Power Manager in Debian Trixie XFCE and lock screen settings

Depending on the time of reading this, you may be wondering why lock screen settings are not working in XFCE Power Manager in Debian Trixie, or why lock screen settings have changed, or rejoicing that a long-standing bug in Power Manager has been fixed.

Let me explain. XFCE 4.20 in Debian Trixie has dropped light-locker: 

There is no dedicated "security" tab anymore. Lock screen management was massively simplified and "Light Locker" was dropped. "lock-on-sleep" is now synchronized with xfce4-session and xfce4-screensaver. Screen locking settings are now only handled by xfce4-screensaver to avoid conflicts. A button to open xfce4-screensaver-preferences was added.

 XFCE 4.20 tour

Unfortunately, xfce4-screensaver has not been made a dependency of Power Manager, meaning the user will not be able to change lock screen settings. See this topic on the Debian User Forum. There is a bug report for this issue. The good news is that removing light-locker and installing xfce4-screensaver gets everything working nicely.

More good news is that this change side-steps an eleven year old bug which meant that suspend would not work with the screen locked using light-locker. See my blog post on the issue, the Debian Wiki on the issue, and the bug report.

So, if you are using Debian Trixie XFCE at the time of writing, you may have come to this post seeking an answer as to why you can't change lock screen settings any more. If you are reading at some point in the future where xfce4-screensaver has been added as a dependency, you may have noticed a change in XFCE Power manager, the absence of the Security tab, or the presence of a new Screensaver Management button.

Whatever the case, Power Manager in XFCE 4.20 in Debian Trixie using xfce4-screensaver is now a joined-up and rational, rather than the dog's breakfast it was in the past (see my post from 2013), and finally bug-free after over a decade. Happy days!

System sounds in Debian XFCE

If you look under the Settings tab of the XFCE Appearance application, you will find two options under Event sounds, Enable event sounds and Enable input feedback sounds. (Quite why a sound setting would be in the Appearance menu is a bit of a mystery, but hey-ho.)

In Debian at least, ticking these options seems to have no effect. It hasn't really bothered me for years, but I thought I would investigate if it is possible to enable system sounds.

As is often the case with Linux issues, I came across various suggestions on the issue dating back over a decade. This is what worked for me. First install package libcanberra-pulse, and check that System sounds are enabled in the audio mixer.

This got me some system sounds. Changing audio volume in the audio mixer (but not from the panel icon) produced a sound.

Other system sounds required package libcanberra-gtk3-0, and exporting a GTK module, which as far as I can work out makes the kernel aware that GTK events should trigger a system sound. The instructions are at ubuntuforums.org. They date from 2012, but still seem to be necessary and work.

The default sound theme installed has sound for a limited number of events, so I installed the Smooth sound them which has more.

Here are my sources of information:

How to enable system sounds forum.xfce.org

[Solved] System Sounds forum.xfce.org

13 year old bug in Tango icons fixed in Debian!

The default icon theme in Debian XFCE has had an annoying bug for a very long time. I wrote about it in 2013, but the issue was reported as a bug in 2011. (See bugs.freedesktop.org for the original bug report and gitlab.freedesktop.org for more information.)

There were no icons for special folders in the home directory with the Tango icon theme, meaning that these folders defaulted to the Gnome icon theme, as shown in this screenshot from the Gitlab bug report:

The Tango icon project has been dead for 16 years, but Matteo Bini has forked the Tango icon theme to include XDG user directory icons (as well as other fixes).

The forked package has replaced the original Tango icon theme in Debian Testing, so the next release of Debian will have icons for special folders in XFCE at last, and the home directory will look like this:

Personally I prefer the look of the Papirus icon theme, but at least now the default icon theme will not have this annoying bug.

The Tango icon theme is still a bit dated in some ways. For example, the Synaptic icon is a box a CD and a floppy disk.

Hands up anybody who can remember installing software from a floppy disk, and if you do, doesn't getting old suck?

 

Installing a printer on the Eero router in Debian

In a hurry? See the short version at the bottom.

I recently switched to fibre internet and got a free eero router. Computers, phones and tablets in the house all connected easily, but my Brother HL-1212W was a problem. Previously I had installed the printer using WPS (Wi-Fi Protected Setup), which allows devices to connect without a password, but the Eero does not support it. 

eero does not support WiFi Protected Setup (WPS), as it has well-documented security issues.

My printer is a budget model with no LCD screen and no keypad, and the only way to get it to connect to the network is to set it up with WPS. I could connect the printer with a USB cable and set it up easily using printer-driver-brlaser from the Debian repository, but this driver does not enable communication with printer settings. I believe the Windows driver does, but for Linux users with older printers, this could be a big problem.

Fortunately, I still had my old router which I bought myself, so I could access printer settings by turning that back on and connecting to the old network (once I had remembered the password I had given the printer!).

My problems didn't end there, however. I had given the printer a static IP address, and assumed that I would have to again. In changing settings in the printer configuration page, I only managed to break the connection to the old router. 

I tried the WPS setup again, but it didn't seem to work. After much turning off and on again, the printer managed to connect to the old network. I later discovered that the eero uses a single SSID for 2.4 and 5 GHz frequency network connections, and that 2.4GHz devices (ie my printer) may be "unstable" and "experience an issue" (eero Help Centre). Apparently it's possible to disable 5GHz for ten minutes, which would probably have helped here, although eero don't mention this on the How do I connect my printer to my eero network? page.

After that, I discovered that the eero router doesn't do static IP addresses. Instead, devices can be given a reserved IP address by MAC ID after connecting by DHCP. This apparently is a good thing, see Port Forward and The Tech Journal.

So, finally having got back a connection to the printer using the old router, I could run the printer connection wizard to give the printer the password to connect to the eero. I gave the printer a reserved IP address using the Android app (which is the only way to administer the eero).

At which point, the printer should have been discovered automatically, but, following the pattern of this story, of course it wasn't. To cut a long story short, I had to enter the IP address of the printer in the New Printer dialogue. Entering the router IP address brought up some sort of Windows Samba printer connection dialogue.

You must log in to access  Domain WORKGROUP

The router IP address is blocked by eero (which insists on administration by smart phone app, as mentioned above). A wild guess would be that the eero expects connections to the printer to be made via Samba, which might be normal for Windows computers (and Apple? No experience here) and as a result cups-browsed can't detect the printer automatically. Funnily enough, it could in Bullseye, but not in Trixie. Details here: Debian Forum.

The short version:

• Older printers without a screen that require WPS to connect to a network may be a problem, as the eero doesn't have WPS. Access the printer homepage using the old router and run the connection wizard.
• If you have an older router with WPS, disable 5GHz in the eero before trying to connect.
  
• Do not try to give the printer a static IP address in printer settings - from the eero app, assign the printer a reserved IP address.
•  If the printer is not discovered automatically in the New Printer dialogue, try entering the printer's IP address in the Host field in Find Network Printer.
  

 

Does Debian Testing need a security repository?

Debian Testing is for testing the upcoming new release of Debian as it develops. You may think the clue is in the name, but some people seem to regard it as a rolling release. It's not. As a Debian installation for daily use, it is in fact the least secure Debian version. Security fixes go through the normal process of migration from Unstable to Testing, which may take days, because new packages must not introduce release critical bugs, whereas the Stable release gets security updates immediately from a special security repository.

As the Debian Wiki says:

Security for testing benefits from the security efforts of the entire project for unstable. However, there is a minimum two-day migration delay, and sometimes security fixes can be held up by transitions. The Security Team helps to move along those transitions holding back important security uploads, but this is not always possible and delays may occur. Especially in the months after a new stable release, when many new versions are uploaded to unstable, security fixes for testing may lag behind. If you want to have a secure (and stable) server you are strongly encouraged to stay with stable.

The Debian Wiki recommends an active approach to security when using testing.

It is a good idea to install security updates from unstable since they take extra time to reach testing and the security team only releases updates to unstable.

For details of how to do so, see the Wiki link. This involves an Apt pinning process, not just enabling the Unstable repository, which would give you an Unstable installation, aka Sid, the notorious breaker of toys.

A security repository for Testing exists, but I have always believed it was for users of Testing who intended to stay with the next release. Say you have new hardware and find that Debian Stable does not work, but Debian Testing does. You might decide to accept or mitigate the risks by watching for and installing security updates from Unstable - (see above) and use Testing until it becomes Stable.

In which case, Debian sources list would look like this at the time of writing:

deb http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security/ trixie-security main

"trixie" would of course be replaced by the codename of the Testing relase at any point in Time. If you are reading this years in the future, it may be different. Local mirrors for the primary repository are of course also acceptable.

I have always believed (and indeed the Debian Wiki said so) that the repository would be empty, just there so that users would have the security repository automatically when Testing became stable in case they forgot to add it after the release. For that reason, I have never added a security line to my sources.list.

However, I noticed recently (in fact it was pointed out to me by a member at the Debian User Forum) that a security line is recommended for users of Testing tracking either the current codename or Testing in their sources.list.

The Debian Wiki did not explain why, so I contacted a member of the Wiki team to ask for clarification. It seems that under exceptional, rare circumstances very serious bug fixes may indeed be added to the Testing security repository, which is why the Debian Wiki recommends it, and the answer to the question in the title of this post is "yes".

For people tracking Testing like me, source.list should look like this:

deb http://deb.debian.org/debian/ testing main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security/ testing-security main

I have edited a couple of Debian Wiki pages to reflect this new information or to make clear why the security repository is recommended for all Testing users. Many thanks to my contact at the Debian Wiki team for providing the information.

Desktop icons and menu not showing

Debian is working do smoothly these days I rarely have anything to post about (currently Trixie/Testing).

But today I noticed that there were no icons on my desktop, and the right click menu wasn't appearing (I rarely ever see my desktop, as XFCE restores my previous session at boot).

The solution was to delete ~/.cache/sessions/, as suggested in this topic at the Arch Linux Forum.

Debian Bookworm - Release Critical Bug Status

Debian Bookworm has been "frozen", meaning it gets no package updates except bug fixes (boring times for a Testing user!). Time to have a look at the bug graph again. Here it is (Bookworm in green). Currently there are 393 release critical bug to be squashed before it is released later this year.

Release-critical bugs status.