I finally bit the bullet and I’m giving Linux a second try, installed with dual boot a few days ago and making Linux Mint my default from now on.
There are a lot of guides and tips about the before and during the transition but not for after, so I was hoping to find some here.
Some example questions but I would like to hear any other things that come to mind:
I read that with Mint if you have a decent computer you don’t need to do a swap partition? So I skipped that, but I’m not sure if I’d want to modify that swap file to make it bigger, is that just for giving extra ram if my hardware one is full? Because I have 48GB of ram and if I look into my System Monitor it says Swap is not available.
Was looking at this other post, and the article shared (about Linux security) seems so daunting, it’s a lot. How much of it do I have to learn as a casual user that’s not interested in meddling with the system much? Is the default firewall good enough to protect me from my own self to at least some degree? I was fine with just Windows Defender and not being too stupid about what I download and what links I click.
I was also reading about how where you install your programs or save your data matters, like in particular partitions or folders, is that just like hardcore min-maxing that’s unnecessary for the average user that doesn’t care to wait half a second extra or is it actually relevant? I’m just putting stuff in my Home folder.
Connected to the last two points: in that Linux Hardening Guide lemmy post I shared the TL;DR includes “Move as much activity outside the core maximum privilege OS as possible”… how do I do that? is that why people have separate partitions?
Downloaded the App Center (Snap Store) and I was surprised there was even a file saying to not allow it… why is that? Is it not recommended? Is it better to download stuff directly from their websites instead?
Now try to install Gentoo!
If you have 48GB you don’t need a swapfile. To min-max you could lower the “swappiness” so it uses swapfiles way less. It’s just bonus memory that lives on the SSD. Swap files and swap partitions behave the same unless you run out of SSD space.
Linux system has better architecture than Windows so your system is safe unless you install a virus (of which there are way fewer).
Where you install programs? Just use the app store or terminal, the location doesn’t matter.
The “hardening” is interesting though, you can go really far into security if you want. If things are installed in user-space it can’t fuck with your computer on a fundamental level so it’s preferred. You don’t have to worry about it though unless your installing some niche programs from someone you know nothing about.
Don’t worry about swap, you’ll be fine unless you’re usually working with huge chunks of data like big 4k video files or something.
The firewall built into mint is the kernels included nftables the same one built into Debian and Ubuntu (I think, I don’t fw Ubuntu). It’s fine. Don’t touch it. When you need to mess with it you can figure out how to open ports or split routes or whatever really easy because there’s lots of documentation out there.
Putting everything in your home folder is fine. Programs will install automatically to /bin or /usr/bin or something like that and if you want them in your home directory you could make a ~/.bin/ directory and add it to your path and have your private programs there, but:
Stop using flatpaks or snaps unless it’s your only choice! You have a built in package manager with decades of testing and development behind it and a very capable team of maintainers who watch over the packages, use that instead! That’s why they say not to use the snap store, it’s a vector for using Joes Weird Program that no one has tried before and requires Joes Special Version of a normal system library.
Use your package manager.
You’re not at the point where you understand enough to do the stuff in the linux hardening guide without making decisions that unexpectedly cause you pain somehow. That’s not an insult, sometimes you just don’t recognize the “universal” symbols for engine oil as opposed to coolant and ruin your car by the side of the road because you just don’t know. You can learn that stuff later, but it’s best not to mess with it yet. Speaking of:
If you don’t have a backup solution setup and you haven’t recovered using it and aren’t periodically checking to make sure it’s still running right, turn off disk encryption. It’s much harder, sometimes impossible, to recover data off an encrypted disk. If you don’t have a backup and you don’t know how you’d access the files on the disk without booting the computer then turn disk encryption off.
For the swap space, yes that’s for when you run out of RAM. 48GiB is plenty of RAM, so you should be fine without it. I have 32GiB of RAM on my system and have been running without swap for ages without issue.
Hardening guides like that are mostly designed for things like web servers which are connected to the public internet and need higher scrutiny. The default configuration for distros like Mint should be secure enough for the average user.
However, don’t feel invincible and run random code from random sites. Both Windows and Linux can’t protect you against malicious code you run yourself.
Having organised partitions is the kind of thing that people obsessed with organisation do. For most people, the default partitioning scheme is fine. However, as always, remember to keep backups of important data.
For installing software, Mint has a Software Centre (which is distinct from the Snap Store). I’d recommend installing software using that for the average user.
In Mint, there are three main types of packages:
- Debian/APT packages, which are provided by Mint (well, technically by the Debian distro and they trickle down to Mint, but technicalities). Not all software is available from Mint’s repos and they may be out of date.
- Flatpak packages, which are provided either by developers themselves or dedicated fans. They are usually more up to date and have a degree of sandboxing.
- Snap packages, which are controlled by a company named Canonical. As of late, Canonical has been a bit “ehhhh”, so there’s pushback against Snap. Mint has it disabled and has their reasoning explained here: https://linuxmint-user-guide.readthedocs.io/en/latest/snap.html
Mint’s software centre is able to install both Debian and Flatpak packages. I’d recommend using it where possible since it allows automatic upgrades and easier installation/uninstallation.
There is also appimage, the oldest and simplest of the flatpak formats
Thanks for asking this question, it’s really amazing and helpful for us old Linux people to see the experience of somebody who’s coming over fresh. I think you are asking the right kinds of questions and I wish you the best of luck.
Specifically about Windows Defender, I haven’t seen any tool like that on Linux, but I am curious to see what you find out.
Advice from personal experience as a simple user - you don’t need dual boot. One machine = one system. Run win apps with wine. Win upgrades can and will break your bootloader and make you normal Linux partition unbootable. Multiboot is used by professionals for specific tasks.
I tried installing a windows software with wine and it didn’t work. Shrug.
Have also dualbooted for ages with no problem. The one thing I had to do was set windows to the UTC timezone so it would stop fucking up the Linux clock.
This kind of experience is very personal and I guess depends a lot on our hardware - I’m having an opposite of what you’re describing, never had any problems with running and installating software under wine (although I don’t use any windows programs anymore) but had lots of problems with dual booting. I honestly don’t understand anymore why anyone would install windows in general and why does one need two or more OSs installed on a single machine, if I want to tinker with another OS I can run it in a VM or run it from a Live environment from a CD or USB stick. One system is enough to operate a computer and it makes sense to use one that respects our freedom.
Yeah that is the reverse for me. VMs and wine have been nothing but trouble and dual booting just works.
It is annoying to have two OSes but it is literally the lowest-stress option for me lol.
Random question, for games that require kernel level anti cheat or competitive games that just need anti, would wine work or should I use dual boot
Dual boot for sure, with the caveat that you will have to deal with the complexity and problems this may give you.
For me the only perennial problem is the system clock but ymmv
One of the forums regulars, Pjotr, made this website exactly for questions like that: https://easylinuxtipsproject.blogspot.com/p/1.html
–> see “B. Right after the installation of Linux Mint”
omg thank you! that’s exactly the kind of stuff I was looking for!
Best practices?
Don’t copy paste commands into the terminal you don’t understand.
RTFM
Use the computer like a computer. Linux is not a lifestyle; it’s a tool you use to shitpost, watch videos, play games, etc.
But I LOVE copy/pasting complex commands
Man files are your best friend
Linux is not a lifestyle
I have to disagree about this point.
@[email protected] wow 5 upvotes already but the comment is quite unhelpful tbh
Her third tip is gold. You don’t hear that often. Linux doesn’t have to be your life. It supports it but you don’t have to live around it.
also I’m literally saying “casual”. I said I’m a casual user like at least twice in there. Does that strike you like someone that needs to hear that Linux is “not a lifestyle” ? It’s in the title.
it’s also quite obvious though? Just like the other two. It’s common sense with a condescending tone
Almost everything you do on desktop linux is already “outside the core os”.
This is mostly relevant for server software configuration, where you should run services with as few system privileges as possible. Preferably you isolate them entirely with a separate user with access to only the bare minimum it needs.
This way, if a service is compromised, it can’t be used to access the core system, because it never had such access in the first place. Only what it needed to do its own thing.
By default, nothing you run (web browser, steam, spotify, whatever) should be “running as admin”.
The only time you’ll do that on desktop linux, is when doing stuff that requires it. Such as installing a new app, or updating the system. Stuff that modifies the core os and hence needs access.
Basically, unless you needed to enter you password to run something, then it’s already “outside” the core os.
ooooh I seee, thank you for explaining that!
Do not press the hidden button.
EDIT: Just saw that Malik already did mention this more succinctly. Please feel free to ignore me.
ORIGINAL COMMENT: The comments here already cover a good bit, esp. with the link to Piotr’s blog post.
However I don’t see anyone reacting to your mention of the snap store.
If you want some details about that, you can read here: https://linuxmint-user-guide.readthedocs.io/en/latest/snap.html
But in a few words, distributing software is kinda of a mess in Linux at first glance, for various technical reasons.
To caricature, you used to only install the packages from your distribution (mint for you) repositories, and if a program wasn’t in it, you had to either compile it or jump through other hoops.
Then came other formats which made distributing software across Linux distros easier, with some caveats. Two notable ones are Snap and Flatpak.
Snap was made by the guys behind Ubuntu and mint is an offshoot of Ubuntu that made the willful decision to not do snaps by default after a number of fiascos.
My advice would be: try installing software through the normal mint repositories, ideally the non Flatpak version. If it does not exist there or is buggy or whatever, consider the Flatpak. Only failing that should you look into snap IMO.
you can always add eg. a swap file later if needed - apparently not as good as a swap partition, but it is more flexible. With 48 GB of ram I hardly think you’re going to have issues, but that depends entirely on what do you do with the system.
Firewall isn’t really helping the system against you, it’s to block ousiders getting in - more or less.
install locations: if you just use what’s in mint’s repositories, you don’t really need to think about it. Out-of-repository stuff like steam games etc generally live in ~/.steam or so. Or in some dedicated path you configure in steam/whatever.
As for snap/flatpaks/whatever, haven’t used a single one. But in general: I’d favor the distribution’s repos, if at all possible for installs. If the app isn’t there, but is in snap… fine, I guess? As long as it’s managed by some kind of package manager for easy install/update/uninstall. But having to manually download and install from a website? Rather not, that’s when the maintenance becomes manual.
And of course, opinions are opionated. Your system, your rules. :P
oh with the firewall saving me from myself I meant if I download something thinking it’s safe but isn’t
Thank you! :) @[email protected]
oh with the firewall saving me from myself I meant if I download something thinking it’s safe but isn’t
A firewall would not save you from that.
A firewall stops random incoming connections. But if you download and run something bad, that’d be an outgoing connection, since the malicious program is then already on your system.
Windows Defender warns you if a file seems malicious and then you have to accept a window to use it anyway or to keep it, isn’t that also part of what a firewall does? I know it’s silly and one should just do that mentally for every file but it’s nice to have a reminder sometimes for sketchy files. Anyway, I was not asking specifically for that, just asking generally about virus protection and whatnot
Defender is antimalware/antivirus. There at least used to be a separate firewall in windows, but not sure if it’s a part of defender or not.
Either way, “firewall” is traffic control, antimalware/virus is the execution guardian.
potato potato, I just meant some software thing to warn me when I have downloaded something sketchy and I should re-think my choices
Well, not really po-tay-toh/po-tah-toh. They’re 2 different utilities that do 2 different things. If you ask the wrong question, you’re not going to get the answer you’re looking for.
What you’re asking about is an antivirus. It’s been awhile since I messed with this on my Linux systems, but last I looked, ClamAV was most commonly recommended. You can probably search for “Linux antivirus” and find some recommendations.
Generally speaking, the earlier recommendations to stick with official repos is excellent. When you venture outside of that, you increase your administrative overhead because those manually installed apps won’t stay patched with a simple “apt upgrade.” That said, a well written cron job could keep them up to date for you.
As for where to install things, it’s personal preference. I prefer using my home directory. If that doesn’t work, my fallback in /usr/local, which is either its own partition or symlinked to the /home partition). I mention the partitions because having separate /home and possibly /usr/local makes it easy for these customizations you install to survive a reinstall. Backups will also help with this.
You have to ask yourself what this system will be used for. If it’s a daily driver that you want to “just work” I would stick to official repos, and minimize customizations. Windows makes a lot of choices for you. Linux expects you to know what you want to do.
And I’m telling you a firewall won’t do that.
It won’t have anything to say at all about something you download and run.
It’s a completely different security feature. It handles potentially malicious network activity. Not software on your computer.
You should try to avoid executing files that you downloaded from somewhere online, it’s best if you canget it either from the system package manager( i.e apt ) or get it from flatpak/snap. If you have to get it from a website it depends on what the website is and the usual suspicious features. If you are unsure if something from github or similar is safe you can always google it first to see reviews from other users. Antivirus software like on windows is not that common for linux and most of the time it is enough not to run software you don’t trust as sudo or admin as they don’t have permission to change files without those.
What I suggest. Dont look at hardening yet. Only do so if you feel like your ready to touch the Internal workings of the OS. I do suggest using full disk encryption if this is a laptop.
Saving your files in your home folder just like how you did on windows is fine. Nothing wrong their.
Personally I would familiar your self with the terminal. It is not scary at all. sudo apt install program is how I would install software on mint (or any Debian based system).
Oh and above all. Use the system and try to do your normal task. See what you run in to and ask help where needed. We are here to help you along the way if needed.
@[email protected] I’ve got a desktop but I think I ticked on the drive encryption while installing anyway
With “files” you also mean programs, right? The ones that I download and don’t install with the terminal or an app store?
I’m not scared of the terminal myself, I’m scared of accidentally overwriting stuff or downloading something I didn’t intend to because of a typo, etc… I’m careful but there’s only so much one can fight the adhd. Plus I just really prefer visual interfaces
Thank you! :)
Most Linux distros are already hardened. You can use “extreme” distros but as long as there’y no need, stick to a “normal” distro first. You can switch whenever you want.
oh nice, that’s good to know, thanks!
