Posted on

Debian on AWS Lightsail

This is a setup of several items, starting with Debian 9 on Amazon AWS Lightsail. This has server basics and apt, and then follows with links to additional articles. In general, after several years of running CentOS on Linode, and then Amazon Linux AMI on EC2 and Lightsail, I find that Debian 9 is simply faster, just as secure, and at least slightly easier to use.

While there are many flavors of linux, clearly two particular lineages predominate: RHEL/CentOS/AMI and Debian/Ubuntu/Mint. Either are just as valid, though of course niche requirements may make one or the other more attractive. Android and ChromeOS are even more popular, but we are dealing with server OS here. For me, Debian on the desktop via LMDE3 (Linux Mint Debian Edition) is currently a favorite.

AWS Lightsail is a decently priced VPS package. Equivalents can be found in various first and second tier cloud providers such as Digital Ocean, Vultr, Linode, and perhaps even Azure and Google Cloud, who knows? Anyone with any experience with AWS can leverage this with Lightsail, though the main web interface is a bit different.


Related Artices in Debian Services and Applications - Debian on AWS Lightsail - OpenVPN on Debian + UFW Firewall - Nginx and Letsencrypt on Debian - PHP & MariaDB on Debian

- Grav CMS on Debian

Choose Debian Distribution

On Lightsail as of late 2018 Debian 9.5 is an option. - Install PHP from special repository sources (found in the Running PHP on Debian article) - Install special packages from Backports when needed (such as certbot) - Use apt install PACKAGE -y -t stretch-backports

Example:

sudo apt install -y python-certbot-nginx -t stretch-backports

Packages available from Distributions

Update Debian

sudo apt update -y
sudo apt update -y -t stretch-backports

Upgrade Debian

Do some checks and then execute upgrade and dist-upgrade: Note: accept the locally modified files for upgrading when asked.

sudo apt upgrade -y
sudo apt upgrade -y -t stretch-backports

Note: can have system service restarts be done automatically, when asked.

Upgrade Debian Distribution

This will change from one release to the next if there is a next one for the version being run (e.g., stable).

sudo apt dist-upgrade -y

Next, run the command to reload the terminal session:

hash -r

Steps in Configuration

Server Basics Steps

  • Configure servername, ip addresses
  • Apt, Configure repositories, Update, Upgrade, Clean, etc.

Servername, IP Addresses

For private IP Addresses

ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'

For a public IP address (esp. Amazon AWS Elastic IP)

curl -4 icanhazip.com

Apt Sources List

ls -la /etc/apt

and see what is in subdirectories

Installed packages

dpkg-query -l

apt-get commands

Note, this is largely obsolete with the apt command set -- need to UPDATE this section below

apt-get clean
apt-get autoclean
apt-get dist-upgrade
apt-get clean
apt-get check
apt-get autoremove
  • autoclean deletes .deb files from local cache
  • clean deletes .deb files from distribution installation
  • autoremove removes previous, but no longer needed dependencies
  • dist-upgrade deals with dependencies, not just applications, and will add/remove/upgrade them
  • apt-get check will check for dependencies missing

note: difference between apt-get remove xyz vs. apt-get purge xyz, as the first preserves configuration files (for possible later use)

Completely Remove Packages

sudo apt-get --purge remove package-name
Posted on

IPA Keyboard Layout

Well, it turns out, there is no such thing, per se, as an IPA Keyboard Layout, at least not in the sense that there are keyboard layouts for various languages and layout styles (e.g., English, Dvorak, etc.). This seems to me to be a tremendous oversight, though it obviously came about because someone thought supporting the entire Unicode space for the IPA was a great idea, and the only idea. There are two things needed to have an IPA Keyboard Layout that would be functional for someone working in one or a few select languages: - A Keyboard Layout File, such as discussed here for X11 support (Linux) - One or more fonts that provide the support needed -- which includes a wide variety of unicode symbols plus the specific ipa unicode extension block. And preferrably fonts with multi-lingual support so that a mixture of IPA and one or more languages would by typographically elegant, or at least not jarringly unaesthetic.

IPA Character Support for a Given Language

The first step is to get a useful/functional/popular mapping of a language to IPA characters. For a language with diverse dialects, some standard form needs to be determined. Along with this is the likelihood of supporting two languages. For example, if the target language is Thai, the supporting/documenting language is likely English or another foreign language. Both Thai and English IPA character spaces need to be determined, and together they should map out the shared space, in a Venn-like diagram.

Determine Key Mapping Desired for Charcter Space

A simplistic approach would be taking the 26 characters in English and mapping those keys (lowercase and uppercase) to obvious matches, and expanding into punctuation keys as needed. Requirements for dead keys and multi-keystrokes in general might be avoidable. The main approach should be to reuse as much of the current set of wheels available rather than re-inventing one's own.

Build Keycap File and Print Keycaps

It seems straightforward to have keycaps that would support two languages and IPA. This would provide a nice intermediary, additional script which could support both of the other two languages. For some languages which maintain a large portion of the alphabetic character space in English, a third (fourth) script might be able to be acommodated, such as: English, IPA, Thai, and Vietnamese; perhaps even English, Indonesia, IPA, Thai, and Vietnamese.

Posted on

Linux Mint Debian Edition 3

Note: since Debian has Cinnamon built-in as a desktop choice on install, and since the rest of Mint is Ubuntu or Debian (LMDE), it seems a bit nonsensical to go Mint when I can go Debian +Cinnamon.

This document will be somewhat regularly updated with information, and will start out sparse.

  • Debian installation with Gnome3 is such a shit show. Sorry guys but way too unpolished, as in unclean.
  • On the other hand, I've got excellent timing with the LMDE3 beta release on 31-July-2018. Here it is 31-August-2018 and I'm completely impressed with Linux Mint Cinnamon on Debian 9. This is they way things ought to be. Coming from OSX 10.10 (Yosemite) and also having spent a bit of time in ChromeOS 69-70, I have to say that Linux Mint Cinnamon on Debian is just simply way, better. In fact, it really should take on another acronym of the same name, LMDE - Lunar Module Descent Engine. The metaphor of the Pintile Injector completes the picture. Debian and its accompanying applications is the fuel and Linux Mint / Cinnamon is the oxidizer. Together there is kick ass and elegant movement, dancing among the stars.

Update - Early 2019 - Turns out that Cinnamon is a desktop environment natively available as an option when installing Debian. That appears to be a better choice rather than an entire other distribution that is patched together between Cinnamon and Debian, and various other Cinnamon/Mint applications (most of which I don't choose to use or could get elsewhere).


Note: for parallel reasons, I'm also moving over to Debian from my standard CentOS and Amazon Linux distributions. CentOS I've used for a while, and it is the basis of Amazon Linux. However, Amazon isn't really the greatest cloud provider and their customer service is in the toilet these days. On the other hand, the Linux Containers running on ChromeOS are Debian, so that is where I am headed. In addition, Debian is of course one of the major distributions and is available on most cloud platforms. Debian 8 on Amazon Lightsail and Linux Mint Debian Edition (Debian 9) on the desktop. A most delightful set of twins.

Debian Application Management

apt, .deb, Software Center (avoid), flatpak, .appimage

Apt

Standard package management can be done from apt-get or aptitude in Debian. Both are interfaces into apt. Installation using .deb files while possible, doesn't make as much sense. apt-get is the standard command-line interface to apt (Advanced Package Tool) package management for updating Debian and applications, akin to yum in the CentOS world. Note that apt-get is the most popular tool for package management. aptitude is another front-end to apt.

Actually, apt is pretty much what one wants to use on the command line, and then the Software Center (sometimes with flatpak) as a second choice, and .deb downloadable installations when necessary, as well as the odd .appimage

See these clarifying remarks re: apt vs. apt-get.

sudo apt update -y
sudo apt upgrade -y
sudo apt dist-upgrade -y (when upgrading to a new release)
sudo apt autoremove -y
sudo apt update -y -t stretch-backports
sudo apt upgrade -y -t stretch-backports

The similar command using apt simply doesn't work.

Debian File System and Directory Structure

more here (later)

Security and Accounts

By default the root login is disabled, which if there is a need to emergency boot, will cause no end of headaches. Undo that:

sudo su
passwd

Quick - How to Update All Apps

Note that not only apt but the backports repository need to be queried, as well as flatpak

sudo apt update -y
sudo apt upgrade -y
sudo apt autoremove -y
sudo apt update -y -t stretch-backports
sudo apt upgrade -y -t stretch-backports
sudo flatpak update -y

See also: Using Flatpak Docs

Note: best to run each of these lines individually as otherwise something might be missed.

Applications Installed and To Install

Pre-Installed Apps on LMDE

Pre-installed with LMDE3 are quite a few applications, applets, and the like. The ones we prefer to use include:

  • GIMP
  • Libre Office
  • Transmission
  • Openssh-client

However, some of these lag behind in updates and this means going to different distribution sources.

Apps to Install on LMDE

There are many to install, and they are installed in a variety of ways. We prefer to use the Software Center when possible, apt-get when not, and .deb files when neither of the first two are available.

Software Center Apps

(note: this is not a great place to get applications since they tend to be older distributions that are not updated (at least not very often)

  • Audacity (audio editor)
  • Filezilla (sftp)
  • KeepassXC (password/OTP utility)
  • Calibre (ebook/document library)
  • Autossh (autorestart ssh)
  • Gtkpod (ipod manager)
  • Praat (speech analysis)
  • Stellarium (sky generator)

Apt Apps

  • htop
  • etc.

.Deb GDebi Package Installer Apps

(note, these can be updated via apt update)

  • Atom Editor
  • Chrome Browser
  • Insync (GSuite Drive File Sync)

Install Script Installer Apps and Drivers

  • Printer driver
  • Scanner

.appimage Apps

  • LMMS (audio editor)

Flatpak Apps

  • Quod Libet (music library)
  • Inkscape (vector graphics editor)
  • MuseScore (music score editor)
  • Shotcut (video editor)
  • Telegram Desktop (chat/voice/file sharing)

First, install flatpak

sudo apt install flatpak -y
sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

Apps to Remove from Software Manager

  • Rhythmbox
  • Etc.

Configuration Issues

There are various tweaks and whatnot. It is simplest to go through Settings, Applets, and Panel systematically, also turn on the Firewall and set the Windows/Command key to Control in the Keyboard if using external keyboards of that ilk; enable additional keyboards as well.

Posted on

Kindle on ChromeOS

Dealing with a Kindle (and ebook collection) on ChromeOS requires a different set of tactics than the more straightforeward use of Calibre (unless using it in Crostini is a choice).

Functionality Required for Kindle on ChromeOS

The basic functionality required includes: - Uploading to Kindle device; - Downloading from Kindle device; - Converting files from epub to mobi (to get epubs into the Kindel) and azw to epub, plus some cracking software, to get azw to epub (ebooks bought off the Amazon Kindle store)

Calibre on Debian (ChromeOS with Linux Container Crostini)

Below includes various work-around options, but the functionality and ease of operation (the kludgy interface notwithstanding) of Calbre makes that the go-to option. Note that the instructions for installing Calibre on Linux on the Calibre website are garbage. Just used the standard Debian install command and agree to install dependences.

sudo apt-get install calibre

Note that as of 05-Aug-2018 the usb interface is not yet available to the Linux Container VMs in Crostini. However it appears there is active work being done on it, according to the Chromium bugtracker.

Uploading to the Kindle Device from ChromeOS

Uploading from ChromeOS to a Kindle device is done in one of two ways: - Plug in Kindle over USB and copy a *.mobi file in it to the Kindle /documents/ directory using the ChromeOS File Manager - Install the Kindle Android app and an Android File Manager app. Once this is done, right-clicking on a *.mobi file will include the option of sharing/sending, and then select the Send to Kindle option.

Downloading from a Kindle device with ChromeOS

  • The simplest approach is to do so with a file manager (ChromeOS or Android) over USB.
  • Unfortunately sometimes there are several files rather than a single one, in which case downloading from the Amazon store Manage my Content and Devices section. Clicking on the three dots next to any given ebook (not including samples) includes the option Download and Transfer via USB.
Posted on

Crostini – Linux on ChromeOS

Once configuring Linux apps, a default debian 9 (stretch) container is created. The default login is username@penguin. From there: - sudo apt update - sudo apt upgrade

Notes

Things to do: modify boot drive (resize), mount new drive on external media and use for app installation, update fonts in that environment to improve Inkscape, GIMP, etc.

Posted on

Linux Kernel on the March

As of early 2018, ChromeOS and Desktop Linux have both crossed the 3% threshold. Android is approaching 50% for OS market share, and is in excess of that in terms of new devices. Heady times for the Linux Kernel indeed. While Android uses the Linux Kernel, nearly everything else in Android is customized, and therefore it doesn't have any distribution linneage to speak of. ChromeOS is derrived from Gentoo Linux, a custom build linux distribution. As far as Desktop Linux, it is led by Ubuntu, a Debian-based distribution, Mint, an Ubuntu-based distribution, Debian itself, and Fedora, a member of the Amazon Linux/CentOS/Red Hat family. Server-side there is: Amazon Linux/CentOS/Red Hat, Debian/Ubuntu, and Suse. Arch Linux is also considered a popular Desktop/Server though it is hard to find stats that show this. Linux-based/derrived operating system interoperability is interesting and progressing, especially between ChromeOS and Android, as well as the possibility of support for running linux apps using Crostini on ChromeOS. Our guess is they will run inside the same kind of environment as Android apps.

Crouton Dual-Boot ChromeOS and Linux

This is an oldie but goodie, essentially running Linux in a chrooted environment on top of ChromeOS, pretty much how Android runs, I am guessing.

Firmware for intel Chromebooks

ARM not supported, but some nice coreboot/firmware at Mr. Chromebox.

Linux on Chromebooks

The main focus is on intel, which is where Linux has its expertise. A popular choice is GalliumOS, but the hardware requirements are limited to intel.

Rooted ChromeOS + Android Apps

The easiest approach for a bit more control and functionality is a combination of Developer Mode which provides root access, as well as Android Apps. Quite useful and not too much fiddling needed. See more about ChromeOS apps and configuration.

Posted on

Linux Desktop – Apps, Config

This is about linux desktop issues (as opposed to server), and mainly deals with desktop-style configuration. See this post about shell and command-line utilities and environments. - See also ChromeOS - Apps, Config, Utilities for the companion article on ChromeOS.

Apps to try in the Future

Android Apps

Apps and Utilities Not Available on ChromeOS

But can be run on Linux... - Calibre - Google Cloud Print Connector for directly connected/sharing Samsung ML-1860 - Rhythmbox for connecting/managing music and the ipod shuffle - Epson Perfection V33 Scanner

Standard Linux-supported Apps

Posted on

Amazon Linux First Steps

First steps after logging into an Amazon Linux box:

Set up the Name Services (DNS, Hostname) Properly

Note there are several places this needs to be set.

nano /etc/sysconfig/network-scripts/ifcfg-eth0

Make this look as follows:

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=no
DNS1=84.200.69.80
DNS2=84.200.70.40
DHCPV6C=yes
DHCPV6C_OPTIONS=-nw
PERSISTENT_DHCLIENT=yes
RES_OPTIONS="timeout:2 attempts:5"
DHCP_ARP_CHECK=no

Note that this fixes the general VPC settings issue especially for Lightsail. Next, configure /etc/resolv.conf

nano /etc/resolv.conf

Use this file:

options timeout:2 attempts:5
; configured an override of dhcp-settings in
; /etc/sysconfig/network-scripts/ifcfg-eth0
nameserver 84.200.69.80
nameserver 84.200.70.40

Uninstall Amazon Crap

Get rid of the Amazon SSM Agent and HIB Agent

sudo yum erase amazon-ssm-agent –y
sudo yum erase hibagent -y

Uninstall other Stuff

sudo yum erase portreserve -y

Configure NTP

Time services as follows

sudo yum -y install ntp
sudo service ntpd start
sudo chkconfig ntpd on

Note that to run manually, it is important to turn off the service, as follows:

sudo service ntpd stop
sudo ntpd -gq
sudo service ntpd start

Install and Configure Chrontabs

yum -y install crontabs
chkconfig crond on
service crond start
service crond status

More detail on setting up chron jobs

Configure Sendmail

Sendmail is installed (and running) by default. This should be configured to limit its attack surface.

Install some Utilities

yum -y install htop
yum install -y psmisc
yum install -y iotop
yum install -y mlocate
yum install -y lsof
yum -y install ncdu
yum install -y s3cmd
Posted on

.bashrc, .bash_profile, PATH on AMI

On a new Amazon Linux AMI installation, there is a useful ec2-user account configured. However, in order to make it more useful, there is a need to edit some .bashrc files, as well as create a new user for sftp and scp, as those will produce errors using login scripts that we will set for ec2-user. First off, know that .bashrc is the best thing to use since it functions when using sudo su and executes every time, vs. .bash_profile which (I think) does not. Second, both the ec2-user and root need .bashrc configurations, and my preference is that the first has sudo su invoked and runs right into root. Third, the sftp/scp user will need sudo rights added to the cloud-init file.

Steps to Adjust Login Environments

  • Edit .bashrc files for ec2-user and root
  • Create new user (for sftp/scp), grant rights, and deal with access keys

.bashrc for ec2-user

nano /home/ec2-user/.bashrc

Use this file

# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi
# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
alias lx='ls -la --color=auto'
alias rx='rm -rf'
alias ban='fail2ban-client set apache-badbots banip'
# Set the interrupt keystroke to ctrl-e
stty sane
stty intr ^E
# Pathing
PATH=$PATH:$HOME/bin:~/.local/bin:/usr/local/bin
export PATH
export EDITOR=nano
clear
echo ""
echo "************************************************"
echo "  NEW LOGIN PROCESSED - WELCOME TO server, $USER"
echo "************************************************"
echo ""
sudo su

.bashrc for root

nano /root/.bashrc

Use this file

# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi
# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
alias lx='ls -la --color=auto'
alias rx='rm -rf'
alias ban='fail2ban-client set apache-badbots banip'
PATH=$PATH:$HOME/bin:~/.local/bin:/usr/local/bin
export PATH
export EDITOR=nano
cd /root/temp
clear
echo ""
echo "************************************************"
echo "  NEW LOGIN PROCESSED - WELCOME TO server, $USER"
echo "************************************************"
echo ""
htop

Create New User and Grant Rights

Grant SUDO Rights

nano /etc/sudoers.d/cloud-init

duplicate the ec2-user rights for the new user

Adjust PATH

Edit the PATH in ~/.bash_profile

nano /root/.bash_profile

Use the following:

# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi
# User specific environment and startup programs
PATH=$PATH:$HOME/bin:~/.local/bin:/usr/local/bin

Then load that profile

source ~/.bash_profile

Also add some helpful shortcuts lx and rx

nano /etc/profile

add to end of file:

alias lx='ls -la --color=auto'
alias rx='rm -rf'

User and SSH Cert

  • Download, move, and rename cert
chmod 400 ~/.ssh/key.pem
ssh -v -i ~/.ssh/key.pem ec2-user@host.domain.tld
sudo su
yum -y update
useradd newuser
passwd newuser
usermod -aG wheel newuser
su - newuser
mkdir .ssh
chmod 700 .ssh
exit
cp /home/ec2-user/.ssh/authorized_keys /home/newuser/.ssh/authorized_keys
chown newuser:newuser /home/newuser/.ssh/authorized_keys
nano /etc/sudoers.d/cloud-init

replace ec2-user with newuser