Wednesday, August 7, 2013

My Return to Xubuntu: A Review

screenshot of my Xubuntu desktop

A few months ago, I had a Linux first — I reached the end-of-support of a distro. I never thought of myself as a distro hopper, especially with my main laptop, but I guess I hop around enough to have never made it to the end-of-support.

I was using OpenSUSE 12.1 GNOME, and I loved it, but I saw end-of-support as a chance to really explore my options. I’ve messed around with a few distros on my testing machine, but nothing really grabbed my attention, other than the dearly-depart Fuduntu.

The Search

OpenSUSE actually lets you upgrade via disk (and rather scarily, live), but I didn’t want to upgrade two versions (12.1-12.2 and then 12.2-12.3), having to back up all of my work and settings, only to be back in a similar situation in less than 18 months (assuming nothing horribly broke). So even though I love OpenSUSE, it didn’t seem like the right option for me at this point in time.

OpenSUSE has a rolling release concept, Tumbleweed, that interested me, but I was never able to get it to work on my testing machine, a ThinkPad T43. I suspect the problem might have had to do with bouncing between GNOME versions, but I was never really able to pin the issue down.

I played with Manjaro’s GNOME edition on my testing machine for a few weeks, and that seemed pretty nice, but eventually an update broke my setup and I wasn’t able to even triangulate on what the issue might be. I don’t blame Manjaro, though. Part of running an Arch-based distribution means accepting a willingness to go through log files. I thought I was willing to do that right up until I couldn’t figure out the issue in less than a few hours. I enjoy trouble-shooting a lot of different Linux issues, but reviewing log files is completely unrewarding to me. It’s not a knock on Arch or Manjaro — it’s more a self-realization.

I also played with Linux Mint Debian Edition, another rolling release, but aesthetically it was a bit raw, and there seemed to be some concerns about the rate at which Mint pushes out security updates. In general, it’s a nice enough distro, but it felt and looked old to me.

The Bake-Off

With rolling releases ruled out, I decided to focus on long-term stability. That meant either an Ubuntu Long Term Support release (LTS; 12.04.2) or a Linux Mint one (Maya 13).

Now down to two distros, I had to think about the desktop environment issue. I love GNOME, but I haven’t had the most luck getting GNOME shell working in Ubuntu. In the past it’s been glitchy in a way I haven’t seen in other distros. Ubuntu now has a GNOME edition, but because it’s brand new, there’s no LTS version.

Poking around Ubuntu, I remembered how much I enjoyed Xubuntu back when I ran it a few years ago. While Xubuntu won’t push out Xfce-related updates as long as it will push the general Ubuntu ones, it felt long-term enough for my purposes.

Looking at Mint, I’m not a huge fan of Cinnamon or Mate, so I decided to try Mint’s Xfce version, too.

I installed Mint and Xubuntu side-by-side on my testing machine. As you might expect, they’re both very, very similar, what with Mint based upon Ubuntu. In the end, I decided to go with Xubuntu for purely aesthetic reasons. The default Xfce configuration was nicer, with a single panel across the top of the screen, much like my beloved GNOME. There was more contrast due to a darker theme. It shipped with the beautiful elementary icons already installed. The fonts and rendering were all sharper within Xubuntu (say what you will about Ubuntu, but no distro renders fonts better). Obviously, I could have configured Mint to look just like Xubuntu (it even has the elementary icons in its repositories), but it seemed like an unnecessary step. Why bother going to the trouble of getting Mint to look like Xubuntu when I can just use Xubuntu?

screenshot of Linux Mint Xfce desktop
Linux Mint Xfce

And so, with that, I was settled on Xubuntu as my new distro. Now, I had to get it on my main work machine, a ThinkPad T420.

The Switch

I moved my files over to the testing machine, just to make sure there were no issues with file versions. It was time well spent. OpenSUSE was using KeePassX 2 while Xubuntu is still on 0.4.3. Despite what the numbers imply, they are two completely different programs. The Linux version of KeePassX 2 won’t let you roll back a file to version 0.4.3, so I had to do it in a Windows version of KeePassX via a virtual machine. It represented work, but far less work than losing all of my passwords.

I had some PDFs zipped up with a password. For some reason, the PDFs wouldn’t open on Xubuntu. I had occasionally had the same thing happen on OpenSUSE, so I’m not quite sure that issue was, but the files weren’t anything irreplaceable, so I didn’t even bother trying to resolve the issue.

I had a virtual Windows XP machine in OpenSUSE. I archived it and reinstalled it in Xubuntu without any drama, other than that my flash drive was formatted as FAT32 and couldn’t handle the archive size until I reformatted it as NTFS. I didn’t pick up on the FAT32 size limitation until the Xubuntu virtual machine told me the archived image was defective. Once I reformatted the flash drive, moving the virtual machine over was effortless (and much faster than reinstalling a Windows image from scratch).

Once everything was working on my testing machine, I quickly installed Xubuntu on my main laptop. It was quick and easy, like most Ubuntu installs are. I appreciated that Xubuntu didn’t require me to manually configure my TrackPoint scroll, like so many other distros do. Although I had my files backed up on my testing machine, I was able to move them over using SpiderOak, and that was shockingly quick.

I’ve been tweaking Xubuntu and the level of customization is very impressive. As I’ve mentioned, I really loved GNOME, but there isn’t much you can do to change its look. Xfce is quite the opposite. Of course, I’ve been using that customizability to make Xubuntu look more like GNOME. I turned off the button labels so it just shows program icons in the top panel. I’ve mostly been ignoring the bottom dock, since it autohides. I might remove it at some point, but so far, I rarely see it. I installed the Microsoft fonts from the repositories and manually added Courier Prime, my favorite font. I set PCManFM as the default file manager and configured the application finder/launcher to come up with the Super/Windows button (one of my first Xubuntu tricks). I miss not being able to open specific files from the launcher, like I could in GNOME, but it’s really not much of an adjustment — especially with the gedit dashboard plugin enabled.

annotated screenshot of my Xubuntu desktop
Annotated Xubuntu

screenshot of my OpenSUSE GNOME desktop
My old GNOME desktop

Xfce is great at making tweaks very easy to implement. Keyboard shortcuts take a few seconds, where in GNOME they could be hidden in gconf and dconf configurations. Once you know what you want to do with Xfce, making changes is remarkably quick.

The biggest compliment I can pay my current setup is that it doesn’t feel different from my old one. I’m still able to launch things by clicking the Super button. If I have that ability in any operating system, I’m pretty happy. I appreciate the range of software available within the Ubuntu repositories. Everything is in there, where with OpenSUSE I often had to enable certain separate repositories to get software I wanted.

Lessons Learned

Changing distros is stressful. The main lesson, which I’m sure everyone knows, is to make sure all of your files are backed up. I back up everything to SpiderOak, but I also backed up my files to a flash drive, just in case something went sideways with SpiderOak (which it didn’t).

I’m lucky enough to have an old laptop I can use as a test machine. That was huge. It let me flag problems and resolve them before they were live on my main laptop. If you have a second machine you can test on, I strongly encourage you to do so. Especially if you’re going between different distributions.

Also, in general, when choosing a distro, think about what you really want. I started looking at rolling releases because I didn’t want to deal with reinstallations down the line. But with rolling releases, the cost for having to do a reinstallation every few years is having to be vigilant and observant on a regular basis. In the end, I realized I’d rather spend a day or two on a reinstall every few years than constantly watching and maintaining my system. I just don’t have the skillset to understand the implications of each update. I need a distribution that parses that information for me.

On a related note, try and spend a few weeks with a rolling release. Just about all of them are easy to manage at the beginning. But as you make changes and as updates come in, things can become more complex. Testing over time will give you more of a sense of if you have the tools to keep a rolling system running.

Finally, I really urge people to take Xubuntu for a spin. It’s a beautiful distribution that has a lot of nice default settings. I really thought more people would flock to Xfce when GNOME 3 came up. Some of the default implementations, or lack of implementation, can make Xfce seem old-fashioned and kind of ugly. Xubuntu does a great job of showing how contemporary Xfce can look and feel. It’s got that familiar, menu-driven interface that so many people seem to like, but it also works well via its own application launcher/finder. It’s fast and simple. I loved GNOME 3, but Xfce is just as impressive. Plus, it’s really nice to have my weather applet back.

You can follow My Linux Rig on Google+ here, follow me on Twitter here, and subscribe to the feed here.


Tuesday, July 16, 2013

KeePassX: Treating Your Passwords Like They’re Important

screenshot of KeePassX item screen

Christmas morning 2012, one of my Gmail accounts was hacked. The good news was that it wasn’t my main account. The bad news was that it was one I used for a fair amount of work-related communication. I was lucky that I caught it quickly and was able to button it up within an hour or so, but it was a surprisingly intense experience, leaving me feeling violated, humbled, vulnerable, and silly.

The first thing I did, after changing all of my passwords, was to switch on two-step verification with any service I used that supported it. At times, it’s been kind of a drag, like when Chrome won’t remember my Twitter login, but on the whole, I appreciate the security two-step provides.

The other thing I did was commit to using a password manager to create unique and secure passwords. I checked out some web-based tools, but I didn’t like the idea of having all of my important passwords someplace I might not be able to them access down the line. Also, although I know most web-based password services take great pains to make sure they cannot see any passwords, it still seems like a point of vulnerability.

With web-based clients ruled out, I looked to clients, settling on KeePassX, which is the basis for quite a few password management tools.

It’s basically a secure database. It stores logins, passwords, URLs, and notes, in addition to generating secure passwords. It uses a password and gives the user the option of also using a key file, with the two working together to open the database, which means if someone gets a copy of the database file and your password, they still need the keyfile to open the database. It’s probably an unnecessary precaution, but it makes me feel better.

KeePassX generates secure passwords, with users able to choose the parameters and security of the password. It will also do things, like autofill passwords, but I haven’t bothered to configure it, since it’s not a huge deal to copy-and-paste.

KeePassX cannot be opened from the GNOME launch area. To be honest, I’m not sure if it’s a security measure or a bug, but assuming it’s not a bug, it means you have to know it’s on a machine to open it (it can be opened via a terminal or alt-F2).

As mentioned earlier, when looking into password managers, I checked out some web-based ones. One was LastPass, which uses browser plugins to manage passwords for you. Ultimately, I didn’t trust it enough for important passwords, but it’s actually been pretty helpful in terms of generating and remembering secure passwords for sites that ultimately aren’t that important. It’s also great for generating secure passwords for sites you might not ever visit again. It also will run some diagnostics on your passwords, letting you know if there are any issues, in terms of repetition or security. I make sure everything in LastPass is backed up in KeePassX, though, just in case there’s ever an issue with LastPass. LastPass is robust, but I can’t justify investing time in a tool that could disappear. There’s a premium tier, but even that feels risky to me. It’s one thing to entrust my RSS feeds to a service that could be gone tomorrow, but I’m not willing to risk my passwords. And just to be fair, LastPass does allow you to easily export your passwords, so the risk is somewhat tempered — it’s just not an ideal fit for me.

I’m not a security person (nor am I a high-profile target), so I’m really not sure if things are more secure than they were in December, but if nothing else, I can easily see all of my passwords, and easily change the important ones if/when an account is compromised. Things are better, but I’m still shocked how reliant we are on an inherently insecure security system. I’m counting the days until two-step verification is a standard, rather than an exception. And until then, I’m taking the extra 30 or so seconds it takes to be secure.

You can follow My Linux Rig on Google+ here and follow me on Twitter here.