You can do quite a lot with Docker, but sometimes you want greater capabilities or increased security, then a proper virtual machine with KVM is a good alternative. An example is when you want to run Docker containers in the VM, it’s not easy to nest Docker without forgoing all security. Just like Alpine Linux is suitable as a base for Docker images, it is also a good option as a guest in a virtual machine.

As I have explained earlier, I am using Leafpad instead of gedit in my Ubuntu system. However, recent versions of Ubuntu does not have Leafpad available through APT any longer, you have to install it with Snap instead. This is quite annoying, since the Snap packaging of Leafpad is too restrictive, it cannot access hidden files in your home directory, nor anything in ~/bin/. This is not good, since I often want to use Leafpad to edit such files.

I have written about how to configure screen in XTerm to support Ctrl-Tab and convenient scrolling back in history. This has worked well for over a decade now, but it seems like screen is not developed very much any longer, and tmux has gained popularity as a more modern and actively developed alternative. So I decided to try it, and was able to replicate my setup with tmux instead of screen.

I have written about using an embedded database like HSQLDB or H2 for testing Java applications. This can still be useful (although JavaEE is not so popular any longer). But even though H2 claims to emulate PostgreSQL and several other popular production SQL databases, sometimes your application uses very specific features of a particular database and you need to test against the real thing to be really sure your application works correctly.

I have been using the distroless Docker base images to package my applications, mainly since I want slim and simple image without unnecessary cruft. However, they are based on Debian, and Debian is unfortunately not so diligent to fix serious security issues as other distributions like Ubuntu or Alpine. If you scan a distroless image with the grype tool, you get this result: $ grype gcr.io/distroless/java17-debian11 NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY libharfbuzz0b 2.

Docker’s official documentation on how to enable multi-platform Docker builds is a bit intimidating, suggesting you to run the Docker image tonistiigi/binfmt in privileged mode on your machine. I searched for alternatives on Ubuntu, and found this very detailed description. However, with recent versions of Ubuntu and Docker, it is now much easier than that: Install QEMU’s static user mode emulation binaries: sudo apt install qemu-user-static Install Docker Engine with Buildx support according instructions here (do not install docker-ce or docker.

In their quest to promote Reactive, Typesafe is beating up a straw man by portraying blocking I/O in a particularly stupid way which is rarely (if ever) done in practice. In a recent webinar, I found this slide which suggests that a blocking I/O operation will waste CPU time while waiting for the I/O to complete. If I understand it correctly, it does not actually work like this in any reasonable runtime environment / operating system.

I want a simple, fast and lightweight text editor for my Linux desktop. I don’t want to learn a lot of new arcane key bindings, so not Vim or Emacs. I want a real GUI desktop application, not a console based one, so not nano (even though nano is nice when you only have a text console available). I don’t want a full-blown IDE for programming (I already have that) so I don’t need syntax highlighting and similar features.

I regularly use Swedish keyboard layout, but I keep the English layout around in case I would like to temporary switch to it. Ubuntu 14.04 sometimes mess this up and I suddenly get English layout when I log in. I fix this by installing dconf-editor, go to desktop/ibus/general, and make sure that the values engines-order and preload-engines are the same and in the desired order with the default layout first.

I use Adobe Lightroom 4.4 for photo editing. There is one very annoying aspect of this program, it is not available for Linux (only for Windows and Max OS X). In order to run Lightroom on my computer, I had to use VirtualBox and install Windows 7 in it. This works, but is quite clumsy and annoying. And since Lightroom is the only reason for me to run Windows, I would like to get rid of it.

Jetty is a popular open source Java application server. In order to run it as a service on a Linux server, they recommend using a horribly overcomplicated and quite fragile script. In Ubuntu server, there is a better way. Leverage Upstart and its declarative job definitions. First install Jetty into /opt/jetty and create a jetty user: useradd --user-group --shell /bin/false --home-dir /opt/jetty/temp jetty Then create a file /etc/init/jetty.conf with content like this:

I use Adobe Lightroom 4.4 for photo editing. There is one very annoying aspect of this program, it is not available for Linux (only for Windows and Max OS X). In order to run Lightroom on my computer, I had to use VirtualBox and install Windows 7 in it. This works, but is quite clumsy and annoying. And since Lightroom is the only reason for me to run Windows, I would like to get rid of it.

This is no longer relevant, since the PPA have updated to GIMP 2.8.10, which has fixed the bug. If you use Ubuntu 12.04 LTS, you only have access to the old GIMP 2.6 in the standard repositories. This is unfortunate since GIMP 2.8 have a lot of new useful features. The standard way to get GIMP 2.8 is to use the a PPA, as described here. This used to work fine.

If you have a file with .aac extension, it is AAC encoded audio in an ADTS container. If you want to play such file on an Android device, you have problems. Android 2.x does not support this file format at all, and not even the latest version of Android supports reading metadata tags from it. The solution is to repackage the audio in an MPEG-4 container to a file with .

These instructions are tested with Ubuntu desktop 12.04, but will probably be useful in other Linux distros with GRUB2 as well. The goal is to block everything except booting the default system. In paricular, it should not be possible for anyone to boot into recovery mode, since that will bypass normal login and give root access directly. Run grub-mkpasswd-pbkdf2 from a terminal and enter the desired password, copy the output. Edit /etc/grub.

Based on what I have desscribed in the two previous posts, I have now made a Linux distribution with an install CD. It is called Bachata Linux, check it out here.

When booting a regular Linux system, it just mounts some partition with a nice file system (such as ext4) on your HDD on / read/write and there you go. When booting from a CD-ROM, it’s not that simple. The CD-ROM file system, ISO 9660, does not support the file names and attributes that a Linux system normally needs. And the CD-ROM is read only. There are ways to work around these issues.

Goal To build a minimal Debian based Linux system with a fully functional bash shell, TCP/IP networking with DHCP client and apt setup to be able to install any package from the Debian repositories. The resulting system will use about 157 MB disk space and consume less than 10 MB RAM. This is now implemented in Bachata Linux. Prerequisites A Debian based Linux system to work from (e.g. Ubuntu desktop) with the debootstrap and extlinux packages installed.

By default, the MySQL data is placed in /var/lib/mysql, which is a reasonable default. However, sometimes you want to place it somewhere else, such as on an other file system. Using a symlink doesn’t seem to work, so you have follow this procedure. To move the MySQL data directory from /var/lib to /mnt/mydata, run these commands as root: apt-get install mysql-server service mysql stop mv /var/lib/mysql /mnt/mydata/ replace /var/lib/mysql with /mnt/mydata/mysql in /etc/passwd – mysql /etc/mysql/my.

Using a ZTE Blade Android phone connected with USB is a bit tricky with Ubuntu 11.10. First you need to apply the patch in this bug, after doing that you should get USB storage to work. After doing that, it is also possible to get development and debugging to work over USB. Create a group androiddev (addgroup --system androiddev), and add yourself to it (gpasswd -a yourUsername androiddev). Then create a file /etc/udev/rules.

Ubuntu has mechanism to log user activity such as used documents. This is used to facilitate searching, but can also be intrusive to your privacy. Here is a way to disable this logging without breaking Unity or any other part of the system, execute these commands in a terminal: sudo mv /etc/xdg/autostart/zeitgeist-datahub.desktop /etc/xdg/autostart/zeitgeist-datahub.desktop-inactive rm ~/.local/share/recently-used.xbel mkdir ~/.local/share/recently-used.xbel rm -rf ~/.local/share/zeitgeist then log out and log in again.

To backup data from a non-smart SonyEricsson mobile phone (such as W890i) in Linux, use the gammu utility. Install gammu, it is available as a package in the standard repositories for Debian and Ubuntu, just install the gammu package. Create a ~/.gammurc file with the following content:> > [gammu] > port = /dev/ttyACM0 > connection = at Connect your mobile phone to the computer with the USB cable and select Phone mode

The new Ubuntu release 11.04 Natty contains the new Unity desktop environment which is quite controversal. I have tried it for a while and I think it is neat but too buggy and immature. However, it is easy to revert to the old Gnome 2 desktop environment and have things working almost as in 10.10. First do a normal distribution upgrade to 11.04, then go to System Settings -> Login Screen and select Ubuntu Classic as default session and reboot.

I just brought an Sveon SNT1020 WiFi USB adapter. It works very well with Ubuntu Linux 10.10, just connect it to an USB 2 port and you can start using it with NetworkManager right away, no drivers or setup necessary. You should possibly disable any built-in WiFi adapters first though. It cost €35.

If you have your home directory on another machine, it’s common to use NFS to access it. NFS is easy to set up and works more or less out of the box on Linux. However, NFS is not secure, and you need to have a carefully setup firewall in order to use it safely. SSHFS is a more secure alternative, but it’s quite tricky to set up on the client side.

(This is a new version of a previous post updated to work with Ubuntu 9.10 (karmic).) I wondered why you usually mount / (the root file system) read-write in Linux and decided to do some experiments to find out if it is possible to have it mounted read-only. So why do you want to do that? Perhaps you have the root file system on a read-only media, such as CD-ROM. Or on a writable media which can only handle a limited number of writes, such as a CD-RW or flash disk.

I finally got the microphone input on my Acer Veriton X270 to work un Ubuntu 9.04. The trick is to uninstall PulseAudio and use ALSA only. It even works in Skype.

I recently brought an Acer Veriton X270. Ubuntu Linux 8.04 works well except for sound. Basic stereo sound output works, but sound input (microphone) and some advanced 3D and surround sound does not work. The front headphone jack does not work correctly either. (All this works in Windows, so it’s not a hardware problem.) Apart from the poor sound support in Linux, I am quite happy with this computer. It’s small (though not super small like Mac Mini or Fujitsu ESPRIMO Q), quiet, has all features you need and works out of the box.

After installing Ubuntu 8.04 (hardy) desktop, there are some things you might want to change. This article focus on user configuration (mostly editing dot files in your home directory) and do not require superuser access. Some of this changes requires that you log out to take effect. Customize the bash shell By default, bash save all commands in a history file. This can be quite annoying when you run several instances of the shell in parallel, and may also be a security concern.

Create a file /etc/ppp/peers/name: pty "pptp host --nolaunchpppd" name username remotename PPTP require-mppe-128 file /etc/ppp/options.pptp ipparam name Add this line to the file /etc/ppp/chap-secrets: username PPTP password * Create a file /etc/ppp/ip-up.d/tunnel #!/bin/sh if [ "${PPP_IPPARAM}" = "name" ]; then route add -net RemoteNetworkWithNetmask dev ${PPP_IFACE} fi RemoteNetworkWithNetmask is the network on the remote side you want to access via the VPN tunnel, e.g. 172.16.0.0/12. Connect by running sudo pon name

After installing Ubuntu 8.04 (hardy) desktop, there are some things you might want to change. This article focus on system configuration (mostly editing in /etc) and requires superuser access (using sudo). Some of this changes requires reboot to take effect. Fix terminal font rendering bug There is a bug which gives bad font rendering in the terminal window. Fix it by doing this in a terminal: cd /etc/fonts/cond.d sudo unlink 10-hinting-medium.

GNU Screen has support for scrollback, but by default you have to use awkward keys to use it. I would like to be able to use Shift-PageUp, Shift-PageDown and the mousewheel to scroll, just like you can do in xterm. It was not easy to configure Screen for this, and it involves cooperation with the terminal emulator. But I finally managed to achieve a solution which works pretty well. Add this to your ~/.

GNU Screen allows you to open several sub-windows within one terminal window. By default, you switch between them using Ctrl-A followed by n or p. I think this is a bit clumsy, I would like to switch with Ctrl-Tab and Ctrl-Shift-Tab just like you switch tabs in Firefox and many other applications. The sub-windows in Screen is conceptually just like tabs in Firefox, so it’s logical to use the same keys to switch between them.

When you install Ubuntu 8.04 (hardy) desktop, you get a lot of packages installed by default. Most users will never use many of these packages, so you end up with a lot of unnecessary packages. Most of these packages are harmless and only waste disk space when not used. However, some packages can actually affect the system in a negative way, such as draining resources (other then disk space), and you should consider removing them if you not actively use them.

(This post has been edited since it was first published.) I wondered why you usually mount / (the root file system) read-write in Linux and decided to do some experiments to find out if it is possible to have it mounted read-only. So why do you want to do that? Perhaps you have the root file system on a read-only media, such as CD-ROM. Or on a writable media which can only handle a limited number of writes, such as a CD-RW or flash disk.

(This article has been edited since it’s first publication.) In Linux, and other UNIX-like systems, you have to be root (have superuser privileges) in order to listen to TCP or UDP ports below 1024 (the well-known ports). This port 1024 limit is a security measure. But it is based on an obsolete security model and today it only gives a false sense of security and contributes to security holes. The port 1024 limit forces you to run all network daemons with

When the built-in HDD controller in my computer broke down, I decided to try running my computer diskless with LAN booting. I use Ubuntu Linux 6.10 and I have another computer with a large HDD acting as server. I followed the instructions in this HOWTO. I changed MODULES to “netboot” in initramfs.conf and I had to add a driver for my network adapter to the modules file in the initramfs configuration.