/nvme0n1p7:
Timing cached reads: 21302 MB in 1.99 seconds = 10698.25 MB/sec
Timing buffered disk reads: 5658 MB in 3.00 seconds = 1885.73 MB/sec

@helios:~$ sudo hdparm -tT /dev/sda3 //Helios Samsung 850 EVO M2 SSD
/dev/sda3:
Timing cached reads: 8590 MB in 2.00 seconds = 4303.98 MB/sec
Timing buffered disk reads: 984 MB in 3.00 seconds = 327.89 MB/sec

@lafite:~$ sudo hdparm -Tt /dev/sda //lafite 5400 rpm 2.5" Hard Drive
/dev/sda:
Timing cached reads: 22072 MB in 1.99 seconds = 11073.43 MB/sec
Timing buffered disk reads: 364 MB in 3.01 seconds = 120.87 MB/sec

These again show the impressive difference between the Samsung 970 EVO and the Samsung 850 EVO whilst the conventional 2 Tbyte hard drive does better than I would expect.

Using dd from the command line to determine write speed without cache effects.

This test of write speeds takes a chunk of random data on ramdisk. To measure disk speed and not the memory, one must sync the filesystem to get rid of the caching effect. That can be achieved by:

sync ; time sh -c "dd if=/dev/zero of=testfile bs=100k count=1k && sync" ; rm testfile

with that method I get on the Lafite:

@lafite:~$ sync ; time sh -c "dd if=/dev/zero of=testfile bs=100k count=1k && sync" ; rm testfile
1024+0 records in
1024+0 records out
104857600 bytes (105 MB, 100 MiB) copied, 0.108766 s, 964 MB/s

real 0m0.149s
user 0m0.006s
sys 0m0.096s

so the disk data rate is actually 104857600 /0.149 b/sec = 671 MBytes/sec which is ~30% lower than that recorded with caching.

The matching figure for the Helios with the slower Samsung 850 SSD is 320 Mbytes/sec

Issues related to Installing Mint 19 and other upgrade issues

TimeShift considerations

The major new consideration in a fresh install of Mint 19 is TimeShift which is now fundamental to the update manager philosohy. To Quote "The star of the shown Linux Mint 19 is Timeshift. Thanks to Timeshift you can go back in time and restore your computer to the last functional system snapshot. If anything breaks, you can go back to the previous snapshot and it's as if the problem never happened. This greatly simplifies the maintenance of your computer, since you no longer need to worry about potential regressions. In the eventuality of a critical regression, you can restore a snapshot (thus canceling the effects of the regression) and you still have the ability to apply updates selectively (as you did in previous releases)." The best information I hve found about TimeShift and how to use itl is by the author.

TimeShift is similar to applications like rsnapshot, BackInTime and TimeVault but with different goals. It is designed to protect only system files and settings. User files such as documents, pictures and music are excluded. This ensures that your files remains unchanged when you restore your system to an earlier date. Snapshots are taken using rsync and hard-links. Common files are shared between snapshots which saves disk space. Each snapshot is a full system backup that can be browsed with a file manager. TimeShift is efficient in use of storage but it still has to store the original and all the additions/updates over time. The first snapshot seems to occupy slightly more disk space than the root filesystem and six months of additions added another approximately 35% in my case. I run with a root partition / and separate partitions for /home and DATA. Using Timeshift means that one needs to allocate at least an extra 2 fold storage over what one expects the root file sytem to grow to and preferably 3 fold.

In the case of the Defiant the root partition has grown to about 11 Gbytes so the partition with the /timeshift folder neeeds to have at least 22 Gbytes spare if one intends to keep a reasonable span of sheduled snapshots over a long time period. After three weeks of testing Mint 19 on the Lafite my TimeShift folder has reached 21 Gbytes for a 8.9 Gbyte system!

This space requirements for TimeShift obviously have a big impact on the partition sizes when one sets up a system. My Defiant was set up to allow several systems to be employed with multiple booting. I initially had the timeshift folder on the /home partition which had plenty of space but that does not work with a multi-bootsystem sharing the /home folder. Fortunately two of my partitions for Linux systems plenty big enough for use of TimeShift and the third which is 30 Gbytes is acceptable if one is prepared to prune the snapshots occasionally.

One significant area I will look at is reducing the time downloaded package updates are cached (and hence take up space in timeshift) or inhibit caching completely.

There are a number of other options to reducing the storage of seldom used information in the Timeshift Snapshots and I have added a new section on System Housekeeping to reduce TimeShift storage requirements to my page on Sharing, Networking, Backup, Synchronisation and Encryption which addresses this issue in more depth.

Fixes for loss of gksu and gksudo from Mint 19

Use admin:// prefix

Debian, Ubuntu and hence Mint 19 have removed gksu and libgksu. Using a plain sudo to run graphical programs has dangers as configuration changes can end up with configuration files owned by root in your home folder so one needs alternatives.

Users are recommended to use the gvfs admin backend available in Ubuntu 18.04 and Mint 19. You can do this with the admin:// prefix. For instance use:

nemo admin:///etc/default/

or

xed admin:///etc/default/grub

to reach or open the grub file. You will be asked for your admin password. I am sure I will get used to that as an alternative.

Also note there is a right click item in nemo to open a folder as root which I use a lot to reach and then open files as root.

Developers can also use PolicyKit (pkexec) to use elevated privileges for the specific actions where it is needed but that involves creating policies for every program.

Using pkexec - an example policy for xed with root privileges (Advanced users only)

I have created a PolicyKit policy for xed (based on the one already existing for nemo) and placed it in /usr/share/polkit-1/actions/ as org.xed.root.policy

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">

<policyconfig>

<vendor>Xed Project</vendor>
<vendor_url>https://github.com/linuxmint/xed</vendor_url>

<action id="org.xed.root">
<description>Run Xed with elevated privileges</description>
<message gettext-domain="xed">Text Editor</message>
<icon_name>accessories-text-editor</icon_name>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/xed</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>

</policyconfig>

Install Firefox ESR (Extended Support version)

Firefox ESR is available for business ond other uses where considency and a conservative approach is required. This currently offers the earlier version of Firefox (52) which support all my favourite add-ons

sudo add-apt-repository ppa:mozillateam/ppa
sudo apt-get update
sudo apt-get install firefox-esr

Considerations when Installing multiple users

The order is imrtant and must match the original order. This is because new users are added with successive user numbers starting at 1000 and the user names one sees are only aliases for this number. If users are added in a different order they get all mixed up! Groups are also numeric but do not seem to have the same problems. If you want to know the order then use id which will give an output like the following.

$ id
uid=1000(pcurtis) gid=1000(pcurtis) groups=1000(pcurtis),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),115(lpadmin)
~$ id 1001
uid=1001(peter) gid=1001(peter) groups=1001(peter),27(sudo)
~$ id 1002
uid=1002(pauline) gid=1002(pauline) groups=1002(pauline),24(cdrom),27(sudo),30(dip),46(plugdev),115(lpadmin),1000(pcurtis)
~$ id pauline
uid=1002(pauline) gid=1002(pauline) groups=1002(pauline),24(cdrom),27(sudo),30(dip),46(plugdev),115(lpadmin),1000(pcurtis)
~$

See https://ubuntuforums.org/showthread.php?t=1178974 In a terminal do:

sudo apt-get install apt-xapian-index
sudo update-apt-xapian-index -vf

Fix for lack of Wine Font Smoothing

I discovered that fonts were rendering very badly in the version of wine and under Mint 19 - it looked as if there was no font smoothing and it was almost impossible to use my old copy of Dreamweaver MX for HTML editing. I checked that msscorefonts was installed and in the end did a web search and found https://askubuntu.com/questions/219791/improve-gui-appearance-of-wine-applications where there is a script which allows you to select the font smoothing used in wine and choosing Subpixel Smoothing (Cleartype) RGB made a huge improvement.

Fix for Epson SX510w Gutenprint version 5.2.13 driver printing far too dark.

This was a major issue as printed images were completely unacceptable and could not be adjusted in printer settings. I tried adjusting in various programs such as LibraOffice and the image viwer as well as in Printers itself with little effect. Comparison with a different machine showed that a different version of gutenprint print driver was in use in Mint 18.3 where the results were perfectly acceptable without any adjustment. I found that going back to the version 5.2.11 used in Mint 18.3 gave me a perfect working printer as in Mint 18.3.

So what I did, (which may not be the best way but is largely GUI based) was to:

If it is all working you have to make sure they are not updated by the Update Manager and so open the Update Manager and Refresh after which printer-driver-gutenberg which will show as being updated. Do not update but use a right click on the package -> ignore updates for this package.

Fixing Wine after conversion to Mint 19

Wine seems to sometimes hang for up to a minute when running Dreamweaver 2004 MX as well as a number of other odd issues using the Wine version in the Mint Repositories in combination with the existing wine installation in the .wine folder with the version of wine in the repositories and my old wine system in .wine. I found no way of fixing the problems without starting afresh by removing all traces of the old version of wine, reinstalling wine from the WineHQ development branch and reloading all the programs I use in wine. I first tried this in a cloned system.

I basically followed the instructions at WineHQ

1. Remove and purge all old packages related to wiine by:

sudo apt-get remove wine*
sudo apt-get purge wine*

Rename your .wine folder to wine-bak You will need to do this for every user as every user has a complete independent wine system.

If your system is 64 bit, enable 32 bit architecture (if you haven't already):

sudo dpkg --add-architecture i386

Add the WineHQ repository:

wget -nc https://dl.winehq.org/wine-builds/Release.key
sudo apt-key add Release.key
sudo apt-add-repository 'deb https://dl.winehq.org/wine-builds/ubuntu/ bionic main'
sudo apt-get update

Then it is recommended to install the Development branch which is apparently very stable anyway

sudo apt-get install --install-recommends winehq-devel

In the unlikely event that apt-get complains about missing dependencies, install them, then repeat the last two steps (update and install).

Note: The WineHQ proceedure does not at present install the packages for wine-gecko or wine-mono but the first time you install a program in wine you will be asked if you want to download them. You must click Yes to both. You will need to do this for every user as every user has a complete independent wine system which needs these installed..

So find a nice simple Windows program (I used an old copy of Paintshop pro that I know run under wine) and right click and run under wine and download wine-gecko or wine-mono when offered

I found the programs appear in the Cinnamon Menu and often the install programs also offer the option of adding to the desktop which also seems to work.

When running, the wine programs may show up correctly in the panel or need some work as Wine seems to use a greater depth of menu folders than the Menu accepts and some of the .desktop files may need to be moved in ~/.local/shared/applications up a level after which the built in menu editor can be used. Wine programs may show up under 'other' but can be moved using the menu editor available with a right click on the 'standard' Menu.

nemo ~/.local/shared/applications

Once they are in the menu they show correctly in Icing Task manager Applet and can be pinned and started there.

You will also need to install extra Windows fonts

I have so far succesfully installed all the programs I use on a regular basis

  1. Paintshop Pro 4.2 (free circa 1990! but still useful for a quick change to an image)
  2. DreamWeaver MX (as complex as they get)
  3. Picasa 3.9 ( Still a great photo manager)
  4. Irfanview 3.95 with plugins (Nothing does batch operations as well)

Remember: The removal of .wine and reinstalls and re-configurations will now have to be repeated for all the real users.

Improving Network Hostname Lookup

I normally use absolute IP addresses as I have my router set up to deliver fixed addresses but it is nice to be able to use the machine names in SSH, Nemo 'Connect to Server' and Unison. One has to use hostname.local for that but there is a problem with avahi which either prevents it or makes it unreliable. See https://forums.linuxmint.com/viewtopic.php?t=103786 .

I stopped the avahi-daemon by

sudo service avahi-daemon stop

and it seemed to resolve the problems.

You can stop it being started at boot by:

sudo systemctl disable avahi-daemon.service

and if you find you need it for other purposes you can re-enable it by:

sudo systemctl enable sharedata.service

Encrypting your home folder - new

The ability to encrypt your home folder has been built into Mint for a long time and it is an option during installation for the initial user. It is well worth investigating if you have a laptop but there are a number of considerations and it becomes far more important to back-up your home folder in the mounted (un-encrypted) form to a securely stored hard drive as it is possible to get locked out in a number of less obvious ways such as changing your login password incorrectly.

There is a passphrase generated for the encryption which can in theory be used to mount the folder but the forums are full of issues with less solutions! You should generate it for each user by

ecryptfs-unwrap-passphrase

Now we will find there is considerable confusion in what is being produced and what is being asked for in many of the encryptfs options and utilities as it will request your passphrase to give you your passphrase!. I will try to explain. When you login as a user you have a login password or passphrase. The folder is encrypted with a much longer randomly generated passphase which is looked up when you login with your login password and that is whatt you are being given and what is needed if something goes dreadfull wrong. These are [should be] kept in step if you change your login password using the GUI Users and Groups utility but not if you do it in a terminal. It is often unclear which password is required as both are often just referred to as the passphrase in the documentation.

Encrypting an existing users home folder.

It is possible to encrypt an existing users home folder provided there is at least 2.5 times the folder's size available in /home - a lot of waorkspace is required and a backup is made.

You also need to do it from another users account. If you do not already have one an extra basic user with admin (sudo) priviledges is required and the user should be given a password otherwise sudo can not be used.

You can create this basic user very easily and quickly using Users and Groups by Menu -> Users and Groups -> Add Account, and set Type to Administrator provide username and Full name... -> Create -> Highlight User, Click Password to set a password otherwise you can not use sudo.

Restart and Login in to your new basic user. You may get errors if you just logout as the gvfs file system may still have files in use.

Now you can run this command to encrypt a user:

sudo ecryptfs-migrate-home -u user

You'll have to provide your user account's Login Password. After you do, your home folder will be encrypted and you should be presented with some important notes In summary, the notes say:

  1. You must log in as the other user account immediately – before a reboot!
  2. A copy of your original home directory was made. You can restore the backup directory if you lose access to your files. It will be of the form user.8random8
  3. You should generate and record the recovery passphrase (aka Mount Passphrase).
  4. You should encrypt your swap partition, too.

The highlighting is mine and I reiterate you must log out and login in to the users whose account you have just encrympted before doing anything else.

Once you are logged in you should also create and save somewhere very safe the recovery phrase (also described as a randomly generated mount passphrase). You can repeat this any time whilst you are logged into the user with the encrypted account like this:

user@lafite ~ $ ecryptfs-unwrap-passphrase
Passphrase:
randomrandomrandomrandomrandomra
user@lafite ~ $

Note the confusing request for a Passphrase - what is required is your Login password/passphrase. This will not be the only case where you will be asked for a passphrase which could be either your Login passphrase or your Mount passphrase! The Mount Passphrase is important - it is what actually unlocks the encryption. There is an intermediate stage when you login into your account where your account login is used to used to temporarily regenerate the actual mount passphrase. This linkage needs to updated if you change your login password and for security reasons this is not done if you change your login password in a terminal using passwd user which could be done remotely. If you get the two out of step the mount passphrase may be the only way to retrieve your data hence the great importance. It is also required if the system is lost and you are accessing backups on disk.

The documentation in various places states that the GUI Users and Groups utility updates the linkage between the Login and Mount passphrases but I have found that the password change facility is greyed out in Users and Groups for users with encrypted home folders. In a single test I used just passwd from the actual user and that did seem to update both and everything kept working and allowed me to login after a restart.

Mounting an encrypted home folder independently of login.

A command line utility ecryptfs-recover-private is provided to mount the encrypted data but it currently has several bugs when used with the latest Ubuntu or Mint.

  1. You have to specify the path rather than let the utility search.
  2. You have to manually link keychains with a magic incantation which I do not completely understand namely sudo keyctl link @u @s after every reboot. A man keyctl indicates that it links the User Specific Keyring (@u) to the Session Keyring (@s). See https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1718658 for the bug report

The following is an example of using ecryptfs-recover-private and the mount passphrase to mount a home folder as read/write (--rw option), doing a ls to confirm and unmounting and checking with another ls.

pcurtis@lafite:~$ sudo keyctl link @u @s
pcurtis@lafite:~$ sudo ecryptfs-recover-private --rw /home/.ecryptfs/pauline/.Private
INFO: Found [/home/.ecryptfs/pauline/.Private].
Try to recover this directory? [Y/n]: y
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] n
INFO: To recover this directory, you MUST have your original MOUNT passphrase.
INFO: When you first setup your encrypted private directory, you were told to record
INFO: your MOUNT passphrase.
INFO: It should be 32 characters long, consisting of [0-9] and [a-f].

Enter your MOUNT passphrase:
INFO: Success! Private data mounted at [/tmp/ecryptfs.8S9rTYKP].
pcurtis@lafite:~$ sudo ls /tmp/ecryptfs.8S9rTYKP
Desktop Dropbox Pictures Templates
Documents Videos Downloads Music Public
pcurtis@lafite:~$ sudo umount /tmp/ecryptfs.8S9rTYKP
pcurtis@lafite:~$ sudo ls /tmp/ecryptfs.8S9rTYKP
pcurtis@lafite:~$

The above deliberately took the long way rather than use the matching LOGIN passphrase as a demonstration.

I have not bothered yet with encrypting the swap partition as it is rarely used if you have plenty of memory and swoppiness set low as discussed earlier.

Once you are happy you can delete the backup folder to save space. Make sure you Delete it (Right click delete) if you use nemo and as root - do not risk it ending up in a root trash which is a pain to empty!

Feature or Bug - home folders remain encrypted after logout?

In the more recent versions of Ubuntu and Mint the home folders remain mounted after logout. This also occurs if you login in a consul or remotely over SSH. This is useful in many ways and you are still protected fully if the machine is off when it is stolen. You have little protection in any case if you are turned on and just suspended. Some people however logout and suspend expecting full protection which is not the case. In exchange it makes backing up and restoring a home folder easier.

Backing up an encrypted folder.

A tar archive can be generated from a mounted home folder in exactly the same way as before as the folder stays unencrypted when you change user to ensure the folder is static. If that was not the case you could use a consul (by Ctrl Alt F2) to login then switch back to the GUI by Ctrl Alt F7 or login via SSH to make sure it was mounted to allow a backup. Either way it is best to logout at the end.

Another and arguably better alternative is to mount the user via encryptfs-recover-private and backup using Method 3 from the mount point like this:

sudo ecryptfs-recover-private --rw /home/.ecryptfs/user1/.Private

cd /tmp/ecryptfs.8S9rTYKP && sudo tar cvpzf "/media/USB_DATA/mybackupuser1method3.tgz" . --exclude=.gvfs

Restoring to an encrypted folder - Untested

Mounting via encryptfs-recover-private --rw seems the most promising way but not tested yet. The mount point corresponds to /home (see example above) so you have to use Method 3 (or 4) to create and retrieve your archive in this situation namely:

cd /home/user1 && sudo tar cvpzf "/media/USB_DATA/mybackupuser1method3.tgz" . --exclude=user1/.gvfs
# or
cd /tmp/ecryptfs.8S9rTYKP && sudo tar cvpzf "/media/USB_DATA/mybackupuser1method3.tgz" . --exclude=.gvfs

sudo tar xvpfz "/media/USB_DATA/mybackupuser1method3.tgz" -C /tmp/ecryptfs.randomst

These are all single lines if you cut and paste. The . (dot) means everything at that level goes into the archive.

Solving Problems with Dropbox after encrypting home folders

The following day to when I encrypted the last home folder I got a message from Dropbox say that they would only support EXT4 folders under Linux from 3 months time and encryption would not be supported. They also noted the folders should be on the same drive as the operating system.

My solution has been to move the dropbox folders to a new EXT4 partition on the SSD. What I actually did was to make space on the hard drive for a swap partition and move the swap from the SSD to make space for the new partition. It is more sensible to have the swap on the hard drive as it is rarely used and if it is it ends to reduce the life of the SSD. Moving the swap partition need several steps and some had to be repeaed for both the operating systems to avoid errors in booting. The stages in summary were:

  1. Use gparted to make the space by shrinking the DATA partition by moving the end
  2. Format the free space to be a swap partition.
  3. Right click on the partition to turn it on by swapon
  4. Add it in /etc/fstab using blkid to identify the UUID so it will be auto-mounted
  5. Check you now have two swaps active by cat /proc/swaps
  6. Reboot and check again to ensure the auto-mount is correct
  7. Use gparted to turn off swap on the SSD partition - Rt Click -> swapoff
  8. Comment out the SSD swap partition in /etc/fstab to stop it auto-mounting
  9. Reboot and check only one active partition by cat /proc/swaps
  10. Reformat the ex swap partition to EXT4
  11. Set up a mount point in /etc/fstab of /media/DROP; set the label to DROP
  12. Reboot and check it is mounted and visible in nemo
  13. Get to a root browser in nemo and set the owner of media/DROP from root to 1000, group to adm and allow rw access to everyone.
  14. Create folders called user1, user2 etc in DROP for the dropbox folders to live in. It may be possible to share a folder but I did not want to risk it.
  15. Move the dropbox folders using dropbox preferences -> Sync tab -> Move: /media/Drop/user1
  16. Check it all works.
  17. Change folders in KeePass2, veracrypt, jdotxt and any others that use dropbox.
  18. Repeat from 15 for other users.

Dropbox caused me a lot of time-wasting work but it did force me to move the swap partition to the correct place.

Outstanding Issues and Quirks still in progress.

I can not find a 12 volt power supply and the socket is different to any of my other power supplies. I am looking at packs of multi adapters or I will end up with an extra small 12v to 240v invertor on the boat.

I now have a Bestek 150 wall inverter from Amazon which is only 150 gms and plugs in directly to a cigar lighter socket. It has a small fan and runs cold with just the 40 watt laptop supply. I have yet to try it with the 120 watt PS for the Defiant as it may be better than carrying an extra 12v supply.

Overall Conclusions

The Lafite works 'out of the box' with Linux Mint 19 and needs little tuning. The performance exceeded my most optimistic expectations. The only significant problems I have experienced have been unique to my set up and are to do with using Mint 19 with a home folder transfered from machine to machine and going back to 2006 so are not surprising.

The boot times are much faster than the Defiant see earlier measurementsThe processor benchmarks with the 4 core 8 thread 8th generation i5 Kaby Lake Revisited processor are significantly better than the Helios with a 6th generation i5 2 core 4 thread Skylake processor and within a few percent of the Defiant with an i7 4th generation Haswell processor. The internal Intel 620 graphics are not as fast as the discrete processor on the Defiant but I have never had to use the Defiants graphics for real in 5 years! Overall it feels much faster than the Defiant in normal use.

The Clevo chassis is much better built than the Topstar chassis on the Helios and the keyboard has a better key arrangement with full size keys like the Defiant. The touchpad is much better than the Helios and works with multi-touch. The charging is also several times faster than the Helios. Battery life is adequate at just over 5 hours. Charging plug is non standard and 12 volt chargers are not available but it seems to work well off a small (150gm) 150 watt invertor from Bestek on the boat.

The only thing I can object to is the name which has no significance other than a possible but irrelevant reference to an expensive French wine or from the Gascon term for a small hill!

Before You Leave

I would be very pleased if visitors could spare a little time to give me some feedback - it is the only way I know who has visited, if it is useful and how I should develop it's content and the techniques used. I would be delighted if you could send comments or just let us know you have visited by Sending a quick Message to me.

Link to W3C HTML5 Validator Copyright © Peter & Pauline Curtis
Fonts revised: 28th April, 2021