Update notifications in Conky

 

An improved Conky system updates notification for Debian (The first version and information on how to enable package list update if you are not using Gnome, which I assume you're not, as Gnome already has update notifications.). This one includes the time of the last package list update so you can see that the system is actually checking for updates, and tells you if there are any security updates (it should list package names to if there are security updates, but I haven't been able to test this yet.) The script requires aptitude.

I used the following code:

Linux - display or upgrade security updates only using apt

How to know last time `apt-get update` was executed?

if_match in Conky

DevHumor

Here's the code:

${if_match ${execi 1800 aptitude search "~U" | wc -l}==0}\ ${alignr}No updates available ${alignr}${color grey}Last check:${color} ${execi 1800 ls -l /var/cache/apt/pkgcache.bin | awk '{print $6,$7,$8}'} ${else}${alignr}Updates available: ${execi 1800 aptitude search "~U" | wc -l} ${alignr}Security: ${execi 1800 aptitude search '~U ~ODebian' -F "%p %O"|awk '/Debian-Security/' | wc -l}  ${execi 1800 aptitude search '~U ~ODebian' -F "%p %O"|awk '/Debian-Security/ {print $1}'} ${endif}

EDIT:

Replaced

${execi 1800 ls -l /var/cache/apt/pkgcache.bin | cut -d' ' -f6,7,8}

with

${execi 1800 ls -l /var/cache/apt/pkgcache.bin | awk '{print $6,$7,$8}'}

The first command would only output the date when the date was one digit only.

[Edit 24/8/21: Bullseye is now released and the first security updates have arrived, allowing me to test the script. I have corrected a typo which meant number of security updates was not displayed.]

Configure automatic updates Gnome

If you search for "configure automatic updates gnome" (without the quotes), the third result will be from help.gnome.org, which you'd think might be useful, but isn't. The Gnome Help site is rubbish, not by virtue of being badly written or designed, but by virtue of being thirteen years out of date. It refers to Gnome 2 (does anybody use Gnome 2 in 2021) and is not relevant today.

The Gnome Blog states that Gnome allows the automatic installation of updates, with configuration options in Gnome Software for installation and notification of installation, for but this turns out to be for Flatpacks only.

So here is a quick guide to configuring automatic updates in Gnome - in this case on Debian Buster.

The Gnome Help page refers to PackageKit being updated by a cron-job. (PackageKit being an update system that works in different distributions and cron being a job-scheduler.)

This was true in 2007, but today it's the Systemd scheduler that triggers updates, as I wrote about here. In XFCE this is not enabled by default, but in Gnome it is, because the package unattended-upgrades is installed, which sets a configuration file which tells APT (the Debian package manager) to check for updates and automatically install security updates when it is triggered by the Systemd timer.

Configuration is done via launching Software & Updates, or  Synaptic > Settings > Repositories (it's the same window).

We can confirm that configuration settings are set in the unattended-upgrades configuration file 20auto-upgrades by watching it as we change the check interval.

 

You can of course change the configuration directly by editing the file in etc/apt/apt.conf.d if you wish. It's also possible to turn automatic installation of security updates off via the GUI or the configuration file.

If you look in that folder you will also notice a file called 20packagekit, which is there to make sure PackageKit knows about updates too.

I presume it is still PackageKit that Gnome Software uses to notify you of available updates. I will have to leave that for another investigation. I don't use Gnome Software because it always asks to restart the computer to install updates even through this is not necessary. Maybe it's possible to configure that too.

For now, I hope this post is useful to somebody like me who has observed updates in Gnome 3 and wondered what was happening.

[Edited for accuracy and clarity.]

[Corrected to reflect the fact that Unattended Upgrades actually installs all packages by default in Debian Buster and later.

The default setting for Unattended Upgrades was changed in Buster. The previous default was to apply security updates, but the default now is to update all packages.

I found a note in the "News" file (found in /usr/share/doc/unattended-upgrades) which states:

Unattended-upgrades in previous versions defaulted to install security updates only on Debian by using the label=Debian-Security origin pattern. Now it is changed to allow updates with label=Debian, which allows applying stable updates in stable releases and following all package updates in testing and unstable. 

In stable releases this unlocks installation of security updates depending on package versions present only in stable updates.]

XFCE Genmon weather script - New & Improved

Update: A commentor has pointed out that the output of ansiweather has changed since this post, adding an extra space which means all the printed outputs are wrong, because they are done according to position in the output. I had already corrected the script for myself but hadn't got round to editing the post. I can't remember if I have corrected all the "print" commands to reflect the line space change, or just the ones I use. If any output is garbled, please post a comment and I'll look at the script again.

The corrected script is here: GenMon weather script at PasteBin.

Thanks to Anonymous for pointing this out.

I tidied up the old script and added new information available from ansiweather (which the script requires). I made it easy to choose which information to display and the units of measurement by commenting out lines.

And added a notification icon if there is no internet.

The script only requires you to add a city and country once at the top. There are various options for what happens when you click the temperature- go to the website, refresh, or show ansiweather in a terminal. Make sure only the one you want is uncommented. If you choose the refresh option, you will need to find the Genmon ID in your panel, as this varies. Hover over Genmon in Panel Preferences>Items.

As before, save the script in a suitable location and make it executable. Add an instance of Genmon in the panel, enter the path to the script and choose a suitable refresh time in seconds.

 

#!/bin/bash
#dontsurfinthenude.blogspot.com/

location=paris,fr
#try city,country code or look up at openweathermap.org
data_metric=$(ansiweather -l $location -u metric -s true -a false -d true)
data_imperial=$(ansiweather -l $location -u imperial -s true -a false -d true)
#comment out one if you want only metric or only imperial
data7day=$(ansiweather -l $location -u metric -s true -a false -f 7) #centigrade
#data7day=$(ansiweather -l $location -u imperial -s true -a false -f 7) #fahrenheit

city=$(echo "$data_metric" | awk '{print $3}')
temp=$(echo "$data_metric" | awk '{print $5$6}') #city,temp,°C
#temp=$(echo "$data_imperial" | awk '{print $5$6}') #city,temp,°F
symbol=$(echo "$data_metric" | awk '{print $7}')
#wind=$(echo "$data_metric" | awk '{print $9,$11,$12,$13}') #wind,m/s
wind=$(echo "$data_imperial" | awk '{print $9,$11,$12,$13}') #wind,mph
humidity=$(echo "$data_imperial" | awk '{print $15,$17$18}') #humidity
pressure=$(echo "$data_metric" | awk '{print $20,$22,$23}') #pressure,hPa
#pressure=$(echo "$data_imperial" | awk '{print $20,$22,$23}') #pressure,inHg
sunrise=$(echo "$data_metric" | awk '{printf "%7s %.5s %s\n", $25,$29,$30}') #sunrise
sunset=$(echo "$data_metric" | awk '{printf "%-7s %.5s %s\n", $32,$36,$37}') #sunset

forecast=$(echo "$data7day" | awk 'BEGIN {format="%s %7s%s  %s\n"} #7-day-forcast
            {printf format, $4,$7,$8,$9}
            {printf format, $11,$14,$15,$16}
            {printf format, $18,$21,$22,$23}
            {printf format, $25,$28,$29,$30}
            {printf format, $32,$35,$36,$37}
            {printf format, $39,$42,$43,$44}
            {printf format, $46,$49,$50,$51}')


PANEL="<txt>$temp</txt>"
PANEL+="<txtclick>firefox --new-tab --url https://openweathermap.org/city/$location[city code number]</txtclick>"
#PANEL+="<txtclick>xfce4-panel --plugin-event=genmon-*:refresh:bool:true</txtclick>"
#Replace "*" with the ID number from the XFCE panel - Preferences>Items (Hover)
#PANEL+="<txtclick>xterm -hold -e  ansiweather -l $location -s true -f 7</txtclick>"

TOOLTIP="<tool>"
TOOLTIP+="<span weight='bold' font='sans regular'>W E A T H E R</span>\n\n"
TOOLTIP+="<span font= 'sans regular'>$city</span>\n"
TOOLTIP+="Now: $temp $symbol\n\n"
#TOOLTIP+="<span font= 'sans regular'>$wind</span>\n"
#TOOLTIP+="<span font= 'sans regular'>$humidity</span>\n"
#TOOLTIP+="<span font= 'sans regular'>$pressure</span>\n\n"
TOOLTIP+="<span font= 'monospace regular'>$forecast</span>\n\n"
TOOLTIP+="<span font= 'sans regular'>$sunrise</span>\n"
TOOLTIP+="<span font= 'sans regular'>$sunset</span>\n\n"
#TOOLTIP+="<span weight='bold' font='sans regular'>Click to update</span>"
TOOLTIP+="<span weight='bold' font='sans regular'>OpenWeather</span>"
TOOLTIP+="</tool>"


if [[ -z "$data7day" || "$data7day" == "ERROR: Cannot fetch weather data" ]]; then

echo "<icon>network-offline</icon>"
echo "<tool>No Internet</tool>"
else
  echo -e "${PANEL}"
  echo -e "${TOOLTIP}"
fi

[Edit: you will have to go to openweather.org and search for the city code number for your town if you want to open the web page on clicking the icon. The script passed the town and city details to the browser, but my browser was opening the correct location because I'd used the page before.]

Things that are fixed in Debian Bullseye

A kernel and lots of firmware updates and Bluetooth is working!

This fixes the issue of the kernel not recognising the Bluetooth adapter because the vendor had reused the chip identifier, with the following message in dmesg.

Bluetooth: hci0: don't support firmware rome 0x31010100

A simple Conky weather script

The script requires ansiweather. It's pretty much self explanatory. Add your town and country code, comment out items you don't want, or double up for extra locations.

#!/bin/bash
#dontsurfinthenude.blogspot.com/

location=london,GB
#try city,country code or look up at openweathermap.org
data_metric=$(ansiweather -l $location -u metric -s true -a false -d true)
data_imperial=$(ansiweather -l $location -u imperial -s true -a false -d true)
#comment out one if you want only metric or only imperial
forecast=$(ansiweather -l $location -u metric -s true -a false -f 7)

echo "W E A T H E R"
echo ""
echo "$data_metric" | awk '{print $3,$5$6,$7}'#city,temp,°C
#echo "$data_imperial" | awk '{print $3,$5$6,$7}'#city,temp,°F
echo ""
echo "$data_imperial" | awk '{print $9,$11,$12,$13}'#wind,mph
#echo "$data_metric" | awk '{print $9,$11,$12,$13}'#wind,m/s
echo "$data_metric" | awk '{print $15,$17$18}'#humidity
echo "$data_metric" | awk '{print $20,$22,$23}'#pressure,hPa
#echo "$data_imperial" | awk '{print $20,$22,$23}'#pressure,inHg
echo ""
echo "$data_metric" | awk '{printf "%7s %.5s %s\n", $25,$29,$30}'#sunrise
echo "$data_metric" | awk '{printf "%-7s %.5s %s\n", $32,$36,$37}'#sunset 
echo ""
echo "Forecast"
echo ""
echo "$forecast" | awk 'BEGIN {format="%s %7s%s  %s\n"}
            {printf format, $4,$7,$8,$9}
            {printf format, $11,$14,$15,$16}
            {printf format, $18,$21,$22,$23}
            {printf format, $25,$28,$29,$30}
            {printf format, $32,$35,$36,$37}
            {printf format, $39,$42,$43,$44}
            {printf format, $46,$49,$50,$51}'
echo ""
echo openweather.org

Toshiba laptop gets a memory upgrade

Previously on this blog I described how my laptop was using 93% of its available RAM and 69% of available swap memory after a few hours use, largely due to having a dozen or more browser tabs open. Not an ideal situation. That doesn't leave any memory available to open up a word processing application or an image editor without the computer slowing down as Firefox is forced to cache tab content to disk. I have noticed that with several memory-intensive programs running, background programs are very slow to reopen, presumable because they have cached content to the disk. And of course with both RAM and swap (virtual memory) almost full, it leaves the computer likely to experience thrashing and crashing, if a program uses too much memory, whether due to me asking it to work on a large file, or some sort of bug causing excessive memory use.

So, time for some new memory. I found an identical card to the existing 4GB card in the laptop on eBay and popped it in the empty slot.

I didn't take a picture, but I have one from when I cleaned the fan (hence the very dusty fan in the corner). The procedure is very simple. Pull out the metal cover between the two sockets, put in the new card pins into socket at a 45 degree angle, push it down till it clicks, and replace the metal cover. Be careful because it has a lug on one side that goes into a hole in the board. Don't forget to earth yourself. I put my naked toe on the copper radiator pipe - only issue in the winter, it's hot, ouch!

A useful command to check memory is:

dmidecode --type memory | less

Which tells you about the cards installed, including manufacturer, part number and specification, all of which matched for my eBay card, although the label was different - something I will have to investigate later.

Here is a comparison shot of Task Manager with 43(!) tabs open in Firefox.

Swap memory has also increased since my previous post, when the laptop had 975MB of swap. The default installation of Debian Bullseye created this much swap. Supposedly this is done automatically according to memory and hard disk space available, but my other computer has the same amount of memory and the same hard disk size, and yet it has four times as much swap.

There are a lot of different recommendations for swap size on the internet, but 975MB certainly seems too small a size - it certainly isn't big enough to hibernate the computer because that involves writing the entire memory to disk, and 4GB won't fit in 975MB. Swap memory was at 69% as mentioned before, which doesn't allow much room for manoeuvrer. 

Increasing the size of swap memory was actually fairly easy, but it does involve booting into a GParted live CD or USB. Once I had done so I could shrink the main partition to make room for the swap partition to expand. The swap partition is found inside an extended partition, at the "end" of the main partition, so it's necessary to move the extended partition to the left before expanding the swap partition.

Grab the arrows at the ends of the partition to resize because the buttons take forever.

I gave the extended swap partition 9542MB, a fairly arbitrary figure, but as I actually did this before adding the extra RAM, it meant I had over twice as much swap as RAM. Surely enough to hibernate?

I tried hibernating the computer, but unfortunately ran into a video driver bug that means the screen remains blank after coming out of hibernation.

kernel: [drm:radeon_dp_link_train [radeon]] *ERROR* displayport link status failed
kernel: [drm:radeon_dp_link_train [radeon]] *ERROR* clock recovery failed
kernel: [drm:radeon_dp_link_train [radeon]] *ERROR* displayport link status failed
kernel: [drm:radeon_dp_link_train [radeon]] *ERROR* clock recovery failed

Oh, well. On a 500GB disk, I'm not really missing 9.5GB. The computer hasn't touched available swap space since I installed the new memory, but maybe the video bug will get fixed and allow hibernation at some point.

 

People also search for...

I noticed an annoying feature of the Google search page recently. If you do a search, click a link, look at the page and click back, just as you are about to click on the next link, a Google pop-up entitled "People also search for" displaces the link you were about to click so you click on a link you don't want, and have to go back again, whereupon the same thing happens again. Ad infinitum.

I think this is called recursion in computing.

The Gif above (I used ezgif.com) when searched Google for information about the pop-up.

The link I was about to click would have taken me to the answer to this stupidity: the excellent uBlock Origin, which I had been using until a few weeks ago, probably why I hadn't observed it before. For the last few weeks I've been using Bluhell Firewall, another excellent ad-blocker. I used this previously until it stopped working, but it has recently been updated to work with Firefox WebExtensions. It blocks most of the nonsense on the net, but obviously not this bit. It is a bit lighter than uBlock.

Another possible solution, if this feature of Google search annoys you as much as it does me is Startpage, a search page that gets its results from Google but without the tracking. By default the first three links it shows are search suggestions, but you can turn that off in settings (or leave it on to give them some ad revenue - unfortunately I found it meant I didn't see the results I wanted without scrolling down the page, which is a bit self-defeating, sorry Startpage). You can also change the default setting for search results to open in a new tab (window in settings).

Doh! More recursion.

How much memory does a laptop need?

I bought a laptop in 2003 which had a single core CPU, a 30GB hard disc, and 256MB of RAM. It used to grind to a halt if I opened too many programs.

This laptop was a cheap, low-end laptop, bought in 2015. It has a dual core CPU, a 500GB hard drive, and 4GB of RAM. (And was a sixth of the price of the previous one.)

That is sixteen times as much memory.

But it still sometimes grinds to a halt if I have a lot of programs open. The program I'm working in works OK, but switching to another program can take a long time. Why? Because the memory is full and background programs have been moved to swap, or virtual memory as it's called in Windows. (I'm using XFCE.)

How come a computer with sixteen times as much memory as my 2003 laptop still doesn't have enough? Let's have a look.

The graphics card takes a 700MB bite out of memory before the OS (Debian Linux) loads. XFCE is a light desktop, but even then, the OS and desktop alone takes up almost 870MB of memory.

Let's open up Firefox.

Memory usage jumps to 1.5GB, 47%, with a dozen or more tabs open from yesterday. But those tabs are blank, with the contents cached to the hard drive. Let's look at each tab so the contents are in memory.

78% memory usage, 2.5GB. Now let's open another program.

86% memory usage, 2.8GB, and the computer is starting to use swap memory - writing memory to the hard disc. Swap memory is 9% full.

Later in the day, after several hours use:

93% memory use, 3GB, with swap 69% full, 675MB. Switching between programs and tabs is now going to be slow, as the computer has to retrieve memory from the hard disc.

Time to close a few tabs in Firefox:

The biggest memory hog is obviously Firefox, but at least part of the reason for this is that web pages are now huge. Back in 2003 I was using dial-up, and web pages weren't full of images and videos and scripts because it would have taken a day to load one of today's pages.

It seems the answer to the question in the title is: more than 4GB.

The good news is my laptop has a free memory slot, and I found an identical memory card to the one installed for a reasonable price on ebay. 

In a few days the laptop will have 8GB, which seems to be the recommended minimum these days. I will post again on how much of an improvement in performance I see.

Automatic security updates in Debian XFCE

[Post updated to reflect the fact that Unattended Upgrades will by default update all packages and not just security packages as of Debian Buster and later.]

Linux Mint has recently found that a lot of its users don't apply updates, according to The Register.  Why? "The idea of leaving something alone if it works seems attractive", suggests the article. The article also points out that some updates fix security vulnerabilities that "can be used to run attacker code and install software, requiring no user interaction beyond normal browsing." 

The Linux Mint Blog has a post on the importance of applying security updates, especially in web browsers like Firefox.

It is true that updates can cause problems. One option is for the system administrator to keep an eye on available security updates, research any potential issues, and monitor the system for any issues after installation.

Another option is to have your computer automatically apply security updates. This has been the default in Gnome on Debian since Debian 9 (Stretch).

This is the approach I have always taken, and in over ten years of using Debian, I have never noticed a security update cause a problem.

Firefox would occasionally update itself in the background and tell me that it needed to be restarted, and of course other security updates would be applied automatically too. I believe the default behaviour is for a Gnome notification of updates available to appear, before the updates are applied automatically. This is the behaviour I have observed anyway: there's sometimes a notification of updates available, then later on when you check the Gnome software centre reports the system is up to date. Other times the available updates remain until you take action to install them using APT, Synaptic or the Gnome software centre itself.

However, after a fresh install of Debian Bullseye with XFCE, I found that the system didn't do updates at all: not even notifications of available updates, let alone automatic installation.

In two previous posts I detailed two steps to take:

• Enable automatic package list update so the system is aware of available updates.
• Enable update notifications so the user is aware that updates are available. 

In this post I am going to describe how to enable installation of security updates.

The short answer is to install unattended-upgrades from the Debian repository, which will enable automatic package list update and automatically install security updates by default.

But what does it do?

As described in the first of the two posts above, on Debian Systemd runs a system scheduler which contains a timer called apt-daily.timer. By default it doesnt do anything, but installing apt-config-auto-update configures APT to check for updates when triggered by the timer.

unattended-upgrades installs a configuration file that tells APT to check for updates and automatically install security updates.

This file is 20auto-upgrades found in /etc/apt/apt.conf.d/.

The default contents are:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1"; 

unattended-upgrades also installs another configuration file called 50unattended-upgrades which tells APT what to update.

Unattended-Upgrade::Origins-Pattern {

//      "origin=Debian,codename=${distro_codename}-updates";
//      "origin=Debian,codename=${distro_codename}-proposed-updates";
        "origin=Debian,codename=${distro_codename},label=Debian";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
        "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

The default is to apply security [stable] updates (whatever the Debian version), but it's also possible automatically install other updates by uncommenting the applicable lines.

Just be sure to have the Debian security repository enabled in the Debian sources list and don't worry about missing security updates again!

 

Notes: 

1) I believe the file 10periodic installed by apt-config-auto-update overrides 20auto-upgrades installed by unattended-upgrades.

2) You can add lines to 20auto-upgrades, for example  

APT::Periodic::AutocleanInterval "7";

to clean up APT's cache every week.

3) The Debian Unattended Upgrades page contains information about how to be notified or view logs of updates applied.

Edit: The default for Unattended Upgrades was changed in Debian Buster, and now allows "stable" updates. The Debian Wiki says that Unattended Upgrades installs "security (and other)" updates, which to me implies that "other" is optional, but I found a note in the "News" file (found in /usr/share/doc/unattended-upgrades) which states:

Unattended-upgrades in previous versions defaulted to install security updates only on Debian by using the label=Debian-Security origin pattern. Now it is changed to allow updates with label=Debian, which allows applying stable updates in stable releases and following all package updates in testing and unstable. 

In stable releases this unlocks installation of security updates depending on package versions present only in stable updates.

I am not entirely sure what the last paragraph means, but I will observe my Buster system to see what it is doing. On my Bullseye computer, (currently Testing), the default install of Unattended Upgrades is definitely installing all package updates automatically. 

Update: on Buster I have observed that the default setting installs security updates automatically, but point updates have to be installed manually.