bing-daily@keithdriscoll.nyc: Initial submission

[keithdriscoll]

sets Bing image of the day as wallpaper, privacy-first via pea.pix, supports Cinnamon 5.x and 6.x

[github-actions]

Best-practices scanner

This is a regex-based check for API usage that can pose security, performance or
maintainability issues, or that may already be provided by Cinnamon. Having code flagged
by it doesn't automatically disqualify a pull request.

This check is not perfect will not replace a normal review.

---

Found 9 potential issue(s):

⚠️ sync_file_replace_contents

bing-daily@keithdriscoll.nyc/files/bing-daily@keithdriscoll.nyc/applet.js:341

file.replace_contents(bytes.get_data(), null, false,

Synchronous replace_contents() blocks the main loop.
Use replace_contents_async() instead.

bing-daily@keithdriscoll.nyc/files/bing-daily@keithdriscoll.nyc/applet.js:366

timerFile.replace_contents(timerBytes.get_data(), null, false,

Synchronous replace_contents() blocks the main loop.
Use replace_contents_async() instead.

⚠️ hardcoded_data_dir

bing-daily@keithdriscoll.nyc/files/bing-daily@keithdriscoll.nyc/applet.js:27

Gettext.bindtextdomain(UUID, GLib.get_home_dir() + "/.local/share/locale");

Avoid hardcoding .local/share in paths. Use GLib.get_user_data_dir() instead,
which respects the XDG_DATA_HOME environment variable.

⚠️ hardcoded_config_dir

bing-daily@keithdriscoll.nyc/files/bing-daily@keithdriscoll.nyc/applet.js:336

let configDir = GLib.get_home_dir() + '/.config/bing-daily';

Avoid hardcoding .config in paths. Use GLib.get_user_config_dir() instead,
which respects the XDG_CONFIG_HOME environment variable.

bing-daily@keithdriscoll.nyc/files/bing-daily@keithdriscoll.nyc/applet.js:363

let timerPath = GLib.get_home_dir() + '/.config/systemd/user/bing-daily.timer';

Avoid hardcoding .config in paths. Use GLib.get_user_config_dir() instead,
which respects the XDG_CONFIG_HOME environment variable.

ℹ️ shell_string_spawn

bing-daily@keithdriscoll.nyc/files/bing-daily@keithdriscoll.nyc/applet.js:370

GLib.spawn_command_line_async('systemctl --user daemon-reload');

Prefer argument vector spawn functions over shell command strings.
This is especially important when arguments include untrusted input (user data,
filenames, settings values, etc.) as shell strings are vulnerable to injection.
Static command strings are generally fine, but argv is always safer.
Use Util.spawn(["cmd", "arg1", "arg2"]) or Util.trySpawn() instead.

bing-daily@keithdriscoll.nyc/files/bing-daily@keithdriscoll.nyc/applet.js:372

GLib.spawn_command_line_async('systemctl --user enable --now bing-daily.timer');

Prefer argument vector spawn functions over shell command strings.
This is especially important when arguments include untrusted input (user data,
filenames, settings values, etc.) as shell strings are vulnerable to injection.
Static command strings are generally fine, but argv is always safer.
Use Util.spawn(["cmd", "arg1", "arg2"]) or Util.trySpawn() instead.

bing-daily@keithdriscoll.nyc/files/bing-daily@keithdriscoll.nyc/applet.js:374

GLib.spawn_command_line_async('systemctl --user disable --now bing-daily.timer');

Prefer argument vector spawn functions over shell command strings.
This is especially important when arguments include untrusted input (user data,
filenames, settings values, etc.) as shell strings are vulnerable to injection.
Static command strings are generally fine, but argv is always safer.
Use Util.spawn(["cmd", "arg1", "arg2"]) or Util.trySpawn() instead.

bing-daily@keithdriscoll.nyc/files/bing-daily@keithdriscoll.nyc/applet.js:399

GLib.spawn_command_line_async('systemctl --user disable --now bing-daily.timer');

Prefer argument vector spawn functions over shell command strings.
This is especially important when arguments include untrusted input (user data,
filenames, settings values, etc.) as shell strings are vulnerable to injection.
Static command strings are generally fine, but argv is always safer.
Use Util.spawn(["cmd", "arg1", "arg2"]) or Util.trySpawn() instead.

---

Automated pattern check.

[rcalixte]

This already exists? https://cinnamon-spices.linuxmint.com/applets/view/320

[keithdriscoll]

Thanks for the quick reply! They do solve the same problem, but the approach is different. Mine uses a Python subprocess instead of Soup (which avoids the Soup2/3 compatibility headache), routes through Peapix instead of bing.com (I build privacy first apps), and adds history navigation with selectable cache size, a systemd timer, region selection including global, and a settings panel. None of those exist in the other applet.

Happy to walk through the differences in more detail if that would help.

[fredcw]

How is this a privacy issue? Microsoft can log your IP address but then so can every site you visit on the internet including peapix.com.

Edit: What's the advantage of a systemd timer, it seems like overkill to me. The GLib.get_user_config_dir() + '/systemd/user/bing-daily.timer'; file is left behind after the applet is removed as well right?

[keithdriscoll]

Good points. let me address each one...

On privacy:

You're right that IP logging happens everywhere. The distinction here is that the Bing endpoint (/HPImageArchive.aspx) is part of a Microsoft‑controlled API surface that includes telemetry, region personalization, and fingerprinting parameters. Microsoft’s own privacy policy states that API requests can be used for telemetry and service improvement.

My goal is simply data minimization: if there’s a stateless mirror (Peapix) with no cookies, no telemetry, and no personalization, I prefer routing through that instead of sending unnecessary requests to Microsoft.

On systemd:

The alternative inside an applet is a GLib polling loop firing every few minutes indefinitely, even when nothing needs to happen. Systemd gives deterministic scheduling, survives Cinnamon restarts, handles missed runs via Persistent=true, and is the standard Linux mechanism for background timers.

It’s not required, but it’s the more reliable tool for a once‑per‑day task.

On leftover files:

Good catch! you're right. I’ll add cleanup for the .service and .timer files in on_applet_removed_from_panel so nothing is left behind.