Monday, June 30, 2025

ThinkPad T14s Gen 6 vs Thinkpad T14 Gen 5 with Linux

Summary

Model	T14s Gen 6	T14 Gen 5	Gen6 vs Gen 5
Weight	1.23kg	1.47kg	better
Dimensions	312x220x20mm	315x225x20mm	tie
Screen (diagonal)	357	357	tie
Ports	Left 2xUSBC, right 2xUSBA	Left 2xUSBC,USBA, right: RJ45,USBA, microSD	worse
Battery	58Wh	52.5Wh	better
Geekbench 6.4	Single core 2347 Win (2349 Linux), Multi-core: 14312 Win (13587 Linux)	Single Core 2386, Multi-core: 10956	better
Speakers+microphone	not detected	works	worse
External headset	works	works	tie
Cameras (internal and external USB)	works	works	tie
Dock	partial (one screen only)	works	worse
Boot from dock	no	works	worse
LUKS encryption	mostly	works	worse
Firmware updater	no	works	worse
Hibernate/wake up	works	works	tie
Kernel upgradable	no	works	worse
wifi	works (with kernel 6.14.0-15)	works	worse
Hibernation for 1 hour	lost 2.9%	lost 6.7%	Better
SSD	M.2 2242	M.2 2280	Worse

For the tests I used two models of the Lenovo Thinkpad:

T14s Gen 6 Snapdragon Elite X
T14 Gen 5 AMD Ryzen 7 Pro 8840U

Operating systems

For laptop 1 I used Ubuntu 25.10 ARM
For laptop 2 I used Ubuntu 24.04.2

Kernels

For laptop 1 6.14.0-15
For laptop 2 6.11-0-17

Processor

Laptop 1: Snapdragon X Elite X1E78100 Qualcomm Oryon 3.417 GHz, 12 physical cores (no hyperthreading)
Laptop 2: AMD Ryzen 7 Pro 8840u with Radeon 780m graphics x 8 cores (16 hyperthreaded) 3.3 - 5.1 GHz

Battery

Laptop 1: upower -i reports 58Wh capacity.
Laptop 2: 52.5Wh.

When put into hibernation laptop 1 lost 2.7 to 2.9% of power per hour. Laptop 2 lost 6.7%

Installation

Installation of Ubuntu 24.04.2 was successful with all options.

Installation of Ubuntu 25.10 on the ARM machine however, was much more buggy. First you had to disable Secure boot, which is normal. However, retaining the Windows partition as recommended then required a recovery key from the Microsoft site to boot into Windows, which was necessary to turn off BitLocker. After that it was possible to install Ubuntu alongside the Windows NTFS partition. With the latest versoin of the installer image LUKS now works, although it does not yet have a graphical prompt for the luks password, you can enter this on the commanline and all is well.

Thunderbird

When installing Thunderbird in the terminal multiple lines are producing instead of overwriting the previous line. So some terminal emulation here doesn’t work, but the installation succeeded.

Speakers and microphone

The internal speakers and mircophone were not recognised on Laptop 1 at all, not even after running qcom-firmware-extract. However, after running that command an external headset, an Edifier K800 USB worked perfectly, but only when plugged directly into the laptop.

Cameras

Both the internal camera and external Logitech 720P camera worked fine on both laptops.

Firmware Updater

I tried installing the firmware-updater snap, but it won’t run.

As a regular user: error sending Activate message to application: GDBus.Error:org.freedesktop.Dbus.Error.NoReply: Message recipient disconnected from message bus without replying.

As root: touch: cannot touch ‘/root/snap/firmware-updater/common/.cache/desktop-runtime-date: No such file or directory.

Upgrading the kernel

Installation of Mainline failed on laptop 1, even after setting the correct repo cappelikan/ppa. When running apt update it replies: Error: The repository ‘https://ppa.launchpadcontent.net/cappelikan/ppa/ubuntu questing Release’ does not have a Release file. And it doesn't.

Tried running the ubuntu-mainline-kernel.sh file available on github, which installs version 6.15.4. It won’t reboot, cold or warm in 6.15.4. Reverted to 6.14.0-15

Wifi

This works as expected on both laptops. The VPN works as expected. However, on laptop 1, after upgrade to kernel 6.15-03, via the software updater tool, the wifi no longer works. It seems that qcom-firmware-extract only works with kernel 6.14.0-15. After running this tool again it says it updated the 6.14 kernel, but that the latest is 6.15.

External monitors

Tested with a twin UHD display via Thinkpad USB-C Dock Gen 2.

This worked fine on laptop 2.

On laptop 1, however, closing the lid did not assign the main screen to one of the external monitors.

The first UHD external monitor was recognised at full resolution. The second external UHD monitor was not recognised, but was mirrored from the first. It does not appear as Display 3 in Displays control panel. Only the laptop (1) and first external monitor (2) appear.

The same behaviour was observed with twin FHD monitors. Attempting to set an external monitor as the primary did not work, and the cursor disappeared from the laptop monitor, making it useless.

With dock

Boot button on dock started the laptop. It then displayed the blurred grub menu.

Selection of first item Ubuntu in grub menu produced error: “Failed to boot either main or alternate entries.” It returned to grub and after selecting Ubuntu again crashed.

Booting from the laptop directly worked.

Shutdown while connected to the dock failed: USB cable bad?

Hibernation

Laptop 1 declined 2.7-2.9% after 1 hour of hibernation.
Laptop 2 declined by 6.77% after one hour of hibernation

Upgradeable Storage

Laptop 2 takes standard M.2 2280 drives, of which there are plenty of models up to 4TB. Laptop 1, however, accepts only M.2 2242, a 45mm long drive not yet made by Crucial. I found only one model that boasts 4TB. Most are 512GB-1TB.

Monday, July 22, 2024

Defining a user for Sabre Dav (calendar)

Sabre is an open-source calendar server. It is well written and moderately powerful, being used by Nextcloud open-source groupware. However, setting up a Sabre calendar server is not that easy. As the documentation says, there is no web interface for creating users. Instead, it advises that you create them directly in the database. According to the instructions you need to:

Add an entry to the users table, specifying the user name and the digest of the password (it is pretty unclear what to do for this)
Add a corresponding entry to the principals table -- but no details are given

Looking at the two tables in question, users has three columns: id, username and digesta1. The first is the primary key and doesn't need to be set. The second and third columns are varbinary. that is, you specify them as hexidecimal strings preceded by '0x' and they will be defined and displayed in that form.

The principals table has id, uri, email and displayname columns. displayname is text, uri and email are varbinary. It is pretty simple if you know SQL to add entries to the princpals table. I'll concentrate on the format of the digesta1. According to the php source code it is an md5 hash of a string of the format:

username:realm:password

There is one user already defined: admin user. It is unclear what the realm is set to. Stepping through the debugger I discovered that it is set by default to SabreDAV. I tried creating the hash using md5sum on the commandline, but this didn't give the correct answer. You need to create it using the php function md5. Once I generated it that way, and plugged in the value to the digesta1 column of the users table I could login using my own password.

Stick a file with this content on your web-server and it will print out the digesta1 field value for the user username with password foobar:

<?php
echo('hash='.md5('username:SabreDAV:foobar'));
?>

Tuesday, February 20, 2024

Upgrading Ubuntu 22.04 to 24.04

The latest version of Ubuntu Noble Numbat is coming, and many will be tempted to upgrade as advised on the ask-ubuntu site. I would warn anyone trying to do this to hold off for now. Although Noble Numbat itself is getting there, only a fresh install of 24.04 works for now. Currently on 21 February 2024 using sudo do-release-upgrade -d will likely brick your machine. I've tried the upgrade on several different models (all Lenovo) with fresh installs of Ubuntu 22.04 upgraded to the latest versions of everything and the do-release-upgrade -d crashes either at tracker-extract or, if you manage to disable it, at networkd-dispatcher. The machine freezes during the upgrade and can't be reused after that. I had to copy all my files off onto an external drive and reinstall everything. The strange thing is they had the same problem with 20.04->22.04, but somehow they fixed it. I wait for the corresponding update for 22.04->24.04.

Update 4 April 2024: Now sudo do-release-upgrade -d does nothing. It says "There is no development version of an LTS available". So it looks like they are preventing people from running the upgrade while it is known to be broken, but haven't fixed it yet.

Update 17 April 2024: sudo do-release-upgrade -d is back! I tried this on a clean install of 22.04, fully upgraded, rebooted, and ran the do-release-upgrade -d. It welcomes you to Ubuntu 24.04, but still fails. The laptop is still bricked and is unusable after that. The crash file in /var/crash says it was in netplan.script. So I guess this is still a library incompatibility between 22.04 and 24.04, related to networking.

Update 30 April 2024: Upgrading in two steps, from 22.04 to 23.10 using sudo do-release upgrade then once that upgrade is complete, you can upgrade to 24.04 using sudo do-release-upgrade -d. Even though the process got stuck a couple of times on one model of laptop, after retsrting it was possible to pick up where the installer had left off and so the laptop was not ruined. In the other cases, the dual upgrade went smoothly, but took about an hour overall.

Thursday, February 15, 2024

Replace Firefox snap with non-snap version in Ubuntu

One of the problems with the snap package of Firefox is that it can't communicate with programs outside of its snap such as Keepassxc. Also if you don't like the idea of using the self-contained enviroments that snaps implement, and would prefer your applications to live together inside a single OS with its installed libraries rather than duplicating them inside each snap, then replacing the default Firefox snap in Ubuntu may appeal. I'm appending a script I wrote for Ubuntu 22.04, which also works for Ubuntu 24.04. It achives a few things:

Deletes Firefox snap
Installs Mozilla's latest Firefox binary
Sets up apt so that it prefers Mozilla Firefox over snap Firefox when updating packages
Adjusts apparmor to allow external programs like Keepassxc to communicate with Firefox

#!/bin/bash
# Replace firefox snap with apt package
# Ubuntu 24.04 installs the snap version of Firefox. 
# If you use Firefox in conjunction with the Keepassxc 
# browser plugin this will no longer work. 
# To fix this issue you must first remove the snap version of Firefox:
release=`lsb_release -cs`
if [ -z "$release" ]; then
    release="noble"
fi
snap_firefox_path=`which firefox`
snap_res=`grep "exec /snap/bin/firefox" $snap_firefox_path`
if [ $? -eq 0 ]; then
    echo "removing snap firefox"
    snap remove firefox
fi
#Now we have to prioritise the Mozilla version over the default snap version.
if [ ! -e /etc/apt/preferences.d/mozilla-firefox ]; then
echo '
Package: firefox
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 1001
' | sudo tee /etc/apt/preferences.d/mozilla-firefox
fi
# Also ensure that updates to firefox also prefer the mozilla version:
if [ ! -e /etc/apt/apt.conf.d/51unattended-upgrades-firefox ]; then
echo "Unattended-Upgrade::Allowed-Origins:: \"LP-PPA-mozillateam:$release\";" | sudo tee /etc/apt/apt.conf.d/51unattended-upgrades-firefox
fi
# Now install Firefox from Mozilla's PPA:
sudo add-apt-repository -y ppa:mozillateam/ppa
sudo apt update -y
sudo apt install firefox -y --allow-downgrades
# Disable AppArmor for Firefox to ensure the Firefox extension can connect to KeepassXC:
has_readlink=`which readlink`
link=
if [ ! -z "$has_readlink" ] && [ -e /etc/apparmor.d/disable/usr.bin.firefox ]; then
    link=`readlink /etc/apparmor.d/disable/usr.bin.firefox`
fi
if [ -z "$link" ]; then
    sudo ln -s /etc/apparmor.d/usr.bin.firefox /etc/apparmor.d/disable/usr.bin.firefox
    sudo apparmor_parser -R /etc/apparmor.d/usr.bin.firefox
fi
echo "Run KeePassXC and enable browser integration (menu Tools -> Settings -> "
echo "Browser Integration, tick \"Enable browser integration\" and \"Firefox\")."
echo "Now run Firefox, open settings of the KeePassXC extension -> Connected Databases -> Connect"

Sunday, December 3, 2023

Implementing a stack in bash

I needed to convert simplified HTML to wiki markup. For that I first needed to check the syntax of the HTML. A stack is perfect for that, but how to do it?

declare -a stack
# push
stack+=($tag)
#pop
unset stack[${#stack[@]}-1]

And that is all there is to it.

Sunday, July 9, 2023

Best laptops for Linux

Having owned a number of laptops over the years in my efforts to find the ideal one to run Linux I would recommend to anyone engaged in the same expensive and frustrating pursuit the following two machines/brands that firstly run Linux well, and secondly last more than 12 months before they fall apart.

Clevo L140MU or later models (also called Metabox, System 76 etc)

Advantages

Comes without any operating system, so you can avoid the "Microsoft tax"
Runs Linux well
Is very light -- has magnesium body under 1kg
Very durable. I have had mine for three years still works mostly OK (see below)
Great 72 Wh battery
Great keyboard with backlight
Great trackpad though simple like Apple one
180 degree lid
Can be charged from USB-C port using a generic 65W charger

Disadvantages

The rubber feet eventually come off -- stuck them back on with superglue
Power supply hard to source and the connector failed after 12 months, had to use USB-C
Fan got a bit noisy after 3 years
Function keys only work when pressing Fn button as well

Lenovo T480, T14, P14s

Advantages

The toughest laptops I have ever used. Still work perfectly after 5 years
P14s comes without Microsoft tax
Supports Linux well
Function keys work without pressing Fn
USB-C charging only
Splill-resistant keyboard
Rubber feet never come off

Disadvantages

Heaver than the Clevo (1.6kg)
Battery not as good (50Wh)
P14s requires a patch from Radeon to support suspend/resume
Microsoft tax with T14
T480, T490 keyboard usually not backlit

The only major brand I haven't tried is Asus. The others I wouldn't reccommend.

Thursday, May 25, 2023

Migrating an openldap database to a new installation

If you are familiar with Openldap you may have become frustrated with the difficulty of migrating a database from one installation to a fresh instance of Openldap. There is an easy way to do this, using a combination of slapcat and slapadd. The only drawback is that it destroys the database at the destination. However, this is usually a new copy of Openldap, so it doesn't matter.

Ldap is a tree

It is important to realise that an ldap database is a tree. That is, there is only one node at the root, and every descendant node must have only one parent. When you install Openldap the tree consists of one node called "nodomain", which, if not destroyed, will likely conflict with anything you import. What you really want is for the root to consist of a "suffix" of your choice, such as mycompany.com, which ldap breaks down to dc=mycompany,dc=com.

Exporting your ldap tree

On your old Openldap installation you must first export the data. For this I recommend you use slapcat:

slapcat [-b suffix] -l output.ldif

You can specify a suffix, which will then export only that portion of the tree. This is useful when your old installation contains a sub-tree you want installed in standalone form on the new instance of Openldap. Or just omit it, and the entire tree will be exported to the file export.ldif.

Importing the exported tree to a new Openldap instance

slapadd is a simple utility that copies the exported database into an empty database. I provide here a script for doing this. Notice that it first deletes the old database (the one defining "nodomain" as the root) to avoid conflicts. To do this it must first stop the slapd service and restart it again afterwards.

#!/bin/bash
read -p "ldif file to install: " LDIF
if [ "$USER" != "root" ]; then
    echo "you must use sudo i.e. sudo ./install_ldif.sh"
    exit
fi
if [ -z "$LDIF" ] || [ ! -e "$LDIF" ]; then
    echo "Invalid or empty LDIF file: $LDIF"
    exit
fi
read -p "This will destroy your existing LDAP database! OK? (y/n) " YES
if [ -z "$YES" ] || [ "${YES:0:1}" == "n" ] || [ "${YES:0:1}" == "N" ]; then
    exit
fi
# customise if not in this location
LOCK="/var/lib/ldap/lock.mdb"
DATA="/var/lib/ldap/data.mdb"
systemctl stop slapd
# remove existing database
if [ -e "$LOCK" ]; then
    rm "$LOCK"
fi
if [ -e "$DATA" ]; then
    rm "$DATA"
fi
slapadd -l "$LDIF" > /dev/null 2>&1
if [ "$?" == 0 ]; then
    sudo chown openldap:openldap "$LOCK"
    sudo chown openldap:openldap "$DATA"
    if [ $? -eq 0 ]; then
        systemctl start slapd
        if [ $? -eq 0 ]; then
            echo "restarted openldap daemon successfully"
        fi
    else
        echo "Import failed!"
    fi
else
    echo "Not restarting openldap daemon due to errors"
  fi

If you install ldap-account-manager (in Debian/Ubuntu) you can see the tree it creates in Tools->Tree view, which should be identical to the one you exported.