“LastPass likely could have prevented this if they were more concerned about keeping their users secure than about saving their face. Their statement is also full of omissions, half-truths and outright lies. As I know that not everyone can see through all of it, I thought that I would pick out a bunch of sentences from this statement and give some context that LastPass didn’t want to mention.” Wladimir Palant helps to decode what LastPass had to say about their latest security breach.
palant.info
Install OneDrive client for Linux on Debian 11 Bullseye
The OneDrive Client for Linux supports one-way as well as two-way synchronisation and securely connects to Microsoft OneDrive services. Install the OneDrive Client with the following commmand:
sudo -- bash -c 'apt update && apt install onedrive'
Connect the client to your OneDrive account with the following command:
onedrive --synchronize
You will be presented with a message similar to the following:
Configuring Global Azure AD endpoints Authorize this app visiting: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id&scope=Files.ReadWrite%20Files.ReadWrite.all%20Sites.Read.All%Sites.ReadWrite.All%20offline_accessresponse_type=code&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient Enter the response uri:
Use the link to sign into your Microsoft account with a web browser. On successful login, you will be redirected to the response URI displaying a blank page. Copy the URI and paste it into the terminal. On successful authorisation, the client will connect to your Microsoft account and begin to download your data.
Initializing the Synchronization Engine …
Syncing changes from OneDrive …
Creating local directory:
Downloading file … done.
Uploading differences of ~/OneDrive
Uploading new items of ~/OneDrive
After downloading your data to ~/OneDrive, validate the configuration of the client with the following command:
onedrive --display-config
Enable OneDrive Client for the local user bullseye:
sudo -- bash -c 'systemctl enable onedrive@bullseye.service && systemctl start onedrive@bullseye.service && systemctl status onedrive@bullseye.service'
Strikes!
“… and when quizzed about the upcoming nurses strikes, the Conservative party chairman said that demands for a 19% pay rise for nurses would cost the NHS 10 billion pounds, which should instead be spent on NHS frontline services. Back to you, Chris.
Gaslighting fuckers! If nurses aren’t the NHS frontline?? I mean, what about ambulance drivers and and paramedics? Are they not frontline services? Give them a decent pay rise, you fuckers! They deserve it, find the money! You all spring into action every time you crash the economy, you can find the money then. Get ’round the table, make a decent offer. Instead, they’re sending in the army telling us the unions are holding the country to ransom. The unions!? Can we all just be clear about this? Our last prime minister blew a 30 billion pound hole in the economy overnight, test and trace cost us 37 billion pounds. Useless PPE wasted 8.7 billion pounds, which ended up in the pockets of Tory donors. A shambolically executed Brexit lost us 40 billion in tax revenue alone. Richi Sunak lost 11 billion pounds by overpaying interest on UK debt, and yet, you read the front pages, it’s nurses who were the ones who are greedy and irresponsible. It’s the fire service that’s holding the country to ransom, ’cause they all just decided they’d prefer to drink tea on a freezing picket line than save children from burning buildings. It wasn’t so long ago we were clapping them; hailing them as heroes. They were all considered key workers during the pandemic, weren’t they? Bus drivers, teachers, nurses. Now, they’re called lazy workshy fuckers. Postal workers, striking to save what’s left of the Royal Mail — it having been sold off to the lowest bidder for a quick buck by the millionaires in Westminster — but it’s your postman who is destroying the country!? The entire northern rail network is on the brink of collapse whilst rail companies and their shareholders make record profits, …but it’s that fat, lazy fucker behind the ticket desk, asking for a bit of job security, who is destroying our rail infrastructure!? 25 to 50% of average households are unable to pay their bills this winter, whilst energy companies announced record breaking profits. In 2021, Shell paid zero pounds on their oil production in the UK and received 100 million pounds of subsidies in tax payer’s money. Working people are suffering at the hands of corporate greed and unbridled economic mismanagement, and this is why people are striking for better pay, conditions and job security. Recently, the government gave us the Public Order bill that, that [sic] even one Tory peer described as an afront to a civilised society. Crackdowns on peaceful protest is the purview of China and Iran, not British democracy. And yet these reactionary fuckwits tell us it’s Scottish primary school teachers who are holding us hostage. The bastards who wrecked the economy, squandered our reputation on the international stage, sold off any and all of the country’s assets for a quick buck are getting their mates in the media to tell you that it’s bus drivers, bin men, teachers, nurses, postmen, passport control workers and rail workers who are throwing the country to the dogs. Don’t believe them; they are lying to you!
Well, stome [sic], still some weeks ahead of Christmas industrial action, misery for commuters, patients and holiday makers. Frustration and anger at the unions for deciding to strike over Christmas …”
Boomerang
“The Boomerang is hitting Britain hard, especially right now. Empire wasn’t just something that happened to the Colonies, it’s something that happened to Britain. It created some of Britain’s most well-loved institutions, from the NHS to its greatest talents. But it also created the unequal Britain we see today.”
Kojo Koram
How legacies of empire are breaking Britain’s economy: Q&A with Owen Jones, Kojo Koram and Dalia Gebrial
The Monarchy: Last Week Tonight with John Oliver
“And look, to go by recent polls, Australia, like the UK, seems unlikely to let go of the monarchy anytime soon. But other Commonwealth countries are already preparing to do so. Last year, Barbados removed the queen as head of state. Jamaica is looking to have a referendum to do the same within the next three years, with one poll showing a majority supports it. And Antigua and Barbuda, Grenada and Belize, seem to be moving in the same direction. And while the royal family have said that these countries are free to leave, if they so choose, they also refuse to reckon with why they might want to do that in the first place.
Instead, they’ve continued working hard to be perceived as a mere symbol while never taking responsibility for what that symbol excused. All while ignoring calls for true apologies and reparations to those who suffered tremendously because of what was done in their name. And look, you don’t have to hate the royal family personally … You don’t even have to think that the institution shouldn’t exist. But if it’s going to continue to, it is fair to expect significantly more from them. Because right now, far too often, they hide behind the convenient shield of politeness and manners which frequently demands the silence of anyone who might criticise them or what they stand for.
Will this segment even air on Sky TV in Britain? I honestly don’t know! Maybe, maybe not. But if they do cut it out for being disrespectful, they won’t want to seriously think about why. Why they and everyone else are working so hard not to offend a family whose name was branded into people’s skin and who sit atop a pile of stolen wealth, wearing crowns adorned with other countries treasures.”
John Oliver
Das Fediverse: Social Media losgelöst von den Fesseln kommerzieller Interessen
“Soziale Medien werden von Plattformbetreibern dominiert, die das eigene Interesse in den Vordergrund rücken und jede Entscheidung daran messen, wie sich eine Profitmaximierung erzielen lässt. Hat man das einmal verinnerlicht, wirft sich einem unweigerlich die Frage auf, was an sozialen Medien eigentlich sozial ist. Sozial bedeutet anderen zu helfen, was auch bedeuten kann, die eigenen Interessen zurückzustellen. Also im Grunde genau das Gegenteil dessen, wie kommerziell ausgerichtete Plattformen wie Twitter, Facebook und Co. agieren.”
Mike Kuketz erklärt die Idee des Fediverse und unterstreicht, warum es sich damit so grundlegend von Platformen wie Twitter und Facebook unterscheidet. Dieser Beitrag ist von großer Wichtigkeit, nicht nur für die Nutzer der sozialen Medien…
www.kuketz-blog.de
Jan Böhmermann ist auch auf Mastodon!
We the people who are darker than blue
This is a Britain that has lost its Queen – and the luxury of denial about its past
“Yet I sympathise with those who feel the Queen’s loss. Under her reign, many latched on to the stabilising sense of cultural continuity. To lose that is to feel disrupted and uncertain. For me, it’s a familiar anxiety – Britain’s empire by definition redrew boundaries, and swept aside generations of tradition. Our parents and grandparents were recruited to Britain for its benefit, the terms and conditions of which my generation are still trying to make sense. We know how it feels to lack cultural continuity. Others in Britain enjoyed it at our expense.
If continuity is an abstract subject, the other trappings of royal symbolism are more concrete. There were pompous reflections last week with the idea expressed in the Economist’s obituary that the Queen ‘came from good Hanoverian blood’. If that sounds like a white supremacist idea, that’s because it is.” Afua Hirsch does not get to opt out of processing memories that many refuse to acknowledge.
www.theguardian.com
The big idea: why relationships are the key to existence
“Too often we foolishly measure success in terms of a single actor’s fortunes. This is both short-sighted and irrational. It misunderstands the true nature of reality, and is ultimately self-defeating.” Carlo Rovelli provides a compellingly argued explanation of the way in which interactions shape our world and, in the end, determine our reality.
www.theguardian.com
The warning signs are there for everyone else to see
“For a party that prides itself on the economy, the Tories have a shocking record of running it. Our economy has the slowest growth in the G7. We have got greater regional inequality than almost any other developed nation. Food banks now do the job of Government in providing for families—families that are more often than not in work.
Government could start solving this crisis by providing solutions, like closing tax-avoidance loopholes or creating a windfall tax for energy companies. But instead, we get endless bills paying lip service to a manufactured culture war. The priority isn’t the economy. It seems to be things like protecting freedom of speech, and yet the Tories are the ones who banned schools in England from using sources that are not overtly pro-capitalist. They are cracking down on freedom of assembly and protest. They are privatising Channel 4, when the Culture Secretary didn’t even know that Channel 4 receives no public money, so the argument is not financial. And as the Member for Rhondda touched upon earlier on, when we consider, that the Culture Secretary was a key focus of a Channel 4 documentary once about the influence that Christian fundamentalism has on UK politics, it becomes even more concerning that this decision is political and it’s personal. It is not professional.
But most terrifying of all, however, is that the Government literally wants to get rid of the Human Rights Act. And that begs the question: for whom do they think rights have gone too far? Do you know how scary it is to sit at home and wonder if it is you—is it your rights that are up for grabs? We have witnessed Windrush. Our economic strategy is to open our doors to the rest of the world when we need their hard work and then chuck them out 50 years later without a word’s notice. We tell our own citizens that their safety cannot be guaranteed in Rwanda, but we are perfectly happy to ship asylum seekers, people fleeing war and persecution, over to Rwanda as though they are cattle to be dealt with by someone else and despite knowing that this plan costs more than it will ever save.
This is just little England elites drunk on the memory of a British empire that no longer exists. We have the lowest pensions in Europe and the lowest sick pay. We pretend minimum wage is a living wage when it is not. We miss our own economic targets time and time again. We are happy to break international law. We are turning into a country where words hold no value.
And over the last 12 years, I fear we have been sleepwalking closer and closer to the F word. And I know everyone is scared to say it for fear of sounding over the top or being accused of going too far, but I say this with all sincerity. When I say the F word, I am talking about fascism—fascism wrapped in red, white and blue. And you may mock and you may disagree, but fascism does not come in with intentional evil plans or the introduction of leather jackboots. It doesn’t happen like that. It happens subtly. It happens when we see the Governments making decisions based on self-preservation, based on cronyism, based on anything that will keep them in power, we see the concentration of power whilst avoiding any of the scrutiny or responsibility that comes with that power. It arrives under the guise of respectability and pride, that will then be refused to anyone who is deemed different. It arrives through the othering of people, the normalisation of human cruelty. Now I don’t know how far down that road we are. Time will tell, but the things we do in the name of economic growth—the warning signs are there for everyone else to see, whether they admit it or not.”
Mhairi Black
Twitter buyout puts Mastodon into spotlight
“Mastodon is used to publish 500-character messages with pictures, polls, videos and so on to an audience of followers, and, in turn, to follow interesting people and receive their posts in a chronological home feed. Unlike Twitter, there is no central Mastodon website – you sign up to a provider that will host your account, similarly to signing up for Outlook or Gmail, and then you can follow and interact with people using different providers. Anyone can become such a provider as Mastodon is free and open-source. It has no ads, respects your privacy, and allows people/communities to self-govern.” Eugen Rochko preempted the planned aquisition of Twitter by a mere 6 years.
joinmastodon.org
Geflüchtete aus der Ukraine und Syrien: Unterschiedlich willkommen in Deutschland?
“Auch dieses Foto ist ein aktuelles Bild aus einem Krieg, den Putin gerade führt. Aber es wurde nicht in der Ukraine aufgenommen, sondern in Idlib in Syrien. Ein Krieg, den wir gerade zu vergessen scheinen, obwohl auch von dort zehntausende nach Deutschland geflohen sind aus Angst vor den Bomben Putins. Und, so groß die Hilfsbereitschaft für ukrainische Kriegsgeflohene gerade ist, so schwer macht es Deutschland den Geflüchteten aus Syrien, in diesem Land anzukommen. Die Menschenwürde ist unteilbar, sagt das Grundgesetz, und doch machen wir Unterschiede.”
Georg Restle
They are ‘civilised’ and ‘look like us’: the racist coverage of Ukraine
“What all these petty, superficial differences – from owning cars and clothes to having Netflix and Instagram accounts – add up to is not real human solidarity for an oppressed people. In fact, it’s the opposite. It’s tribalism. These comments point to a pernicious racism that permeates today’s war coverage and seeps into its fabric like a stain that won’t go away.” Moustafa Bayoumi asks that we offer help and solidarity to innocent people who need protection, irrespective of geographical proximity or skin color.
www.theguardian.com
COVID-19: endemic doesn’t mean harmless
“Thinking that endemicity is both mild and inevitable is more than wrong, it is dangerous: it sets humanity up for many more years of disease, including unpredictable waves of outbreaks.” Aris Katzourakis would like to keep the focus on how bad things could get if we were to give in to misplaced optimism.
www.nature.com
GNOME shell tutorial: desktop workflow explained
“Before we get started, let me say this upfront: GNOME shell is not a traditional desktop and if you try to use it as one, you will not be very efficient.”
AJ Reissig
How to check the version of the Linux kernel
$ hostnamectl
Cannondale Hooligan

Cannondale Hooligan 1 2008, Shimano HB-RM65 front hub, Shimano BR-M486 brakes, Schwalbe Big Apple tyres, Truvativ Stylo cranks, Crankbrothers Egg Beater 3 pedals, Race Face Deus XC Low Riser bar, Procraft 110 mm 40° stem, Fabric Scoop Race flat saddle, Shimano SG-S501 Alfine 8 gear hub, Archer Components D1x Trail electronic shifter with Micro-Adjust Remote, Sprint Power Supply and D1x Cage Mount, Topeak CageMount
Impfpflicht ist OK
“Das Virus ist gekommen, um zu bleiben.”
Mai Thi Nguyen-Kim
10 things to do after installing Debian 11
Are you unable to get a list of updates?
Using the Software application, you may run into the following error message when checking for updates:
Unable to get list of updates: Failed to update metadata for lvfs: checksum failure: failed to verify data, expected yJcztsgVmmvtkn9na5YyQVdyqFNIXlzYUgrACKX
Run the following command to fix the issue:
$ fwupdmgr --force refresh
Enable Network Manager to manage all interfaces
Network manager detects and configures network interfaces to automatically connect your system to available networks. By default, however, it will only recognise network interfaces not declared in /etc/network/interfaces
.
Use the following command to open /etc/network/interfaces
and delete or comment out any configuration details for the primary network interface.
$ sudo nano /etc/network/interfaces
Use the following command to open /etc/NetworkManager/NetworkManager.conf
and set managed=true
.
$ sudo nano /etc/NetworkManager/NetworkManager.conf
Restart NetworkManager with the following command:
$ sudo service NetworkManager restart
Re-enable network interfaces now managed by NetworkManager.
Settings > Network
Install TLP
If you have installed Debian 11 on a laptop, consider installing TLP to further optimise battery life.
$ sudo apt-get install --yes tlp && sudo tlp start
Use the following command to check that TLP is enabled and active:
tlp-stat -s
Enable unattended upgrades
If you would like to enable the unattended installation of important upgrades, run the follwoing command:
$ sudo dpkg-reconfigure unattended-upgrades
Configuring unattended-upgrades Automatically download and install stable updates? Yes
Install neofetch
Neofetch is a command-line tool that displays information about your system next to an operating system logo.
$ sudo apt-get install --yes neofetch
If you would like neofetch
to display every time you open a new terminal, open .bashrc with the following command:
$ nano ~/.bashrc
Append the following text:
# use Neofetch to display information about the system if [ -f /usr/bin/neofetch ]; then clear && neofetch; fi
Apply the changes with the following command:
$ source ~/.bashrc
Enable Plymouth to display a splash screen during boot
Plymouth can be used to replace the text output with a graphical splash screen during system boot. Install Plymouth with the following command:
$ sudo apt-get install -yes plymouth plymouth-themes
Edit the file /etc/default/grub
with the following command:
$ sudo nano /etc/default/grub
Set the value for GRUB_TIMEOUT to the number of seconds the grub menu is displayed before booting the default entry.
GRUB_TIMEOUT=2
Add the splash
option to GRUB_CMDLINE_LINUX_DEFAULT
:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
Set the resolution for the graphical terminal. If supported, you can set it to match the resolution of your monitor.
GRUB_GFXMODE=1920x1080
Apply the changes with the following command:
$ sudo update-grub2
During boot, you can press the [Esc]
key to view the messages.
Hide the snap directory
The snap
directory in your home folder is not supposed to be accessed manually. Use the following command to hide it from view:
$ echo snap >> ~/.hidden
Hide the Desktop directory
The Desktop feature was disabled in GNOME 3.28. While this decision was not universally popular, developers pointed to the fact that, as an unmaintained feature, it stood in the way of other improvements. Use the following command to hide the associated Desktop
folder from view:
$ echo Desktop >> ~/.hidden
Install Syncthing for continuous file synchronisation
Syncthing reliably synchronises files between two or more computers. Its usefulness cannot be overstated. Add the release key with the following command:
$ sudo curl -s -o /usr/share/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg
Add the syncthing repository with the following command:
$ sudo echo "deb [signed-by=/usr/share/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list
Install syncthing on your system with the following command:
$ sudo -- bash -c 'apt update && apt install --yes syncthing'
Enable syncthing for the local user bullseye
:
$ sudo -- bash -c 'systemctl enable syncthing@bullseye.service && systemctl start syncthing@bullseye.service && systemctl status syncthing@bullseye.service'
Access the Syncthing configuration page by using your browser to navigate to the following address:
https://localhost:8384
Use the following command to enable port forwarding on your local machine:
$ sudo ufw limit syncthing
Install Virtual Machine Manager
If you would like run virtual machines from your desktop, start with the following command:
$ grep -E --color 'svm|vmx' /proc/cpuinfo
If the output shows svm
or vmx
in red, then virtualisation extensions are enabled and you are good to go. If not, then you need to enable virtualisation extensions before moving on the the next step.
Enable Debian Backports with the following command:
$ sudo -- bash -c 'echo deb http://deb.debian.org/debian bullseye-backports main >> /etc/apt/sources.list.d/backports.list && apt-get update'
Proceed to install virt-manager
with the following command:
$ sudo apt-get install --yes virt-manager libguestfs-tools swtpm-tools python3-guestfs
With only members of the group libvirt
allowed to run virt-manager
, add the local user bullseye
to the group:
$ sudo adduser bullseye libvirt
If you would like to obtain near native performance, there are important considerations to be aware of when configuring a virtual machine.
Install Google Chrome
An official build of Google Chrome is available neither as a snap nor flatpak. This ties in with what Martin Wimpress had to say in a recent episode of the LINUX Unplugged podcast.
If, after listening to Martin, you would still like to use Google Chrome, download the official Google Chrome for Linux installer with the following command:
$ wget -P ~/Downloads --show-progress https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
Install Google Chrome with the following command:
$ sudo dpkg -i ~/Downloads/google-chrome-stable_current_amd64.deb
When you launch Google Chrome for the first time, it will ask you to:
[ ] make Google Chrome the default browser [ ] Automatically send usage statistics and crash reports to Google OK
Disable both these options. If required, you can always re-enable them later.
With thanks to Joey Sneddon and OMG!Ubuntu!
How to install Debian 11 Bullseye with a GNOME desktop
Debian GNU/Linux was first released way back in 1993 and has been under active developement ever since. Today, the Debian Project unites thousands of contributors from across the globe with the aim of producing “an operating system distribution that is composed entirely of free software”.
www.debian.org
These instructions offer a straightforward path to the GNOME 3.38 desktop running on amd64 hardware. You need a reasonably fast connection to the Internet, an Ethernet connection to your router and a bootable Debian CD image.
It is probably easiest to write such an image to a USB storage device and use that for installation. If the only computer you have access to is running Windows, I would suggest you use Rufus as a means to create a bootable USB flash drive. Depending on your acutal requirements, there are many different Debian images to choose from. If you are following these instructions to install on x86-64 hardware, use the unofficial firmware-11.6.0-amd64-netinst.iso, which supports Intel as well as AMD processors and “includes non-free firmware for extra support for some awkward hardware”.
In case your laptop does not have the required Ethernet port, you might consider using the Plugable USB 3.0 Gigabit Ethernet Adapter as an alternative.
Debian GNU/Linux will be the only operating system installed on your computer. Ensure that all of your data is safely backed up elsewhere because formatting your storage device will lead to the loss of all data.
In the examples which are to follow, debian
is used as the hostname and bullseye
as the username. You may of course substitute any names that you prefer. Just be careful to also make the required changes before blindly executing any of the commands. Decide on an encryption passphrase to encrypt your storage device, a user password to secure your user account and a root password to secure the root account. In addition to Debian packages, Flatpaks and Snaps will be enabled as well.
Installing the base system
If your computer uses the Unified Extensible Firmware Interface (UEFI) and you are unsure about which settings to use, you may wish to disable the Secure Boot option for the initial setup.
Step 1
After booting the system from the USB stick that you have prepared, continue by selecting the text based installer. With Secure Boot enabled, the menu will look different. Options, however, will be the same.

Step 2
Keep English
as the language for the installation.
[!!] Select a language Language: English
Step 3
Select United States
as the location for your system. This will also set United States as the default locale for the system environment. You will have an opportunity to set additional locales and adjust time zones at a later point during the installation.
[!!] Select your location Country, territory or area: United States
Step 4
Use the keymap that is the correct one for your particular keyboard.
[!!] Configure the keyboard Keymap to use: your keyboard
Step 5
If your system has multiple network interfaces, set your Ethernet interface as the primary interface to use during the installation.
[!!] Configure the network Primary network interface: choose your Ethernet interface for installation
If your system has multiple Ethernet interfaces and you are presented with the following dialog, select Continue and Go Back to select a different Ethernet interface.
[!!] Configure the network Network autoconfiguration failed Your network is probably not using the DHCP protocol. Alternatively, the DHCP server may be slow or some network hardware is not working properly. Continue
Step 6
Set the hostname for your system. In this example, we use debian
as the hostname.
[!] Configure the network Hostname: debian Continue
Set the domain name for your system. If you are setting up on a home network, you should use home.arpa
as the domain name.
[!] Configure the network Domain name: home.arpa Continue
Step 7
Leave the root password empty to ensure the standard user account will be configured with sudo
privileges automatically.
[!!] Set up users and passwords Root password: leave empty Continue
Confirm the empty root password.
[!!] Set up users and passwords Re-enter password to verify: leave empty Continue
Create the standard user. In this example, we use Bullseye
as the full name for the standard user.
[!!] Set up users and passwords Full name for the new user: Bullseye Continue
Your username should start with a lower-case letter. In this example, bullseye
is a reasonable choice for the user with the full name Bullseye
.
[!!] Set up users and passwords Username for your account: bullseye Continue
Set a password for the new user.
[!!] Set up users and passwords Choose a password for the new user: your user password Continue
Confirm the password for the new user.
[!!] Set up users and passwords Re-enter password to verify: your user password Continue
Keep Eastern
as the time zone for now.
[!] Configure the clock Select your time zone: Eastern
Step 8
Choose to partition your disk with LVM and protect your data with a 256 bit AES key.
[!!] Partition disks Partitioning method: Guided - use entire disk and set up encrypted LVM
Be careful to select the correct target device for your system.
[!!] Partition disks Select disk to partition: your target disk for installation
Choose to keep all files in one partition.
[!!] Partition disks
Partitioning scheme: All files in one partition (recommended for new users)
Now write the changes to disk.
[!!] Partition disks Write the changes to disk and configure LVM? Yes
You may skip the overwriting of the disk with random data by selecting Cancel
. Please be aware, however, that skipping this step will cause a reduction to the quality of the encryption.
Step 9
Enter your encryption passphrase.
[!!] Partition disks Encryption passphrase: your encryption passphrase Continue
Confirm your encryption passphrase.
[!!] Partition disks Re-enter passphrase to verify: your encryption passphrase Continue
You probably want to use the maximum available space for partitioning the disk.
[!!] Partition disks Amount of volume group to use for guided partitioning: max Continue
Step 10
Write the changes to disk.
[!!] Partition disks
Finish partitioning and write changes to disk
Confirm writing the chages to disk.
[!!] Partition disks Write the changes to disks? Yes
Step 11
You may be asked to scan additional installation media.
[!] Configure the package manager Scan extra installation media? No
Select your archive mirror country from the list.
[!] Configure the package manager Debian archive mirror country: your country
Select the archive mirror from the list. For the fastest downloads, use the site that is closest to you.
[!] Configure the package manager Debian archive mirror: mirror closest to you
You probably won’t need to configure an HTTP proxy:
[!] Configure the package manager HTTP proxy information (blank for none): leave empty Continue
Step 12
The Debian Popularity Contest attempts to map the overall usage of Debian packages with information from installed systems, such as yours.
[!] Configuring popularity-contest Participate in the package usage survey? Yes
Step 13
Choose standard system utilities
from the list of predefined software collections and deselect all other entries.
[!] Software selection Choose software to install: [ ] Debian desktop environment [ ] GNOME [*] standard system utilities Continue
Step 14
Install the GRUB boot loader to your primary drive.
[!] Install the GRUB boot loader Install the GRUB boot loader to your primary drive? Yes
Select your target device from Step 8 as the device for boot loader installation.
Step 15
Remove the installation media before booting into your new system.
[!!] Finish the installation Installation complete Continue
Installing the GNOME desktop
You have now successfully installed Debian GNU/Linux on your computer. As yet, there is no graphical user interface.
Step 16
Enter your encryption passphrase to boot into the system for the first time. In this example, the encrypted disk is labelled sda3_crypt
.
Please unlock disk sda3_crypt: your encryption passphrase
Log into the system with your username and user password.
Debian 11 GNU/Linux 11 debian tty1 debian login: bullseye Password: your user password
Step 17
Set a password for the root user by entering the following command. In a first step, you will be asked for your user password to gain sudo
privileges:
$ sudo passwd root
Step 18
Install a minimal GNOME desktop by entering the following command:
$ sudo apt-get install --yes gnome-core
If you are installing into a virtual machine, use the following command to enable copy and paste between host and the guest:
$ sudo apt-get install --yes spice-vdagent
Step 19
Restart your system.
$ sudo reboot
Step 20
Enter your encryption passphrase to boot into the system.
Please unlock disk vda3_crypt: your encryption passphrase
Log into the GNOME desktop environment.

Step 21
From within the GNOME desktop, open Firefox ESR from the Activities menu and re-open these instructions at edafe.de/debian-howto.
Step 22
GNOME power options by default are unfavourable. Open the Settings application from Show Applications under the Activities menu and adjust the power options.
Power Saving
Settings > Power > Power Saving > Automatic Suspend

Suspend & Power Button
Settings > Power > Power Button Behaviour: Power Off
Step 23
Continue by setting the following keyboard shortcuts:
File manager
Settings > Keyboard Shortcuts > Home folder
Shortcut: [Super + f]
Web browser
Settings > Keyboard Shortcuts > Launch web browser
Shortcut: [Super + b]
Maximising windows vertically
Settings > Keyboard Shortcuts > Maximize window vertically
Shortcut: [Ctrl + Super + ↑]
Terminal application
Define a custom shortcut for launching the terminal by scrolling to the bottom of the list and clicking the + sign.
Settings > Keyboard Shortcuts > +
Name: Launch Terminal Command: gnome-terminal Shortcut: [Super + t]

Step 24
Open a terminal with [Super + t]
and, where applicable, use copy and paste to enter the commands set out on this page. Be careful not to miss any punctuation.
Set the time zone for your area.
$ sudo dpkg-reconfigure tzdata
Configuring tzdata Geographic area: your area Ok
Configure locales for all the languages that your system is going to be used with. Use UTF-8 locales wherever possible.
$ sudo dpkg-reconfigure locales
In this example, German and Japanese locales are generated in addition to the default locale for the system environment.
Configuring locales Locales to be generated: [*] de_DE.UTF-8 UTF-8 [*] en_US.UTF-8 UTF-8 [*] ja_JP.UTF-8 UTF-8 OK
Keep en_US.UTF-8
as the default locale for the system environment.
Configuring locales Default locale for the system environment: en_US.UTF-8 OK
Step 25
Add the non-free
and contrib
repositories to enable the selection of packages that do not meet the Debian Free Software Guidelines or otherwise depend on such packages for their operation.
$ sudo -- bash -c 'apt-add-repository non-free && apt-add-repository contrib && apt-get update'
Step 26
Install additonal Debian packages to provide you with a functional GNOME desktop.
$ sudo apt-get install --show-progress --yes aptitude cheese cups curl deja-dup file-roller firmware-iwlwifi firmware-linux gnome-clocks gnome-color-manager gnome-maps gnome-remote-desktop gnome-screenshot gnome-shell-extension-bluetooth-quick-connect gnome-shell-extension-dashtodock gnome-shell-extension-no-annoyance gnome-shell-extension-shortcuts gnome-software-plugin-flatpak gnome-software-plugin-snap gnome-sound-recorder gnome-tweaks gstreamer1.0-vaapi libavcodec-extra mpv printer-driver-cups-pdf rhythmbox-plugin-alternative-toolbar rsync seahorse shotwell synaptic transmission-gtk ttf-mscorefonts-installer ttf-ubuntu-font-family ufw yubioath-desktop
Step 27
Enable the firewall on your new Debian system.
$ sudo ufw enable
Step 28
Install applications from the Snap Store with the following command:
$sudo snap install bitwarden chromium
foliate
keepassxclibreoffice
Step 29
Enable the installation of applications from Flathub with the following command:
$ sudo -- bash -c 'flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo'
Step 30
Add to the capabilities of the Network Manager by installing the components required for IPSec and OpenVPN protocols.
$ sudo -- bash -c 'apt-get install --yes --show-progress network-manager-vpnc-gnome network-manager-openvpn-gnome network-manager-config-connectivity-debian'
Step 31
After restarting the system and loggin back into the GNOME desktop, launch Firefox ESR to re-open these instructions at edafe.de/debian-howto.
$ sudo reboot
Step 32
Open a terminal with [Super + t]
and install applications from Flathub.
$ sudo flatpak install --assumeyes flathub com.github.jeromerobert.pdfarranger com.system76.Popsicle org.cryptomator.Cryptomator nl.hjdskes.gcolor3 org.pulseaudio.pavucontrol org.gnome.gitlab.somas.Apostrophe
All done!
Prevent yourself from accidentally breaking Debian by reading about some of the most commonly made mistakes.