Debian: Try It; You’ll Like It (Part 6)

(The updated version of this series can be found here (gone).)

The Chromium extensions we installed do several things. Ghostery and Adblock work together to block the worst advertising. Ghostery may need some fine-tuning so you can use certain features on some sites — posting comments, for example. Or perhaps you have a WordPress blog; Ghostery blocks your Gravatar icons by default. You can learn how to turn off blocking for whatever you like. Adblock allows you the option of picking out something you don’t like and adding it to your private list for blocking. You can block things specific to each website or for every website. It does require a bit of study to use it correctly, but it’s worth the time. Take a look at the configuration options that display when you click those icons in your browser’s window frame.

Click & Clean does something similar to Bleachbit, but does it while your browser is still open. Some websites are notorious for ignoring the protocols and rules about tracking, and a few outright lie about what they do. After visiting some websites, you need to run Click & Clean as soon as you leave. That would be most major news media outlets, anything that pretends to be like a magazine (ZDNet, Ars Technica, Wired, etc.) and especially social media sites like Facebook. If you log into such sites, always log out to leave it and always run Click & Clean after you close that tab in your browser or go to another page. Once you have set the options you want deleted, you can simply click the icon, then select “Clear private data.”

In recent months the concept of encryption has made the technology news quite often. The idea is to prevent outside parties reading some portion of what you send and receive over the Internet. Some of this is built into your browser, encrypting your “session” — the collected interactions you have with a particular website at one time. That would be especially important if you do any of your banking online. By default, Chrome/Chromium does not encrypt your passwords for you, so you shouldn’t allow the browser to store them directly. However, you can get Chromium to interact with an encrypted “key server” running on your own computer.

The basic software is already installed by default on virtually every Linux computer, Debian included. It’s called GnuPG (GNU Privacy Guard) or simply “gpg” for short. It’s a CLI program by default and takes some effort to learn. However, you can install a graphical front end that gives you some control over how it acts, and adds a few components behind the scenes that you can link up with Chromium. The package is called seahorse and you can install that now if you plan to use it. We’ve already covered installing packages. Often, once installed you will need to reboot your computer to make it run properly.

Once you have logged back into your user account and on the desktop again, the server is already running in the background. You probably don’t even need to interact with seahorse directly. Logging into your account should log you into the key server, as well; it’s the same password by default.

Now we have to tell Chromium specifically to use this service. We need to change how Chromium is launched from the icons and menus. You may use any or all of these three, depending on your tastes and how you do things.

1. Create a desktop launcher: Right-click on the desktop background and choose “Create Launcher.” A small window pops up and you can choose the name that will display with the icon. A nifty feature here is that if you start typing “Chromium” the interface will offer to finish the job for you. A secondary line drops down from this input box and offers to create a Chromium launcher; click on that and let it fill in the blanks for you. No need to hunt down the icon or anything else. However, we need to change the “command” part. Click in that box and slide down to the right-hand end (i.e., try the END key). Hit the SPACE bar and add this text:

--password-store=gnome

It so happens seahorse is part of the GNOME desktop project, but it works fine on XFCE. Hit the “Save” button and close this dialog.

2. Change the launcher on the bottom panel: Get the bottom panel to pop up. If you have changed your default browser to Chromium, it will be associated with the icon that looks like a globe. Hover the mouse over it and the pop-up text will say something about default browser. Right-click and select “Properties.” In the window that opens up, along the right side, the last icon at the bottom allows you to edit the launcher. Click that and open another window that looks identical to the launcher configuration for the desktop. Use the same string of text and simply paste at the end of the “command” line.

3. Edit the XFCE main menu: This is a little more convoluted. Right click anywhere on the top panel and select “Panel >” to open another configuration submenu, from which you select “Panel Preferences.” This opens a configuration window that has multiple tabs. Select “Items” and see the list of what is installed to the panel. Select “Applications Menu” and click the next to last icon on the right side to open yet another configuration menu window labeled “Applications Menu.” Toward the bottom is a button that says “Edit Menu” — click that. It will take a moment for the menu editor to pop up. From the left side list window select “Internet.” The center column window should list what’s on the menu for that heading. One of them will be “Chromium Web Browser.” On the far right select “Properties” and you’ll get the same launcher configuration window, so apply the same change. (This is not possible on Debian Wheezy. Turns out you’d have to hunt down something not offered by Debian and it’s not simple to install.)

From now on, when you start Chromium from any launcher, it will automatically connect to the seahorse key server and store your passwords there. Now you can go back and change the configuration in Chromium under “Settings” in the menu and enable saving passwords. This same method works with the commercial Google Chrome browser, but because of how Google builds it, you may experience somewhat buggy behavior. That is, it might not always load the passwords from seahorse for some unknown reason. Chromium tends to be more consistent on this.

Seahorse always works for encrypting files and even email. There are several good tutorials covering this and we have no need to duplicate that here. Try this one for general instructions.

There is one small item we need to fix before this is all done. Because of some peculiar defaults in the way these things are packaged, we need to change the way the key server is configured. In Unix Land, this sort of thing isn’t stored in some arcane database, but simple text files. We are going to change one of those text files so that this key server made for GNOME recognizes XFCE as a proper environment in which to run. You’ll need to open that terminal window again. This time we’ll also raise our authority level to root by using the su command:

su root

After you hit enter, you’ll be told to enter root’s password, but you’ll be typing blindly. This prevents anyone looking over your shoulder from seeing that password so easily. Once you succeed in claiming root authority, I’m going to ask you to scrape the following text with your mouse/pointer and then mouse-paste it into your root terminal session; it’s all one line.

sed -i.bak 's/OnlyShowIn=GNOME;Unity;/OnlyShowIn=GNOME;Unity;XFCE;/g' /etc/xdg/autostart/gnome-keyring-*.desktop

Very often you’ll go looking online for instructions to fix something and it will be delivered in just that way. Some complex commandline instructions to the system that you need to copy very precisely must be pasted in as root. In essence what this does is changes a handful of configuration files so that they all say that the GNOME key server can run on XFCE. Now type in exit twice; once to surrender to root credentials and a second time to close the window.

Important note: Almost everything you could possibly need to know about running Debian is already posted somewhere on the Internet. There are no secrets, but some issues are rather obscure. You will need to take the time to learn how to use your favorite search engine to find that information. The Debian user community is one of the largest of all the various development branches of Linux. A considerable amount is provided by the Debian project itself, but is often terse and assumes a higher level of knowledge than most newbies bring to the task. It’s worth the investment to learn the Debian approach to things.

In the next lesson we will cover peculiar hardware driver issues the Debian Way.

This entry was posted in Uncategorized and tagged , , , , , . Bookmark the permalink.