Originally Posted by
kagesan
Been away for years, and I'm fairly sure this multi-question thread violates a few hundred guidelines that I haven't yet read
Welcome back. Putting multiple, unrelated questions into 1 thread won't get you good answers for all of them. Different people have different skills. Also, the thread title really needs to be about the 1 issue in the thread to actually attract eyes from people who might know something about that specific thing. I fear you won't get the help you seek because you didn't split 3 questions into 3 specific thread with 3 specific titles.
Originally Posted by
kagesan
I've been off-Ubuntu since U10-U12, and am back now using U18. I'm looking for clear, unambiguous instructions for the following 3 issues (I assume that I need to be re-directed to a separate thread for each of them):
20.04 is the LTS that should be loaded today, unless there is a very good reason to use 18.04 still. If there isn't - stop. wipe and start with 20.04. You'll find that people are more current with their knowledge for 20.04 than they are for 18.xx or any other release. Again ... more eyes leads to more possible answers, some might actually be helpful.
Recommendation: Load 20.04.
Originally Posted by
kagesan
1. VPN app - choosing a freebie and installation instructions)
VPN stuff is built into Network Manager. Both openvpn and wireguard should be supported.
Avoid any free VPNs, since those are clearly making money by violating your privacy. Also, just because a VPN is paid, doesn't mean it is safe or not evil. There are a number of extremely popular VPNs that have ties to repressive govts, for example. Those govt have access to all the traffic that you hoped to protect by using the VPN. https://help.ubuntu.com/stable/ubunt...onnect.html.en I don't use network-manager, so I cannot provide any specific guidance beyond what the Ubuntu Desktop Guide provides. Just be certain to reference the Desktop Guide for the version of Ubuntu Gnome3 you are using. If you aren't using the Gnome3 DE, you should always mention that you are using another DE - or people will provide incorrect help. It doesn't hurt to say you are using Gnome3 either.
Today, wireguard is production ready and many commercial VPNs are supporting it.
Recommendation: Use commercial, trusted, paid, VPN that supports wireguard. Use the built-in Network-Manager network VPN tool.
Originally Posted by
kagesan
2. DNS change (including which alt-DNS is generally considered best and specific, clear install instructions)
DNS has changed in the last 5 yrs from a service provided by your ISP, but not really monitored into yet another way to track our use of the internet. Ubuntu has cocked up the DNS management, IMHO, by installing a caching DNS server on all our desktops whether we want one or not. I don't have any beginner friendly steps to correct this. Sorry. Since Canonical decided to do this, DNS has been failing more and more often. When DNS fails, less technical people will come and claim "the internet is down", when it is really just their DNS that broke. Whenever the caching service fails on my machines, I remove it and manually configure the /etc/resolv.conf file like we did in 1993. That has always solved my DNS issues since resolvconf and systemd-resolved have been added. Pfffft.
To prevent your ISP and others from seeing your DNS queries, DNS over HTTPS has been created. This way, the DNS provider is really the only people who see all your DNS. Sadly, I haven't found any DNS providers who I'd trust. I certainly don't trust Cisco's or Oracle's or google's or cloudflare's or Joe's DNS of Akron. In my tinfoil hat wearing world, the least evil choice above is probably Cloudflars's 1.1.1.1 and 1.0.0.1 service over HTTPS. They are fast, at least. I use a local DNS server on my LAN, which provides caching across all the LAN devices as well as DNS filtering for ad networks and trackers. Currently, it doesn't use DoH, but I've read that it is supported. This is not a trivial, beginner-friendly, solution.
Recommendation: None. I'd use sudoedit to modify the /etc/resolv.conf and look for more research for a DNS-over-HTTPS solution.
Originally Posted by
kagesan
3. Canon Pixus TS3330 Printer drivers installation
Years ago, my mother had a Canon printer. It didn't work with Linux, but there were $60 commercial printer drivers made by a company in Europe somewhere. But the printer was $50 and used $20 of ink every year. At the time, I was fearful of paying for commercial software under linux because I'd been burned by software that didn't support kernel updates a few times. This abandoned my hardware and it never worked again. Since then I've always bought hardware that had drivers built-into the Linux kernel so it would be supported 15+ yrs. I convinced Mom to give away that printer, bought her a $50 laserjet with solid Linux drivers - plug-n-play - and a 10K page toner cartridge to put into it when the 1000 page toner shipped with the printer ran out. She joked that the 10K page would last longer than she would be alive. She was correct.
Recommendation: None.
Originally Posted by
kagesan
b. Is there any reason to *avoid* simply decompressing and installing the drivers from the tar.gz files I downloaded? I mention this because I have seen several instruction and info web pages which claim doing that could be either ineffective or just plain screw up the works.
Assuming I didn't convince you to sell/give away the printer, we should always be afraid of downloading software from random places on the internet and using that software. If you didn't get those tgz files from Canon, then you have to ask how much risk you are willing to accept. Drivers run with elevated privileges, so they can easily provide an attacker remote access into your system. A linux system is a great C&C for world-wide botnets.
Recommendation: Always consider the source of any software you allow to run on your devices.
Originally Posted by
kagesan
Thanks for any steerage offered.
I'm not sure you'd really thank me for what I wrote above.
As for short system information here's one of mine:
Code:
$ inxi -bz
System: Host: hadar Kernel: 4.15.0-123-generic x86_64 (64 bit)
Desktop: FVWM 2.6.5 Distro: Ubuntu 16.04 xenial
Machine: Mobo: ASUSTeK model: ROG STRIX B450-F GAMING v: Rev 1.xx
Bios: American Megatrends v: 3103 date: 06/17/2020
CPU: Hexa core AMD Ryzen 5 2600 Six-Core (-HT-MCP-)
speed/max: 1347/3500 MHz
Graphics: Card: NVIDIA GP108 [GeForce GT 1030]
Display Server: X.Org 1.19.6 driver: nvidia
Resolution: 1920x1200@59.95hz
GLX Renderer: GeForce GT 1030/PCIe/SSE2
GLX Version: 4.6.0 NVIDIA 430.64
Network: Card: Intel I211 Gigabit Network Connection driver: igb
Drives: HDD Total Size: 1012.2GB (58.6% used)
Info: Processes: 488 Uptime: 12:59 Memory: 13241.2/32160.8MB
Client: Shell (bash) inxi: 2.2.35
See how I show the command and wrap everything in "code tags"? The code tags makes it more readable. I've bold'ed the important parts for generic information. I don't use any DE, the fvwm part is where the DE would normally be shown. The inxi command can show lots more details based on different options. My uptime is short - I patch on Saturdays. Normally, my uptime would be a few weeks.
Adv Reply
Bookmarks