Friday, November 10, 2023

Installing a printer on the Eero router in Debian

In a hurry? See the short version at the bottom.

I recently switched to fibre internet and got a free eero router. Computers, phones and tablets in the house all connected easily, but my Brother HL-1212W was a problem. Previously I had installed the printer using WPS (Wi-Fi Protected Setup), which allows devices to connect without a password, but the Eero does not support it

eero does not support WiFi Protected Setup (WPS), as it has well-documented security issues.

My printer is a budget model with no LCD screen and no keypad, and the only way to get it to connect to the network is to set it up with WPS. I could connect the printer with a USB cable and set it up easily using printer-driver-brlaser from the Debian repository, but this driver does not enable communication with printer settings. I believe the Windows driver does, but for Linux users with older printers, this could be a big problem.

Fortunately, I still had my old router which I bought myself, so I could access printer settings by turning that back on and connecting to the old network (once I had remembered the password I had given the printer!).

My problems didn't end there, however. I had given the printer a static IP address, and assumed that I would have to again. In changing settings in the printer configuration page, I only managed to break the connection to the old router. 

I tried the WPS setup again, but it didn't seem to work. After much turning off and on again, the printer managed to connect to the old network. I later discovered that the eero uses a single SSID for 2.4 and 5 GHz frequency network connections, and that 2.4GHz devices (ie my printer) may be "unstable" and "experience an issue" (eero Help Centre). Apparently it's possible to disable 5GHz for ten minutes, which would probably have helped here, although eero don't mention this on the How do I connect my printer to my eero network? page.

After that, I discovered that the eero router doesn't do static IP addresses. Instead, devices can be given a reserved IP address by MAC ID after connecting by DHCP. This apparently is a good thing, see Port Forward and The Tech Journal.

So, finally having got back a connection to the printer using the old router, I could run the printer connection wizard to give the printer the password to connect to the eero. I gave the printer a reserved IP address using the Android app (which is the only way to administer the eero).

At which point, the printer should have been discovered automatically, but, following the pattern of this story, of course it wasn't. To cut a long story short, I had to enter the IP address of the printer in the New Printer dialogue. Entering the router IP address brought up some sort of Windows Samba printer connection dialogue.

You must log in to access  Domain WORKGROUP

The router IP address is blocked by eero (which insists on administration by smart phone app, as mentioned above). A wild guess would be that the eero expects connections to the printer to be made via Samba, which might be normal for Windows computers (and Apple? No experience here) and as a result cups-browsed can't detect the printer automatically. Funnily enough, it could in Bullseye, but not in Trixie. Details here: Debian Forum.

The short version:

  • Older printers without a screen that require WPS to connect to a network may be a problem, as the eero doesn't have WPS. Access the printer homepage using the old router and run the connection wizard.
  • If you have an older router with WPS, disable 5GHz in the eero before trying to connect.
  • Do not try to give the printer a static IP address in printer settings - from the eero app, assign the printer a reserved IP address.
  •  If the printer is not discovered automatically in the New Printer dialogue, try entering the printer's IP address in the Host field in Find Network Printer.

 


Wednesday, September 20, 2023

Does Debian Testing need a security repository?

Debian Testing is for testing the upcoming new release of Debian as it develops. You may think the clue is in the name, but some people seem to regard it as a rolling release. It's not. As a Debian installation for daily use, it is in fact the least secure Debian version. Security fixes go through the normal process of migration from Unstable to Testing, which may take days, because new packages must not introduce release critical bugs, whereas the Stable release gets security updates immediately from a special security repository.

As the Debian Wiki says:

Security for testing benefits from the security efforts of the entire project for unstable. However, there is a minimum two-day migration delay, and sometimes security fixes can be held up by transitions. The Security Team helps to move along those transitions holding back important security uploads, but this is not always possible and delays may occur. Especially in the months after a new stable release, when many new versions are uploaded to unstable, security fixes for testing may lag behind. If you want to have a secure (and stable) server you are strongly encouraged to stay with stable.

The Debian Wiki recommends an active approach to security when using testing.

It is a good idea to install security updates from unstable since they take extra time to reach testing and the security team only releases updates to unstable.

For details of how to do so, see the Wiki link. This involves an Apt pinning process, not just enabling the Unstable repository, which would give you an Unstable installation, aka Sid, the notorious breaker of toys.

A security repository for Testing exists, but I have always believed it was for users of Testing who intended to stay with the next release. Say you have new hardware and find that Debian Stable does not work, but Debian Testing does. You might decide to accept or mitigate the risks by watching for and installing security updates from Unstable - (see above) and use Testing until it becomes Stable.

In which case, Debian sources list would look like this at the time of writing:

deb http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security/ trixie-security main

"trixie" would of course be replaced by the codename of the Testing relase at any point in Time. If you are reading this years in the future, it may be different. Local mirrors for the primary repository are of course also acceptable.

I have always believed (and indeed the Debian Wiki said so) that the repository would be empty, just there so that users would have the security repository automatically when Testing became stable in case they forgot to add it after the release. For that reason, I have never added a security line to my sources.list.

However, I noticed recently (in fact it was pointed out to me by a member at the Debian User Forum) that a security line is recommended for users of Testing tracking either the current codename or Testing in their sources.list.

The Debian Wiki did not explain why, so I contacted a member of the Wiki team to ask for clarification. It seems that under exceptional, rare circumstances very serious bug fixes may indeed be added to the Testing security repository, which is why the Debian Wiki recommends it, and the answer to the question in the title of this post is "yes".

For people tracking Testing like me, source.list should look like this:

deb http://deb.debian.org/debian/ testing main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security/ testing-security main

I have edited a couple of Debian Wiki pages to reflect this new information or to make clear why the security repository is recommended for all Testing users. Many thanks to my contact at the Debian Wiki team for providing the information.





Saturday, July 8, 2023

Desktop icons and menu not showing

Debian is working do smoothly these days I rarely have anything to post about (currently Trixie/Testing).

But today I noticed that there were no icons on my desktop, and the right click menu wasn't appearing (I rarely ever see my desktop, as XFCE restores my previous session at boot).

The solution was to delete ~/.cache/sessions/, as suggested in this topic at the Arch Linux Forum.

Saturday, February 18, 2023

Debian Bookworm - Release Critical Bug Status

Debian Bookworm has been "frozen", meaning it gets no package updates except bug fixes (boring times for a Testing user!). Time to have a look at the bug graph again. Here it is (Bookworm in green). Currently there are 393 release critical bug to be squashed before it is released later this year.

Release-critical bugs status.

Thursday, February 2, 2023

Claws Mail

Why use Claws Mail?  (I'm asking that question in Linux, but it's available for Windows too.) Well, when I looked at email clients that worked on my Debian XFCE installation, I found Thunderbird using 600MB of RAM and Evolution using 300MB. Even GMail open in a browser tab uses 300MB. Claws Mail, on the other hand uses 73MB of RAM:

This would certainly make it useful on an old computer with little memory available, but doesn't it look like some relic from the Windows 95 era? No, it supports GTK3 and at least in Debian some nice themes are available. Still old school but looks OK:

So here is the full list. Why use claws mail?

  • Lightweight, low memory usage, but still full featured. Does filtering and processing. Fits in to the XFCE desktop well. In Gnome I use Geary for casual emails and Evolution for more serious use, but Claws does both.
  • Supports GTK3 and has a wide range of themes available, from old school to modern.
  • Supports OAuth2, the authorisation protocol used by GMail and other email providers now.

There are also some features that Claws Mails does not have that may be reasons not to use it. On the other hand, they may be features you do not need or want:

  • Push emails are not a feature. You have to wait until Claws Mail check for new mail, at whatever interval you set.
  • New email desktop notifications from GMail don't work because GMail doesn't mark any messages as 'New'. There is a patch available to change behaviour to notify for unread messages, but it involves compiling Claws from source code.
  • Emails are displayed by default as plain text, not HTML. There is a plugin to switch to HTML view, but if you prefer the formatting, fonts and background images of HTML mail, Claws is probably not for you.
  • Claws Mail doesn't do the modern tiled subject column that Geary does. Layout is strictly old school.

So there you have it, a lightweight, minimal (but still powerful) email client to keep open if you don't like web mail or the size of some other email clients, and are not put off (or in fact enjoy or want) basic email features.

 


Wednesday, February 1, 2023

The secret of the Bessler wheel

Recently I wrote about a modern "perpetual motion" machine, a bicycle wheel that revolves for years without any apparent source of power. Of course it is not really a perpetual motion machine. It was built by a scientist as a challenge for those who saw it to work out how it was powered,  a challenge that 40 years later still baffled Adam Savage in a YouTube video.

I was fascinated by the reference in that video to the Orffyreus wheel, a similar machine from the 18th century. The name was code for the real name of the inventor, Johann Bessler. His wheel (or wheels, actually, as he built several of different sizes) would start moving from stationary with a slight push and would run at 25-50rpm for up to 54 days without any obvious energy source. They could do real work, lifting 5-40lb, depending on the size. Even today there is speculation that he may actually have discovered a source of perpetual motion.

I think the secret is quite simple however. The machine had to have a source of energy, and how would you power a machine like this? Gravity. There were clocks powered by gravity from the period like this one:

A heavy weight on a rope wound round the cylinder visible in the picture would have rotated the cylinder, with the torque converted to movement of the hands by a train of gears. It was obviously situated in a tower or high up on the face of a building or in a high space.

A simple falling weight would not work to power a wheel because it could not pass through the axle. Most probably there was a weight (or weights) attached to a shaft around the axle, powering the mechanism again through a gear train.  A couple of large lead weights falling from the top of the machine around the inner circumference towards the base could have powered a hollow wheel on bearings for many days, or easily contained enough energy to explain the work the machine did. (Yes, they did have bearings in the early 18th century.)

So there you have it. The wheel was a clock. There are actually a couple of very large clues: the pendulum on the front of the wheel controlling an escapement, and the fact that Bessler was an apprentice watchmaker.

Some witnesses of the Bessler machine stated that they could hear falling weights in the wheel, leading to speculation that it was a weighted wheel machine. Such a machine can work, if there is an input of energy, giving weights at the top of the wheel a nudge upwards (and increasing their potential energy). The power source I have described could have been used to do this.

I suppose it's possible that with a complex mechanism of large weights and smaller weights moving in the machine Bessler genuinely thought he was getting something for nothing and failed to realise he was supplying the machine with potential energy in setting up the machine in a state where some of those weights could fall over time, supplying the machine with the kinetic energy it needed to keep running. I'd somehow rather believe that he wasn't an outright fraud.


Monday, January 23, 2023

The secret of the Dreadco perpetual motion machine

Back in 1981 I was an A Level science student. Suggested reading was the New Scientist magazine, which at the time was a serious academic publication. (It seems to be more general interest science now.) Being a fairly lazy A Level science student, I would read the first third of a few articles before getting lost in the detail, skip the middle of the magazine, which was just job adverts, and read the page inside the back cover, a humorous page written by Dr David Jones under the pseudonym Daedalus. 

I don't remember much of what I read, to be honest, but I do remember that in one issue David Jones issued a challenge to readers to work out how a "perpetual motion" machine he had built worked, with the answer and the names of those to guess correctly to be published in the magazine in the next issue. Of course, this being a serious scientific magazine, there was no suggestion that it was a real perpetual motion machine.

I thought about it for a while, and had an idea as to how the wheel was supplied with energy to keep turning. I wrote to David Jones and he wrote back to say my suggestion was correct. Unfortunately my letter just missed the deadline. The names of two other people who had guessed correctly were published in the magazine. I seem to remember that he wrote that he had decided not to reveal how the machine worked for a while longer, to keep people guessing...

I didn't think about it again until a few days ago when a YouTube suggestion for a video about the very machine appeared while I was watching something else. I never thought that over 40 years later it would still be a source of mystery and debate.

I wish I had kept my letter from David Jones, but as far as I knew he was going to reveal how the machine worked in a week or so, so I chucked it in the bin. Apparently all David Jones' letters about the machine are archived, so my letter could be in there!

So what is the secret? Well, I would hate to spoil a 40 year old mystery. It's not really that difficult to guess. A number of people in the YouTube comments have suggested the answer I came up with. As Virginia Mills intimates in the video, look for a mundane explanation, rather than an exotic one. She also gives a huge clue in talking about Orffyreus' weighted wheel perpetual motion machine. The idea of falling weights adding impetus to a wheel is initially attractive until you remember that there is actually no net input of energy because the momentum of the wheel has to drag the weight upwards from a lower level on the way up. Without a source of energy it won't work.





But with a source of energy?




Sunday, January 22, 2023

Email clients for GMail in Debian Bookworm

I've been using the Thunderbird email client in Debian Bookworm XFCE for a while, but it seems to have a bug causing it to use 50-60% of the CPU and 500-600MB of RAM constantly, so I thought I would try out the alternatives.

I tried Geary but that won't run without the Gnome online accounts service, so I tried Claws Mail. That can read emails from GMail with an application password, but cannot send emails by SMPT, [See correction below] I suspect because GMail is constantly imposing increasingly restrictive security requirements. Claws now supports OAuth2, Google's latest security hoop, but getting an authorisation code is a process intended for software developers and not users. I tried it at one point, but gave up when I was asked for my credit card details. It's a shame because Claws seems quite suited to the feel of XFCE.

Which left me with Evolution, actually my favourite email application in Gnome. It installs without bringing down a lot of Gnome stuff with it, and runs OK.  Unlike Thunderbird it only uses 300MB of RAM, and CPU usage at idle is 0-1%.

It's a shame only big projects can afford the cost of enabling OAuth2 login for users (for which Google apparently charges a fee). GMail users on XFCE really only have the option of using Evolution a the moment it seems. I would be nice is there was a more minimalist option like Geary is in Gnome. Claws could be that option, but at the moment it is crippled by Google's security restrictions.

 

Update: Correction, Claws can send emails with a GMail application password, just, for some reason, not to yourself, which is how I was testing it. LinuxQuestions.

I also managed to get it to work with OAuth2 (entirely by accident) without giving Google my credit card details. I will try to work out how it happened in a future post.



Monday, January 2, 2023

Folder retention policy in Thunderbird


I have a folder of promotional emails which I look at from time if I need some service parts for the car or a new cartridge for the printer because sometimes there are sales or discounts worth taking advantage of. In Thunderbird I set the retention policy to delete messages more than 30 days old, because obviously these offers expire after some time.

I checked the folder recently and found that all my emails were still there.

After quite a bit of checking and searching, I found that you have to run File/Compact Folders to make the policy active for the first time.

Red Hat Bugzilla

A feature not a bug, apparently.

 I entirely agree with Mike A. Harris' comment on the bug report.

I chose "File->Compact Folders" in 2.0.0.21 and it does not seem to work, however if I right click directly on the folder with a retention policy and choose the "Compact" option, it causes the folder to flush mail older than the retention timeframe. I'm not sure if thunderbird will auto-flush mail in that folder afterward or not, or if you have to constantly manually choose "compact".

Personally, I still consider this a bug because the majority of users who choose to set a retention policy of n days are neither informed that, nor are they likely to guess that they have to perform another action like "compact". So if it isn't considered a bug per se. then it definitely is a design flaw. Having said that, it probably belongs in the upstream bugzilla I guess. 

Hopefully thunderbird 3 has a more intuitive design that works like one would expect. :)

I checked my promotions folder again today, and it seems the retention policy is now in force, as emails older that 30 days have been deleted. As Mike pointed out, you need to right click the folder and choose the Compact option for the policy to work.


Action buttons in notify-send notifications

Search for "action button notify-send", and the first two results currently say "It seems notify-send can't do this", or "No, notify-send doesn't support the use of actions/buttons", which isn't true any more.

This action was added about a year ago.

gitlab.gnome.org

From the manual:

OPTIONS

       -A, --action=[NAME=]Text...
           Specifies the actions to display to the user. Implies --wait to
           wait for user input. May be set multiple times. The NAME of the
           action is output to stdout. If NAME is not specified, the numerical
           index of the option is used (starting with 1).

Action buttons return a specified output (or an output of 0, 1... if no output text is specified). If they are not clicked, output is null. Thus

--action=yes=Okay --action=no=Cancel

Returns "yes", "no" or null.

--action=Okay --action=Cancel

Returns "0", "1" or null.

Output can be redirected to a text file and used to run a command:


#!/bin/bash
notify-send --icon=system-software-update -w --action=yes="Click to update" "Updates available" > output.txt
action=$(cat output.txt)
if [ "$action" == "yes" ]; then
synaptic-pkexec
fi


or to a function:


#!/bin/bash
action=$(notify-send --icon=system-software-update -w --action=yes="Click to update" "Updates available")
if [ "$action" == "yes" ]; then
synaptic-pkexec
fi


which seems like a better way to do it.

To have the number of updates in Debian:

 #!/bin/bash
updates=$(aptitude search '~U' | wc -l)
action=$(notify-send --icon=system-software-update -w --action=yes="Click to update" "$updates Updates available")
if [ "$action" == "yes" ]; then
synaptic-pkexec
fi

This can be used in my update notification Genmon script for XFCE.

 

Update: If used with Genmon script, add the following to refresh the Genmon panel notification after the update:

if [ "$action" == "yes" ]; then
synaptic-pkexec && sleep 2 && xfce4-panel --plugin-event=genmon-<n>:refresh:bool:true
fi

Where <n> is the Genmon ID number obtained by hovering over the Genmon item item in Panel Preferences > Items.

Sunday, January 1, 2023

Scanning from an HP All In One printer without HPLIP

My old HP Deskjet 3050 j610 doesn't need the HP Linux Imaging and Printing (HPLIP) package to print, just printer-driver-hpcups, but I've never been able to get it to scan without HPLIP. I wondered if it was possible get scanner support without installing the HPLIP package. Indeed it is.

The SANE backend libraries are in libsane-hpaio, which can be installed without installing HPLIP by doing

# apt install --no-install-recommends libsane-hpaio

Debian Wiki.

To scan over the network, it's necessary to supply the URI of the scanner, in my case, like this

$ simple-scan hpaio:/net/deskjet_3050_j610_series?ip=192.168.2.101

Debian Wiki.

To get Document Scanner (simple-scan) to find the scanner when launched from the XFCE menu, I appended the URI to the launcher.

And scanning now works without HPLIP.

This method applies to all HPAIO printers, although some may need a plugin. The Debian Wiki describes how to install this if needed.

This is of course an old printer. More modern HPAIOs support driverless scanning and should be detected automatically without needing HPLIP or any of its dependencies.

Debian Wiki.