Loving Trisquel
Hello all,
I installed Trisquel 10 and am finally starting to feel at home, is looovely! I must say it's not easy to come from fruit to freedom!
Thanks again to everybody for the help and patience on my previous post (my first). I think I understand now why things got so messed up, but messing up turned up to be quite useful, I guess we learn faster when we are in trouble.
I have a few questions and am trying to word them in a clear way, but I think I'm still missing the right vocabulary.
Let me try to explain, I would like to create a digital version of an art studio, where work happens in solitude... how do we go about to create a custom installation of Trisquel without servers or sharing at the computer's level?
I would appreciate any help or suggestion :)
I'm not sure what this question even means. All work on your computer is "in solitude" unless you're doing something to share it somehow...
I'm not sure what software you're wanting but there are programs to work on "art" available in Trisquel, like GIMP and Inkscape and Krita and etc. Just go install them. No special version of Trisquel is needed.
I am sorry, my question isn't very clear at all, thank you for your reply.
The art part is not the problem, I will be testing and enjoying all the available programs, have been meaning to do it for ages, it's time I make friends with the terminal, so I can learn to use Linux to the full (without fear :)
All I need is to make sure that what happened to my Mac won't happen again (hacked, lost terabytes of work). That experience made me realise I have to learn how to protect my system from "open doors" and decided I'd rather eliminate what I don't use, or need, instead of just blocking or disabling.
I also thought all work in a computer is done in solitude, yes, you are right, that is how it should be, so I relaxed and assumed I had taken all precautions and was doing just that.
I am glad to say I think I am half way there, my TP x200 is Librebooted (LibreBoot from the time of Trisquel 8)
The default installation of Trisquel doesn't have open doors for remote access (like SSH, etc.)
Lovely to hear it, thank you! I do realise I am cursed by ignorance where open doors are concerned... I hope not for long though, even if I have to ask some donkey questions :)
I will be testing and enjoying all the available programs, have been meaning to do it for ages, it's time I make friends with the terminal, so I can learn to use Linux to the full (without fear :)
Linux is only a kernel. You use it, but it is useless by itself. The operating system as a whole is GNU/Linux: https://www.gnu.org/gnu/linux-and-gnu.html
The difference in terminology matters to the free software movement: https://www.gnu.org/gnu/why-gnu-linux.html
Hi Magic Banana!
That was great learning, THANK YOU! You took me beyond terminology, exactly as I like to learn, from the basics up! You are a star!
You can turn off automatic network connections in Trisquel. Left-click on the networking icon in your panel systray, and click off the checkmark on "Enable Networking".
Later, when you do want to go on the network, you can do the same thing in reverse.
Thank you! I think I have been doing that, I only connect when I need it, including IceDove, which asks if I want to work online when it starts.
I am also using firewall to block any connection that could give access to windows (not sure how many there are by default though). I downloaded the friendly ufw to get me started, this is another big part of what I want to learn.
My partner is also an artist, but we never ever share directly via our computers, he is on windows (maybe soon on Linux too :)... when we collaborate, we do it physically, thinking and extrapolating with pen and paper :)... or sitting in front of one of our computers. When we share digitally, we use ways that do not require networking - by choice.
Is it possible to create a custom installation without servers or external connections that would never be used?
I am a member!
You can list all open ports with this command:
ss -lntu
The ones that have a Local Address like 127.0.0... or ::1 are listening just to your local machine so you do not need to do anything with them.
If you do not share in your local network you could disable the other daemons (servers) with this:
sudo systemctl disable avahi-daemon
sudo nano /etc/systemd/resolved.conf.d/trisquel.conf
# change LLMNR=yes to LLMNR=no
sudo systemctl restart systemd-resolved.service
This is brilliant, thank you Minsc, it really helps!
I've been going through a lot of terminal tutorials on YT and your commands feel like a reward for my efforts, I can't wait to run them... peace of mind for a "temporary" paranoid state :)
Thank you also for explaining about local addresses in such a clear way, I think I can now disable the others with the kind of confidence that was missing!
Minsc, it was great until I got to nano, got stuck there! This is what was printed:
[Resolve]
LLMNR=resolve
MulticastDNS=resolve
Cache=yes
First time I am using nano and the only way I found to get back to terminal was with Ctrl+z... undo! The information below didn't show me a way forward, I tried the key combinations, but they just wrote to nano itself.
Please help!
Save your work and exit
CTRL+X, Y
Thank you Ioldier, that sounds nice and simple!
A little problem remains though, what to save?
Nano shows me something different than I expected, as Minsc explained:
# change LLMNR=yes to LLMNR=no
My nano says:
[Resolve]
LLMNR=resolve
MulticastDNS=resolve
Cache=yes
Not sure what to change to "no" in this case...
Oh, shall I save with CTRL+S
You may use either Control+X and Y for 'yes' (followed by enter) to exit and save, or -- press F2. Nano will prompt you for confirmation.
I believe trisquel.conf LLMNR takes boolean values 'true' 'false' and 'resolve'.
Great! Thank you for clarifying and for adding the images, it was very helpful!
I also run the first command from Minsc's list again:
ss -lntu
... and was happy to see the open ports were reduced from 12 to 4!
How can we not love terminal as well!
I am a member!
Glad to hear that you were able to make it work.
Which are the remaining four open ports?
Yes, very nice! Here id the new short list of four:
sunny@TP-LB:~$ ss -lntu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:*
tcp LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
tcp LISTEN 0 5 [::1]:631 [::]:*
sunny@TP-LB:~$
Oops... would've been better if it was formatted, but that is another little thing to learn :)
Use the HTML tag "code". See https://trisquel.info/en/filter/tips for all the tags Trisquel's forum and wiki support.
Aha! There is where it is!
Thank you, it's bookmarked... glad to be able to start improving on the writing, I've been wondering how to :)
I am a member!
Those ports are listening just to your local machine's processes (loopback interface), so no other computer is able to access those ports.
Congratulations! Your system is totally closed now :)
Thank you Minsc, it's great to have confirmation from you! Hooray for freedom!
You can use any text editor. For instance to use Pluma (MATE's text editor), which will not lose you (Ctrl+Z will undo, rather than suspend, Ctrl+S will save, etc.):
$ sudo pluma /etc/systemd/resolved.conf.d/trisquel.conf
Thank you for expanding on it Magic Banana, it helps make sense of the whole thing!
I wish I could do it again in as many ways, for the experience and the fun of learning!
Thank you all for your help, it's wonderful to be here!
I have a "few" more questions, but am happy to say not so many of the paranoid type now :) There is one that feels a bit more urgent though, but I think I'll start another thread, so not to clatter the flow here, as other new people may find it helpful too!
this like you there need just a firewall program : in Terminal do : sudo apt install gufw , and launch gufw from Terminal once , and click to turn it ON , and set Incoming : Deny , Outgoing : Allow , this is enough for home GNU/Linux PC, ?OK?
Yes, I agree 100%. I have been using gufw for a little while now, it's great.
Thank you for mentioning it, I think gufw is a must, specially for beginners like me! It is so informative!