14 July 2017

Linux Mint 18 KDE - First Things to do for Usability & Security - my Favorites

Here a few favorite settings for a newly installed Linux Mint 18 KDE. I divided the list in usability, security, and applications & adjustments. It makes no claim of being complete:).

First thing to do after installation is to install updates, and along with it configure the Update Manager. Under Edit → Preferences make sure that you check "Always select and trust security updates".


The Linux MInt desktop with System Settings and Widgets
The Linux Mint 18 KDE desktop with System Settings and Widgets. The latter is addressable over the Plasma toolbox button in the upper left corner.


Desktops with different wallpapers

Especially Linux Mint with the KDE flavor can be customized to a high degree. In LM 17 I had several virtual desktops with different background images. In KDE Plasma 5 this does not function any longer. This is greatly missed by many users.

But there exists a workaround: click the "Plasma toolbox" button in the upper left corner, choose "Activities", and create a bunch of activities (instead of virtual desktops). Then add a wallpaper to each activity. With a right click on the panel choose Task Manager Settings → General, and uncheck "Show only tasks from the current activity". Now it's almost like working with different virtual desktops in LM 17.


New wallpapers can be selected with a right click on the desktop
All background images will be displayed, also the ones which are located in the folder ~/.local/share/wallpapers

Meanwhile I have accumulated a number of wallpapers which I store in my backup in the hidden file .wallpapers. This folder is copied to ~/.local/share. After that the wallpapers will be integrated in the Desktop Settings dialogue (right click on the desktop).

The background images for the Screen Locking and the Login Screen have to be installed in two places: System Settings → Desktop Behavior → Screen Locking → Wallpaper; and System Settings → Startup and Shutdown → Login Screen → Theme.


DejaVu ist a font with a wide range of characters.
Sorce: Wikipedia, License: Public Domain
DejaVu is a font with a wide range of characters, and can be used for many purposes.

I love to work with fonts which I downloaded from places like Google Fonts or Fontsquirrel. Also on this website I embedded several fonts like Merriweather, Arsenal, and Open Sans. I like to use these fonts also in LibreOffice and other applications.

Just as with the wallpapers I accumulated various fonts, which I store in the backup in the folder .fonts. After the new installation I copy the folder .fonts to /home/username. The fonts will be integrated and shown within the applications. This is faster than to install every single font with the System Settings dialogue Fonts.

Fonts which are shipped with the system and are not needed can be deleted with root rights in /usr/share/fonts/truetype (opentype). The Font Noto is a system font and shall not be deleted. Other really nice (Latin) standard fonts are DejaVu, Liberation, and the Ubuntu Font Family.

Widgets - Customization of Window Size

Click again on the Plasma toolbox button. There you can add widgets. One of my favorite tools is Notes. I use it for frequently used copy & past snippets. In fact, and a second button for my "real" notes:). I like to have it in the panel.

On clicking the windows are relatively small, but a certain size can be forced. Right click on the Notes button → Notes Settings. On the Notes Settings window right click on the title bar (can be made with all windows) → More Actions → Special Application Settings →Window matching, and there on Window class choose Exact Match and enter plasmashell.

Under Window types choose "Normal Window". Change to the "Size and Position" tab, check "Size", choose "Force", and enter the desired size, e.g. 700,500 (without blank spaces). Confirm it with OK. Now, with a click on the Notes button I have a clearly arranged window. The disadvantage is that this size applies to all plasmashell windows. I haven't found out yet if the rule can be fine tuned. If you look at System Settings → Window Management → Window Rules you should find a new rule Application Settings for plasmashell. You can add more rules there.

I use this tool sometimes also to make screenshots from windows with a determined size.


I'm only going to talk about a few single applications, the password manager, add-ons for Firefox, and the firewall.




KeePassXC is dedicated to further development of KeePassX
KeePassXC is a local, cross-plattform password manager.

KeePassXC is a fork of KeePassX, and is dedicated to further development of the popular password manager. On the download site an unofficial debian package is available. It is also possible to install from source. You can find the source code on the download site as well.

Update: There is an Ubuntu PPA available, so you don't need to install from source. Just add the repository and install KeePassXC:

sudo add-apt-repository ppa:phoerious/keepassxc
sudo apt update
sudo apt install keepassxc

If youwant to install from source, follow the instructions:

Download he source code, and with it the GPG signature and the SHA-256 digest. Verify the source code you can find instructions of how to verify at the bottom of the page).

Now you have to install a considerable amount of packages. The can be used for further compilings as well. Otherwise install the unofficial debian package. I decided for the source code, because I was not sure about the dependencies, and also because I'm pretty sure that I will compile again during the LTS.

To continue with the source code, just make sure you install the packages as listed on their site Set up Build Environment on Linux. After the installation of the packages create a folder (e.g. ~/src), and extract the archive which you have downloaded before. Then yo can just follow the instructions for instructions for installing from source from their Github site.

To make the application after installation appearing in the menu, copy the file keepassxc.desktop - it is located in the folder /build/src/keepassxc - to ~/.local/share/applications (create a folder if it is not there). The path within the file must be adjusted, e.g.


In doing so, KeePassXC appears in the menu.

Firefox Add-ons

Beforehand: it makes sense to create a few Firefox profiles, e.g. one to surf the web, and one for shopping.

Start Firefox in the Konsole with  firefox -P. This calls the User Profile dialogue. There one can create and manage profiles.

Privacy friendly Add-ons for Firefox are NoScript, Self-Destructing Cookies, HTTPS Everywhere, uBlock Origin, and Smart Referer. Some are configured as they come, others can be improved in the settings.

With NoScript, just delete the websites from the whitelist or set them to "Untrusted".

For the settings of uBlock Origin, go to about:addons → Extensions → uBlock Origin → Preferences → Show Dashboard → Settings. Check the boxes Prevent WebRTC from leaking local IP addresses, and Block remote fonts. Go to the tab 3rd-party filters. Under Ads, check Adblock Warning Removal List, Anti-Adblock Killer | Reek, and uBlock Protector List. Privacy: check all. Malware domains: check all. Social: check all. Multipurpose: check hpHosts’ Ad and tracking servers. The instructions are from Mike Kuketz' blog (german).

Also, disable Flash under about:addons → Plugins → Shockwave Flash. Also don't use a history. In the Settings → Privacy, choose Never remember history. Well, we all have bookmarks, don't we?

Fine tuning can be done on the site about:config. E.g. to avoid tracking through media devices, right click on media.navigator.enabled and media.peerconnection.enabled, and set them to false.

After all that, (or maybe, once before, and once after), test your browser on browserleaks.com.


The build-in "uncomplicated firewall" can be switched on in the Konsole with

sudo ufw enable

This should be sufficient for a standard installation. With the firewall incoming connections will be blocked (except of the connections that everybody needs), and outgoing connections are allowed. If you use special services, unlock them in the firewall. I use e.g. for the connection to my website sftp and ssh, and that can be activated with

sudo ufw allow from <numerical ip-address of the website> to any port 22/tcp

With sudo ufw allow services, ports, ip addresses and protocols can be allowed to pass through the firewall. There are many tutorials in the web, and the syntax is easy. Allow as sparsely as possible.

Applications & Adjustments

Disable unnecessary services

You can disable services which you don't need. E.g., if you don't use a network printer, you can disable the service with

sudo systemctl stop cups-browsed && sudo systemctl disable cups-browsed

stop stops the service immediatley, and disable prevents the service to start on reboot. If you don't want the service to be triggered by other services - the  absolute switch-off - then use the command disable instead of mask.

To reverse the commands, use start, enable, and unmask.

To list the services, use

systemctl list-units --type=service

and to list network processes, use

sudo netstat -tulpen

Root Actions Servicemenu and Sudoedit

Root Actions Servicemenu is a useful plugin for dolphin. Commands like copy, move, rename and change ownership can be run in the root mode with just a right click. Download the plugin, create a folder (e.g. ~/bin), extract the file, and execute the install.sh.

Unfortunately, the tool cannot (yet) sudoedit. To edit system files with kate, sudoedit is a more safe solution. Before you use  sudoedit, enter the line

export Editor=/usr/bin/kate

into the ~/.bashrc.

Then type in the konsole

sudoedit </pfad/zur/datei>

Awkward, but more secure.


f someone misses the header-information of  emails, just install

sudo apt-get install kdepim-addons

In KMail, choose the preferred design of the header under View → Headers. I wrote another blog post of how to set up KMail with a Posteo account.



I like to have a graphical front end for the user management. KUser is a convenient application of the generation and management of users and groups.

sudo apt-get install kuser


Bleachbit is a tool to clean up the system. If you are new to it, I wouldn't run the application with root rights. Some of the features are experimental, the others just effective.

sudo apt-get install bleachbit


To edit exif data there is no better way than to do it with ExifTool. It's a command line tool. In the beginning a bit time is needed to find a way through it, but after that it's nothing you want to miss. I wrote an instruction of how to use ExifTool with the metadata of images here.

sudo apt-get install libimage-exiftool-perl


Shutter is an extensive application for screenshots.
Shutter is an extensive application for screenshots. Screenshots can be edited; and arrows, ellipses, markers added to the image.

An excellent application for screenshots is Shutter. The installation will pull a whole bunch of libraries with it. There will be a lot of packages installed in relation to the effective benefits. Maybe it's rather an application for fans:

sudo add-apt-repository ppa:shutter/ppa
sudo apt-get update
sudo apt-get install shutter libgoo-canvas-perl

With Shutter you can choose the format of the image. It takes screenshots of the desktops, windows, menus, and tooltips. It's also possible to edit the images. This includes - among other things - arrows, ellipses, rectangles, markers, etc. There is also the option to pixelate.

List with installed applications

During an LTS, I keep a list with installed applications. Whenever I use sudo apt-get install, I make a copy in the list. I also write down a few notes about adjustments and changes I make to a system. With a new LTS, I make also a new installation to have a clean system. I look through my list, sort out a few applications, install a few new ones, and of course have also to google the changes in the way adjustments are implicated to a new LTS. It takes some time, but the list keeps things simple.


Time for the first backup. I make my backup on an (encrypted) external hard drive. I backup the following folders with the tool rsync:

  1. /home
  2. /etc
  3. /boot


rsync synchronizes the folders, and can write the changes into a file "old" (if you tell it to do so). The command for the folder /home is e.g.

sudo rsync -avb --delete --progress /home /media/Username/external-hard-drive/computer-name --backup-dir=/media/Username/external-hard-drive/computer-name/old

rsync writes "from > to", here from  /home to /.../external-hard-drive/computer-name. Just for sure control the direction if you are unused to the tool, because you can destroy your personal files if using the wrong direction.

The backup is not only useful in case of a system crash; several times I restored single files. Since the backup is incremental - only changes are written - it is pretty fast, and also very reliable.



Overall I like Linux Mint 18, even though it demanded some time to get used to it. Plasma 5 is a beautiful desktop, and very good to work with.

With Systemd I had to spend some time learning. But now it is easier to switch off services. In the beginning I had difficulties with aconadi/mysql. It didn't work but threw out error messages. It seemed not to work so good together with the holiday-plugin from the calendar. Of course, in the beginning you ave always rough edges, but with some engagement with the operating system it can be fairly well adjusted to one's own needs, as it is the reputation of KDE.

Add new comment