Debian 13: Configure NVidia in dual gpu - hybrid mode and how to utilize it in Android Studio

List your VGA: 

# lspci | grep -E "VGA|3D"
01:00.0 VGA compatible controller: NVIDIA Corporation GA107 [GeForce RTX 2050] (rev a1)
05:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Rembrandt [Radeon 680M] (rev 0b)

Installation

# apt-get install firmware-nvidia-graphics nvidia-detect nvidia-driver linux-headers-$(uname -r) vulkan-tools

Warning "Conflicting nouveau kernel module loaded" may appear.

Check your nvidia

# nvidia-detect
Detected NVIDIA GPUs:
01:00.0 VGA compatible controller [0300]: NVIDIA Corporation GA107 [GeForce RTX 2050] [10de:25ad] (rev a1)

Checking card:  NVIDIA Corporation GA107 [GeForce RTX 2050] (rev a1)
Your card is supported by all driver versions.
Your card is also supported by the Tesla 535 drivers series.
It is recommended to install the
    nvidia-driver

Chek your nvidia software

# nvidia-smi
Fri Oct 10 23:07:14 2025       
+-----------------------------------------------------------------------------------------+
| NVIDIA-SMI 550.163.01             Driver Version: 550.163.01     CUDA Version: 12.4     |
|-----------------------------------------+------------------------+----------------------+
| GPU  Name                 Persistence-M | Bus-Id          Disp.A | Volatile Uncorr. ECC |
| Fan  Temp   Perf          Pwr:Usage/Cap |           Memory-Usage | GPU-Util  Compute M. |
|                                         |                        |               MIG M. |
|=========================================+========================+======================|
|   0  NVIDIA GeForce RTX 2050        On  |   00000000:01:00.0 Off |                  N/A |
| N/A   40C    P0              7W /   45W |       9MiB /   4096MiB |      0%      Default |
|                                         |                        |                  N/A |
+-----------------------------------------+------------------------+----------------------+

Note: run glxinfo in "xfce terminal", not "terminal emulator"  

GLX information

$ glxinfo | grep "OpenGL renderer"
OpenGL renderer string: AMD Radeon 660M (radeonsi, rembrandt, LLVM 19.1.7, DRM 3.61, 6.12.31-amd64)

The desktop will utilize AMD GPU, we want to run Android Studio and utilize GeForce RTX 2050. Create a bash script to run Android Studio using NVidia Geforce RTX2050 instead build in AMD gpu, e.q 

#!/bin/bash
# Launch Android Studio using the NVIDIA GPU (Prime Render Offload)

APP_PATH="$HOME/AndroidStudio/android-studio/bin/studio.sh"

if [ ! -f "$APP_PATH" ]; then
    echo "Error: Android Studio not found at $APP_PATH"
    exit 1
fi

# Run Android Studio with NVIDIA GPU offload
__NV_PRIME_RENDER_OFFLOAD=1 __GLX_VENDOR_LIBRARY_NAME=nvidia "$APP_PATH" &

Usefull command if any systemd error during boot 

# journalctl -b -u systemd-modules-load.service

Debian 13: part 2 configure privoxy and torrc as lan https gateway to anonymity Tor Network

Prerequisite Debian 13: part 1 install Tor-Project  without error.

General network configuration 

Internet — router —- lan —- proxy(tor) 

All client has direct connection to internet via router. Client's browser can be configure to use proxy tor for anonymity.

The browser's connection becomes: [Client PC] --> [Debian Server - Tor & Privoxy] --> (WAN/Router) --> Internet (via Tor)

Privoxy is your https proxy. privoxy will connect to tor software, and tor software will find the way to reach destination using tor anonymity network. 

Debian proxy

Install privoxy

# apt-get install privoxy

Edit or add your /etc/privoxy/config : 

# listening port for your lan
listen-address  0.0.0.0:8118
# connection to tor software, privoxy and torrc run on the same server/pc
forward-socks5t / 127.0.0.1:9050

Edit or add your /etc/tor/torrc :

# Change "myNiceRelay" to something you like
Nickname    myNiceRelay
# Write your e-mail and be aware it will be published
ContactInfo your@e-mail
# for relay, 0 disable
ORPort      0
# for exit relay, 0 disable
ExitRelay   0
# use 127.0.0.1 to make torrc only accessible by localhost / privoxy
# comment these if you allow lan accessing torrc
SocksPort 9050
SocksListenAddress 127.0.0.1
# uncomment these to allow lan accessing torrc
#SocksBindAddress 192.168.1.1:9050
#SocksPolicy accept 192.168.1.0/24
#SocksPolicy reject *

 Enable your privoxy and tor service 

# systemctl enable tor
# systemctl enable privoxy
# systemctl restart tor
# systemctl restart privoxy

Client Browser

Open your browser setting, find proxy. Fill with

HTTP Proxy: 192.168.1.10
Port: 8118 

Note: change 192.168.1.10 to your debian lan ip server.

Now your client can browsing using anonymity tor network

Debian 13: part 1 install Tor-Project

Tor Project's repository only support amd64, arm64, or i386 architectures.

# dpkg --print-architecture
amd64

Install apt-transport-https

# apt install apt-transport-https gnupg

Add Tor Project repository into debian machince

1. Create a new file in /etc/apt/sources.list.d/ named tor.list
2. Filled /etc/apt/sources.list.d/tor.list with:
   deb     [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org trixiemain
deb-src [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org trixie main

Currently, Tor repository only support bookworm, bullseye and trixie.

Add gpg key for Tor Project's repository 

# wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/deb.torproject.org-keyring.gpg >/dev/null

If asc file does not exist, use your browser to open https://deb.torproject.org/torproject.org/. It will open directory of /torproject.org. Find file's name with asc, copy the file name and replace A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc with the new one. 

Install Tor Project key's

# apt install tor deb.torproject.org-keyring

Installing Tor

# apt install tor

 

Debian 13: general nftables with set for web server and router

This is general nftables for apache, ssh, dns ntp 

#!/usr/sbin/nft -f

flush ruleset

table inet filter {

    # Set for common inbound web server ports

    set web_ports {

        type inet_service;

        flags interval;

        elements = { 80, 443 }

    }

    # Set for other essential services, like SSH, DNS, and NTP

    set services {

        type inet_service;

        elements = { 22, 53, 123 }

    }

    chain input {

        type filter hook input priority 0; policy drop;

        # Allow connections that are part of an existing or related session

        ct state established,related accept

        # Drop invalid packets

        ct state invalid drop

        # Allow traffic from the loopback interface

        iif "lo" accept

        # Allow incoming traffic for common web services

        tcp dport @web_ports accept

        # Allow incoming SSH, DNS, and NTP traffic

        tcp dport @services accept

        udp dport @services accept

        # Allow incoming ICMP (ping) packets for diagnostics

        icmp type echo-request accept

        # Log and drop any other incoming traffic

        meta protocol vmap { ip : log prefix "[NFT-DROP]: ", ip6 : log prefix "[NFT-DROP]: " }

        meta protocol vmap { ip : drop, ip6 : drop }

    }

    chain forward {

        type filter hook forward priority 0; policy drop;

    }

    chain output {

        type filter hook output priority 0; policy accept;

    }

}

This is nftable for general router

• eth0 to internet/router
• eth1 to lan 

Edit/create nano /etc/sysctl.conf

net.ipv4.ip_forward=1

nftables rules

#!/usr/sbin/nft -f

# Clear all existing rules

flush ruleset

# --- Define variables for interfaces and networks ---

define wan_if = eth0

define lan_if = eth1

define lan_net = 192.168.1.0/24

# === Table for IPv4/IPv6 filtering ===

table inet filter {

    # Set for essential services (SSH, DNS, NTP)

    set essential_services {

        type inet_service;

        elements = { 22, 53, 123 }

    }

    # Set for web server ports

    set web_ports {

        type inet_service;

        flags interval;

        elements = { 80, 443 }

    }

    # Set of trusted interfaces (LAN)

    set trusted_interfaces {

        type ifname;

        elements = { $lan_if }

    }

    # Set of untrusted interfaces (WAN)

    set untrusted_interfaces {

        type ifname;

        elements = { $wan_if }

    }

    # --- INPUT chain: Controls traffic destined for the router itself ---

    chain input {

        type filter hook input priority 0; policy drop;

        # Accept packets that are part of an established or related connection

        ct state established,related accept

        # Drop any packets with an invalid connection state

        ct state invalid drop

        # Allow traffic from the loopback interface

        iif "lo" accept

        # Allow all traffic from the trusted LAN interfaces

        iifname @trusted_interfaces accept

        # Allow incoming SSH, DNS, and NTP from the internet (rate limited)

        iifname @untrusted_interfaces tcp dport @essential_services limit rate 10/minute accept

        iifname @untrusted_interfaces udp dport @essential_services limit rate 10/minute accept

        # Allow incoming web traffic (Apache) from the internet

        iifname @untrusted_interfaces tcp dport @web_ports accept

        # Allow ICMP (ping) from the internet, but rate-limit it

        iifname @untrusted_interfaces icmp type echo-request limit rate 5/second accept

        # Log and drop everything else coming from untrusted interfaces

        iifname @untrusted_interfaces log prefix "NFT-INET-DROP: "

        iifname @untrusted_interfaces drop

        # Catch-all log and drop for other incoming traffic

        log prefix "NFT-INPUT-DROP: "

        drop

    }

    # --- FORWARD chain: Controls traffic passing *through* the router ---

    chain forward {

        type filter hook forward priority 0; policy drop;

        # Accept packets that are part of an established or related connection

        ct state established,related accept

        # Drop invalid packets

        ct state invalid drop

        # Allow outbound traffic from the LAN to the internet

        iifname @trusted_interfaces oifname @untrusted_interfaces accept

        # Log and drop any other forwarded traffic

        log prefix "NFT-FORWARD-DROP: "

        drop

    }

    # --- OUTPUT chain: Controls traffic originating from the server ---

    chain output {

        type filter hook output priority 0; policy accept;

    }

}

# === NAT table for IPv4 (needed for internet access from LAN) ===

table ip nat {

    # --- PREROUTING chain: Used for incoming traffic before routing ---

    chain prerouting {

        type nat hook prerouting priority 0;

        # Example: Port forward incoming web traffic from the internet to a specific LAN machine

        # iifname $wan_if tcp dport { 80, 443 } dnat to 192.168.1.100

    }

    # --- POSTROUTING chain: Used for outgoing traffic after routing ---

    chain postrouting {

        type nat hook postrouting priority 100;

        # Masquerade traffic leaving the internet interface

        oifname $wan_if masquerade

    }

}

Debian 13: How to save ai solution with mathematical formula into odt file

After you ask AI, and AI give you solution with mathematical formula. You can not directly to copy-paste the result into libreoffice writer nor microsoft word.

1. Ask your AI to show the result in latex format.

2. Copy paste the result into text file e.q. example.text.

3. Create empty odt file e.q. output.odt 

4. Use pandoc application to convert it into odt.

$ pandoc -f latex -t odt -o output.odt example.text

    if the input file is latin1 encoded, like my text files, the solution is (imo the best output):

$ iconv -f ISO-8859-1 example.text | pandoc -f latex -t odt -o tmp.odt

    WARNING: this command will replace any content in tmp.odt and output.odt. 

5. Now, you can open odt with mathematical formula. 

To install pandoc and iconv (part of libc-bin) 

# apt-get install pandoc libc-bin libreoffice-texmaths

 

Moving apace, mariadb and php project from a debian site to other debian site

I want to create a bash script to backup and restore the project (apache, mariadb and php) easily. I need to work at 2 debian machine with the same configuration in 2 different location. I ask to duck.ai to solve the problem. Here is the result.

Create a file myconfig.conf

# myconfig.conf
DB_NAME="your_database_name"
DB_USER="your_username"
DB_PASS="your_password"
PROJECT_ROOT="/path/to/your/php/project"  # Add this line

Create bash script mybackup.sh 

#!/bin/bash

# Load database configuration from myconfig.conf
source myconfig.conf

# Create a backup file name for the database
DB_BACKUP_FILE="${DB_NAME}_$(date +%Y-%m-%d).sql"
# Create a zip file name for the project
PROJECT_BACKUP_FILE="$(basename "$PROJECT_ROOT")_backup_$(date +%Y-%m-%d).zip"

# Function to backup the database
backup_database() {
    echo "Backing up database: $DB_NAME"
    mysqldump -u "$DB_USER" -p"$DB_PASS" "$DB_NAME" > "$DB_BACKUP_FILE"
    if [ $? -eq 0 ]; then
        echo "Database backup successful: $DB_BACKUP_FILE"
    else
        echo "Database backup failed!"
        return 1
    fi
}

# Function to zip the project files
zip_project() {
    echo "Zipping project files from: $PROJECT_ROOT"
    zip -r "$PROJECT_BACKUP_FILE" "$PROJECT_ROOT"
    if [ $? -eq 0 ]; then
        echo "Project backup successful: $PROJECT_BACKUP_FILE"
    else
        echo "Project backup failed!"
        return 1
    fi
}

# Function to restore the database
restore_database() {
    echo "Restoring database: $DB_NAME from $1"
    mysql -u "$DB_USER" -p"$DB_PASS" "$DB_NAME" < "$1"
    if [ $? -eq 0 ]; then
        echo "Database restore successful!"
    else
        echo "Database restore failed!"
    fi
}

# Function to unzip the project files
unzip_project() {
    echo "Unzipping project files to: $PROJECT_ROOT"
    unzip -o "$1" -d "$PROJECT_ROOT"
    if [ $? -eq 0 ]; then
        echo "Project restore successful!"
    else
        echo "Project restore failed!"
    fi
}

# Check command line arguments
if [ "$1" == "backup" ]; then
    backup_database
    zip_project
elif [ "$1" == "restore" ]; then
    if [ -z "$2" ] || [ -z "$3" ]; then
        echo "Please provide the SQL backup file and the project zip file to restore from."
        exit 1
    fi
    SQL_BACKUP_FILE="$2"
    PROJECT_BACKUP_FILE="$3"
    restore_database "$SQL_BACKUP_FILE"
    unzip_project "$PROJECT_BACKUP_FILE"
else
    echo "Usage: $0 {backup|restore [sql_backup_file] [project_backup_file]}"
    exit 1
fi

To backup

./mybackup.sh backup

It will create 2 files

1. zip for backup and restore web root project
2. sql for backup and restore mariadb database 

To restore

./mybackup.sh restore your_database_backup.sql your_project_backup_file.zip

 

Debian 13: how to limit cpu frequency to preserve power or keep cpu cooler

Since Debian 13, cpufreq is being replaced by cpupower. Don't mix using power-profiles-daemon and linux-cpupower. I prefer to use linux-cpupower.

Install 

# apt-get install linux-cpupower

Show available frequency

# cpupower frequency-info
analyzing CPU 1:
  driver: acpi-cpufreq
  CPUs which run at the same hardware frequency: 1
  CPUs which need to have their frequency coordinated by software: 1
  maximum transition latency: 4.0 us
  hardware limits: 1000 MHz - 2.20 GHz
  available frequency steps:  2.20 GHz, 2.00 GHz, 1.80 GHz, 1.60 GHz, 1.30 GHz, 1000 MHz
  available cpufreq governors: performance schedutil
  current policy: frequency should be within 1000 MHz and 2.20 GHz.
                  The governor "schedutil" may decide which speed to use
                  within this range.
  current CPU frequency: 1.30 GHz (asserted by call to hardware)
  boost state support:
    Supported: yes
    Active: no
    Boost States: 2
    Total States: 8
    Pstate-Pb0: 2500MHz (boost state)
    Pstate-Pb1: 2400MHz (boost state)
    Pstate-P0:  2200MHz
    Pstate-P1:  2000MHz
    Pstate-P2:  1800MHz
    Pstate-P3:  1600MHz
    Pstate-P4:  1300MHz
    Pstate-P5:  1000MHz

Available frequency steps are:  2.20 GHz, 2.00 GHz, 1.80 GHz, 1.60 GHz, 1.30 GHz, 1000 MHz. Use frequency 1.8 GHz for all core:

# cpupower frequency-set -u 1.80 GHz
Setting cpu: 0
Setting cpu: 1
Setting cpu: 2
Setting cpu: 3

After applying maximum frequency

# cpupower frequency-info
analyzing CPU 2:
  driver: acpi-cpufreq
  CPUs which run at the same hardware frequency: 2
  CPUs which need to have their frequency coordinated by software: 2
  maximum transition latency: 4.0 us
  hardware limits: 1000 MHz - 2.20 GHz
  available frequency steps:  2.20 GHz, 2.00 GHz, 1.80 GHz, 1.60 GHz, 1.30 GHz, 1000 MHz
  available cpufreq governors: performance schedutil
  current policy: frequency should be within 1000 MHz and 1000 MHz.
                  The governor "schedutil" may decide which speed to use
                  within this range.
  current CPU frequency: 1000 MHz (asserted by call to hardware)
  boost state support:
    Supported: yes
    Active: no
    Boost States: 2
    Total States: 8
    Pstate-Pb0: 2500MHz (boost state)
    Pstate-Pb1: 2400MHz (boost state)
    Pstate-P0:  2200MHz
    Pstate-P1:  2000MHz
    Pstate-P2:  1800MHz
    Pstate-P3:  1600MHz
    Pstate-P4:  1300MHz
    Pstate-P5:  1000MHz

To make it persistent, create or edit /etc/systemd/system/cpu-limit.service

[Unit]
Description=Set CPU power management settings
# latest state runlevel 3 in SysVinit, let CPU run maximum frequency during starting system services
After=multi-user.target
# run after network ready
#After=network.target
# network may not run
#After=sysinit.target

[Service]
Type=oneshot
ExecStart=/usr/bin/cpupower frequency-set -u 2.00GHz
#ExecStart=/usr/bin/cpupower frequency-set --max 2.00GHz
#ExecStart=/usr/bin/cpupower frequency-set -g performance
# You can customize the cpupower command here.
# For example, to set to powersave:
# ExecStart=/usr/bin/cpupower frequency-set -g powersave
# Or to set a specific frequency:
# ExecStart=/usr/bin/cpupower frequency-set -f 2.5GHz

[Install]
WantedBy=multi-user.target



Note: you can copy paste and adjust frequency for your laptop/PC.

Change file permission

# chmod 644 /etc/systemd/system/cpu-limit.service

Reload system daemon

# systemctl daemon-reload
# systemctl enable cpu-limit.service
Created symlink '/etc/systemd/system/multi-user.target.wants/cpu-limit.service' → '/etc/systemd/system/cpu-limit.service'.

Everytime your restart this daemon will run time to set maximum frequency.

 

 

Debian 13: Fresh install dual boot Axioo Hype 5 AMD X6 using usb flash disk with ventoy boot manager installed

Spesification Axioo Hype 5 AMD X6:

• Ryzen™ 5 6600H & grafis Radeon™ 660M
• 16GB DDR5 RAM & 512GB SSD Gen 3

Shrink your windows 11 partition. We need 84 GB free space. 80 GB for debian / ext4 and 4 GB for swap. We do need to reserve 500 MB for ESP (EFI System Partition), windows 11 already create it.

Use windows disk manager and shrink partition. Fill

Enter the amount of space in MB 84000 MB

It is good practice to separate partition for windows system and application, and user data partition.

To install Ventoy boot manager in flash disk follow this.

Insert your USB flash disk contain Debian 13 net installer and ventoy installed. Press and hold “Shift” and restart windows. Unpress shift after laptop restarted.

Select “Use Device” and choose USB flash disk to boot.

Ventoy boot manager will give you any iso file you stored on flash disk if any. Choose debian, select “Boot in normal mode”.

Debian installer started, follow the instruction. You need an internet connection to install the xfce desktop environment. 

At the partition section, choose “Manual”. Create 80 GB type “ext4” mount / and 4 GB type “Swap”. Write change to disk.

Beware, there is a USB flash disk appear in the partition menu. It is shown as “SCSI1 (0.0.0) (sda)” on my laptop.

In package manager, I choose 

• Xfce
• Standard system utility

For special purpose installation choose debian blend. Release of debian pure blend can be read on www.debian.org/blends/.

Finally, restart your laptop. Press F2 to enter bios. At boot menu, select debian boot manager first and then windows. Debian grub has the option to enter windows not vice versa.

If you wish, to select windows as default grub selection, edit /etc/default/grub

GRUB_DEFAULT=2

Save it and run

# update-grub

Debian 13: Using Ventoy to create bootable flash disk for multiple ISO

Download ventoy from www.ventoy.net, choose tar.gz. At this documentation wrote, it was ventoy-1.1.07-linux.tar.gz.

Extract it here, it will create directory ventoy-1.1.07. You can move directory from download to your home.

To avoid any typo or wrong device storage, it is recommended to use GUI. Insert you new or unused flash disk and open ventoy GUI, from terminal

$ cd ventoy-1.1.07/
$ ./VentoyGUI.x86_64&

It will ask root/sudo password. Click Install and you will get warning all data will be destroyed and flash disk will be formatted. Wait until finish.

Unmount your flash disk. Remove and reinsert your flash disk. You can add your iso file into your flash disk.

Note: Do not store your iso files too deep under subdirectory. 

Sample Directory:

Ventoy
-- debian
   -- debian-13.1.0-amd64-netinst.iso
-- windows
   -- 

Note:  size of debian-13.1.0-amd64-netinst.iso is more then 700MB which it is not fit into CD ROM anymore.

Use flash disk USB 3.0 or above. I use Adata flash disk USB 3.0.

It is hard to find CD or DVD in Indonesia.  Almost software is distribute directly from cloud, no disk media anymore. Some provide flash disk installer in part of package.

 

 

Debian 13: solving error ring 2 stalled on HP 15-AF109AX AMD A8-7410 APU Radeon R5

Laptop:

AMD A8-7410 APU Radeon R5 GCN 1.2 (Spectre)
HP 15-AF109AX 

symptom: Screen flickering continuously at some interval  time

Dmesg error:

[ 3806.507278] radeon 0000:00:01.0: ring 2 stalled for more than 29348msec
[ 3806.507310] radeon 0000:00:01.0: GPU lockup (current fence id 0x000000000000038f last fence id 0x0000000000000390 on ring 2)

Which non free firmware? These are generation AMD Graphics Processor

Use radeon for older then GCN and RDNA

Use amdgpu for Graphic Core Next/GCN generation

1. GCN 1.0 Radion HD 7000
2. GCN 2.0 Radeon 200
3. GCN 3.0 Radeon 300
4. GCN 4.0 Radeon 400/500/600
5. GCN 5.0 Radeon RX Vega, Radeon VII

Use  ROCm for RDNA

1. RDNA 1 Radeon RX 5000
2. RDNA 2 Radeon RX 6000
3. RDNA 3 Radeon RX 7000
4. RDNA 4 Radeon RX 8000 

Install firmware, you need add non-free repository

# apt-get install firmware-amd-graphics  

Check firmware loaded

# lspci -k | grep -A 3 VGA
00:01.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Mullins [Radeon R4/R5 Graphics] (rev 45)
    Subsystem: Hewlett-Packard Company Device 80cc
    Kernel driver in use: radeon
    Kernel modules: radeon, amdgpu

or

# lspci -nn | grep VGA


The Mullins Accelerated Processing Units (APUs), which include the Radeon R4/R5 Graphics, use the GCN 1.1 architecture.  Googling for yours if necessary. Create/Edit /etc/X11/xorg.conf.d/20-radeon.conf 

Section "Device"
    Identifier "AMD Graphics"
    Driver "amdgpu"
    Option "TearFree" "true"
EndSection

If your card is GCN 1.0 and 1.2 ("Southern Islands" or "Sea Islands" cards) , for potentially better performance and Vulkan support, you need to add kernel parameter. Edit /etc/default/grub and add parameter

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash radeon.cik_support=0 amdgpu.cik_support=1"

update grub

# update-grub update-grub

Example old AMD Graphic

• Wrestler [Radeon HD 6310] 

google-chrome use gpu acceleration, this can also causing ring 2 stalled. Disabling google-chrome gpu accelerated.

$ google-chrome-stable --disable-gpu --disable-software-rasterizer

Create script to run start_chrome.sh

#!/bin/bash
google-chrome-stable --disable-gpu --disable-software-rasterizer "$@" &

Make it runnable

$ chmod 764 ./start_chrome.sh


 

Debian 13: using systemd-resolved to replace old way to resolving dns

Install systemd-resolved 

# apt-get install  systemd-resolved

Enable it

# systemctl enable systemd-resolved

Old fashion /etc/resolv.conf 

# Generated by NetworkManager
nameserver 45.90.28.186
nameserver 8.8.8.8
nameserver 1.1.1.1

Change/Edit configuration file /etc/systemd/resolved.conf 

DNS=45.90.28.186 8.8.8.8 1.1.1.1
DNSOverTLS=yes

Optional

DNS=45.90.28.186 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2006:4700:4700::1111#cloudflare-dns.com 2606:4700:4700:1001#cloudflare-dns.com
DNSOverTLS=yes 

Enable systemd-resolved in Network Manager, edit /etc/NetworkManager/NetworkManager.conf 

[main]
plugins=ifupdown,keyfile
dns=systed-resovled

Restart Network Manager

# systemctl restart NetworkManager

Restart systemd-resolved

# systemctl restart systemd-resolved


Test it

# nslookup duckduckgo.com
Server:        127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
Name:    duckduckgo.com
Address: 20.43.161.105

Done. This configuration can be used to protect your dns resolved from dns query hijacking. 

Handy diagnostics guide:  

Dig

# dig duckduckgo.com @1.1.1.1 +short
safe.duckduckgo.com.
202.169.44.80

Nslookup

# nslookup duckduckgo.com 8.8.8.8
Server:        8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
duckduckgo.com    canonical name = safe.duckduckgo.com.
Name:    safe.duckduckgo.com
Address: 202.169.44.80
Name:    safe.duckduckgo.com
Address: 2404:8000:11:2::2 

Whois

# whois 202.168.44.80 
% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '202.168.0.0 - 202.168.63.255'

% Abuse contact for '202.168.0.0 - 202.168.63.255' is 'hostmaster@tpgtelecom.com.au'

inetnum:        202.168.0.0 - 202.168.63.255
netname:        TPG-AU
descr:          TPG Internet Pty Ltd.
country:        AU
org:            ORG-TIPL2-AP
admin-c:        TH178-AP
tech-c:         TH178-AP
abuse-c:        AT937-AP
status:         ALLOCATED PORTABLE
remarks:        Australian Internet Service Provider (ISP)
remarks:        http://www.tpg.com.au

Curl

# curl -I https://www.duckduckgo.com
curl: (7) Failed to connect to www.duckduckgo.com port 443 after 4129 ms: Could not connect to server

Note: curl and whois showing duckduckgo.com directing to wrong address.

Debian 13: UEFI partition during installation process

Begin in 2011, computer manufacturers were moving to use UEFI and left BIOS. Today, it is mandatory for system with UEFI to have separate partition for EFI System Partition / ESP. 

ESP contain boot loader to start operating system. One ESP may contain some boot loader for different operating system. Size of ESP for windows and Debian is 500MB to avoid problem when update occurred. It means for multi OS with different boot loader, ESP partition required bigger size.

During Debian installation, at step configure partition, create:

• size: 500 MB or bigger
• type: "EFI System Partition (ESP)", "EFI System Partition" or similar

All partitions required in Debian 13 system are:

1. ESP: 500MB or bigger, will marked boot sector 0xEE
2. Swap: 2 times physical memory. IMO, for physical memory more then 16GB, swap size equal to physical memory or less.
3. root partition for single point mount /, or custom partition.

There are 3 types boot process and its year period:

1. BIOS: old PC
2. BIOS + GPT PC 2000-2020 
3. ESP + GPT PC > 2020 

Debian 13: troubleshooting connecting to wifi using cmd nmcli

I prefer to use command line because mostly server does not  installed window manager. I need to familiar to use command line in any situation.

To show wifi radio enable

# nmcli radio wifi
enabled

To turn on radio wifi

# nmcli radio wifi on

To list available wifi

# nmcli device wifi list
IN-USE  BSSID              SSID   
...

To rescan available wifi

# nmcli dev wifi rescan

To connect to wifi access point

# nmcli device wifi connect "[your_SSID]" password "[your_password]"
...


To show connection

# nmcli connection show
NAME                UUID                                  TYPE      DEVICE
...

Note: parameter dev is short from device

Debian 13 icewm/openbox/fluxbox: using pavucontrol & pulseaudio

 Install pavucontrol & pulseaudio

# apt-get install pavucontrol pulseaudio
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
...


To run pavecontrol in terminal

$ pulseaudio&

Debian 13: install OpenBox, Fluxbox and IceWM with XFCE installed

Hardware:

• HP 15-AF109AX
  AMD A8-7410 APU 
• ASUS EEE PC 1215B
  AMD E-350 Processor

Compare 

Feature	Fluxbox	Openbox	IceWM
Ram idle	~60–100 MB	~80–120 MB	~80–150 MB
Panel	n/a	n/a	Yes
Toolbar	n/a	tint2	Yes, like Windows 95
Access menu	Right Click	Right Click	Toolbar like Windows 95
Application list	Manual only	Auto populate	Auto populate

To install fluxbox is straight forward.

# apt-get install fluxbox
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done


To install openbox is straight forward.

# apt-get install openbox
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  libid3tag0 libimlib2t64 libobrender32v5 libobt2v5 libspectre1 obconf scrot 

To install icewm is straight forward.

# apt-get install icewm
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done


To switch your Desktop into  OpenBox, Fluxbox or IceWM, logout and select tool on top-right icon to select openbox.

Right click to select application menu to launch. It is old fashion Unix Desktop terminal. If you ever used Solaris 8.0 workstation, it looks so closed. in Fluxbox, installed application needs to run by command in bash shell.

Do not remove XFCE (or existing Window Manager) if you are not familiar with OpenBox, Fluxbox or IceWM. You can switch to XFCE XFCE (or existing Window Manager) or openbox anytime you want.

NOTE: Do not expecting the performance likes a new PC, for office like libreoffice requires processor power to speed up.

Debian 13: pyhton3 setting virtual environment

Run once

Installing packages

As root

# sudo apt install python3 python3-pip python3-venv

As user for example user1

As user1

We create folder to store python3 packages for user1 folder name is mpyvenv

$ mkdir mypyenv
$ cd mypyenv
~/mypyenv$  python3 -m venv venv
~/mypyenv$ ls
venv

Every time entering virtual environment use this command

$ cd mypyenv
~/mypyenv$ source venv/bin/activate
(venv) [user]@[host]:~/mypyenv$

To exit virtual environment

(venv) [user]@[host]:~/mypyenv$ deactivate
~/mypyenv$ 

Note: 

1. put every python project under directory virtual environment, for this example I used mypyenv.
2. A user can have multiple virtual environment for each project. Each project must have a single entry point to root folder. 

References: chatgpt.com gemini.google.com

Debian 13: upgrading ASUS Eee PC 1215B from Debian 11 to Debian 13

ASUS Eee PC 1215B Release April 2011
AMD E-350 dual-core 1.6 GHz
AMD Radeon HD 6310 graphics 1366x768
Ram DDR3

It is recommended to use shell, during upgrade, desktop environment may be restarting and causing screen lock.

To get into shell, after Desktop login menu appear, press Ctrl + Alt + F1. To turn back into Desktop press Ctrl + Alt + F7.

Edit /etc/apt/sources.list

#main
# 11 to 12
deb https://deb.debian.org/debian bookworm main contrib non-free-firmware non-free
# 12 to 13
#deb https://deb.debian.org/debian trixie main contrib non-free-firmware non-free

#mirror auto
# 11 to 12
deb http://mirror.unair.ac.id/debian bookworm main contrib
# 12 to 13
#deb http://mirror.unair.ac.id/debian trixie main contrib

#security
# 11 to 12
deb https://security.debian.org/debian-security bookworm-security main contrib non-free-firmware non-free
# 12 to 13
#deb https://security.debian.org/debian-security trixie-security main contrib non-free-firmware non-free

#update
# 11 to 12
deb https://deb.debian.org/debian bookworm-updates main contrib non-free-firmware non-free
# 12 to 13
#deb https://deb.debian.org/debian trixie-updates main contrib non-free-firmware non-free

#backport
# 11 to 12
deb http://deb.debian.org/debian bookworm-backports main
# 12 to 13
#deb http://deb.debian.org/debian trixie-backports main

As mention in Debian official website, you can not directly upgrade from Debian 11 to Debian 13. You need to upgrade it in sequence

Upgrade Debian 11 to Debian 12

Edit /etc/apt/sources.list, remove '#' any line containing bookworm and add '#' any line containing trixie.

1. Update Repository
   # apt-get update
2. Take full upgrade
   # apt full-upgrade
3. Restart and perform clean up
   # apt-get autoclean && apt-get autoremove -y

This toke 2 hours and 30 minutes. 

This error occurred when we just perform apt upgrade --without-new-pkgs, make restart and upgrade to Debian 13

Preparing to unpack .../base-files_13.8_amd64.deb ...


******************************************************************************
*
* The base-files package cannot be installed because
* /bin is a directory, but should be a symbolic link.
*
* Please install the usrmerge package to convert this system to merged-/usr.
*
* For more information please read https://wiki.debian.org/UsrMerge.
*
******************************************************************************


dpkg: error processing archive /var/cache/apt/archives/base-files_13.8_amd64.deb
 (--unpack):
 new base-files package pre-installation script subprocess returned error exit s
tatus 1
Errors were encountered while processing:
 /var/cache/apt/archives/base-files_13.8_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)


Upgrade Debian 12 to Debian 13

Edit /etc/apt/sources.list, add '#' any line containing bookworm and remove '#' any line containing trixie.

1. Update Repository
   # apt-get update
2. Take full upgrade
   # apt full-upgrade
3. Restart and perform clean up
   # apt-get autoclean && apt-get autoremove -y

This toke 3 hours to upgrade 1.945 packages with size 1.388 MB.

Total hours are 5 hours and 30 minutes, with all applications upgraded to latest version.

Debian 13: Ops, something is wrong during upgrading from Debian 12 to Debian 13

If something wrong during upgrade debian 12 to debian 13, so the installation did not finish, here is my share how to solved it. 

In my case, screen got locked, so I need to manual power off and restart the Laptop.

Normal boot to linux won't work, if possible during selecting menu in grub, select "Advanced Option" and select "Recovery Mode". If you can not go into grub menu, you need to use Debian rescue CD/USB, I use minimal (net install CD),

If you use CD/USB, you will rescue your Debian using chroot. 

To repair grub using CD/USB, you need to enter your drive.

To repair broken upgrade using CD/USB, you need to select your Debian partition and mounting /boot partition.

If you using CD/USB rescue, when repair has completed, type exit from chroot

Command to repair broken upgrade process:

# dpkg --configure -a
....
# apt --fix-broken install 
....
# apt full-upgrade
...-
# grub-update
...
# grub-install /dev/sda
....

To manage boot efi using efibootmgr

# apt install efibootmgr
# efibootmgr
BootCurrent: 0002
Timeout: 5 seconds
BootOrder: 0001,3001,0002,2001,2002,2003
Boot0001* Windows Boot Manager    HD(2,GPT,41ed4da9-8f99-445d-b3dc-d37f4ad717da,0x109000,0x32000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)57494e444f5753000100000088000000780000004200430044004f0042004a004500430054003d007b00390064006500610038003600320063002d0035006300640064002d0034006500370030002d0061006300630031002d006600330032006200330034003400640034003700390035007d00000061000100000010000000040000007fff0400
Boot0002* debian    HD(2,GPT,41ed4da9-8f99-445d-b3dc-d37f4ad717da,0x109000,0x32000)/File(\EFI\debian\shimx64.efi)
Boot2001* USB Drive (UEFI)    RC
Boot2002* Internal CD/DVD ROM Drive (UEFI)    RC
Boot3000* Internal Hard Disk or Solid State Disk    RC
Boot3001* Internal Hard Disk or Solid State Disk    RC
Boot3002* Internal Hard Disk or Solid State Disk    RC
# efibootmgr --bootorder Boot0002,Boot0001

Laptop HP Model 15-af109AX, Boot Manager is handled by Bios. This model may be not supported in Debian 13 (No problem in Debian 12), I can not change boot order using BIOS nor efibootmgr. To select boot loader, you need to press F9 button.

 

Debian 13: upgrade from debian 12 bookworm to debian 13 trixie

It is recommended to use shell, during upgrade, desktop environment may be restarting and causing screen lock.

To get into shell, after Desktop login menu appear, press Ctrl + Alt + F1. To turn back into Desktop press Ctrl + Alt + F7.

Current version

# cat /etc/debian_version
12.11

Edit /etc/apt/source.list

#deb cdrom:[Debian GNU/Linux 12.0.0 _Bookworm_ - Official amd64 NETINST with firmware 20230610-10:21]/ bookworm main non-free-firmware

#main
#deb https://deb.debian.org/debian bookworm main contrib non-free-firmware non-free
deb https://deb.debian.org/debian trixie main contrib non-free-firmware non-free

#mirror auto
#deb http://httpredir.debian.org/debian bookworm main contrib
deb http://httpredir.debian.org/debian trixie main contrib

#security
#deb https://security.debian.org/debian-security bookworm-security main contrib non-free-firmware non-free
deb https://security.debian.org/debian-security trixie-security main contrib non-free-firmware non-free

#update
#deb https://deb.debian.org/debian bookworm-updates main contrib non-free-firmware non-free
deb https://deb.debian.org/debian trixie-updates main contrib non-free-firmware non-free

#backport
#deb http://deb.debian.org/debian bookworm-backports main
deb http://deb.debian.org/debian trixie-backports main

Updating repository

# apt-get update
Hit:1 https://dl.google.com/linux/chrome/deb stable InRelease                 
Hit:2 https://deb.debian.org/debian trixie InRelease                           
Hit:3 https://security.debian.org/debian-security trixie-security InRelease   
Hit:4 https://deb.debian.org/debian trixie-updates InRelease                   
Hit:5 http://deb.debian.org/debian trixie-backports InRelease                 
Hit:6 http://httpredir.debian.org/debian trixie InRelease   
Reading package lists... Done

Performing minimal upgrade

# apt upgrade --without-new-pkgs

During minimal upgrade, your system may request you to restart some services, allow it. Take some coffee.....

Restart your Debian. This is optional, just make sure system run proper minimal upgrade. 

Performing full upgrade

# apt full-upgrade

Full upgrade may takes sometimes. 

Restart your Debian and perform clean up

# apt-get autoclean && apt-get autoremove -y
...
$ cat /etc/debian_version
13.0
$ uname -an
Linux hpkakiang 6.12.38+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.38-1 (2025-07-16) x86_64 GNU/Linux

Debian 13: trixie release

NOTE: 

1. Debian 13 trixie does not support i386 architecture. Users running i386 systems should not upgrade to trixie.  You can run 32 bit application on Debian 13 trixie using 32 bit support. 
2. Debian 12 bookworm does not cover any i586 processor, minimum processor requirement is i686. 
3. Debian 11 bullseye is latest version support i386. 

Debian 13 trixie release uses Linux kernel 6.12 LTS series.

Debian 13 trixie ships with several desktop environments, such as:

1. GNOME 48
2. KDE Plasma 6.3
3. LXDE 13
4. LXQt 2.1.0
5. Xfce 4.20

A total of seven architectures are officially supported for trixie:

1. 64-bit PC (amd64),
2. 64-bit ARM (arm64),
3. ARM EABI (armel),
4. ARMv7 (EABI hard-float ABI, armhf),
5. 64-bit little-endian PowerPC (ppc64el),
6. 64-bit little-endian RISC-V (riscv64),
7. IBM System z (s390x)

Reference: www.debian.org/News/2025/20250809