At university, I didn’t lift weights to keep in shape. I carried my textbooks in one arm and lugged a 12-pound laptop in the other. That heavy beast never lived up to its promise of freedom but my T20 running Debian Linux has. A modern notebook is compact and portable, runs its quiet fan only when necessary, uses less power than a desktop, and offers instant access to running applications by opening the lid.
Weight Training
Let me share some of the tips I’ve discovered to maximize the Linux notebook experience. REMEMBER THAT ANYTHING YOU TRY IS AT YOUR OWN RISK AND MAY CAUSE DATA LOSS OR DAMAGE TO YOUR SYSTEM. This article focuses on Debian Linux. Familiarize yourself with applicable documentation before using a utility or changing a configuration.
Buying Smart
I recommend refurbished notebooks. You can scan Google to see how well Linux works on them and you benefit from the progress made since the machine was first sold. You can buy a sturdy, lightweight, professional-class machine for a fraction of its original price and use your savings to maximize the system memory and purchase accessories. You’ll also feel more relaxed taking a refurbished notebook traveling. Check the manufacturer’s web page to see if any revisions are available for your notebook BIOS. Newer versions of a BIOS may provide fixes and performance improvements.
My current notebook is an IBM Thinkpad T20 with a 700 Mhz processor, 256MB of RAM and a 20GB hard drive. I run Debian Unstable with the 2.6.8 kernel, Gnome 2.8, OpenOffice.org, Thunderbird, and Firefox. I typically keep these applications open on separate virtual desktops. Any deficiency in the notebook’s loading speed is off-set by the instant-on and instant-off of opening and closing the lid. I have not re-flashed the BIOS on my T20.
Pinching Power
Power-saving features are essential for adventures away from electrical outlets. If you use a desktop environment like Gnome, you can add a battery status indicator to the panel. Two systems allow power-saving in Linux: apm and ACPI. Older machines don’t work properly with ACPI. You can try updating your BIOS or you can add acpi=off to the end of the kernel line in your grub or lilo configuration file. If you use apm, you need to add the apm module to your /etc/modules list and install the apmd daemon.
Apm will allow you to suspend your computer by closing the lid and re-awaken it by lifting the lid. Not all notebook hardware operates properly in Linux, however. If you experience intermittent freezing, you may need to disable power management services in your notebook BIOS (see your notebook manual) and replace the hardware features with Linux equivalents.
Linux’s own services may also conflict with power management. First, use lsmod to check that your apm module is loaded and then use ps aux | grep apm to check that your apmd daemon is running. Services in Debian are controlled by using files that live in /etc/init.d like this: /etc/init.d/./pcmcia stop. You can stop services until closing your lid allows your machine to suspend. On my system, pcmcia services prevent apm from suspending the computer. I’ve created a simple script to turn these services off when I suspend the computer and turn them on when I lift the lid again. In /etc/apm/, you’ll find scripts in suspend.d and resume.d that tell Linux what to do when it is suspending or resuming. In suspend.d, I copied an existing script to the name 80pcmcia and edited the script to replace the existing service name with /etc/init.d/pcmcia. I used the commands “stop” and “start” instead of "suspend" and "resume". To ensure there was a script for when the system awakened again, I copied /etc/apm/suspend.d/80pcmcia to /etc/apm/resume.d/20pcmcia. Depending on your notebook and the Linux kernel you’re using, you may also need to remove and re-probe modules using similar scripts with the commands /sbin/rmmod module_name and /sbin/modprobe module_name instead.
Once you can put your notebook to sleep, you can move on to saving power when it’s awake. Your backlight, your spinning hard drive and your CPU all consume power. You can control these devices with the speedstep function and utilities such as cpufreqd, and hdparm. If your notebook supports speedstep, you’ll need to add speedstep modules such as speedstep-ich and speedstep-lib and performance governors such as cpufreq_powersave and cpufreq_userspace to /etc/modules. Find the available modules with find /lib/modules/ | grep cpufreq. If you use a desktop environment, you can install an applet such as gnome-cpufreq-applet to display CPU speed and control it manually. As non-root users couldn’t adjust the CPU speed with the applet, I took the security risk of providing the applet with root capabilities by chmod +s /usr/bin/cpufreq-selector.
I installed laptop-mode-tools to control all of these features easily and automatically. When I unplug power, my screen dims, my hard drive spins down every few seconds after activity, and my CPU slows to its lowest setting. You can adjust the settings including a toggle to allow slowing the CPU in /etc/laptop-mode/laptop-mode.conf. When I plug power in again, the system resumes its original performance.
You should install and configure hdparm to ensure you’re getting the maximum performance from your hard drive and CD/DVD. You can run hdparm -iI /dev/hda to examine the capabilities of your device and in Debian, you configure hdparm at the bottom of /etc/hdparm.conf. Be careful. Common enhancements include enabling 32-bit IO, DMA, interrupt unmasking and multi-sector IO which should result in faster transfers and stutter-free DVD movies. You may also wish to enable write-caching on your hard disk if you’re comfortable with the potential for data loss if your system dies before the drive can flush its cache.
Spinning Down
Why spin down the hard drive if programs spin it back up again every minute or so? To some extent, laptop-mode-tools addresses this issue by caching writes. You can further reduce writes to the hard drive by re-routing your system messages to a virtual console instead of logs. I edited /etc/syslog.conf to comment out the parts that write to logfiles and to route all messages to tty8. You can read tty8 by press CTRL-ALT-F8 and return to X with CTRL-ALT-F7. Note that disabling written logs makes it difficult to track problems and hacking attempts on your system.
You can also reduce disk writes by reducing the number of running programs on your system and freeing up system memory. You can see which programs are running by using ps aux, top or something like gnome-system-monitor and adjusting it to show all processes. You might ask yourself why you would run a mail server like exim if you download all of your mail from a pop3 server. You can disable exim by running /etc/init.d/./exim4 stop and then mv /etc/init.d/exim4 /etc/init.d/DISABLED_exim4 so it won’t launch again. You can do the same for other services that you don’t need on a notebook including inetd. If you use the X-Window system, you can increase memory available for other programs by editing /etc/inittab to comment out all but one or two virtual consoles.
Nodding Off
You can install sleepd to put your system to sleep if there is no keyboard or mouse activity for a given amount of time. You can temporarily disable sleepd with sleepctl. For instance, you can write a script that calls sleepctl off; xine; sleepctl on to ensure that whenever you play DVDs, your system won’t doze off. You can do the same for other programs that run unattended. Note that sleepd is designed to work with PS/2 mice and using a USB mouse may result in your system dozing off while you’re surfing the web.
Network Plug and Play
Much as I like wireless, I prefer the speed and security that cables provide. Wireless doesn’t live up to its advertised data rates and suffers from interference from wireless phones, microwaves, and other wireless routers. I also prefer to avoid people hacking my router, using my bandwidth or conducting illicit activities on my service. To make cabled networking easy, I installed laptop-net which detects whether a network cable is plugged in and turns networking on or off and grabs an address via DHCP as required.
Locking the Gate
While portability is convenient, it’s also a risk. If your system has a power-on password in its BIOS, you should activate it and set it to something you’ll remember but which is not easy to guess. My T20 requires the power-on password when I first boot the machine or whenever I lift the lid to resume from sleep. Never use dictionary words for passwords and consider using letters from a sentence and including numbers and capitals. For instance, “I really think that passwords are stupid for me” could translate into “Irttpas4m” which is more effective than your cat’s name. You may also be able to set passwords to prevent others from changing your BIOS settings and to lock the hard drive. Remember that if someone can change your BIOS to boot off your CDROM, floppy or USB port, they can run Knoppix, become root, and access your system. Note that systems with hardware passwords may become permanently unusable if you forget the passwords.
Ensure that your Linux passwords are just as secure and lock down access to your root account. The root account can access or delete anything and typically you don’t want root to be able to login. Instead, you want a regular user to login with their own password and, if permitted, become root by using su and entering the root password, or using sudo to access a safe subset of root’s commands. You can prevent root login by editing or removing /etc/securetty and, if you use a graphical greeter like gdm, editing its configuration file at /etc/gdm/gdm.conf to disable root login.
NOTE: Do NOT disable all root logins before you have ensured that a regular user account can use su to gain root privileges. Gentoo, for instance, requires a user to be added to the wheel account before that user can become root.
You should now secure your networking. To allow secure connections to and from your notebook, install ssh. Run ssh-keygen -t rsa for each user and edit /etc/ssh/sshd_config to prevent root login to your system. Everyone will have to login as a regular user then use su or sudo to get superuser status. Remove non-secure networking programs like telnet from your system as well as servers for telnet, ftp, etc.
Close the doors on your system by editing /etc/hosts.deny to say ALL:ALL. Next, create exceptions in /etc/hosts.allow such as sshd: 192.168.1.100 which would allow the machine at that IP address to ssh into your system. Add the specific service names and network addresses you require such as the numbers on your LAN.
Change configurations on services you run locally that you don’t want accessible over the network. For instance, portmap is used by fam to keep graphical file managers like Gnome’s nautilus updated but it uses services that can be abused. You can edit /etc/default/portmap and a similar file for the CUPS printer service at /etc/cups/cupsd.conf to listen only to your system at 127.0.0.1.
Install firestarter, a firewall with a simple graphic interface. Firestarter defaults to allowing all outbound traffic and blocking all inbound traffic. You can allow inbound requests on the events tab as they happen or set policies by hand. Firestarter runs in the background so you should only use the memory-hungry interface when you want to monitor it. Note that if you have re-routed system logs to tty8 above, you will not be able to use the events tab of Firestarter. You can always re-enable logs temporarily and toggle the system logger daemon with /etc/init.d/./klogd restart.
Testing the Locks
Test your system to see what networking ports are left open. Install nmap and run it against 127.0.0.1. My system shows rpcbind (for portmap and fam), ipp (which is the printer service), ssh (the secure shell service) and dictd (the dictionary service that powers my Gnome dictionary applet). You can disable services you don’t need as discussed above and you can check port numbers at http://www.iana.org/assignments/port-numbers. Unknown port numbers sometimes relate to weather or other applets in your desktop environment. You can check by disabling them and running nmap again.
You can test more thoroughly by installing nessus and the nessusd dameon and conducting an audit of your system, particularly if you are comfortable enough with crashing your system that you disable the “safe checks” scan option. You may need to edit /etc/hosts.allow to include nessusd: 127.0.0.1. You will need to run nessus-adduser to create an account and then nessusd which is a server that will attack the system you specify. Finally, you run nessus to configure an attack and review its results to tighten your security. You should only target your own system for testing purposes such as 127.0.0.1 if you want your notebook to attack itself.
Conveniences
Some notebooks come with extra buttons on their keyboards. The thinkpad button package (tpb) allows Thinkpads to use these extra buttons. Tpb interfaces with the nvram kernel module which you need to add to /etc/modules. If you install xosd, operating the extra buttons (for instance, volume up and down) will display the result on a Thinkpad screen. You can configure tpb in /etc/tpbrc. To find out what colors and fonts you can use in xosd, run the xcolors and xfontsel programs. I prefer the SpringGreen color and the clean font. You will need to add each user to the nvram group and add a script to start tpb. I added an executable script to Debian’s default runlevel /etc/rc2.d which calls /usr/bin/tpb. Adding tpb to your desktop environment startup results in a new instance of tpb loading with each login.
Real Freedom
Now that you have an efficient notebook, you can buy an external battery and work at a picnic table by a river all day. Just adjust your /etc/laptop-mode/laptop-mode.conf to run power saving while something’s connected to the AC port.
Note
I’ve upgraded to a Thinkpad T23 (refurbished) with the same set-up and my wife now uses the T20.
If you would like to see your thoughts or experiences with technology published, please consider writing an article for OSNews.
I know everyone is tired of ubuntu rah-rah-rahs — but
ubuntu works perfect on my ibm x31 (acpi/wifi/ect)–
-greg
Yeh, Ubuntu also woks great (except wireless of course) with my 12.1″ iBook.
Nice article, but very negative view of 802.11x – Data rates??? He constantly transfers huge files over the network all the time then, because the Internet (I have 2Mb ADSL) runs top speed over my 11b network, no problems.
As for security a simple bit of WPA/WEP and common sense solve those problems…
Ben
For those sick of the Ubuntu rah-rah-rah’s:
I downloaded the latest Ubuntu live CD (at the time) a couple of months ago and it had booting problems and didn’t set up my wireless card (which Knoppix always did). This was on a T20. I’ll probably try again in a few months.
I got a Toshiba M200 tablet PC. First thing I did was install Gentoo Linux with Gnome 2.10. Everything works perfectly fine: atheros madwifi wireless driver, wacom driver for pen/tablet function, writing recognition with xstroke, gok and xvkbd on-screen keyboard, screen rotation, hibernate with swsuspend2 and hibernate-script, automatic cpu frequency scaling and manual with the gnome applet, speech recognition with cvoicecontrol, sphinx, xvoice, etc. etc. This machine rocks!
“I recommend refurbished notebooks.”
I recommand New notebook , with a full warranty and a Default GNU/Linux system.
Winbook 699 : Subtotal: $699.00
http://www.winbook.com/store/personalize_step2.phtml?PkgId=x_705806
eRacks/SUBNOTE : 995$
http://www.eracks.com/products/Laptops/config?sku=SUBNOTE&session=0…
Balance 14.1 from Walmart : $498.00
If your living in France :
HP Compaq laptop + 10.1 Mandriva Linux! : 749,00-EUR
———-
http://tuxmobil.org/mylaptops.html
http://www.linux-on-laptops.com/ibm.html
I also prefer a new notebook if the prize is right.
Gentoo, for instance, requires a user to be added to the wheel account before that user can become root.
You mean you can only su as user if you are in the wheel group?Isn’t that always the case?
You mean you can only su as user if you are in the wheel group?Isn’t that always the case?
nor really but can be enforced by PAM
…get a refurbished mac, and not have to do anything to get it to work properly. Close lid, sleep. Open lid, instant on. No scripts necessary. A used powerbook is only $400 on ebay, and it comes with OS X.
This guy has obviously never setup his own wireless. His fears about wireless are pretty funny but obviously from the point of view of a uninformed person. Never heard of WPA or WEP or limiting the amount of addresses your router will hand out?
I recommand New notebook , with a full warranty and a Default GNU/Linux system.
You’re comparing apples and oranges if you’re comparing cheapo laptops to and IBM T-series. Even the Dell C610 laptops I have here don’t compare to the T21-23s. I’ve replaced a half dozen (of 40 computers) keyboards, a dozen CDROMs, several hard disks, and one motherboard in the Dells. For the 15 IBM Ts, I’ve replaced one CDROM, and three displays (all on older year 2000-vintage Ts).
I’m really sad Lenovo is (most likely) going to ruin the only worthwhile x86 laptops…
Informative. Agree entirely with author’s comments on wireless networking. I’m underwhelmed by the poor range and reliability (possibly local interference). I realize some people have had some success with wireless systems though.
I am sorry but if I was going to get a mobile platform, I would go no less than an XPS Gen 2 or a comparable Sager based system if they have mobile processors or Athlon64s in them yet. The author’s machine while enough to run Debian and obviously for his needs, is quite wimpy. And I would probably stick with 686 compiled 2.4 kernel instead of 2.6 due to performance.
I realize some people have had some success with wireless systems though.
Yep mostly not mine.
“I’m really sad Lenovo is (most likely) going to ruin the only worthwhile x86 laptops…”
As if you had any evidence for that. The same engineers are still going to design the computers and the same factories will build them.
“… tired of ubuntu rah-rah-rahs:”
Tried the new Kubuntu on a Thinkpad T42 -> suspend-to-ram and suspend-to-disk worked for the first time under Linux on this laptop! Fantastic – but to make up for it there were quite a few other annoying glitches which needed googling and fixing. My conclusion was that if I have to delve into the “inner workings” anyhow, I might as well stay with Debian – so now I’ve deleted Kubuntu and am installing Sarge, where you have to do almost everything yourself right from the beginning.
Right now I don’t notice so much difference, except for some newer packages, KDE 3.4 etc., and of course Kubuntu’s polished look.
Hi. Does any of you know of a complete tutorial on how to actually install/activate all of these nifty tools on the T20 computer?
It would be interesting to take something like Damn Small Linux, run it entirely in ram and shut off the HD all together to extend battery life. I wonder how much more time the T20 would get on a charge?
They aren’t the best for battery life, unless used means a year or two at most old. In the last couple years a lot of advancements have been made in making notebooks run longer; they started caring finally.
And used notebooks tend to have broken batteries. I bought a Compaq Armada 110 (the last good line of notebooks from compaq) for $300 almost two years ago. It came with a largely broken NimH; but I don’t use battery because my thinking is this: If there’s no power source, there’s prolly no reason to be on the computer.
A new Li-Ion battery would cost $160, and probably only yield me 2.5 hours of battery life; so I don’t buy it (plus, I don’t have $160).
You can also install lsof and use it to list open network services and the addresses they are listening. “su” to root and run this:
lsof -i | grep LISTEN
If you can stomach a ThinkPad, a Ti or Al PowerBook will really give you wood!
No comparison. Plastic PCs suck.
“You’re comparing apples and oranges”
No Refurbished IBM with GNU/Linux loaded on it vs Full GNU/linux default solution with a full waranty.
I get better hardware ( faster , bigger ), full warranty , the knowledge that if something brake I can return it.
for around the same price. And the software is made for the computer , no tweaking or anything else.
And you havent followed the link I gave either those are not cheapo hardware. Not the best but there is worst.
“I’m really sad Lenovo is (most likely) going to ruin the only worthwhile x86 laptops…”
You really are no expert … Lenovo whas already making them … and there are plenty of worthwile x86 laptop.
I thought Lenovo is only building desktop computers and not even touching any of IBM’s Thinkpad series.
I would take a Thinkpad anyday or a Dell XPS Gen 2 anyday over the Apple notebooks. They may look all nice but god they are SLOW with such old hardware.
Lenovo
http://www.lenovo.com/
http://www.lenovogrp.com/cgi-bin/main.cgi?section=about&sub_section…
http://finance.yahoo.com/q/pr?s=LNVGY.PK
Only the budget IBM R and G models have plastic casings, the T and X series all have titanium/magnesium shells, and are generally more solid than Powerbooks. TiBooks are widely known for flaking paint, while the AlBook dents easily because the aluminum shell too thin. Funny thing is that the one you don’t mention, the lowly iBook seems the most sturdy in Apple’s lineup (even though the plastic does get scratches).
Well, then let me advertise my favourite distro for once: Kanotix 2005-02: everything as bleeding edge as it comes (KDE 3.4, kernel 2.6.11…), superb hardware detection, use it as a LiveCD or as a dead-easy Debian Sid installer, *tons* of goodies, very easy to customize according to your needs, none or very few bugs, guaranteed fully Debian compatible…
I don’t own a laptop, but I know plenty of people who have installed it on laptops with excellent results.
Frankly a BIOS password is a bit of a waste of time… they’ll stop someone from casually powering it on, but your user password will prevent them from doing anything useful that way anyway.
Yes, they could boot off Knoppix and access your system (they’d find that trick a bit harder on my laptop, but it’s still possible) but ultimately if they have physical access to your laptop you’re rooted anyway. You’re much better off encrypting your data.
It’s far more likely that somebody’s just going to steal the damn thing anyway – in which case the BIOS password won’t take much to reset.
Surya: I would go no less than an XPS Gen 2 or a comparable Sager based system if they have mobile processors or Athlon64s in them yet. The author’s machine while enough to run Debian and obviously for his needs, is quite wimpy.
What are you intending to use yours for? Playing Doom3 is about the only thing that requires a laptop like that.
My laptop would certainly be called “wimpy” by your standards, but it also weighs rather less than the XPS, which would be fairly close to the 12-pound beast he mentioned at the beginning of the article. Which is a big factor when I have to drag it, along with my textboooks, up a big bloody hill to uni.
I also quite like the way that the battery lasts four hours or more, rather than running out in an hour flat.
And I would probably stick with 686 compiled 2.4 kernel instead of 2.6 due to performance
What on earth? The 2.6 kernels have better performance than 2.4, especially with the work done by Con Kolivas and some of the more interesting schedulers available.
Thanks for the links.
“which would be fairly close to the 12-pound beast he mentioned at the beginning”
http://www1.us.dell.com/content/products/productdetails.aspx/inspn_…
http://www.notebookreview.com/default.asp?newsID=2282
just above 8 lbs
The First XPS whas huge and heavy , this one whent to the gym 😉
“I also quite like the way that the battery lasts four hours or more”
I read somewhere that it last 10 hour with LCD and power consumption ( if you dont play game or play video on it ).
Cant find the link sorry.
Just a note:
“mv /etc/init.d/exim4 /etc/init.d/DISABLED_exim4”
is a possible but not really the proper (if you care about that sort of thing) solution to this.
Try:
rm /etc/rc[2-5].d/S20exim4
The only purpose of the symlinks is to be deleted whenever necessary. The actual scripts aren’t normally moved, though editing them is certainly not discouraged.
I have a HP NX7000 and run the latest Kanotix (Debian-based) on it. Most hardware in my laptop works just fine out of the box – even wireless. Anyways, thanx for a very nice article and tips on getting suspend going, which is the final thing I need to look into. I am getting a litte tired of all the boring just-installed-whatever-hyped-distro-and-man-the-firefox-icon-is-where -it-should-be sort of reviews. Nice with a report on actual GNU/Linux USAGE.
I have the same laptop running fc3. It runs well, but when waking up from sleep, the sound does not work anymore. Did debian have this problem when you installed it?
One running Fedora Core 3 and the other running Ubuntu 5.04.
Really like Ubuntu fo a laptop due to the restricted modules package and the freedom from having to re-compile drives for my Netgear on a kernel upgrade.
Ubuntu forums are great and the new users script for downloading extras and setting up the system from the How To section is god send.
Bad news it defaults to a i386 kernel and no dma. Kind of tough for a newb to figure out and makes the system seem slower than it needs to be a for someone who does not know better.
This is the case for both Fedora and Ubuntu but I guess I am just started to expect more from Ubuntu.
Oh yeah, Ubuntu needs the runlevel-admin from gnome-systems-tools and firestarter by default to round user-level admin tools. Especially if they insist on starting lvm by default.
Otherwise been very, very happy.
absolutely everything is working on my X31 …
WiFi, bluetooth, IR, ACPI (standby, hibernate usw), all extra buttons and Fn+Fx combinations, card reader etc …
ThinkPads rule
“Never use dictionary words for passwords and consider using letters from a sentence and including numbers and capitals. For instance, “I really think that passwords are stupid for me” could translate into “Irttpas4m” which is more effective than your cat’s name.”
How weird… that is my cat’s name…
sudo /usr/sbin/update-rc.d -f exim4 remove