Updated Migration Considerations

Background: I’ve helped a few folks migrate from Windows to Linux. The reasons vary, but most of them were simply tired of having to fight the malware or instability issues. One client was concerned purely with high security and personal privacy. Most of them asked me a lot of questions, but almost none of them were willing to research it that much for themselves. Can’t blame them; there’s way too much out there, particularly when it comes to playing with Linux. Worst of all, virtually everyone you talk to about it has a strong partisan slant to their favorite. They act like it holds all possible solutions. When it doesn’t, the problem is you, not the favored Linux distro.

If someone wants my help, I can offer only what I know. You can learn just so much about it before you lose contact with the practical considerations of real people in the real world. Linux is like that, so there aren’t many folks who keep a foot in both worlds. I’m trying to fill that void. What makes it harder is that computer technology is a moving target. What’s best today may be awful tomorrow. Still, you have to settle on something and get the work done. Computer technology shouldn’t be a religion, something you do for its own sake. It’s worth stands on how well it serves a higher purpose.

For the time being I have come to favor CentOS 7 as the primary target of migration for folks who aren’t much into gaming or entertainment. In other words, it’s one of the best for SOHO clients, or those close to it. Chances are, if you choose this path, you won’t be stuck with something that becomes overly burdensome later. The whole point is that CentOS is an officially accepted clone of Red Hat Enterprise Linux (RHEL), and RHEL is designed for corporate use. It’s the premier business grade Linux in the US, at least, and generally more adaptable than the other commercial Linux stuff (SUSE, Ubuntu Server, etc.). CentOS is free of charge.

Below is a list of things that I go through when helping someone migrate. It’s just a checklist; if you have questions, you can ask, but this isn’t meant to be a full-blown guide.

Summary Checklist:

1. If the hardware is XP grade, stick with CentOS 6; later machines can generally run 7 just fine.

2. Install with defaults for the most part. Setup networking and lock in at least one option. For Netinstall, use both the OS package repo and the update repo from the same mirror so there’s no updating after installing.

3. Software selection: Prefer KDE with the package groups you intend to use, and perhaps development tools.

4. You need 3 good passwords; root, one user and one for the wallet/GPG key. Two more good passwords for each additional user, because each has their own wallet.

5. Add EPEL and Nux repos; there are simply too many important packages not provided by the standard repos.

6. Install adaptive stuff right away, like ntfs-3g if you use external drives for anything.

7. Run through the desktop configs and make things tolerable. Become acquainted with the interface — somewhat like Windows but far more variable and configurable. Fix Freetype (involves replacing default with altered package; it’s a good way to introduce building packages with the RPM system). Set up GPG early if needed for later.

8. Learn about special packages you might use; get to know what you need against what’s available. You may have to build some, others are provided if you know where to find them. Some of those you can build should be maintained through the RPM system; others can be simply built and installed locally. (I always offer to do this for them, sometimes taking the time to walk them through a build on their own machine. I also supply RPM packages when needed, if I can build them on my own machine.)

9. Add Google Chrome browser; Adobe Flashplayer if not using Chrome (these have their own RPM repos). Chrome uses wallet, so be ready for that the first time you try to save a password.

10. Use Thunderbird/Seamonkey for email. Evolution is only for use with a special collaboration (groupware) service. Hard-core alternative is Alpine/Mutt (commandline email applications).

11. Consider Opera-beta, Pale Moon, Slimboat, and other specialty browsers. Get used to the idea of using different browsers for different kinds of tasks and additional profiles within a browser to avoid tracking and other forms of privacy contamination.

12. If you must run Win-stuff directly, use a VM (VirtualBox), especially if only one machine is available.

13. Consider migrating to cloud services for some things: Google Docs or MS Office Online.

14. Print to PDF when possible; if you really must have a print server for paper output, you’ll have better luck with a separate Windows machine firewalled away from the Net. In general, printer manufacturers make far better drivers for Windows than for Linux. Transfer documents (via Samba client; open CentOS firewall for this) and let the Winbox print them.

15. Other networking services can be set up as needed using RHEL dox (the upstream source for CentOS) or online tutorials. There is an amazing array of industrial grade services possible on CentOS.

Laptop Oops

Well, that was a real disappointment.

Just when I thought I had everything as I wanted it, Debian began puking on me. Wifi wouldn’t work consistently and the machine crashed three times in one day. In other words, it wasn’t working well enough on this peculiar machine. I really was hoping to settle down on that issue, but it was not to be. So I reinstalled CentOS 7. At least it is consistent with wifi and other hardware drivers.

Part of the whole thing was the sheer convenience of having WINE on which to run my old MS Office 2000. It matters because when I publish my books, they have to be in Word format and LibreOffice does things differently, even when exporting to the Word format. The result is simply not good. Further, while my grammar is just fine, I do commit typos and simple human errors of leaving out words, or leaving in words from edits, and I rely on Word to catch that stuff. LibreOffice does not have anything comparable.

WINE is not available for CentOS to run 32-bit Windows apps. A virtual machine is possible, but it runs dog slow on this laptop. This thing is specced for long battery life, which means a slower processor speed, which means it takes forever to get the VM open and then to do much in it.

Turns out that Microsoft has been offering a cheaper version of MS Office online for free. I already had an account with their Outlook online service, so the same login works without a hitch. From what I can see, it’s adequate for the demands of my book publisher.

It won’t matter too much whether you trust the cloud services. More and more, it becomes the necessity of life. Got an Android device? You have to have a Google account. That account comes with access to all of Google’s services: Docs, their version of Facebook, the free cloud storage, etc. I’m using the cloud because I don’t have a lot of choice.

I’m not a purist; this is just a tool. A major tool worthy of an awful lot of time and effort, but still just a tool. Running Windows 8 (which came with the laptop) is simply not an option because I can’t control the things I find it necessary to control for my mission. And because the hardware is so new, there’s not many Linux distros that will work and I’m sick of the distro sampling lifestyle of most Linux users. It’s not a religion for me, so I’m not chasing the holy grail of Linux perfection, which is no more real than the grail. Choosing CentOS and running it properly means accepting the limitations of software choices.

I can live with this.

Opera Beta for Debian on SL 7

It works fine on Scientific Linux 7. Instead of holding your hand, I’ll tell you how I worked it out.

Get the package from here. It’s for 64-bit only right now. Since all the current 7.x series for RHEL/CentOS/SL is 64-bit only (CentOS team claims to be working on a 32-bit), if you are running one of them, you should have no trouble.

I opted to run it from my home directory. It’s easier to update that way. It comes in a DEB package format, but any of the archive tools should easily open it. I used Engrampa and extracted it in a separate “opera” folder. All you really need is the zipped data.tar.xz part. From the CLI, I ran unxz and then untarred it. What you get is a set of folders to match typical installation on most Debian Linux systems. However, I moved them all as they were in that “opera” folder into my home directory.

Given this is not written for any of the RHEL clones, I knew I needed to test it on the CLI to get back useful errors. Drop down into the localized “/usr/bin” folder and find opera-beta and launch thus: ./opera-beta.

The first error was regarding libcrypto. It’s coded to look for a specific version and we only need to use a symlink for this. As root, create a symlink: /usr/lib64/libcrypto.so.1.0.1e > /usr/lib64/libcrypto.so.1.0.0. Try again and you’ll get a complaint about libudev. Just use the cues provided to see what to name your symlink. This is going to work just fine.

The next attempt to launch gets a complaint about the sandbox in Opera-beta: It needs to be owned by root and have 4755 permissions. Make it so; on my machine that worked out like this (as root):

chown root:root /home/ed/opera/usr/lib/x86_64-linux-gnu/opera-beta/opera_sandbox
chmod 4755 /home/ed/opera/usr/lib/x86_64-linux-gnu/opera-beta/opera_sandbox

After that, it ran very nicely. It creates it’s own new config in your ~./.config and caches in ~/.cache. Now you can create a desktop launcher and make sure it’s marked as a binary.

CentOS 7: Virtual Box VM

Folks, this is how it’s done.

Oracle may not be our favorite company, but this is one thing you will not want to miss: Oracle’s Virtual Box VM. It’s free.

You’ll find the user manual is quite in-depth. Here are the installation instructions. Keep a link to the manual itself in case you need some help on things. What follows is a quick-n-dirty HOWTO.

You will need to install the kernel-devel package and all the dependencies. You’ll also need the dkms from EPEL, so be sure to enable that respository. What dkms does is allow kernel modules to follow updates to newer kernels.

Download the correct version of Virtual Box; it will list CentOS 7 with a link to the RPM. You’ll need your root credentials to install using Yum on the CLI. What happens is that the package builds itself on your machine and creates several kernel modules. It will take a good long while as the system is quite busy in the background.

I got errors from SELinux about attempts by ldconfig to write to some directory. You’ll have them show up in little GUI popups and on the console after it’s installed you’ll see this:

Trying to register the VirtualBox kernel modules using DKMSldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
ldconfig exited ungracefully
ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
ldconfig exited ungracefully
ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
ldconfig exited ungracefully

So far as I can tell, it has no effect on the outcomes, so just be aware that this represents how strongly SELinux protects you from unwanted changes to your system.

Also notice the message about adding your user account to the vboxusers group. While still logged in as root, simply edit the file /etc/group. Scroll down to the last item on the list, which should be vboxusers and simply add your user account name at the end of the line.

Launch from the main menu: System > Oracle VM Virtual Box. Upon first running the thing you’ll discover this is a very intelligent tool and much easier to use than Qemu.

You create the machine first and get it running before you install. I didn’t think 192MB was enough RAM for Windows XP. Depending on your system, you may not be able to give your VM multiple cores on the CPU. If you can’t, you’ll get errors about not having AMD-V enabled in the BIOS. My Win8 laptop was like that. However, I was able to link the machine to my own home folders right from the start; I selected the automount option and browsed to a Projects folder where I need to use MS Office. You really need to take your time and explore the various options in this manager window.

The display is considerably less laggy than Qemu. Once you install the Guest Additions, it becomes even less so. You can fix a lot of niggling issues like display, making your VM respond automatically to window resizing and such. Under the VM menu, see “Devices” and select the last item at the bottom to automatically mount the virtual ISO image and get those extra drivers so that everything can be smooth and unified in use.

A very handy feature is the row of icons across the lower right side of the window when the VM is running. You can connect and disconnect from the host USB, CD/DVD drives, etc. with ease. From the menu, you can elect to connect or disconnect things like the network connection. So you can, for example, keep your vulnerable XP VM from the Internet.

It’s pretty easy to export your VMs and reimport them on other machines running Virtual Box.

CentOS 7: QEMU

Install a Windows VM on CentOS/RHEL 7 using QEMU — this is the hard way.

VMware won’t build properly on CentOS 7 and all of the suggest fixes failed. The simplest answer is using the included virtual machine, QEMU.

See this quickstart guide first. Sadly, they don’t tell you to install libvirt:

yum install libvirt

Then, turn on the libvirt service:

systemctl enable libvirtd.service
systemctl start libvirtd.service

It still won’t run properly, so reboot!

Whatever OS you wish to install, extract an ISO image from CD/DVD. This way you won’t have to fight permissions. This is true of everything you want to use with your VM. There are various ways to pull off the CD/DVD into an ISO.

Sine I’m running KDE, it’s simplest to use K3B. Select the option to copy your CD/DVD and on the “Options” tab, check the box for “Only create image.” Also, click the “Image” tab because you may want to move the image from the default location up in the /tmp/ directory. Click the folder icon button and select someplace like your home folder.

When you open the Qemu manager (in the main menu under “System > Virtual Machine Manager”) you’ll be prompted for root credentials. It won’t run in user mode.

I didn’t have much luck installing XP; it kept hanging and entering a race condition. Win2K worked fine for this experiment.

Click the button for a new machine. Give it a name like “win2k”. Select to install from “Local install media” then on the next tab choose “ISO image” and navigate to where you had K3B save it. Select OS type and version. I had to tell Qemu to show me all the options for Windows before it listed “Windows 2000″.

The defaults for RAM and CPU are okay, but you can double the CPU if your machine actually has two or more cores and you think you’ll need it. The defaults for storage are probably fine unless you know you need a big storage space.

The rest is a matter of having installed Windows a time or two. There may be some errors flash on the screen at times, but unless they persist, they don’t mean anything. Play with the settings; I found the Cirrus display gave me a lot more screen real estate.

Qemu is downright cranky and sometimes cryptic. I had to manually tell it to add a USB passthrough option so I could connect a jump drive to the VM. Unlike other VMs, Qemu will not make it easy to link the VM to your host file system. You’d have to run a file server (Samba for Windows VMs) and connect through the virtual network link. Worst of all, it takes lots of system resources to run any 32-bit VM and it’s quite laggy, so if you intend to use it a lot, you’ll have to be ready for that. I don’t recommend Qemu for Windows VMs.

CentOS 7 and 64-bit Mozilla Stuff

CentOS 7 comes with the ERS (Extended Release Support) version of Mozilla software. This is typical of the basic concept behind RHEL/CentOS and other clones, that you probably only have to install the OS once in the lifetime of the hardware. It will be supported in some fashion for a very long time, so if it runs okay when you first install it, chances are you are done with that.

For example, a default install gives you Firefox 24.x, which is the current ERS version. If you want to install Thunderbird from the standard repositories, you’ll get the same thing. For now, Seamonkey is not available from the repositories I know about. Should you decide you really want the newest version, you’ll need to be careful to find the latest in 64-bit. The typical route through the Mozilla.org websites will not get you there easily. In fact, 64-bit Thunderbird is hidden completely. It’s there, but not easily found.

The proper route is simply start from the FTP folders in the first place: go here. From that starting point, you can drill down into each of the various folders until you find what you seek. For example, the latest and greatest 64-bit Thunderbird as of this posting date is in this folder. Notice where that takes you and observe how it is structured. It’s similar for the other Mozilla projects. You may not want the various releases with lower case letters like “b” as they are beta software.

Once you download what you seek, you’ll find a big, fat b-zipped tar file. Decompress it unwrap it. I do it the old way from the CLI:

bunzip2 thunderbird-31.0.tar.bz2
tar -xvf thunderbird-31.0.tar

I like to watch stuff one step at a time, but if you want to know the shortcuts, you can try other hints you find by searching on the Net or in the manpages (i.e., man bzip2).

You’ll end up with a “thunderbird” folder wherever you performed this operation. Simply move that over into your basic “home” folder. Since I’m using the KDE4 desktop on CentOS 7, I need only right-click on the desktop and chase the context menu listings to create a link to application. Change the name to something meaningful to you, say “Thunderbird” and then on the “Application” tab go down to the “command” line and click “Browse”. The window that opens will allow you to select your own home folder (tagged by your username), then you can drop down into the “thunderbird” folder and find the only file there simply named “thunderbird”. Click that and create the desktop link. The icon will be generic, but for some reason you can’t change that until the thing exists. Right-click on this icon and select “Properties” and you’ll get a slightly different window with that generic icon prominently displayed. Click that and select “Other icons” and “Browse”. Chase back down through the “thunderbird” folder this way: thunderbird/chrome/icons/default/ and select the largest one there. Finish up and you now have your latest and greatest version installed in your own home folder.

The advantage here is updating. You don’t need root credentials to update an executable in your own files. While the application is open, click in the menu line “Help” and select “About Thunderbird” and it will open a smaller window and check for updates. If it needs to update, it should download for you the update of the exact same 64-bit version and tell you to restart once it’s finished. Thus be it ever from now on, we hope.

If you chose to do this with Seamonkey, it’s pretty much the same deal. However, for Firefox we have a complication, because there is already a Firefox installed by default. You either have to log in as root and remove it, or teach them to coexist and run side-by-side. That’s not easy with stuff from Mozilla. They like to use the same profile by default and argue about which version of your add-ons will work. On top of that, even with two profiles, the one already running will simply respawn a new instance of the same version. It’s tricky. We’ll fix this by using the commandline switches that come with Firefox.

First, open any terminal application (I prefer KDE’s Konsole for most things) and launch Firefox there, but with a switch to create a new profile:

firefox -ProfileManager

This opens a little window that lists what you have — likely “default” — and allows you to create another. Pick a simple name, perhaps your system username, and create a new profile. Now, decide which one will use which version of Firefox. Simplicity suggests you would leave default for the ERS version and your new profile for the latest version of Firefox. Now, right-click on your main menu button on the panel and select “Edit Applications”. You’ll find a window with the menu system outlined. Find and open the item for launching the pre-installed version of Firefox (under “Internet”). Find the “command” and change it to something like this:

firefox -P default -new-instance %u

What we do here is add some switches. The “-P” means use a particular profile, followed by the name — “default” in this case. The “-new-instance” tells Firefox not to connect this launch with any already running Firefox instance. That “%u” is used by KDE in case you have Firefox set as your default browser. When you create the launcher for your newly installed Firefox running from your home folder, use a similar command for that launcher, but change the profile name to whatever you created for that.

Enjoy!

CentOS 7 Desktop: Unneeded Services

If you run Windows, you can find some really great advice from Black Viper about which services you need or don’t need and under what circumstances. Scroll down and check the page links he has. For quite some years his has been the most reliable voice on such matters.

So far, I haven’t found anything equivalent for RHEL/CentOS 7. You can learn about how to check and turn on/off and enable/disable them on this page but there is nothing us mere mortals can read to discern what we need and what we don’t for our home or SOHO desktop use.

In this new release, RHEL has designed lots of things differently. Used to there would be a lot of services you just didn’t need and could easily turn them off using a GUI tool. That tool is gone, but so is the long list of services to kill. It’s pretty simple these days:

bluetooth
rpcbind
ssh

In each case I run both the commands for stopping and for disabling. I suppose you realize that if you are doing this on a machine where you plan to connect Bluetooth devices, you leave that one alone. That rpcbind is for NFS file server systems, and ssh is for use by technicians who need to log in remotely. That’s also a security risk for those of us who aren’t running these machines remotely, but right in front of us with a keyboard and all that stuff.

Please note that if you aren’t at all using my trick for connecting to a Windows machine that is sharing your home Internet connection, you also don’t need nfs-lock. If you need to run a Samba client, then you need nfs-lock. So far as I can tell, just about everything else in that list is pretty important to keep running.