Monday, September 29, 2025

A look at XFCE in Debian Trixie

I haven't written about XFCE in Debian for a while. I've noticed that one of my old posts, A look at XFCE in Debian Wheezy, is getting quite a few hits. It's a post from 12 years ago, so I can only imagine that people are really looking for something more current, so it's probably time for an update.

When writing the previous post, I was using a machine that originally came with Windows XP. This time I'm writing on a machine that originally came with Windows 8. The points I made then still apply: XFCE runs quite happily on older hardware, and it's a bit old-fashioned in its desktop paradigm, which may or may not appeal to users.

An interesting point to make is that at the time of writing the previous post, there were a lot of complaints about the performance of Windows 8 on low-spec computers (which this is). XFCE on this machine performs perfectly well, as it does on my even older laptop from the Windows 8 period.

I haven't touched a Windows machine for almost a decade, but I have noticed that Windows 10 has reached its end of life, and that Windows 11 will not run on older, lower spec machines, ones that would be a lot more modern and more powerful than this computer. Deja vu?

This would be a good opportunity to point out that computers running Windows 10 that can't update to Windows 11 will run Linux quite happily for many years to come!

There are of course Linux distributions that are aimed at new users. XFCE in Debian comes very much as shipped by XFCE. There is no welcome screen, there are no tutorials, no helpful system tools, no update, software or driver managers, no system snapshot tool, and no customisation to the desktop panel positions, theme or icons.

Screenshot of the Debian Trixie live image

Screenshot from xfce.org

If you fancy a more bare bones approach, getting to grips with Debian system tools, and customising the desktop to your own preferences, Debian XFCE does offer legendary stability. This is often assumed to be implied by the name of the current release, Debian Stable, but stable in the name means "doesn't change much" rather than "doesn't fall over". Packages are tested during the two-year development process, and then receive only security updates and minor fixes after release. The corollary of this process is that Debian doesn't fall over very often, as bugs are knocked out during testing, and not introduced by package upgrades after release.

This is especially advantageous for older computers, as support for newer hardware can be lacking in the Stable release. My two older machines had a few minor glitches with Debian when new, but now run it faultlessly.

Over the years I have written about a few niggles with Debian XFCE: problem panels and unwanted saved sessions, ugly fonts, suspend doesn't work when the screen is locked, confusing power management behaviour, no icons for special folders in the home directory in the default theme, authentication dialog for root privileges broken, and media playback and non-free firmware not enabled by default.

I am happy to say that non of these is an issue any more, although the suspend/lock screen issue will require a bit of manual intervention until the XFCE fix is implemented properly in Debian (see the post for details). 

One new option in Trixie XFCE worth mentioning is Docklike Taskbar, which is available after installing the package xfce4-docklike-plugin.

It provides a Windows 7/8 (or Linux KDE) method of Windows switching, shown above in an XFCE bottom panel, with option window preview enabled.

It also addresses one of my previous complaints about XFCE: application quick launchers can be added to the panel, but running appear separately. Docklike Taskbar combines quick launch icons with window switching icons.

The default XFCE layout has quick launch icons in a bottom "mock dock" panel, and running application buttons in the top panel. For those who like the layout, I think Docklike Taskbar would be a better option in the bottom panel, combining quick launch and windows switching.

For those who prefer a single bottom panel, here's an extreme example:

Quick launchers and iconified window buttons.

Combined launcher/switcher buttons in Docklike Taskbar (running applications are underlined).

As mentioned previously, Debian does not customise the appearance of XFCE at all. The icons used in the screenshots above are a mixture of Arc and Papirus, the theme is Arc-Lighter, and there is a single bottom panel.

Customising  XFCE by changing the theme, icon theme and panel layout is a simple process. Here is my current preference, to compare with the defaults above.

 With the Debian Trixie wallpaper.

 With the XFCE wallpaper.

With applications open, using the old-school window buttons.

As mentioned above, Debian XFCE does not come with an update manager. The update notification in the second screenshot is my own Genmon script. an update with the latest version is coming soon, so keep watching the blog!

A final thing to say about XFCE 4.20 is that Wayland is available as an experimental option. Keep watching for a post about that too. 

 

 

 

 

 

 

 

 



Wednesday, September 17, 2025

New Firefox ESR is late in Debian (again)

Update: Firefox ESR 140 arrived as a security update in the afternoon of  the morning of this post. My apologies for misrepresenting the update process.

It's still important to note that Firefox ESR 128 is EOL, has security vulnerabilities, and will not get security updates.

Users of Debian Testing will have an unsecure browser until the new version of the browser passes through the update process from Unstable.

Users of Debian Trixie should ensure they have the security repository enabled and have updated Firefox. 

--------------------------------

Firefox ESR 128 has reached its EOL, which means no more security fixes, but the new version (140) has only just gone into Unstable, which means there will be a period of testing as 140 moves from Unstable to Testing to Trixie, the current version of Debian, and to previous still-supported versions.

There are currently seven security issues affecting Firefox ESR 128.

Just to be utterly sensationalist, I looked for anything scary about these vulnerabilities. Well, this is pretty scary:

A remote code execution vulnerability has been identified in Firefox versions below 143 and Firefox Extended Support Release (ESR) below 140.3. This vulnerability allows attackers to execute arbitrary code on affected installations, which could lead to unauthorized access and manipulation of user systems. It is crucial for Firefox users to update to the latest version to mitigate potential exploitation risks.

securityvulnerability.io

The reason for the (again) in the title is that this is not the first time this has happened. See this post from 2021.

I have no idea why Debian does not begin the process of switching to the new ESR version before EOL. If anybody does, please let me know in the comments.

Debian users concerned about the security vulnerabilities present in Firefox ESR 128 can use an alternative browser like Chromium, or install Firefox directly from Mozilla.

wiki.debian.org