Thursday, December 15, 2011

Configuring Windows updates

This morning, I had an idea to boot into Windows, to make sure all my Windows patches are up-to-date before going into the holiday break. I'll admit that it's been well over a month (or has it been 2 months?) since I've booted Windows, so I expected there to be a bunch of updates.

I wasn't wrong. There were 48 updates to apply. And they were all huge. It's interesting to note the process by which Windows installs the updates:

Run Windows Update, let it download and apply the 48 updates. This takes forever and really bogs down my machine. I tried doing some email while it was working, but there was so much going on with the updates that my Dell Latitude E6410 seemed unusable at times. I don't recommend doing this when you're trying to do anything important.

After the updates are applied, they aren't really installed. You need to reboot for the changes to take effect. Sure enough, Windows applies a few of the updates as it shuts down. But we already know about that. It's been that way since at least Windows Vista.

I guess not everything gets installed at shutdown? As I rebooted my computer, I watched as Windows was "preparing" to install updates, then "configuring" Windows updates, before finally installing them. When it got to 32%, it kind of sat there, spinning the disk, like it was hung. I had enough time to get out my phone, and snap a photo, all while Windows was at "32% complete":


After all the updates were applied, Windows finally came up, and I was able to get back to work.

I never get tired of reminding that in Linux, when you reboot or shutdown, you actually reboot or shutdown. None of this "let me install a few updates before you really get to shut down your system." Reboot means "reboot", and shutdown means "shutdown". I guess I got spoiled for how cleanly Linux systems apply updates. Microsoft sure could take a lesson from that.

Sunday, December 4, 2011

Gnome Shell extensions made easy

My impressions still hold on Gnome 3: it is a change, but I kind of like it. I only had to tweak it a little bit to get back my blue title bars, and I'm fine. I guess Gnome 3, and specifically the Gnome Shell, is something you either love, or something you hate. There doesn't seem to be much middle ground.

If you miss the extensions and themes of Gnome 2, I thought I'd point you to where to get Gnome Shell extensions that might make you happy. We've talked about Gnome Shell extensions before, but now all those nifty extra features have been collected into a Gnome Shell extensions web site: extensions.gnome.org.

They have some neat extensions listed there. Here are a few to interest you:
  • Applications Menu: adds a menu that is very familiar to Gnome 2.
  • Connection Manager: puts an item in your top bar to quickly open an ssh (or other) connection.
  • gTile: lets you tile your windows in a particular way.
  • Window List: adds a window list in the top bar, similar to Gnome 2.

Saturday, November 12, 2011

Fedora 16 impressions

I installed Fedora 16 this week, onto my "test" USB flash drive. My first impressions: I really like what I see.

As promised, the login screen has received an overhaul to more closely match the Gnome desktop theme. Looks great.

Once you get into the desktop, things look about the same as Fedora 15. A few differences: you aren't available for chat by default (a welcome change for me.) And as always, a new default wallpaper specific to this version of Fedora:


In general, there aren't a lot of big changes from the previous Fedora. But we knew that. Applications are moved up to the latest releases (at the time Fedora 16 was assembled.) Firefox 7, Gnome 3.2, and so on.

Per my previous post, I was really excited to experiment with the integration with social contacts, and the support for online accounts. So once I was on the new version of Fedora, I played with that right away.

If you click on your name, in the upper-right corner, you now have access to online accounts:


It took only a few clicks to add my Google account:


As you can see, there's support for email, calendar, contacts, chat, and documents.

This means that you can now use Google as your default chat client. Clicking on my name again, I could go online with chat - with Gnome using Google Talk. In Evolution (Gnome's default email and calendar program) I could send and receive messages via my Gmail account, and update my Google Calendar. All through the native Evolution program. I haven't tried the "documents" integration yet.

This would be great if I actually used Evolution. But I don't. I prefer to stay in Google's web client for everything. So this desktop interaction, while cool, probably won't do much for me.

But if you're a desktop user who prefers Evolution to do your email and such, this will be a huge win. You can now do everything with one click. If you use Thunderbird for your Gmail, you may consider switching to Evolution, for this feature alone.

For those who wonder "what updates are already pushed out", there aren't that many updates for Fedora 16, which I suppose is a good indicator of its stability at release. My update was 55MB, and took only a few minutes while I did other things.

Monday, November 7, 2011

Fonts in kernel mode?

I try not to comment on Microsoft's fumbles unless I've directly experienced it, like some functionality that seems totally broken to me, or behavior that seems inconsistent. However, I couldn't ignore this one.

You may have heard recently about the Duqu malware, making the rounds. It appeared in the guise of a specially crafted Word document that, when opened, would compromise your Windows PC. It was all over the news last week.

This morning, I received one of those "you're not really on our mailing list, but it's not really spam" emails from Redmond Magazine, "the independent voice of the Microsoft IT community". It linked to their full article, but the email summary said:
The Duqu zero-day exploit has had Microsoft twisting, turning and churning for a solution. Duqu exploits a hole in the Windows kernel and lets hackers remotely access and control your unfixed computer. 
That's until Microsoft came out with a workaround last week. The stopgap solution can protect the kernel with just a few lines of code and a one click-install. That's some pretty efficient code.
(Emphasis mine)

Yes, that's some pretty efficient code, wrapping a fix into a one-click install.

I guess I'd be more impressed if I didn't know what allowed the Duqu exploit in the first place: Windows parses fonts in kernel mode. That's maybe not the best practice. Kind of blows your whole "pretty efficient code" out of the water with "spectacularly stupid security."

This, from the company who claimed in 2005 to be "investing heavily in security", focusing on the security pillars of:
  • Fundamentals: provide a built-in level of safety and security, improvements to the security of software code through the Engineering Excellence initiative, and investments in technologies.
  • Threat and vulnerability mitigation: industry-leading integrated security technologies, defense-in-depth protection.
  • Identity and access control: technologies that verify user identity, control what resources users are allowed to access based on policy, allow management of users, and protect access to data.
I'd say this Duqu exploit demonstrates a failure on all three levels.

Monday, October 31, 2011

Looking ahead to Fedora 16

We are only a week or so away from Fedora 16, so I thought it would be a good opportunity to preview what's ahead in this release.

I happen to prefer Fedora as my Linux distro. While I usually install the "alpha" and "beta" releases on a USB flash drive, and test-drive it there, I haven't been able to do that with Fedora 16 yet. The installer for the test releases had a bug that prevented me from making the flash drive bootable. This has been fixed with an updated installer (which has been tweaked at least twice since) but too late for me to test it out here.

I'll see Fedora 16 when everyone else does, I guess.

There are many changes "under the hood", but I'm most interested in several key features for the desktop. The Gnome desktop is now at version 3.2, and includes these changes:

New login screen

Gnome updated the desktop in the previous version. In this release, the login screen has been given an overhaul to more closely match the Gnome desktop theme. This should give a more consistent feel to everything.



Support for online accounts

System Settings will gain an "Online Accounts" panel, which provides a central point for managing online accounts like Google, Facebook etc. For example, setting up a Google account in this panel will make Gmail, Contacts and Calendar in Evolution (the standard email/calendar desktop client) work "out of the box". The Gnome Shell Calendar (what you see when you click on the date/time at the top of the screen) will be populated from online accounts, as well. And Empathy(the standard chat client) will have Gtalk set up automatically.

As a user with several Google accounts, I'm very excited about this one! Finally, I can integrate my Google accounts into my desktop.


Integration with social contacts

We have lots of places where we can store our contact information. Many of my friends are on Facebook, or may be frequent chat contacts. Wouldn't it be great to tie into those contacts in Gnome?

Gnome Contacts uses multiple sources of contact data, linking pieces of contacts into a whole. For instance, it can get IM contacts and information about them, including presence status. It can also connect to social websites such as Facebook or Twitter.

This integrates with Empathy, Evolution and the new "Online Accounts" settings panel, pulling all your contacts into one address book.


As I said, there are lots of other changes too, but they may not be as visible. Check the feature list if you need details.

Fedora 16 is currently due on November 8.

Saturday, September 24, 2011

Tweaking Gnome

I gave Gnome themes a whirl, but ultimately decided that I like the default Gnome 3 desktop. Except for one thing: all windows are grey. The active window is grey with black text as the title, and inactive windows are a slightly different shade of grey with dark grey text as the title.

That's great and everything, but I do miss the blue title bars from Gnome 2.

Fortunately, there's a very straightforward way to change the title bars, or tweak other settings in Gnome: the appropriately-named Gnome Tweak Tool. If you don't have it already, it's easy enough to install via the usual method, or search for it as gnome-tweak-tool. It will show up in your Applications menu as "Tweak Advanced Settings".

Here's what is included in Gnome Tweak Tool:

  • Install and switch gnome-shell themes
  • Switch gtk/icon/cursor themes
  • Switch window manager themes
  • Change
    • The user-interface and titlebar fonts
    • Icons in menus and buttons
    • Behavior on laptop lid close
    • Shell font size
    • File manager desktop icons
    • Titlebar click action
    • Shell clock to show date
    • Font hinting and antialiasing

I was most interested in changing the window manager theme, so I clicked on "Windows". The default window theme is Adwaita, where everything is shades of grey. After a little experimenting, I decided on the "Glossy" theme, which gives me a nice blue title bar:


And that's it! I'm very happy to have blue title bars again, that seems to be all I needed as a visual reminder for which is my "active" window. Completely swapping out the Gnome theme is great, but I guess I only needed minor tweaks to what I already had.

Thursday, September 1, 2011

Dual-boot joy

I complained in my last post that ever since we converted Windows 7 to use BitLocker, my laptop has had problems in dual-booting. It seems clear that BitLocker and TPM require that every step in the boot process is controlled. Generally, that's a good idea for security. But in practice, it's a pain.

If something changes (say, the MBR gets updated by GRUB?) then TPM shuts off, and I need to enter a very long BitLocker key just to boot Windows. That wasn't going to work for me. I guess Windows doesn't like to play nice with other systems. I don't boot Windows very often, but I'd rather not have to type in that long key every time.

I asked you for help, and got several helpful suggestions. Thanks! I liked one in particular: put GRUB on a USB fob drive. The simplest solutions are usually best. And I happen to have a small 32MB USB fob drive that I'm not using.

So, a little fiddling around, and I now have a bootable "GRUB" fob drive. When I want to boot Linux on my laptop, I just use the USB fob drive when I boot (I can take it out once Linux has started booting.) Easy! When I want to boot into Windows, I take the fob drive out of my computer, and boot from the hard drive.

But the most important part: I haven't had any problems in the last month, since I did this. If you want to do this on your multi-boot system, you can google the steps needed to set up GRUB on a USB fob drive. But of course, it's far easier to just do this at install-time. At least with Fedora Linux, there's an option when you install to select where to write the boot loader.

Monday, August 1, 2011

Dual-boot woes

Ever since we converted Windows 7 to use BitLocker for disk encryption, I've had nothing but problems. A few weeks later, I received a Linux kernel update, and I think that's when everything broke for Windows. Whenever I want to boot Windows, I am prompted to type in a very long BitLocker recovery key. It's tedious to type in every time I boot Windows, but that's what I have to do.

My laptop is dual-boot with Windows 7 and Linux. It's a fairly straightforward setup (with only a few twists to support Dell's "Instant ON" mode, which turned out to be useless because I don't use Exchange.) My drive has several partitions: a "Dell Utility" partition, Windows 7, a Dell "Instant ON" partition, and Linux. I rarely boot into Windows these days - but when I do, it's usually to attend a conference call that requires Silverlight. I never boot the "Dell Utility", or the "Instant ON".

I've tried the trick of telling BitLocker to accept the new system configuration. This doesn't fix my problem. I'm still prompted to type in the key to boot Windows.

I've also tried booting into Windows, suspending BitLocker, then re-enabling BitLocker. This also doesn't work. I can suspend/re-enable just fine, but it doesn't solve my problem.

Oddly, TPM keeps disabling itself, I don't know why. Is this part of normal TPM behavior when it detects a change in the configuration? Or is this a hardware fault on my laptop?

Frustrated, I did some research, and found lots of (albeit old) sources that discuss troubles in dual-boot with Windows/BitLocker and Linux. The description that makes the most sense to me is from this article on technet.com: Building a dual boot system with Windows Vista BitLocker protection with TPM support, by Cyril ("Voy") Voisin. In it, Voy says:
[...] Therefore if you replace Windows Vista’s MBR by a MBR that is not TPM aware, it won’t hash the boot sector before executing it and a register in the TPM won’t be populated. Same with the boot sector. Therefore Bitlocker will simply refuse to be enabled.
Since I put GRUB on my MBR, I understand this to mean that a register within TPM isn't getting set correctly, which may explain why I always need to type in that key to boot Windows.

The article then details the steps to set up a dual-boot system that uses Windows/BitLocker. In short:
  1. Install Linux first.
  2. Install GRUB on the Linux partition (not the MBR)
  3. Save a copy of the Linux boot sector.
  4. Create partitions for Windows.
  5. Install Windows.
  6. Configure the Windows Boot Manager to also boot Linux.
  7. Enable TPM.
  8. Enable BitLocker.
That's a lot of "hack" to get a dual-boot system. The rational part of me understands that TPM isn't just to encrypt data, it's meant to prevent "unauthorized" software from running on the system. And from the TPM view, my Linux install is (technically) "unauthorized" because TPM doesn't know about it.

I get it.

But at the same time, I can't help but think this is some elaborate conspiracy to prevent Linux dual-boot systems. It's as though the only way I can run Linux on this system - and keep Windows/BitLocker running happily - is to boot Linux from some other media. I tell you, I'm this close to going back to running Linux from a USB flash drive. I used to do that all the time, and it was still very fast. Software updates were a little slow, but everything else was speedy.

I don't know. Maybe I'll do that, just buy another USB flash drive to run Linux, and cede the hard drive to Windows/BitLocker. Erase the Linux partitions, and put a Windows MBR back on the disk. If nothing else, it might rule out a problem with TPM, if TPM keeps disabling itself even when Windows/BitLocker "owns" the whole hard drive.

What do you think? Other suggestions or solutions? If I can find another way to dual-boot Linux and Windows/BitLocker, I'll give it a go.

Friday, July 22, 2011

Gnome Shell themes

I mentioned Gnome Shell extensions the other day. Two of the extensions supported theme management. Maybe you'd like to change the look of your Gnome desktop? Under Linux, this is a very simple thing to do. Although Gnome 3 supported themes "out of the box", including Gnome 2 themes, I'll admit that it took a little while for themes specific to Gnome 3 to appear.

The best gallery seems to be at DeviantArt.

My current favorites are Smooth Inset and Elementary.

These are some others I've tried, and really liked: Smooth Inset Small-Screen, and Adwaita-White Netbook. I'll also give a nod to Nord, which is nice, but the author advises it is beta.

Wednesday, July 20, 2011

Gnome Shell extensions

It's been over a month since Fedora 15 came out - the first mainline distribution to include a default Gnome 3 desktop. My first impressions still hold: Gnome 3 is a change, but after a few minutes the Gnome Shell felt quite natural. I guess Gnome 3, and specifically the Gnome Shell, is something you either love, or something you hate. There doesn't seem to be much middle ground.

If you miss the extensions and themes of Gnome 2, I thought I'd point you to a few Gnome Shell extensions that are available to you. These are the package names, and a description of what they do:

Extra features
gnome-shell-extension-cpu-temperature
Adds an applet on the panel which displays the temperature of your CPU.

gnome-shell-extension-icon-manager
Allows you to add and remove icons from the top bar panel by simply editing your gsettings.

gnome-shell-extension-mediaplayers
Displays player controls, music, and music cover in the Gnome Shell.

gnome-shell-extensions-windowsNavigator
Makes it easier to use the keyboard to switch windows and workspaces. When you're in "overview" mode ("show all windows" mode) press the Alt key to show numbers in each window. Just press the number for the window you want to display.

gnome-shell-extension-workspacesmenu
Adds a "workspaces" menu to your status area, to make it easier to switch between spaces.

gnome-shell-extensions-alternate-tab
Changes the behavior of Gnome Shell back to "classic" Alt-Tab behavior. In the default Gnome 3, Alt-Tab will switch between applications, but separate windows for each application are grouped together. This extension disables grouping, so that you switch between windows rather than applications.

gnome-shell-extensions-alternative-status-menu
Adds "Suspend" and "Power Off" options to your status menu. In the default Gnome 3, you have to press Alt in the status menu for "Suspend" to become "Power Off".

gnome-shell-extensions-auto-move-windows
Lets you manage your workspaces by assigning a specific space to an application as soon as it creates a window.

gnome-shell-extensions-dock
Puts a task-switcher "dock" on the right side of your screen.

gnome-shell-extensions-drive-menu
Adds a menu in your status area to show removable media.

gnome-shell-extensions-native-window-placement
Lays out the "thumbnails" in the window overview that reflects the positions and relative sizes of the actual windows.

gnome-shell-extensions-places-menu
Adds a menu in the system status area that resembles the Places menu from Gnome 2.
Simplify your desktop
gnome-shell-extension-noim
Removes your name and IM status options.

gnome-shell-extension-noripple
Displays the "ripples" that show up when you enter the "Activities" hot corner.

gnome-shell-extension-pidgin
Integrates Pidgin chat into your Gnome Shell session.

gnome-shell-extension-remove-accessibility-icon
Removes the "Accessibility" menu from the top panel.

gnome-shell-extension-remove-bluetooth-icon
Removes the Bluetooth icon from the top panel.

gnome-shell-extension-remove-volume-icon
Removes the volume icon from the top menu.

Productivity
gnome-shell-extension-pomodoro
Adds a timer to help you track time, if you use the Pomodoro Technique for time management. (Essentially, break work units into 25-minute periods, and work exclusively on that task for 25 minutes.)
Theme management
gnome-shell-extension-theme-selector
Gnome Shell user theme selector, with preview.

gnome-shell-extensions-user-theme
Lets you select a custom theme for the Gnome Shell (from ~/.themes/theme/gnome-shell/gnome-shell.css)

Saturday, June 18, 2011

Guest sessions and user management

Has a friend ever asked "Can I borrow your laptop to check my email?" Maybe you're uncomfortable handing over your account to them. There's a simple answer for that: the guest account.

Guest accounts are available in Fedora 15, but are disabled by default. You can activate this feature by installing the xguest package, which is easy enough to do by going to Activities - Applications - Add/Remove Software.

The Guest account doesn't have a password. Also, any files created there (including saved passwords from the browser) are deleted automatically after they logout, so it's great for short-term use like checking email or quickly updating their Facebook.

There's more about guest sessions and user management on Fedora 15, at LinuxBSDos. The article has a lot of information about account management in general. It's pretty straightforward, but screenshots are always good.

Tuesday, June 7, 2011

Windows killed my laptop, again

I mentioned last week that my office is moving to Active Directory. All our Windows PCs needed to get reconfigured to authenticate through AD. At the same time, I asked that we apply encryption to every desktop.

As the central IT office, my group went first. I'm one of 3 people in our office that dual-boots Windows and Linux, and I was not alone as we witnessed Windows break because it was not the only operating system to control the hard drive.

Here's the process:
  1. We configured TPM in the BIOS, then booted into Windows. As usual to start Windows, I selected "Windows" from the Grub boot loader.
  2. Configured Windows to use the built-in BitLocker disk encryption. Interestingly, Windows doesn't actually complete this step, instead it needs to reboot for the change to take effect. Okay fine, it's a filesystem change.
  3. When I reboot, and  select Windows from the Grub boot loader, Windows complains it cannot find the BOOTMGR. Unable to go on, it only lets me "Ctrl-Alt-Del" to reboot - but after rebooting, selecting Linux from the Grub boot loader still worked fine.
Not sure how Windows kills itself, but Linux continues to work fine. I'm reminded how Windows killed my laptop, under different circumstances.

We mucked with it for a while, trying various Grub boot options, whatever. After about 10 minutes, we gave up, and booted from a Windows 7 recovery bootable CD. That let us run some commands from a terminal window (bootrec /fixmbr, and bootrec /fixboot) in the recovery environment, to reset the boot sector and the master boot record.

Of course, Windows seems to assume that Windows will ever be the only operating system, so the tool doesn't take any precautions for a multi-boot environment. My Linux environment was no longer usable, but at least we got Windows to boot back up.

After letting BitLocker fully encrypt my Windows data, I looked into the damage to my Linux installation. The partitions were still there, but the Grub boot selector was gone. I could have restored my Grub boot selector - I've done that before (thanks again, Windows.) But today, I thought it might be easier to just re-install Fedora 15 on my laptop, and restore my data.

Thank goodness that backup and restore is so easy in Linux. Déjà Dup has been part of Fedora for about a year. Installing Fedora 15 took about 15 minutes, then I just needed restore my data. It was easy!

And yes, re-installing Fedora also put Grub back as the boot selector. And Grub now lets me dual-boot (again) into Windows + AD + BitLocker, or into Linux.

I lost my morning to a mess caused by Windows, but regained my afternoon thanks to Linux!

But I guess my "lesson learned" is that Windows really wants to be the only operating system on the computer. Be warned.

Friday, June 3, 2011

Multiple reboots

I am always amused by the need for Windows to reboot after making a run-time change. Or what should be a run-time change.

My office is starting our migration to Active Director, so today I booted into Windows to let our PC support folks do their thing to hook up my laptop. I just sat back and watched. It took two reboots to configure Windows to use Active Directory for login. Apparently this is the standard "Windows way" to do it - one reboot to reset the "hostname" (to a standardized name) and another reboot to connect it to the AD domain.

And given how much longer it takes Windows to boot, compared to Linux, it felt like I was waiting around a long time just waiting for Windows to come up, only to watch them reboot again.

I'm shocked by Windows' design. Okay, I can understand how Windows would need to reboot to get the network and all the services configured for a new "hostname". And I can (sort of) see why Windows might need to reboot to change the authentication service to AD.

But why can't these changes be wrapped together into one reboot? Why does Windows always assume a reboot is the right way to apply a change?

(There's more drama with configuring this laptop for Active Directory. But I'll save that for next week.)

Thursday, June 2, 2011

Fedora 15 impressions

Back in April, I installed the Fedora 15 Beta release. My quick review at that time: it took a little time to get used to Gnome 3, but I liked it.

Last week, Fedora 15 was officially released. I installed a copy on my laptop, and quickly got back to work. The install process was the fastest I've seen for any Linux distro - about 15 minutes to install the complete operating system from the LiveCD installer.

The big, new feature in Fedora 15 is the Gnome 3 desktop. Read my preview of Fedora 15 for screenshots. Gnome 3 takes a different view on the desktop, based on user experience and feedback. The default Gnome Shell has a single menu bar, which lets you launch programs and quickly access settings.

The "Activities" menu helps organize everything. To start an application, click "Activities" and you can select from a "Favorites" list, or a full list of installed programs. Applications are sorted by category, or you can scroll through "All".

Instead of a separate panel to show your available applications, you click "Activities" to see what's going on, even if you have programs running on a virtual desktop. I suppose Mac users will find this "Activities" view similar to that of Exposé.

I guess Gnome 3, and specifically the Gnome Shell, is something you either love, or something you hate. There doesn't seem to be much middle ground.

Gnome 3 is a change, for sure. But I quickly got over it, and after a few minutes the Gnome Shell felt quite natural.

I helped my wife install Fedora 15 over the weekend. She's not really a "techie" user, but my wife has been a big Linux fan for many years now, having dropped Windows. She has moved from Gnome 1 to Gnome 2, without much trouble. But now that her laptop is running Gnome 3, she's not so much in love with the new interface.

As I said, you either love it or hate it.

I can see why: Gnome 1 was a big step forward for the Linux desktop. Gnome 2 made major improvements on the desktop, making everything easier and more integrated. The user interface was fairly similar to Windows, making it a little easier for Windows users to switch to Linux. But Gnome always took its own spin on the "Windows" interface, moving to the "two-panel" approach: one to show things you can do, another that shows things you are doing.

Gnome 3 is a deviation from that progression. The Gnome Shell looks more like Mac OS X than Windows. That's fine if you're a Mac user looking to move to Linux, but it requires some re-learning of the user interface. Mac OS X is quite different from Windows, and a desktop environment that takes cues from Mac will operate differently than one that borrows from Windows.

I like the new interface. I guess my only complaint is that I don't like the wide title bars on Windows, and that everything looks sort of grey. I understand you can customize the Gnome 3 shell, but the process to do that requires some manual editing. I'm sure this will get easier in later releases, and Fedora is supposed to be a "cutting edge" distro. (If you are looking for long-term stability, I point you to Red Hat Linux - Fedora is generally considered to be the "testing ground" for new features in Red Hat.)

If anyone has suggestions for how to add themes to Gnome 3, specifically how to set the appearance to look more like the Bluecurve interface from Fedora 14 and previous releases, please let me know in the comments.

Thursday, May 19, 2011

The flexibility of Linux

I'll admit, I'm somewhat interested in Google's Chromebook concept. The Chromebook is Google's spin on the "netbook". Announced in May last year, Chromebook goes on sale in mid-June.

The Chromebook runs Google's Chrome OS, which is based on Gentoo Linux. While Linux has appeared on netbooks in the past (and were the only option on the very first netbooks) this is another example of the flexibility of Linux. You can use Linux as a base for almost any computing platform - it's small, fast, and supports a variety of hardware.

When I first heard about the Chromebook, I started thinking about how you might go about "building" a Chromebook-like netbook. Now that Chromebooks are about to go on sale, I thought I'd revisit this idea here.

First, let's understand the concept of the Chromebook, what makes it different from other netbooks.

The idea is that you have a netbook where all your data is stored in "the Cloud" (Google Docs, etc.) so that nothing of value is really on the netbook. There's no "desktop" concept, you can't really save anything to your Chromebook. You do everything (including documents, email, games) via a web browser. This potentially makes for a very secure computing environment.


Starting from that, the Chromebook is essentially a mobile web computer, under the assumption the Internet is "always on" (or at least, "mostly on" - leveraging Google Chrome's support of HTML5 offline mode to continue working.)

Google Chrome is already available for Linux. And that's all we need to start "building" a Chromebook-like netbook:

Start with a "bare" version of the "X" Window System. Imagine a "window manager" that doesn't really manage any windows. If the Chromebook doesn't support a "desktop", then your "window manager" doesn't need to do much. In the simplest case, you need an "action bar" that lets you connect to open wi-fi networks, displays battery, and lets you logout.

The Samsung Chromebook sports a 1280x800 display. Here's a mock-up in those dimensions. I'll fill in the pink area next.


In this mock-up, maybe clicking on the user's name will bring up a simple dialog with "logout". The icons on the right could be clickable too, to join a network or to put the netbook to sleep. There's no option to bring up local applications - because you do everything in "the Cloud".

The "window manager" only has to keep track of one window: Google Chrome. The "window manager" doesn't need to support features such as virtual desktops, because Chrome supports tabbed browsing on its own.


You won't have the option of a file manager or a terminal program ("shell" window) in such an environment, but neither does Chrome OS. This is really intended to get you online, for you to do your work there.

How fast could such a system boot up? I installed a minimal Fedora Linux on an old laptop to test. This machine only takes 9 seconds to boot into text mode on a 2GHz single-core CPU with 1GB memory, no services running. Assuming a graphical environment like I've described above, this system might take a total of 11 seconds to boot up into a "login" screen.

Once you've logged in, probably another 2 seconds to bring up the "window manager" and start Chrome.

That's not very different from what Google is claiming for the Chromebook: about 8 seconds to boot. I'd guess that's the time it takes to get their "login" window, which is pretty bare:


So there you have it - all it takes is a "window manager". I used to have the programming madskillz to write such a thing, but my C is a bit rusty these days. I haven't looked around, but I'd bet someone has written a minimal "window manager" like the above. Maybe someone can point me to a link in the comments.

Tuesday, May 10, 2011

Linux to the rescue

Yesterday, I wrote that Windows killed my laptop. A few updates, and my laptop wouldn't boot anymore - not to Windows, not to Linux, nothing.

Fortunately, I have a USB flash drive with Fedora 15 beta, so I was able to boot from that and get back to work.

A few of you suggested that one of the Windows updates had messed up the boot sector. I thought that sounded a likely culprit. A little googling, and I quickly found several suggestions to restore the Linux "GRUB" boot selector.

So, now my laptop boots again! That's Linux to the rescue.

Monday, May 9, 2011

Windows killed my laptop

Our office isn't on Active Directory yet, so when I changed my network passwords this morning, I had to go through the ritual of booting back into Windows to change my password there too. As I watched Windows "preparing to install updates", I was reminded that yeah, I had let Windows install some updates last week after I attended a webinar (I attend a virtual meeting about once a month, and the other end requires Silverlight.)

It took only a few minutes, but I watched as Windows installed all its updates, then shut down. That was odd, I thought. But maybe it required a reboot for the updates to take effect.

I rebooted back into Windows - or tried to. After the BIOS screen, nothing happened. My laptop just sat there, blinking that underline cursor, doing nothing.

I tried rebooting. It did the same thing, just blinked that cursor at me. I let it sit that way for more than 5 minutes. Nothing.

A few more reboots, and I managed to convince myself that my laptop just won't boot anymore. My laptop will successfully make it past the BIOS screen, then blink the underscore at me. I can't even get to the Grub boot selector, to boot into Linux. Windows killed my laptop.

Gee, thanks, Windows.

I'm not sure what happened. I watched Windows install the updates, and everything seemed okay. I didn't see any error messages. And Windows shut down just fine, and rebooted the laptop, so it's not like the updates or the shutdown/reboot process was interrupted.

Fortunately, I have a USB flash drive with Fedora 15 beta, so I'm running that at the moment. That's Linux to the rescue.

Thanks, Linux!

Thursday, May 5, 2011

Scanner support

At work, we're planning to re-organize our storage area, and "clean house" on some dead/old items. So today, I was looking through what's in storage, and happened across a neat find: a scanner.

It's a UMAX Astra 2100U, so a USB scanner. From what I could find, this dates back to 2001. While this is a 10-year old device, if a 600x1200 dpi scan is what you need, it would be nice to have a working driver.

But according to UMAX, the 2100U scanner is supported only under Windows 98/98SE/ME/2000/XP and Mac OS 8.0 to 9.1. Confirming this, the UMAX support download page doesn't have drivers available for Windows Vista or Windows 7. Mac users are also out of luck, as MacOSX drivers aren't available, either.

But Windows and Mac support may not be all that great, anyway, even on the versions officially supported by UMAX. This review from 2001 warns about driver compatibility:
This tempting scanner can give great scans, unfortunately the software required to run it crashes both Macs on which I tried it, and it rewrote system files on the Win2000 PC I on which I tried (unsuccessfully) installing it.

It is incompatible with a Mac running iTunes 1.1 software. UMAX says they are working on this as of March 2001. Good luck!

It also made a 350MHz iMac completely unstable and unbootable. It took over an hour for of one of the most kind-hearted Mac specialists in San Diego to get it running again.

Another reader in Chicago wrote ME trying to get my help in getting her system to run. UMAX couldn't get it to go. That's too bad, because I gave up myself. Hopefully UMAX will take back her scanner.
Maybe that's why this scanner was in our storage area, with a note taped to it reading "No longer works - cannot find working driver."

Out of pure curiosity, I plugged the scanner into my Linux laptop. A few clicks in "System - Administration - Add/Remove Software" and I had installed Sane and the plugins for Gimp. So about 2 or 3 minutes.

Sure enough, the scanner works! I scanned a few test images, whatever I had around the office, and loaded them directly into Gimp. Works great! Another example where Linux support is ahead of the competition.

Monday, May 2, 2011

Still Linux in Exile

I really appreciated hearing the positive comments to my question, if Linux in Exile is still needed. Sounds like my blog fills a need, tells the "other side of the story" about how Linux users view the Windows world (rather than the other way around.)

So, I've decided to keep blogging. Someone needs to keep pointing out that Windows operates in a kind of weird way, and demonstrating (sometimes by counterpoint) that the Linux desktop is a mature, stable platform. Linux is no longer the bare-bones desktop platform of the mid-90s.

I'll keep the Linux in Exile name, even though I'm no longer (technically) "in exile". The name is catchy, and I like it.

Thursday, April 28, 2011

Like kicking a puppy

It's getting harder to write for Linux in Exile these days. Not because I am running out of topics - in fact, it's quite the opposite. But as Linux Foundation chief Jim Zemlin says, writing these posts almost feels like kicking a puppy.

Linux has "won", in pretty much every category except the desktop. Microsoft relies on desktop PC sales too much to let it go.

But the desktop is becoming less important anyway. The platform matters less when the next generation of computing focuses on the handheld device. And Android (built on Linux) captured the lead in market share for the mobile device platform, even over iPhone. The future is looking bright for Linux.

And on a personal level, I haven't been (technically) "in exile" for a while now. I'm at a new organization, the senior-most IT officer, and Linux on the desktop is part of the culture here.

So I don't know if Linux in Exile is needed anymore. What do you think? Is this blog helpful to you, to the Linux community? Or is it too much like kicking Microsoft when they're down? Leave your comments below.

Thursday, April 21, 2011

Preview of Fedora 15

Updated: I've added more screenshots of the default desktop.

I'm closely watching the Fedora Project for the next release of Fedora Linux. Fedora 14 has been great, but what does the upcoming Fedora 15 have to offer? I downloaded the Fedora 15 Beta to find out.

As usual for testing a new Linux release, I installed this on a USB flash drive. While it's a little slow in running updates (that's due to the nature of flash) this is a great way to experiment with the Beta version without installing over my existing system. The install took about 20 minutes, from start to finish, using the Live CD. For those who are curious about the technical details, I manually partitioned the flash drive with a very plain layout, and let the installer encrypt my filesystem automatically.

The biggest difference is that Fedora 15 has upgraded to Gnome 3, which uses the new Gnome Shell interface. It's a change, for sure. But I quickly got over it, and after a few minutes it felt quite natural.

To compare: Gnome 2 (basically, what you see in Fedora 14 and earlier releases) used a menu "panel" at top with a "Start" menu and other shortcuts, and a different Gnome "panel" at bottom that shows your running applications and available virtual desktops. I usually describe this as "things you can do" (top panel) and "things you are doing" (bottom panel). This isn't too different from the interface used by Windows - which was probably intentional - but at the cost of having two panels taking up "screen real estate" - not a problem on typical desktops, but can get cramped on small netbook displays.

Gnome 3 takes a different view on the desktop, based on user experience and feedback. The default Gnome Shell has a single menu bar, which lets you launch programs and quickly access settings. Here's my default desktop on Fedora 15 Beta, using the Gnome Shell:

(That screenshot is extra wide because I have a second monitor attached to my laptop - the desktop at right - and I wanted the screenshot to show everything.)

The "Activities" menu helps organize everything. To start an application, click "Activities" and you can select from a "Favorites" list, or a full list of installed programs. Applications are sorted by category, or you can scroll through "All":


Instead of a separate panel to show your available applications, you click "Activities" to see what's going on, even if you have programs running on a virtual desktop. I suppose Mac users will find this "Activities" view similar to that of Exposé.

And a view of the file manager:


Other differences:

Firefox is now version 4. This is an obvious update. I also installed Google Chrome separately.

LibreOffice replaces OpenOffice. You may remember that some of the OpenOffice folks split off when Oracle purchased Sun Microsystems (the "sponsor" of OpenOffice.) Since OpenOffice is open source, the developers "forked" the project and created a new office suite based on OpenOffice, plus some updates. LibreOffice is the result of that new community. While I haven't used it yet (I prefer Google Docs) I understand LibreOffice has folded in some new features that make it easier to use.

And of course, Rhythmbox (music player) and Shotwell (photo manager) are still there. I love these applications.

And while I can't find mention of it in the Release Notes, I'm positive Fedora 15 updated the font rendering. Everything looks so smooth and easy to read. Even Google Chrome, which uses an outdated font method, now looks great!

I haven't had time to poke around with all the new features yet. I've only been running the Beta for a few hours. I don't have any complaints so far.

Fedora 15 is due out at the end of May.

Wednesday, April 20, 2011

No unified software update?

I promised I would come back to this topic, so here it is. Fortunately, I don't have much installed on my Windows system. It's basically a platform that I use when I attend an online meeting that requires Silverlight or some similar Windows-only plugin. (These are rare, but they do happen...) As a result, essentially, I only have web browsers installed.

When I check for updates on Windows, I have to do so in a number of places:
  1. Windows Update
  2. Mozilla Firefox
  3. Google Chrome
  4. Adobe Reader (PDF)
  5. Adobe Flash
It's a problem that I have to check each software package individually to see if there are updates. Why a manual process? What if I forgot to check one of these applications for new versions? My system would be left vulnerable.

Yes, a few Windows applications are "well behaved" and look for updates on their own. But that's just a "band-aid" fix to a larger problem. What a hassle.

I know these are third-party applications, and I know it's odd to suggest that these get folded into some kind of "system-wide" patch process. But that's what Windows really needs.

Linux has a unified software update. On Linux, software packages can include an instruction that adds itself to the software update list. In technical terms, it adds an entry for the "software repository" so that the system-wide software update knows to check that location for new versions.

For example, when I installed Google Chrome on Linux, I did so by downloading the "RPM" file - the software "package" file. Installing the RPM was as simple as clicking on it, entering my password, and letting the software installer do the rest. Automatically, this process created an entry under /etc/yum.repos.d for Google Chrome's software repository.

Now, when Linux checks for patches, the unified software update also looks for new versions of Google Chrome, and downloads and installs them with everything else. It's easy!

Why can't it be that easy on Windows?

Friday, April 15, 2011

Windows Update still owns my machine

Ok, I mentioned that I rarely boot Windows these days. Pretty much, it's just to watch a webinar that requires some silly Windows-only software like Silverlight. But when I do boot into Windows, I always take the opportunity to install updates.

I attended 2 webinars yesterday. During the first meeting, I got that little pop-up that there were updates available for Windows. So I started Windows Update, and let it do its thing while I finished my meeting.

That was a huge mistake. But I didn't realize this until much later.

You see, Microsoft has this concept called "Patch Tuesday" where they dump a whole bunch of patches together and release them on the second Tuesday of each month. Apparently, this was a really big "Patch Tuesday".

The first meeting ended about 10 minutes early, and Windows Update said it was finished - I figured "hey, I'll reboot and let those changes take effect." I rebooted Windows, and got the message that Windows was finally going to install those patches. As I watched the progress indicator slowly count its way up I got that sinking feeling. This was going to take forever.

About 10 minutes roll by, and Windows had worked its way to about 30% complete. Then, it rebooted.

But Windows wasn't done installing updates. Again, I watched the progress indicator slowly count up from 30%.

Keep in mind that my second meeting was starting about now. But I couldn't join, because I foolishly assumed Windows "only" needed to reboot for changes to take effect.

Another 10 minutes went by, and and Windows had reached about 75% complete. Then it rebooted again.

I thought, "How many times does Windows need to reboot just to install some patches?" But fortunately, that was the last reboot, and the progress indicator eventually reached 100%, and I could finally login to Windows.

So 15 minutes late, I joined my second online meeting. For those keeping track at home, that's 25 minutes and 2 reboots (3 if you count the first reboot that started this) for Windows to install updates.

Again, I'm reminded how Windows Update owns my machine. This was true in Windows Vista, and it's still true in Windows 7. Microsoft needs to fix this bug! And I do consider it a "bug" because other operating systems don't require this kind of nonsense to install patches.

On Linux, most patches don't require you to reboot your computer. Sure, some patches may not take effect until you logout, and login again. A kernel update won't take effect until you reboot. But most patches just get installed, and you don't notice anything.

And in Linux, when you reboot or shutdown, you actually reboot or shutdown. None of this "let me install a few updates before you really get to shut down your system." Reboot means "reboot", and shutdown means "shutdown".

I guess I got spoiled for how cleanly Linux systems apply updates. Microsoft sure could take a lesson from that.

Wednesday, April 6, 2011

Comments are broken

I tweaked the blog's XML theme a few weeks ago. In the process, I wiped something that was needed for comments. So comments are broken now. My bad!

I'll try to get this fixed very soon. I might have to roll the blog theme back to some "vanilla/plain" style in the meantime.

Where's my window?

I don't often boot my laptop into Windows, preferring to run Linux pretty much all of the time. These days, I only boot Windows when I watch a "webinar" that requires Microsoft's Silverlight plugin. And that's rare enough, thankfully. But on the few occasions that I boot Windows, I always make sure to check for updates.

Last week, I booted into Windows while sitting in our conference room. And I immediately fired up Chrome, Firefox, Adobe Reader, etc to check for updates.

(Yes, it's a problem that these common third-party applications aren't included in some kind of system-wide update process, like they are in Linux. But I'll leave that for another time.)

My problem was when I clicked on the system tray icon for my anti-virus program. The program window didn't appear. So I clicked it again, nothing happened. I clicked the icon a third time, and paid very close attention.

You know how Windows (and Linux, by the way) will show the outline of the window as a program is launched, or reduced to the task bar? I could see the outline of my anti-virus program window as it moved off my screen.

I usually keep my laptop docked, with a second display. The last time I'd booted into Windows, I must have moved the anti-virus window onto the second display - probably to keep it out of the way while I did something else, but where I could keep an eye on it. And I guess Windows remembered that. I mean, really remembered it.

Normally I'd say that automatically remembering your last-used preferences would be a good thing. Except for the obvious exception when I don't have the second display plugged in. I wasn't docked! I wasn't even in my office - I was on another floor, in a conference room. My only display was my laptop screen. So I couldn't use the program, because I couldn't see it.

Why Windows does this, I have no idea. Eventually, I booted into Windows when the laptop was connected my second display, and updated the anti-virus program then.

In Linux, windows and multiple displays make much more sense. When I boot without the second display, Linux doesn't try to launch my windows in a non-existent display. Program windows appear in the only display that I have - my laptop display.

Tuesday, February 15, 2011

Windows users: it's your problem now

Microsoft Vice President Scott Charney, a longtime advocate of a coordinated approach to cybersecurity, describes a vision of Internet health:
"We broke Windows. It's your problem now."

At least, that's how I interpret his comments. Charney wants to have users pass a kind of "health test" for their computer before they can use web services.

"Security is not a problem that can be addressed fully by individual consumers, or even individual companies or governments. That is what led to the development of my public health model proposal, which calls for collective defense against cyber threats," he said.

Charney uses a public health model to support his new idea. Basically, in order to access web services (say, your bank - or cloud services, maybe even social networking like Facebook) you first need to let the provider run their virus check on your computer. Intrusive? I think so. Would you let a web site run their code (virus scan) on your machine before you are allowed to use their web application? I think I smell more malware coming.

Let me take the "health" idea in a different direction: it's like safe sex. Previously, wise PC users used a sort of "computer condom" (anti-virus software, firewall, etc.) That worked pretty well, and was really aimed at preventing infection. Like a condom, see? Microsoft's Charney now wants to change that, so that you can go play with whomever you like, but you should make a "good health" claim first. Charney suggests you can opt out of a scan, but there will be consequences.

Yeah, right.

To me, this is just passing the problem on to the consumer. That makes me wonder - does Microsoft even intend to address the gaping security holes in Windows anymore? Maybe the Corporate Vice President for Trustworthy Computing should suggest a different approach: make Windows more secure, more "trustworthy".

But maybe that's just me.

Instead, I see Charney's statements as raising the TCO for running a Windows system. Corporate IT can probably absorb this without too great an additional cost, but home users may quickly find the constant barrage of "let me scan your PC before you can access our web site" to be annoying. That would make for an interesting sea change.

Followers