Keep system clock up to date in XFCE

There's no GUI in XFCE to synchronise the system with a time server, and synchronisation doesn't happen by default, but the installing the Debian NTP (Network Time Protocol) package will cause the system clock to be kept up do date.

Check system time before and after with the excellent time.is website.

Time in United Kingdom:

Cleaning a Compaq Presario 900 laptop fan

This laptop is ten years old now, so there can't be too many about, but if you do have one, here's how to clean it.

Not by taking out every screw on the bottom of the laptop, which is what I tried. Just take out the two screws in the back behind the multimedia keys panel and gently pop it out, then the keyboard will lift up to reveal the fan.

Or I should say fans, because there are actually two. There's one conventional fan which blows air through a grill connected to the heat sink, and another small circular propeller-type fan in the back on the right whose purpose was not clear to me.

The heat sink grill was not especially dirty considering it hadn't been cleaned in ten years, but enough to restrict air flow.

It's surprising considering the fact that  laptop fans need regular cleaning how difficult they can be to access, especially when you don't know what you're doing.

With a nice clean fan, the laptop runs Debian Linux just fine, even if it is ten years old. Dig out that old laptop, clean it up and give Linux a spin!

Esoteric mouse pointer issues in XFCE

I rather like the DMZ Black mouse pointer theme, even though it is very similar to the Adwaita theme, which comes installed on Debian Wheezy XFCE. In the optimistic hope that there may be a handful of people among the billions that inhabit the Earth who share the same taste, I'm going to describe a problem and document the solution I found.

After installing the DMZ theme from the Debian repository and choosing DMZ Black in settings, the mouse pointer appears black over some applications and white over others.

The solution is to look in /usr/share/icons/default and edit index.theme:

[Icon Theme] 
Inherits=DMZ-Black

As described here.

Liferea dark panel icons

I found some really good monochrome panel icons for Liferea a while ago, but after a recent reinstall, I couldn't remember where, so I made some of my own.

If anybody recognises the icons, please let me know where I found them originally, so I can give credit to the designer.

Meanwhile, here are my icons for anybody who want to use them, and for me if I lose them again.

(Panel icons are elementary-xfce-dark).

Edit: Copy the icons to /usr/share/liferea/pixamps.

Happy birthday Debian!

 
Debian is 20 on Friday.

Many happy returns!

(Cake from Clker.com)

Android adware

Zscaler ThreatLab has a interesting report on adware in Android, and the discrepancy in detection rates between AV companies.

Google has plenty of incentive to allow apps with aggressive advertising practices. AV vendors on the other hand have no such incentive but are instead under pressure to show that they are adding value by identifying malicious/suspicious/unwanted content. As such, there is a big gap between Google and AV vendors when it comes to adware. Ultimately, end users are stuck in the middle as they are left to decide if they will keep or delete the apps being flagged.

Zscaler reference Lookout in creating a definition of unacceptable behaviour in adware:

• Harvests excessive personally identifiable information
• Performs unexpected actions in response to ad clicks without appropriate user consent (appropriate user consent entails providing a clear alert in the application that the user can accept or decline before any behavior takes place)
• Collects IMEI numbers, UDIDs or MAC addresses
• Initiating phone calls and SMS messages
• Changing wallpaper and ringtones
• Leaks location information
• Leaks email addresses
• Leaks personal information such as contacts, birthdays, calendar appointments, etc

At the moment, as the Zscaler report highlights, Google may be allowing apps that exhibit unacceptable behaviour on Google Play, but AV companies are not consistent in their definition of what constitutes unacceptable behaviour, and it is left to the user to make a decision about what to install.

In relevant other news, Google has acquired VirusTotal, which, coincidentally or not, is now available as an Android app, so the paranoid Android user may check to see if any AV company detects their apps as adware or other malware.

Hat tip: GOT2.ME

Tor browser served malware

The Tor browser (part of the Tor Browser Bundle) has been served malware on a compromised website as the result of a security vulnerability in the browser, a version of Firefox. US security services are allegedly responsible for the malware, which reports the user's IP address to a third party. The suggestion is that security services are trying to identify child pornography users.

Foss Force has the story, and repeats a claim made on eWeek that the browser in the Tor Browser Bundle was left insecure for weeks. The Tor blog rejects this claim, arguing that a security update was available.

To me it seems that Tor is correct here: only users who had not updated to the secure version were vulnerable. The Tor Browser Bundle had a warning on its start page advising users to get the security upgrade.

My own interest in the Tor network, I should point out, is the evasion of internet restrictions placed on users by countries which do not respect freedom of speech and information. I recently used it to evade a block on Blogger by the country I was staying in, a petty and profoundly undemocratic action, which I felt no compunction about evading. However, out of respect for my host nation, I won't reveal which country it was.