Ubuntu 16.04 Compiz Hang Kernel

After Ubuntu published the latest Kernel Patches for Meltdown and Spectre the Kernel 4.4.0-104/109-generic let Intel Graphics freeze or hang on Compiz with Unity.

Howto fix:

Install the latest Kernel 4.4.0-112-generic

do:
sudo apt-get install linux-image-4.4.0-112-generic
sudo apt-get install linux-image-extra-4.4.0-112-generic

reboot

then:

sudo apt-get autoremove --purge -y

This removes older kernels and save Space! Do test the PC for hanging again!!!

Debian: without sytemd

If you run Debian Servers, you read last weeks about security problems of systemd service manager.

On several tests i have seen much systems having problems on service starts on boot like on debian, raspian ..

This is a result of not clean redesigned scripts of the services by the Maintainers like the Proxy Server “privoxy” Package…

For Tests i decided to try the new Debian Fork Replacement DEVUAN  for Desktop and a standard Debian Server Setup without systemd!

Howto purge Systemd on a Debian System read this external Wiki:

http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation

or try Devuan for Server and Desktop:

https://devuan.org/

Remark: Devuan is tested for Desktop usage cause customized scripts and packages like polkit for EASY setup!

Security: Disable USB Drive mount for Users

If you share your Systems and you want to disable USB Drive connects there is a small solution. By default the gvfs Service handle all automounts and drive scans. On old Linux Systems you could purge the complete gvfsd “Backend” but Ubuntu-Desktop forces some pakets to the default Desktop Package! If you purge it the working Desktop can be destroyed!

It’s easier to disable the “USB Drivers” called Modules from load on Start! Cause Rules are “Software” and can FAIL unknown!!

Howto? Edit the /etc/modprobe.d/blacklist.conf and add:

blacklist usb_storage
blacklist uas

Update initramfs (Kernel Image)

update-initramfs -u -k all
reboot

Now try to plugin USB Sticks , they should now be ignored!

To enable USB Drives temporaily do:

$sudo modprobe uas
$nautilus

Now the USB Stick should be able to mount for root!

Advantage? No gvfs, org.freedesktop rules or package deps are touched!

Remark: On Laptops DISABLE all USB Devices for Security Reasons! There should now “Fake Keyboard” or “Fake Mouse” be able to enter the Systems!!! (USB Kill Sticks)

Security: Isolated Browser eMail Programs

If you want to be more secure, on Linux you can isolate used programs on different Users! All you need is installed by default!

isolated firefox thunderbird

Howto:

  • Add a new User for eMail and Browser to the System with:

$sudo adduser mailuser
$sudo adduser webuser

  • now install if not installed by default “gksu” User Switch

$sudo apt-get install gksu

  • copy now the default App Links to webuser’s Home Desktop, for mailuser enter mailuser’s name

$cp /usr/share/applications/firefox-esr.desktop /home/webuser/Desktop/firefox-esr.desktop

  • edit the firefox-esr.desktop by right click on nautilus or a editor and change command line:
  • old:

/usr/lib/firefox-esr/firefox-esr %u

  • to:

gksu -u webuser -w "/usr/lib/firefox-esr/firefox-esr %u"

  • save and exit
  • Now to test click on the Firefox App Link and a Password is asked! Enter the webuser password and you use Firefox on a isolated Account!
  • Do same for thunderbird eMail Client! that no bad Code can access your Emails!
  • Set the Home Folder rights for webuser and mailuser to 700 with:

$sudo chmod 700 /home/webuser
$sudo chmod 700 /home/mailuser

  • Remark: Same Technics available at Windows or other Unix Systems, alternate use VNCSERVER! a App to run Desktops inside Desktops!
  • Advantage: Programs run on isolated RAM Space!

Chrome Browser: Disable Password Passphrase Autologin Seahorse

Today i got a call and was asked how to STOP Seahorse from asking with a Passphrase Popup after opening Chrome or Chromium Browser:

Seems that google implementated a new Tool for Security to Prevent Access to STORED Browser Passwords, BUT this won’t work on Desktops with USER AUTOLOGIN like Lightdm!

Howto:

  • open a Terminal an enter

ln -s /usr/share/applications/google-chrome.desktop /home/username/Desktop/google-chrome.desktop

    • Now open the new Icon on the desktop with the mouse right click
    • Change Command Line for Chrome :

google-chrome-stable --password-store=basic %U

  • or for (chromium):
  • chrome browser disable password
  • Now open the Browser with the new Icon Link
  • On Ubuntu you can hold the Icon at the Taskbar after open the App with Store on the Taskbar
  • Changed only on  the User Desktop prevent you from Change the App by default for other Users!
  • Changed only on  the User Desktop prevent Chrome Updates from overwriting the new Command!

Linux: Bash Script Time Saver Session Timer

If you use daily the Internet you know how fast the Time passes. The Internet Research can grab a lot of time without that you feel it. Thats wasted time!

For saving Time on Linux you display a Timer Message on the User Screen after some Time, which let you remark that XX Minutes are gone.

The Linux Tool who can offer this is called “gxmessage”

Howto:

  • Install gxmessage if not installed with $sudo apt-get install gxmessage
  • open the root Crontab with $crontab -e
  • Enter this code (Username = User!):

*/10 * * * *    sudo -u username DISPLAY=:0.0 gxmessage -center "Again 10 Minutes gone.." > /dev/null >2&1

  • After 10 Minutes left, the popup remind you to close your work or Internet Session
  • Perfect Tool for Children to remind them to close the Laptop
  • gxmessage time saver timer

Ubuntu: Release Change

If you use Ubuntu on your Systems, you perhaps read last weeks about a new Release Version.

I am often asked, must i upgrade now?

My answere at first is not really, cause the new Versions are not cleaned up by all bugs and the User or Admin must recheck against the new advantages of the new Releases for production usage. I prefer to wait 3 Month after a Release by Ubuntu is published. But if you setup a very new Hardware your are often forced to take the LAST Release Version, cause it supports newest Hardware Chips by the latest Kernel (for example Laptop mixed Chips Wifi/Bluetooth/USB3.0).

Remark: You should read the “release notes” of the Versions, cause this can prevent you from running into trouble or “black screens”.  DONT forget to Backup the old OS if you try to start the Upgrade. Fresh Setup’s are often smaller and more free of Bugs as “upgraded Systems”! Cause sometimes the old Configs are not all updated or replaced! (User-Homes). New Releases can allocate MORE Disk Space and offer new Call Home Sniffing Tools, RECHECK open Ports, running Processes and Privacy Settings!

On Companies you must always setup a “Lab PC” for Testing the new Releases before rolling out the OS.

Print this Release Timeline out to be updated daily..

ubuntu releases timeline
ubuntu releases timeline

Ubuntu: Deja-Dup Backup Freeze Desktop

If you use Ubuntu Desktop 16.10 you will run sometimes into freezes of the Desktop with a Default Setup.

Background: Theres a known Bug of the Deja-Dup Backup Service which is started by Cron. The Service take 100% Ram and 100% CPU usage. This did my PC with 16GB Ram too! Only HARD RESET helps to get back Control!

Solution:

  • Purge the deja-dup service with:

$sudo apt purge deja-dup

  • Use instead the “rsync” tool by command line with users crontab to Backup your User Homes to external or 2nd. Disk.

This should fix the problem.