Things that are broken in Debian Trixie- file transfer from Android phone with Bluetooth

 It's Déjà vu again! File transfer from an Android phone to Debian has been a pain in the posterior before. I had trouble getting it to work with Stretch, and have been struggling to get it to work, or to work consistently, in Trixie since Trixie was in Testing. I have finally found an (ugly) solution, or a seemingly-tolerable workaround. Or rather, other people have, and I just noticed.

First let me say, Bluetooth is not the best way to send files from an Android phone to a computer. Wi-Fi is a much better option - for example the open source PlainApp.

But it's one of those things that can give a bad impression to new users of Linux if it doesn't work. So it's disappointing to see that the issue was reported over a year ago and totally ignored.

The reason for the current issue seems to be that file transfer is done with the Obex protocol, which requires a data server. Obex has not had its own data server in Debian since Buster, and now makes use of the Gnome Evolution data server.

Fine if you use Gnome, but not ideal if you use another desktop environment, because it means installing a heap of Gnome packages.

Not only that, but not all the required packages are recommended as installs, so won't be available without manually installing extra packages.

To top it all, the extra required packages are not actually necessary for file transfer: they provide an address book extension to the data server. File transfer will work with the (intended) minimal install of the Evolution data server with a hack to make it work without the address book extension being present.

This issue was reported over a year ago, but didn't get any response. There's now a new bug report, so we'll see what happens.

These are the steps required to get file transfer from Android working:

Remove the existing device (phone) and install evolution-data-server (it brings in quite a few other Gnome packages). Then do

# apt-get reinstall --purge bluez bluez-obexd blueman

and pair the phone again.

A few people tried this at the Debian forum and it didn’t work at first, so it may require logging out and back in, or a reboot, or prayers and invocations to your deity of choice.

The work around (see latest bug report) is to delete the file 

/usr/share/dbus-1/services/org.gnome.evolution.dataserver.Sources5.service

and reboot. Whereupon file transfer will reportedly work without installing evolution-data-server.

For the gory details, see these posts at the Debian forum:

Bluetooth file transfer from Android fails

The computer does not receive files sent from the phone via Bluetooth

 

How to update Debian XFCE

I am writing this in Debian Trixie XFCE, which does not by default check for packages that can be updated (software or firmware). Not even security updates. It does not prompt the user to check for updates. It does not notify the user of updates, not just for the obvious reason that it doesn't check for updates, but because there is no update manager in XFCE. So it follows, it doesn't automatically install updates in the background.

This is not a massive oversight, it is entirely intended. XFCE is a distribution-independent desktop, which by choice does not integrate with the different Linux distribution package managers and update mechanisms.

There are some  Linux distributions that have an update manager in their XFCE desktops, but Debian XFCE leaves responsibility for updating the system to the user. It is for Linux users who want that responsibility, who want to have control over what packages are installed or uninstalled, or who perhaps are frustrated by obscure background processes which check for, notify of, or even install package updates. XFCE is not the desktop installed by default, and it is a tacit assumption that anybody installing it will have made that choice.

Manually updating Debian is not a difficult process. It involves opening the Debian Package manager GUI (Synaptic), or running some simple Terminal commands, but before I get into that, let's have a look at the situation in the default Debian desktop, Gnome.

Gnome is the default desktop of other major Linux distributions as well, all of which welcome new users, so it's no surprise they expect the desktop environment to keep users safe by notifying of updates, and "nudging" users to install them.

Gnome does check for updates, notify users of them, nudge and prompt users to install them, and install some updates automatically (Fatpaks), but details of what actually happens is a riddle, wrapped in a mystery, inside an enigma. 

If you thought users would be able to find out about the update process from the online Gnome Help pages, you'd be sadly wrong, as they are over ten years old, and refer to Gnome 2! If you want to find out about the Gnome update process, you have to read through Gnome developer discussions on software development sites.

As an example, Gnome seems to be moving to a distribution-independent method of finding available updates (Appstream), but information on that from Gnome, you're going to have to look at links like this one at discourse.gnome.org, currently the first page returned when searching for "Gnome Appstream". 

Gnome will take care of updating a Debian installation, unless a user actively resists doing what they are asked to do, but there is very little user involvement in the process. Not only is updating Debian XFCE manually a simple process, in contrast it enables involvement, control and understanding, which may be a user preference, and avoids a lot of possibly annoying slowdowns, notifications and update prompts at inconvenient time. 

How to update Debian in XFCE

1. The package manager GUI (Synaptic)

Open Synaptic, click Reload, and if there are updates, have a look at what is proposed. 

Notice in the screenshot at the top of the page that after clicking Reload, the message says:

The repositories will be checked for new, removed or upgraded software packages.

As the message implies, the update process may involve installing a new package, or removing an existing package, at least with the default system upgrade setting of "Smart Upgrade".

It is important to view the details of any new packages to be installed, and especially any old packages to be removed.

I've used Synaptic to update Linux for years, and can't remember having any issues, but there is always the possibility that removing a package will break something, usually by requiring the removal of other necessary packages. This is more of an issue in Debian development releases like Testing, where it does happen from time to time.

If in doubt, research why the removal is required, or ask at the Debian Forum.

Here's a case study of why a removal might be required from Debian Stable.

In the 11.5 point release of Debian Bullseye, libayatana-appindicator was added as a new package, which required the removal of the defunct libappindicator package. (bugs-debian-org and tracker-debian-org).

An update with Synaptic at that time would have installed libayatana-appindicator and removed the conflicting libappindicator package.

Probably the most frequent example of a new package that has to be installed is the kernel. New kernels are released containing bug fixes and security fixes. The Debian package tracker has examples of bug fix (for a point release) and security updates.

What exactly is "Smart Upgrade"? Synaptic is a front-end for Apt, the Debian package manager. Debian has two command line interfaces for Apt.

Looking at man apt-get, we find:

dist-upgrade in addition to performing the function of upgrade, also intelligently handles changing dependencies with new versions of packages; apt-get has a "smart" conflict resolution system, and it will attempt to upgrade the most important packages at the expense of less important ones if necessary. The dist-upgrade command may therefore remove some packages. The /etc/apt/sources.list file contains a list of locations from which to retrieve desired package files. See also apt_preferences(5) for a mechanism for overriding the general settings for individual packages. 

When a package is supplied as an argument, the package will be installed prior to the upgrade action.

Which doesn't mention new packages.

Looking at man apt we find:

upgrade (apt-get(8)) 

upgrade is used to install available upgrades of all packages currently installed on the system from the sources configured via sources.list(5). New packages will be installed if required to satisfy dependencies, but existing packages will never be removed. If an upgrade for a package requires the removal of an installed package the upgrade for this package isn't performed.

When a package is supplied as an argument, the package will be installed prior to the upgrade action.

full-upgrade (apt-get(8))

full-upgrade performs the function of upgrade but will remove currently installed packages if this is needed to upgrade the system as a whole.

When a package is supplied as an argument, the package will be installed prior to the upgrade action.

Notice that the apt refers to the apt-get entry, so apt is actually calling apt-get, and both commands do the same thing: add or remove packages if necessary during the upgrade. apt is supposed to be better for user interaction, and apt-get for scripting, so I'm going with apt.

2.  The Terminal (Apt)

# apt update

# apt full-upgrade

("Update" being the equivalent of Reload in Synaptic. ) 

update (apt-get(8))

update is used to download package information from all configured sources. Other commands operate on this data to e.g. perform package upgrades or search in and display details about all packages available for installation.

As with Synaptic "Smart Upgrade", before going ahead with the full-upgrade, check if any new packages are to be installed, or existing packages removed.

At this point it is possible to do a "Safe Upgrade",  using the command

# apt upgrade

which as stated in the manual entry above, will install new packages but not remove existing ones, as well as installing available upgrades. The reasons for any proposed removal can then be investigated (see the link given).

 3. The Terminal (Aptitude)

Another Terminal option is Aptitude, a command line front end for Apt, with a menu system. 

# aptitude update

And either a full or safe upgrade:

# aptitude full-upgrade

# aptitude safe-upgrade

 See, man aptitude for the details:

full-upgrade

Upgrades installed packages to their most recent version, removing or installing packages as necessary. It also installs new Essential or Required packages. This command is less conservative than safe-upgrade and thus more likely to perform unwanted actions.

However, it is capable of upgrading packages that safe-upgrade cannot upgrade.

safe-upgrade

Upgrades installed packages to their most recent version. Installed packages will not be removed unless they are unused (see the section “Managing Automatically Installed Packages” in the aptitude reference manual). Packages which are not currently installed may be installed to resolve dependencies unless the --no-new-installs command-line option is supplied.

It is sometimes necessary to remove one package in order to upgrade another; this command is not able to upgrade packages in such situations. Use the full-upgrade command to upgrade as many packages as possible

If all of this seems a bit confusing, well it is. The Debian Wiki says:

Debian offers several package managers. They all use the same underlying technology, so it's fine to try them out and see which one you like best. 

But also

Online examples often recommend apt-get - it's the most widely available, so authors get fewer confused replies that way. Use whichever package manager they recommend while following the example, then go back to using your favourite when you're done.

The Debian manual says:

Aptitude is the recommended package manager for Debian GNU/Linux systems.

(It doesn't say why) but gives apt-get as an alternative and apt-get dist-upgrade as the update command (which as mentioned before is the command called by apt full-upgrade)but also says:

Note that aptitude is not the recommended tool for doing upgrades from one Debian GNU/Linux release to another. Use apt-get instead.

Ho hum! The somewhat contradictory information above lead to my investigations for this post, and I think the take-away is, as the Wiki says, use whichever method you prefer.

XFCE users who would like a panel indicator for available updates may be interested in my Genmon plugin script. 

The "click" can be configured to run Synaptic, apt full-upgrade or aptitude full-upgrade, all of which I have used to update Debian XFCE without issue.

References

https://wiki.debian.org/AptCLI

https://wiki.debian.org/DebianPackageManagement 

https://www.debian.org/doc/manuals/debian-faq/uptodate.en.html

  

 

 

A look at XFCE in Debian Trixie

I haven't written about XFCE in Debian for a while. I've noticed that one of my old posts, A look at XFCE in Debian Wheezy, is getting quite a few hits. It's a post from 12 years ago, so I can only imagine that people are really looking for something more current, so it's probably time for an update.

When writing the previous post, I was using a machine that originally came with Windows XP. This time I'm writing on a machine that originally came with Windows 8. The points I made then still apply: XFCE runs quite happily on older hardware, and it's a bit old-fashioned in its desktop paradigm, which may or may not appeal to users.

An interesting point to make is that at the time of writing the previous post, there were a lot of complaints about the performance of Windows 8 on low-spec computers (which this is). XFCE on this machine performs perfectly well, as it does on my even older laptop from the Windows 8 period.

I haven't touched a Windows machine for almost a decade, but I have noticed that Windows 10 has reached its end of life, and that Windows 11 will not run on older, lower spec machines, ones that would be a lot more modern and more powerful than this computer. Deja vu?

This would be a good opportunity to point out that computers running Windows 10 that can't update to Windows 11 will run Linux quite happily for many years to come!

There are of course Linux distributions that are aimed at new users. XFCE in Debian comes very much as shipped by XFCE. There is no welcome screen, there are no tutorials, no helpful system tools, no update, software or driver managers, no system snapshot tool, and no customisation to the desktop panel positions, theme or icons.

Screenshot of the Debian Trixie live image

Screenshot from xfce.org

If you fancy a more bare bones approach, getting to grips with Debian system tools, and customising the desktop to your own preferences, Debian XFCE does offer legendary stability. This is often assumed to be implied by the name of the current release, Debian Stable, but stable in the name means "doesn't change much" rather than "doesn't fall over". Packages are tested during the two-year development process, and then receive only security updates and minor fixes after release. The corollary of this process is that Debian doesn't fall over very often, as bugs are knocked out during testing, and not introduced by package upgrades after release.

This is especially advantageous for older computers, as support for newer hardware can be lacking in the Stable release. My two older machines had a few minor glitches with Debian when new, but now run it faultlessly.

Over the years I have written about a few niggles with Debian XFCE: problem panels and unwanted saved sessions, ugly fonts, suspend doesn't work when the screen is locked, confusing power management behaviour, no icons for special folders in the home directory in the default theme, authentication dialog for root privileges broken, and media playback and non-free firmware not enabled by default.

I am happy to say that non of these is an issue any more, although the suspend/lock screen issue will require a bit of manual intervention until the XFCE fix is implemented properly in Debian (see the post for details). 

One new option in Trixie XFCE worth mentioning is Docklike Taskbar, which is available after installing the package xfce4-docklike-plugin.

It provides a Windows 7/8 (or Linux KDE) method of Windows switching, shown above in an XFCE bottom panel, with option window preview enabled.

It also addresses one of my previous complaints about XFCE: application quick launchers can be added to the panel, but running appear separately. Docklike Taskbar combines quick launch icons with window switching icons.

The default XFCE layout has quick launch icons in a bottom "mock dock" panel, and running application buttons in the top panel. For those who like the layout, I think Docklike Taskbar would be a better option in the bottom panel, combining quick launch and windows switching.

For those who prefer a single bottom panel, here's an extreme example:

Quick launchers and iconified window buttons.

Combined launcher/switcher buttons in Docklike Taskbar (running applications are underlined).

As mentioned previously, Debian does not customise the appearance of XFCE at all. The icons used in the screenshots above are a mixture of Arc and Papirus, the theme is Arc-Lighter, and there is a single bottom panel.

Customising  XFCE by changing the theme, icon theme and panel layout is a simple process. Here is my current preference, to compare with the defaults above.

 With the Debian Trixie wallpaper.

 With the XFCE wallpaper.

With applications open, using the old-school window buttons.

As mentioned above, Debian XFCE does not come with an update manager. The update notification in the second screenshot is my own Genmon script. an update with the latest version is coming soon, so keep watching the blog!

A final thing to say about XFCE 4.20 is that Wayland is available as an experimental option. Keep watching for a post about that too. 

 

 

 

 

 

 

 

 

New Firefox ESR is late in Debian (again)

Update: Firefox ESR 140 arrived as a security update in the afternoon of  the morning of this post. My apologies for misrepresenting the update process.

It's still important to note that Firefox ESR 128 is EOL, has security vulnerabilities, and will not get security updates.

Users of Debian Testing will have an unsecure browser until the new version of the browser passes through the update process from Unstable.

Users of Debian Trixie should ensure they have the security repository enabled and have updated Firefox. 

--------------------------------

Firefox ESR 128 has reached its EOL, which means no more security fixes, but the new version (140) has only just gone into Unstable, which means there will be a period of testing as 140 moves from Unstable to Testing to Trixie, the current version of Debian, and to previous still-supported versions.

There are currently seven security issues affecting Firefox ESR 128.

Just to be utterly sensationalist, I looked for anything scary about these vulnerabilities. Well, this is pretty scary:

A remote code execution vulnerability has been identified in Firefox versions below 143 and Firefox Extended Support Release (ESR) below 140.3. This vulnerability allows attackers to execute arbitrary code on affected installations, which could lead to unauthorized access and manipulation of user systems. It is crucial for Firefox users to update to the latest version to mitigate potential exploitation risks.

securityvulnerability.io

The reason for the (again) in the title is that this is not the first time this has happened. See this post from 2021.

I have no idea why Debian does not begin the process of switching to the new ESR version before EOL. If anybody does, please let me know in the comments.

Debian users concerned about the security vulnerabilities present in Firefox ESR 128 can use an alternative browser like Chromium, or install Firefox directly from Mozilla.

wiki.debian.org

No updates possible (sources list empty) after installing Debian Trixie

There is an issue in Debian Trixie where some people who have installed it find that updates do not work. This is a serious problem for new users who naturally expect to be able to update their system, and who may not have the technical ability to solve the problem.

Debian User Forum

The problem arises in the Debian Trixie live image, which has two install options: an "expert" install from the boot menu, and a user-friendly install option from the desktop after the system has booted.

For somebody trying out Debian for the first time, the advice is simple: use the user-friendly installer after booting into the desktop. It's called Calamares. Why is it named after fried squid? I don't know, but it works.

The problem exists because the expert install has no option to set up network mirrors (ie internet sources of new and updated software, called repositories). After booting, the Debian file that contains this information (sources.list) will be empty. Previous versions of Debian the expert install prompted users to set up network mirrors, and the file was populated with a list of repositories.

This apparently is a deliberate decision. The rationale seems to be that any expert with an internet connection is going to use the net installer, to get the latest package versions during installation.

A similar logic has always applied to the DVD installation media (ie not a bootable live image): if you're using the DVD, you probably haven't got an internet connection. The default here was not to set up network mirrors by default, but there was a tick box to enable them. Not ticking the box when an internet connection was available would also result in the same issue of updates not being available.

The issue has been confounded by confusion with the entirely unconnected issue of Debian support for a new software source format. People seem to be thinking that the empty sources list is because they haven't "modernised" their sources list. No! The new format is not the default, and won't be for some time.

For anybody who has installed with the "expert" installer from the boot menu of a live image, (or from the DVD iso without enabling mirrors), a reinstall is not necessary: just populate the sources.list manually. 

For new users I would recommend the traditional format, since the modern format is not yet supported by all tools and apps in Debian. For instructions, see the following posts:

Edit apt sources safely

A working sources list in the old format

Failed to mount NTFS volume in Thunar

(Error mounting /dev/sdd1: wrong fs type, bad option, bad superblock, missing codepage or helper program, or other error.)

I have an external HD connected to the television which contains TV programmes and Films. Recently I connected it to my Debian Trixie computer to transfer an new film, and got the error dialogue above in the XFCE file manager.

Strangely, I could mount and access the HD drive using

mount /dev/sdd1 /mnt/my_drive

Unix & Linux at StackExchange

 I found the following at the Manjaro forum

The newer kernels now use the in-kernel ntfs3 driver, which often fails. When you are mounting them manually, you are using ntfs-3g as the driver, which is the one that works. By blacklisting ntfs3, you make sure that it’ll always use ntfs-3g diver.

To extend this:

ntfs3 fails if damage to an NTFS formatted drive is found; or, rather, if an indicator of damage (commonly called a dirty bit) is found.

ntfs-3g ignores this, and mounts the NTFS partition, regardless.

The important point here is that the NTFS filesystem may still be damaged, as you blissfully continue using the drive.

If an error exists, it must be corrected using chkdsk within a Windows environment. This can be achieved by launching an administrative command prompt.

That seems to explain why I could mount the HD from a command line but not in Thunar, but Uh-Oh, I don't have a Windows computer. (The HD came formatted that way, and the TV won't use any other format.)

I downloaded a Windows repair disk, but it wouldn't boot on this old computer.

Then I came across this post, also at the Manjaro Forum

Use “Disks” , find your drive and repair filesystem option. Worked for me.

Worked for me too!

Was the file system actually damaged, or was it this bug?

Whatever the reason, it seems Debian has more than one NTFS driver, and a different driver may be used by different applications. Something to bear in mind.

Authentication dialog for root privileges broken in Debian Trixie XFCE

Update: this issue was fixed in XFCE 4.20.1:

 xfce4 (4.20.1) unstable; urgency=medium

  * d/control: update standards version to 4.7.2
  * d/control: recommends mate-polkit (Closes: #1090384)

 -- Yves-Alexis Perez <corsac@debian.org>  Sat, 19 Jul 2025 18:32:45 +0200

 ------------------------------------

 

Above is a screenshot of the dialog in action so you know what I mean.

The dialog appears launching Synaptic package manager, unlocking printer settings or launching LightDM Greeter settings.

Or should. On new installs of XFCE in Debian Trixie it will fail silently, and nothing will happen when clicking on the relevant menu item or button.

The reason is that the agent required to bring up this dialog (policykit-1-gnome) has been removed from Debian Testing because it's an ancient Gnome package which is no longer maintained. See this bug report.

The removal of policykit-1-gnome has affected XFCE because it is a recommended install with at least one XFCE package that I can see (Thunar) but not a direct dependency of XFCE. XFCE relies on it being there, but does not actively ensure that it is there.

Other DEs that rely on the package like Mate and LXDE have noticed that the writing was on the wall for policykit-1-gnome and produced their own version of the package, namely mate-polkit and lxpolkit.

Other Linux distributions have noticed the same thing and released a package to fulfil the same function in XFCE, for example xfce-polkit in Arch.

There is now a Debian bug report for this rather crucial to the desktop missing agent. Somebody has come up with an agent for Debian (also called xfce-polkit), but it hasn't made it into Trixie, according to this bug report.

So, at the moment, for new installs of Trixie, there are going to be issues such as Synaptic filing to launch. See this topic on the Debian forum. (Anybody with a Trixie install predating the removal will still have policykit-1-gnome installed and not experience the issue.

The solution? For the moment, install lxpolkit or mate-polkit, or compile the proposed Debian xfce-polkit package yourself. (The screenshot at the top is Debian xfce-polkit.)

Power Manager in Debian Trixie XFCE and lock screen settings

Depending on the time of reading this, you may be wondering why lock screen settings are not working in XFCE Power Manager in Debian Trixie, or why lock screen settings have changed, or rejoicing that a long-standing bug in Power Manager has been fixed.

Let me explain. XFCE 4.20 in Debian Trixie has dropped light-locker: 

There is no dedicated "security" tab anymore. Lock screen management was massively simplified and "Light Locker" was dropped. "lock-on-sleep" is now synchronized with xfce4-session and xfce4-screensaver. Screen locking settings are now only handled by xfce4-screensaver to avoid conflicts. A button to open xfce4-screensaver-preferences was added.

 XFCE 4.20 tour

Unfortunately, xfce4-screensaver has not been made a dependency of Power Manager, meaning the user will not be able to change lock screen settings. See this topic on the Debian User Forum. There is a bug report for this issue. The good news is that removing light-locker and installing xfce4-screensaver gets everything working nicely.

More good news is that this change side-steps an eleven year old bug which meant that suspend would not work with the screen locked using light-locker. See my blog post on the issue, the Debian Wiki on the issue, and the bug report.

So, if you are using Debian Trixie XFCE at the time of writing, you may have come to this post seeking an answer as to why you can't change lock screen settings any more. If you are reading at some point in the future where xfce4-screensaver has been added as a dependency, you may have noticed a change in XFCE Power manager, the absence of the Security tab, or the presence of a new Screensaver Management button.

Whatever the case, Power Manager in XFCE 4.20 in Debian Trixie using xfce4-screensaver is now a joined-up and rational, rather than the dog's breakfast it was in the past (see my post from 2013), and finally bug-free after over a decade. Happy days!

System sounds in Debian XFCE

If you look under the Settings tab of the XFCE Appearance application, you will find two options under Event sounds, Enable event sounds and Enable input feedback sounds. (Quite why a sound setting would be in the Appearance menu is a bit of a mystery, but hey-ho.)

In Debian at least, ticking these options seems to have no effect. It hasn't really bothered me for years, but I thought I would investigate if it is possible to enable system sounds.

As is often the case with Linux issues, I came across various suggestions on the issue dating back over a decade. This is what worked for me. First install package libcanberra-pulse, and check that System sounds are enabled in the audio mixer.

This got me some system sounds. Changing audio volume in the audio mixer (but not from the panel icon) produced a sound.

Other system sounds required package libcanberra-gtk3-0, and exporting a GTK module, which as far as I can work out makes the kernel aware that GTK events should trigger a system sound. The instructions are at ubuntuforums.org. They date from 2012, but still seem to be necessary and work.

The default sound theme installed has sound for a limited number of events, so I installed the Smooth sound them which has more.

Here are my sources of information:

How to enable system sounds forum.xfce.org

[Solved] System Sounds forum.xfce.org

13 year old bug in Tango icons fixed in Debian!

The default icon theme in Debian XFCE has had an annoying bug for a very long time. I wrote about it in 2013, but the issue was reported as a bug in 2011. (See bugs.freedesktop.org for the original bug report and gitlab.freedesktop.org for more information.)

There were no icons for special folders in the home directory with the Tango icon theme, meaning that these folders defaulted to the Gnome icon theme, as shown in this screenshot from the Gitlab bug report:

The Tango icon project has been dead for 16 years, but Matteo Bini has forked the Tango icon theme to include XDG user directory icons (as well as other fixes).

The forked package has replaced the original Tango icon theme in Debian Testing, so the next release of Debian will have icons for special folders in XFCE at last, and the home directory will look like this:

Personally I prefer the look of the Papirus icon theme, but at least now the default icon theme will not have this annoying bug.

The Tango icon theme is still a bit dated in some ways. For example, the Synaptic icon is a box a CD and a floppy disk.

Hands up anybody who can remember installing software from a floppy disk, and if you do, doesn't getting old suck?

 

Installing a printer on the Eero router in Debian

In a hurry? See the short version at the bottom.

I recently switched to fibre internet and got a free eero router. Computers, phones and tablets in the house all connected easily, but my Brother HL-1212W was a problem. Previously I had installed the printer using WPS (Wi-Fi Protected Setup), which allows devices to connect without a password, but the Eero does not support it. 

eero does not support WiFi Protected Setup (WPS), as it has well-documented security issues.

My printer is a budget model with no LCD screen and no keypad, and the only way to get it to connect to the network is to set it up with WPS. I could connect the printer with a USB cable and set it up easily using printer-driver-brlaser from the Debian repository, but this driver does not enable communication with printer settings. I believe the Windows driver does, but for Linux users with older printers, this could be a big problem.

Fortunately, I still had my old router which I bought myself, so I could access printer settings by turning that back on and connecting to the old network (once I had remembered the password I had given the printer!).

My problems didn't end there, however. I had given the printer a static IP address, and assumed that I would have to again. In changing settings in the printer configuration page, I only managed to break the connection to the old router. 

I tried the WPS setup again, but it didn't seem to work. After much turning off and on again, the printer managed to connect to the old network. I later discovered that the eero uses a single SSID for 2.4 and 5 GHz frequency network connections, and that 2.4GHz devices (ie my printer) may be "unstable" and "experience an issue" (eero Help Centre). Apparently it's possible to disable 5GHz for ten minutes, which would probably have helped here, although eero don't mention this on the How do I connect my printer to my eero network? page.

After that, I discovered that the eero router doesn't do static IP addresses. Instead, devices can be given a reserved IP address by MAC ID after connecting by DHCP. This apparently is a good thing, see Port Forward and The Tech Journal.

So, finally having got back a connection to the printer using the old router, I could run the printer connection wizard to give the printer the password to connect to the eero. I gave the printer a reserved IP address using the Android app (which is the only way to administer the eero).

At which point, the printer should have been discovered automatically, but, following the pattern of this story, of course it wasn't. To cut a long story short, I had to enter the IP address of the printer in the New Printer dialogue. Entering the router IP address brought up some sort of Windows Samba printer connection dialogue.

You must log in to access  Domain WORKGROUP

The router IP address is blocked by eero (which insists on administration by smart phone app, as mentioned above). A wild guess would be that the eero expects connections to the printer to be made via Samba, which might be normal for Windows computers (and Apple? No experience here) and as a result cups-browsed can't detect the printer automatically. Funnily enough, it could in Bullseye, but not in Trixie. Details here: Debian Forum.

The short version:

• Older printers without a screen that require WPS to connect to a network may be a problem, as the eero doesn't have WPS. Access the printer homepage using the old router and run the connection wizard.
• If you have an older router with WPS, disable 5GHz in the eero before trying to connect.
  
• Do not try to give the printer a static IP address in printer settings - from the eero app, assign the printer a reserved IP address.
•  If the printer is not discovered automatically in the New Printer dialogue, try entering the printer's IP address in the Host field in Find Network Printer.
  

 

Does Debian Testing need a security repository?

Debian Testing is for testing the upcoming new release of Debian as it develops. You may think the clue is in the name, but some people seem to regard it as a rolling release. It's not. As a Debian installation for daily use, it is in fact the least secure Debian version. Security fixes go through the normal process of migration from Unstable to Testing, which may take days, because new packages must not introduce release critical bugs, whereas the Stable release gets security updates immediately from a special security repository.

As the Debian Wiki says:

Security for testing benefits from the security efforts of the entire project for unstable. However, there is a minimum two-day migration delay, and sometimes security fixes can be held up by transitions. The Security Team helps to move along those transitions holding back important security uploads, but this is not always possible and delays may occur. Especially in the months after a new stable release, when many new versions are uploaded to unstable, security fixes for testing may lag behind. If you want to have a secure (and stable) server you are strongly encouraged to stay with stable.

The Debian Wiki recommends an active approach to security when using testing.

It is a good idea to install security updates from unstable since they take extra time to reach testing and the security team only releases updates to unstable.

For details of how to do so, see the Wiki link. This involves an Apt pinning process, not just enabling the Unstable repository, which would give you an Unstable installation, aka Sid, the notorious breaker of toys.

A security repository for Testing exists, but I have always believed it was for users of Testing who intended to stay with the next release. Say you have new hardware and find that Debian Stable does not work, but Debian Testing does. You might decide to accept or mitigate the risks by watching for and installing security updates from Unstable - (see above) and use Testing until it becomes Stable.

In which case, Debian sources list would look like this at the time of writing:

deb http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security/ trixie-security main

"trixie" would of course be replaced by the codename of the Testing relase at any point in Time. If you are reading this years in the future, it may be different. Local mirrors for the primary repository are of course also acceptable.

I have always believed (and indeed the Debian Wiki said so) that the repository would be empty, just there so that users would have the security repository automatically when Testing became stable in case they forgot to add it after the release. For that reason, I have never added a security line to my sources.list.

However, I noticed recently (in fact it was pointed out to me by a member at the Debian User Forum) that a security line is recommended for users of Testing tracking either the current codename or Testing in their sources.list.

The Debian Wiki did not explain why, so I contacted a member of the Wiki team to ask for clarification. It seems that under exceptional, rare circumstances very serious bug fixes may indeed be added to the Testing security repository, which is why the Debian Wiki recommends it, and the answer to the question in the title of this post is "yes".

For people tracking Testing like me, source.list should look like this:

deb http://deb.debian.org/debian/ testing main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security/ testing-security main

I have edited a couple of Debian Wiki pages to reflect this new information or to make clear why the security repository is recommended for all Testing users. Many thanks to my contact at the Debian Wiki team for providing the information.

Desktop icons and menu not showing

Debian is working do smoothly these days I rarely have anything to post about (currently Trixie/Testing).

But today I noticed that there were no icons on my desktop, and the right click menu wasn't appearing (I rarely ever see my desktop, as XFCE restores my previous session at boot).

The solution was to delete ~/.cache/sessions/, as suggested in this topic at the Arch Linux Forum.

Debian Bookworm - Release Critical Bug Status

Debian Bookworm has been "frozen", meaning it gets no package updates except bug fixes (boring times for a Testing user!). Time to have a look at the bug graph again. Here it is (Bookworm in green). Currently there are 393 release critical bug to be squashed before it is released later this year.

Release-critical bugs status.

Claws Mail

Why use Claws Mail?  (I'm asking that question in Linux, but it's available for Windows too.) Well, when I looked at email clients that worked on my Debian XFCE installation, I found Thunderbird using 600MB of RAM and Evolution using 300MB. Even GMail open in a browser tab uses 300MB. Claws Mail, on the other hand uses 73MB of RAM:

This would certainly make it useful on an old computer with little memory available, but doesn't it look like some relic from the Windows 95 era? No, it supports GTK3 and at least in Debian some nice themes are available. Still old school but looks OK:

So here is the full list. Why use claws mail?

• Lightweight, low memory usage, but still full featured. Does filtering and processing. Fits in to the XFCE desktop well. In Gnome I use Geary for casual emails and Evolution for more serious use, but Claws does both.
• Supports GTK3 and has a wide range of themes available, from old school to modern.
• Supports OAuth2, the authorisation protocol used by GMail and other email providers now.

There are also some features that Claws Mails does not have that may be reasons not to use it. On the other hand, they may be features you do not need or want:

• Push emails are not a feature. You have to wait until Claws Mail check for new mail, at whatever interval you set.
• New email desktop notifications from GMail don't work because GMail doesn't mark any messages as 'New'. There is a patch available to change behaviour to notify for unread messages, but it involves compiling Claws from source code.
• Emails are displayed by default as plain text, not HTML. There is a plugin to switch to HTML view, but if you prefer the formatting, fonts and background images of HTML mail, Claws is probably not for you.
• Claws Mail doesn't do the modern tiled subject column that Geary does. Layout is strictly old school.

So there you have it, a lightweight, minimal (but still powerful) email client to keep open if you don't like web mail or the size of some other email clients, and are not put off (or in fact enjoy or want) basic email features.

 

The secret of the Bessler wheel

Recently I wrote about a modern "perpetual motion" machine, a bicycle wheel that revolves for years without any apparent source of power. Of course it is not really a perpetual motion machine. It was built by a scientist as a challenge for those who saw it to work out how it was powered,  a challenge that 40 years later still baffled Adam Savage in a YouTube video.

I was fascinated by the reference in that video to the Orffyreus wheel, a similar machine from the 18th century. The name was code for the real name of the inventor, Johann Bessler. His wheel (or wheels, actually, as he built several of different sizes) would start moving from stationary with a slight push and would run at 25-50rpm for up to 54 days without any obvious energy source. They could do real work, lifting 5-40lb, depending on the size. Even today there is speculation that he may actually have discovered a source of perpetual motion.

I think the secret is quite simple however. The machine had to have a source of energy, and how would you power a machine like this? Gravity. There were clocks powered by gravity from the period like this one:

A heavy weight on a rope wound round the cylinder visible in the picture would have rotated the cylinder, with the torque converted to movement of the hands by a train of gears. It was obviously situated in a tower or high up on the face of a building or in a high space.

A simple falling weight would not work to power a wheel because it could not pass through the axle. Most probably there was a weight (or weights) attached to a shaft around the axle, powering the mechanism again through a gear train.  A couple of large lead weights falling from the top of the machine around the inner circumference towards the base could have powered a hollow wheel on bearings for many days, or easily contained enough energy to explain the work the machine did. (Yes, they did have bearings in the early 18th century.)

So there you have it. The wheel was a clock. There are actually a couple of very large clues: the pendulum on the front of the wheel controlling an escapement, and the fact that Bessler was an apprentice watchmaker.

Some witnesses of the Bessler machine stated that they could hear falling weights in the wheel, leading to speculation that it was a weighted wheel machine. Such a machine can work, if there is an input of energy, giving weights at the top of the wheel a nudge upwards (and increasing their potential energy). The power source I have described could have been used to do this.

I suppose it's possible that with a complex mechanism of large weights and smaller weights moving in the machine Bessler genuinely thought he was getting something for nothing and failed to realise he was supplying the machine with potential energy in setting up the machine in a state where some of those weights could fall over time, supplying the machine with the kinetic energy it needed to keep running. I'd somehow rather believe that he wasn't an outright fraud.

The secret of the Dreadco perpetual motion machine

Back in 1981 I was an A Level science student. Suggested reading was the New Scientist magazine, which at the time was a serious academic publication. (It seems to be more general interest science now.) Being a fairly lazy A Level science student, I would read the first third of a few articles before getting lost in the detail, skip the middle of the magazine, which was just job adverts, and read the page inside the back cover, a humorous page written by Dr David Jones under the pseudonym Daedalus. 

I don't remember much of what I read, to be honest, but I do remember that in one issue David Jones issued a challenge to readers to work out how a "perpetual motion" machine he had built worked, with the answer and the names of those to guess correctly to be published in the magazine in the next issue. Of course, this being a serious scientific magazine, there was no suggestion that it was a real perpetual motion machine.

I thought about it for a while, and had an idea as to how the wheel was supplied with energy to keep turning. I wrote to David Jones and he wrote back to say my suggestion was correct. Unfortunately my letter just missed the deadline. The names of two other people who had guessed correctly were published in the magazine. I seem to remember that he wrote that he had decided not to reveal how the machine worked for a while longer, to keep people guessing...

I didn't think about it again until a few days ago when a YouTube suggestion for a video about the very machine appeared while I was watching something else. I never thought that over 40 years later it would still be a source of mystery and debate.

I wish I had kept my letter from David Jones, but as far as I knew he was going to reveal how the machine worked in a week or so, so I chucked it in the bin. Apparently all David Jones' letters about the machine are archived, so my letter could be in there!

So what is the secret? Well, I would hate to spoil a 40 year old mystery. It's not really that difficult to guess. A number of people in the YouTube comments have suggested the answer I came up with. As Virginia Mills intimates in the video, look for a mundane explanation, rather than an exotic one. She also gives a huge clue in talking about Orffyreus' weighted wheel perpetual motion machine. The idea of falling weights adding impetus to a wheel is initially attractive until you remember that there is actually no net input of energy because the momentum of the wheel has to drag the weight upwards from a lower level on the way up. Without a source of energy it won't work.

But with a source of energy?

Email clients for GMail in Debian Bookworm

I've been using the Thunderbird email client in Debian Bookworm XFCE for a while, but it seems to have a bug causing it to use 50-60% of the CPU and 500-600MB of RAM constantly, so I thought I would try out the alternatives.

I tried Geary but that won't run without the Gnome online accounts service, so I tried Claws Mail. That can read emails from GMail with an application password, but cannot send emails by SMPT, [See correction below] I suspect because GMail is constantly imposing increasingly restrictive security requirements. Claws now supports OAuth2, Google's latest security hoop, but getting an authorisation code is a process intended for software developers and not users. I tried it at one point, but gave up when I was asked for my credit card details. It's a shame because Claws seems quite suited to the feel of XFCE.

Which left me with Evolution, actually my favourite email application in Gnome. It installs without bringing down a lot of Gnome stuff with it, and runs OK.  Unlike Thunderbird it only uses 300MB of RAM, and CPU usage at idle is 0-1%.

It's a shame only big projects can afford the cost of enabling OAuth2 login for users (for which Google apparently charges a fee). GMail users on XFCE really only have the option of using Evolution a the moment it seems. I would be nice is there was a more minimalist option like Geary is in Gnome. Claws could be that option, but at the moment it is crippled by Google's security restrictions.

 

Update: Correction, Claws can send emails with a GMail application password, just, for some reason, not to yourself, which is how I was testing it. LinuxQuestions.

I also managed to get it to work with OAuth2 (entirely by accident) without giving Google my credit card details. I will try to work out how it happened in a future post.

Folder retention policy in Thunderbird

I have a folder of promotional emails which I look at from time if I need some service parts for the car or a new cartridge for the printer because sometimes there are sales or discounts worth taking advantage of. In Thunderbird I set the retention policy to delete messages more than 30 days old, because obviously these offers expire after some time.

I checked the folder recently and found that all my emails were still there.

After quite a bit of checking and searching, I found that you have to run File/Compact Folders to make the policy active for the first time.

Red Hat Bugzilla

A feature not a bug, apparently.

 I entirely agree with Mike A. Harris' comment on the bug report.

I chose "File->Compact Folders" in 2.0.0.21 and it does not seem to work, however if I right click directly on the folder with a retention policy and choose the "Compact" option, it causes the folder to flush mail older than the retention timeframe. I'm not sure if thunderbird will auto-flush mail in that folder afterward or not, or if you have to constantly manually choose "compact".

Personally, I still consider this a bug because the majority of users who choose to set a retention policy of n days are neither informed that, nor are they likely to guess that they have to perform another action like "compact". So if it isn't considered a bug per se. then it definitely is a design flaw. Having said that, it probably belongs in the upstream bugzilla I guess. 

Hopefully thunderbird 3 has a more intuitive design that works like one would expect. :)

I checked my promotions folder again today, and it seems the retention policy is now in force, as emails older that 30 days have been deleted. As Mike pointed out, you need to right click the folder and choose the Compact option for the policy to work.

Action buttons in notify-send notifications

Search for "action button notify-send", and the first two results currently say "It seems notify-send can't do this", or "No, notify-send doesn't support the use of actions/buttons", which isn't true any more.

This action was added about a year ago.

gitlab.gnome.org

From the manual:

OPTIONS

       -A, --action=[NAME=]Text...
           Specifies the actions to display to the user. Implies --wait to
           wait for user input. May be set multiple times. The NAME of the
           action is output to stdout. If NAME is not specified, the numerical
           index of the option is used (starting with 1).

Action buttons return a specified output (or an output of 0, 1... if no output text is specified). If they are not clicked, output is null. Thus

--action=yes=Okay --action=no=Cancel

Returns "yes", "no" or null.

--action=Okay --action=Cancel

Returns "0", "1" or null.

Output can be redirected to a text file and used to run a command:

#!/bin/bash
notify-send --icon=system-software-update -w --action=yes="Click to update" "Updates available" > output.txt
action=$(cat output.txt)
if [ "$action" == "yes" ]; then
synaptic-pkexec
fi

or to a function:

#!/bin/bash
action=$(notify-send --icon=system-software-update -w --action=yes="Click to update" "Updates available")
if [ "$action" == "yes" ]; then
synaptic-pkexec
fi

which seems like a better way to do it.

To have the number of updates in Debian:

 #!/bin/bash
updates=$(aptitude search '~U' | wc -l)
action=$(notify-send --icon=system-software-update -w --action=yes="Click to update" "$updates Updates available")
if [ "$action" == "yes" ]; then
synaptic-pkexec
fi

This can be used in my update notification Genmon script for XFCE.

 

Update: If used with Genmon script, add the following to refresh the Genmon panel notification after the update:

if [ "$action" == "yes" ]; then
synaptic-pkexec && sleep 2 && xfce4-panel --plugin-event=genmon-<n>:refresh:bool:true
fi

Where <n> is the Genmon ID number obtained by hovering over the Genmon item item in Panel Preferences > Items.