I confine almost all users as user_u

/usr/sbin/semanage login -a -s user_u $user

Users who need admin access I confine as staff_u

/usr/sbin/semanage login -a -s staff_u $user

There are 2 minor annoyances with this method.

First I like regular users to be able to ping. This is enabled as a boolean.

setsebool -P selinuxuser_ping on

And second, although staff_u can use sudo, they are still restricted by selinux. To allow unlimited access, add or edit /etc/sudoers.d/sudo to read

%user ALL=(ALL) TYPE=unconfined_t ROLE=unconfined_r ALL

Change “%user” to the user name you wish to allow unconfined root access.

Sound card:

Intel Corporation System Controller Hub (SCH Poulsbo) HD Audio Controller [8086:811b] (rev 07)

After many attempts and much google searching, the solution has been to edit /etc/pulse/default.pa and add tsched=0 to the line load-module module-udev-detect

load-module module-udev-detect tsched=0
load-module module-detect tsched=0

Two high yield tips I have found:

VIM spell checking

vim has built-in spell checking functionality. I add this to ~/.vimrc

These options are a little more than just spell checking mind you:

" Show line numbers
set number

" Prevent vim from emulating vi
set nocompatible

" Syntax highlighting
syntax on

" Set automatic indentation
set autoindent
set smartindent

" Set tabs at 4 spaces
set tabstop=4
set shiftwidth=4

" Show matching [] and {}
set showmatch

" Spell check on
set spell spelllang=en_us
setlocal spell spelllang=en_us

" Toggle spelling with the F7 key
nn <F7> :setlocal spell! spelllang=en_us<CR>
imap <F7> <C-o>:setlocal spell! spelllang=en_us<CR>

" Spelling
highlight clear SpellBad
highlight SpellBad term=standout ctermfg=1 term=underline cterm=underline
highlight clear SpellCap
highlight SpellCap term=underline cterm=underline
highlight clear SpellRare
highlight SpellRare term=underline cterm=underline
highlight clear SpellLocal
highlight SpellLocal term=underline cterm=underline

" where it should get the dictionary files
let g:spellfile_URL = 'http://ftp.vim.org/vim/runtime/spell'

Those options highlight and underline misspelled or unrecognized words.
Some keyboard shortcuts to navigate and correct words

]s – move to next misppelled word
[s - move to previous misspelled word
z= - show list of correction options

4]s skip to 4th mispelled word, etc.

See vim spelling documentation for details.

Aspell

Aspell provides very similar functionality if you wish to spell check a document.

aspell check README

You then navigate with the keyboard

i – ignore
a – add to (user) dictionary
[0-9] – replace options
r- replace x1
R – replace all

In the event you need to revert changes, aspell saves a copy of the original document with a ~ at the end, in this example, README~

LanguageTool

Update: At the advice of dominiko (see comments) I took LanguageTool for a test drive. LanguageTool does both spelling (with either hunspell or the built in vim spell checker) and grammar checking. I had to use the snapshot of language tool.

This vim plugin works with java-1.7.0-openjdk and will integrate with libreoffice.

I found LanguageTool to be a very nice addition and would advise taking it for a test drive.

After they spent most of the weekend playing with the desktop effects you just have to laugh.

I counted 12 bouncing balls, 6 sets of xeyes, “life”, a doodle, and there is even a note to anyone snooping in on the desktop.

I was able to enable spell checking by installing enchant-aspell =)

yum install enchant-aspell

Worked for kate as well.

ddate prints the date in Discordian date format.

Example:

Today is Setting Orange, the 14th day of Confusion in the YOLD 3178

Unfortunately, ddate was disabled / removed from util-linux.

Discussion on Arch Linux
Fedora mailing list

If you would like to use ddate, it is rather trivial to compile.

Download the latest util-linux (2.21.2 at the time of this post)

Extract the archive:

tar xzvf util-linux-2.21.2.tar.gz

If needed, install gcc and ncurses headers (ncurses-devel on Fedora or libncurses5-dev on Ubuntu)

#Fedora
sudo yum install gcc ncurses-devel

#Ubuntu
sudo apt-get install gcc libncurses5-dev

Update: I also had to install the pam headers

sudo yum install pam-devel

Compile and install ddate

cd util-linux-2.21.2
./configure --prefix=/usr --enable-ddate
cd misc-utils
make ddate
sudo cp ddate /usr/local/bin

Turns out a small edit is required to /etc/vz/vz.conf (we need to add some more modules to be used in the openvz guests).

Using any editor, open /etc/vz/vz.conf and change and find the “IPTABLES=” line

Change:

IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"

To:

IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

Then reboot (you can probably just re-start your guests).

Fedora 17 ships with the 3.3.4 kernel and my GMA500 works out of the box without the need for any customizations to the boot options. Simply put the .iso onto a flash drive and boot.

Again, the gma500_gfx offers 2d graphics (no 3d). So while gnome-shell is working with llvmpipe, but there is a noticeable performance hit.

While it is novel to see gnome-shell running on the GMA500, I suggest the kde spin (if you want eye candy) or the xfce or lxde spin.

The gma500 should work, with 2d graphics, using the 3.3.4 or higher kernel, on any Linux distribution.

You may need to add (kernel) boot options for suspend or brightness keys. These features are often BIOS dependent.

Test machine – Netbook with 2 Gb RAM

Method – This is a very casual test (sorry no “benchmarks”), I merely booted the appropriate Live CD, opened a terminal, and reviewed the RAM use. YMMV.

These results are simply using the default configuration as provided by the developers of the various distros and I made no attempt to tweak or adjust the RAM use.

Please keep in mind, RAM use is a crude measure of “performance”. The “responsiveness” of your window manager is dependent on a number of variables including graphics cards, desktop effects, and even sometimes a misconfigured or misbehaving wireless card. For example, on my netbook gnome-shell is using llvmpipe. llvmpipe comes with a noticeable performance hit on my netbook so while the ram use is similar to Unity, Unity gives much better performance.

Distros: I used the latest distros, even if they are in Alpha/Beta, so as to get the best possible video performance on my netbook (gma500_gfx).

I chose a range of distros to make the comparisons a little more interesting. I find XFCE uses about the same amount of RAM on Xubuntu as it does on Fedora (XFCE spin). They are at least in the same ballpark. Notice how Lubuntu (openbox + LXDE) and Crunchbang (also openbox) are “close enough”, at least for my purpose, at 165 vs 112 mb RAM.

Bodhi Linux 2.0 (beta)
Crunchbang 11 (Waldorf)
Fedora 17 (Beefy Miracle)
Linux Mint 13 (Maya)
Ubuntu 12.10 (Quantal Quetzal) (Alpha)

Results:

Ubuntu 12.10 (Quantal Quetzal)

• Unity – 335 mb
• Lubuntu – 165 mb
• Kubuntu – 261 mb
• Xubuntu – 230 mb

Fedora 17 (Beefy Miracle)

• Gnome-shell – 335 mb
• lxde – 151 mb
• kde – 277 mb
• xfce – 179 mb

Linux Mint 13 (Maya)

• MATE – 311 mb
• Cinnamon – 196 mb

Bodhi Linux 2.0 (Beta)

• Enlightenment – 116 mb

Crunchbang 11 (Waldorf)

• Openbox – 112 mb

Confessions of a “practical” FSF fanboi

Without getting into all the politics, we all use GNU/Linux and many of us appreciate the four freedoms advocated by the Free Software Foundation.

• The freedom to run the program, for any purpose (freedom 0).
• The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
• The freedom to redistribute copies so you can help your neighbor (freedom 2).
• The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the community a chance to help from your changes. Access to the source code is a precondition for this.

Linux-libre

I came across the GNU/Linux-libre almost by accident and have enjoyed taking Trisquel and Parabola gnulinux for a test drive. I found both communities friendly and helpful.

Trisquel 5.5 is based on Ubuntu 11.10 and has a visually pleasing gnome-shell

KDE is also available.

Parabola gnu/linux is based on Arch and is thus a rolling release. The installer is a bit dated and hopefully they will release an updated CD in the near future.

I made a pair if user bars, feel free to use them if you wish

Rubber meet pavement

Booting Trisquel, Parabola, or a gnu/linux-libre kernel is where the rubber hits the pavement and many people will find it frustrating if, as with any operating system, they do not have compatible hardware. The two most common problems are incompatibility with graphics cards and wireless, although you could also have problems with BIOS.

You basically have to buy hardware that is compatible with the FSF GNU/Linux-libre definition of open source drivers.

While this may sound harsh, it is true of any OS, and while I do not expect everyone to run out and purchase new hardware, understanding hardware compatibility is crucial to successful future purchases.

GNU/Linux pre-installed

Many people buy hardware with Windows or OSX pre-installed and then have a bad experience when they try to install “Linux”.

The simplest solution is to encourage “Linux users” (yes you) to make their next hardware purchase with Linux pre-installed. We should support OEM that support Linux.

Home work

It is due diligence to research your hardware before you buy. There are several online resources available, h-node maintains a hardware listing of -libre compatible equipment.

Using that guide, I was able to find graphics cards, manufactured in 2010, ranging from as little as $10 (single head) up to $50 (dual head) in less then 10 minutes.

Wireless cards are a little more difficult as you need to identify the wireless chip, which is not always easy. I found USB wireless cards ranging from $10 to $20.

So for a little as $20 I could find both a graphics card and wireless card that offer decent performance ( video single head 1600×1200 ).

Again, next time you purchase hardware, I strongly advise -libre compatible hardware. Compatible hardware is not more expensive, will work with any distro, and performance will be better than a more expensive, incompatible, unsupported piece of hardware.

Recent experiences

Politics aside, hardly a day goes by when I do not see someone on IRC converting from closed source hardware drivers to open source. The costs are minimal and it is simply less hassle to use compatible hardware. For example, if you have a Nvidia card, and you have not taken the open source nouveau driver for a test spin, I highly encourage you to do so. It is not uncommon for people to find adequate or sometimes better performance with the nouveau driver then the Nvidia driver.

Again, if you use Linux, consider supporting the OEM who support open source.