In my last post, I made a solemn vow to not touch Kapsule for a week. Focus on the day job. Be a responsible adult.
Success level: medium.
I did get significantly more day-job work done than the previous week, so partial credit there. But my wife's mother and sister are visiting from Japan, and they're really into horror movies. I am not. So while they were watching people get chased through dark corridors by things with too many teeth, I was in the other room hacking on container pipelines with zero guilt. Sometimes the stars just align.
Here's what came out of that guilt-free hack time.
The two Konsole merge requests from the last post—!1178 (containers in the New Tab menu) and !1179 (container association with profiles)—are merged. They're in Konsole now. Shipped.
Building on that foundation, I've got two more MRs up:
!1182 adds the KapsuleDetector—the piece that actually wires Kapsule into Konsole's container framework. It uses libkapsule-qt to list containers over D-Bus and OSC 777 escape sequences for in-session detection, following the same pattern as the existing Toolbox and Distrobox detectors. It also handles default containers: even if you haven't created any containers yet, the distro-configured default shows up in the menu so you can get into a dev environment in one click.
!1183 is a small quality-of-life addition: when containers are present, a Host section appears at the top of the container menu showing your machine's hostname. Click it, and you get a plain host terminal. This matters because once you set a container as your default, you need a way to get back to the host without going through settings. Obvious in hindsight.
The OSC 777 side of this lives in Kapsule itself—kapsule enter now emits container;push / container;pop escape sequences so Konsole knows when you've entered or left a container. This is how the tab title and container indicator stay in sync.
Four merge requests across two repos (Konsole and Kapsule) to get from "Konsole doesn't know Kapsule exists" to "your containers are in the New Tab menu and your terminal knows when you're inside one." Not bad for horror movie time.
In the last post, I talked about making filesystem mounts configurable—turning the trust model into a dial rather than a switch. That's shipped now.
--no-mount-home does what it says—your home directory stays on the host, the container gets its own. --custom-mounts lets you selectively share specific directories. And --no-host-rootfs goes further, removing the full host filesystem mount entirely and providing only the targeted socket mounts needed for Wayland, audio, and display to work.
The use case I had in mind was sandboxing AI coding agents and other tools you don't fully trust with your home directory. But it's also useful for just keeping things clean—some containers don't need to see your host files at all.
Here's a screenshot of Firefox running in a Kapsule container on KDE Linux, installed via Snap:
I expected this one to be a multi-day ordeal. It wasn't.
Snap apps—like Firefox on Ubuntu—run in their own mount namespace, and snap-update-ns can't follow symlinks that point into /.kapsule/host/. So our Wayland, PipeWire, PulseAudio, and X11 socket symlinks were invisible to anything running under Snap, resulting in helpful errors like "Failed to connect to Wayland display."
The fix was straightforward: replace all those symlinks with bind mounts via nsenter. Bind mounts make the sockets appear as real files in the container's filesystem, so Snap's mount namespace setup handles them correctly. That was basically it.
While I was in there, I batched all the mount operations into a single nsenter call instead of running separate incus exec invocations per socket. That brought the mount setup from "noticeably slow" to "instant"—roughly 10-20x faster on a cold cache. And the mount state is now cached per container, so subsequent kapsule enter calls skip the work entirely.
This one's interesting both technically and in terms of where it's going.
Kapsule containers are privileged by design—that's what lets us do nesting, host networking, and all the other things that make them feel like real development environments. The problem is that upstream Incus and LXC both reject their NVIDIA runtime integration on privileged containers. The upstream LXC hook expects user-namespace UID/GID remapping, and the default codepath wants to manage cgroups for device isolation. Neither applies to our containers.
So I wrote a custom LXC mount hook that runs nvidia-container-cli directly with --no-cgroups (privileged containers have unrestricted device access anyway) and --no-devbind (Incus's GPU device type already passes the device nodes through). This leaves nvidia-container-cli with exactly one job: bind-mount the host's NVIDIA userspace libraries into the container rootfs so CUDA, OpenGL, and Vulkan work without the container image shipping its own driver stack.
There's a catch, though. On Arch Linux, the injected NVIDIA libraries conflict with mesa packages. The container's package manager thinks mesa owns those files, and now there are mystery bind-mounts shadowing them. It works, but it's ugly and will cause problems during package updates. I hit this on Arch first, but I'd be surprised if other distros don't have the same issue—any distro where mesa owns those library paths is going to complain.
So NVIDIA support is disabled by default for now. The plan: build Kapsule-specific container images that ship stub packages for the conflicting files, and have images opt-in to NVIDIA driver injection via metadata. Two independent flags control the behavior: --no-gpu disables device passthrough entirely (still on by default), and --nvidia-drivers enables the driver injection.
The biggest behind-the-scenes change in v0.2.1 is the complete restructuring of container creation. The old container_service.py was a 1,265-line monolith that did everything sequentially in one massive function. It's gone now.
In its place is a decorator-based pipeline system. Container creation is a series of composable steps, each a standalone async function that handles one concern:
Pre-creation: validate → parse image → build config → store options → build devices Incus API call: create instance Post-creation: host network fixups → file capabilities → session mode User setup: mount home → create account → configure sudo → custom mounts → host dirs → enable linger → mark mapped
Each step is registered with an explicit order number and gaps of 100 between steps, so inserting new functionality doesn't require renumbering everything. The decorator handles sorting by priority with stable tie-breaking, so import order doesn't matter.
This pattern worked well enough that I plan to extend it to other large operations—delete, start, stop—as they accumulate their own pre/post logic.
On the same theme of "define it once, use it everywhere": container creation options are now defined in a single Python schema that serves as the source of truth for the daemon's validation, the D-Bus interface (which now uses a{sv} variant dicts, so adding an option never changes the method signature), and the C++ CLI's flag generation. Add a new option in Python, recompile the CLI, and you've got a --flag with help text and type validation. Zero manual C++ work.
The long-term plan is to use this same schema to dynamically generate the graphical UI in a future KCM. Define the option once, get the CLI flag, the D-Bus parameter, the daemon validation, and the Settings page widget—all from the same schema.
Marie Ramlow (@meowrie) submitted a fix for PATH handling on NixOS—the first external contribution to Kapsule. I don't have a NixOS setup to test it on, so this one's on trust. That's open source for you: someone shows up, fixes a problem you can't even reproduce, and you merge it with gratitude and a prayer.
The integration test suite grew substantially. New tests cover host mount modes, custom mount options, OSC 777 escape sequence emission, and socket passthrough. The test runner now does two full passes—once with the default full-rootfs mount and once with --no-host-rootfs—to verify both configurations work.
Bugs caught during testing that would have been embarrassing in production: a race condition in the Incus client where sequential device additions could clobber each other (the client wasn't waiting for PUT operations to complete), and Alpine containers failing because they don't ship /etc/sudoers.d by default.
I finally built out the CI/CD pipelines. They use the same kde-linux-builder image that builds KDE Linux itself—mainly because it's one of the few CI images with sudo access enabled, which we need for Incus operations.
The good news: the pipeline successfully builds the entire project, packages it into a sysext, deploys it to a VM, and runs the integration tests. That whole chain works. I was pretty pleased with myself for about ten minutes.
The bad news: when the first test tries to actually create a container, the entire CI job dies. Not "the test fails." Not "the runner reports an error." The whole thing just... stops. No exit code, no error message, no logs after that point. Nothing.
I'm fairly sure it's causing a kernel panic in the CI runner's VM. Which is, you know, not great.
Debugging this has been miserable. I can't get any logs after the panic because there are no logs—the kernel is gone. I tried adding debug prints before each step in the container creation pipeline to isolate exactly where it dies. The prints don't come through either, probably because of output buffering, or maybe the runner agent doesn't get a chance to stream the output to GitLab before the entire VM goes down.
The weird part: it's not a nested virtualization issue. Regular Incus works fine on the same runner—you can create containers interactively, no problem. And it doesn't reproduce on KDE Linux at all. Something about the specific combination of the CI environment and Kapsule's container creation path is triggering it, and I have no way to see what.
I've shelved this for now. The pipeline is there, the build and deploy stages work, and the tests would work if the runner didn't kernel panic when Kapsule tries to create a container. If anyone reading this has ideas, I'm all ears.
The biggest item on my plate is custom container images. Right now, Kapsule uses stock distribution images from the Incus image server. They work, but they're not optimized for our use case—things like the NVIDIA stub packages I mentioned above need to live somewhere, and "just install them at container creation time" adds latency and fragility.
Incus uses distrobuilder for image creation, so the plan is straightforward: image definitions live in a directory in the Kapsule repo, a CI pipeline invokes distrobuilder to build them, and the images get published to a server.
The "published to a server" part is where it gets political. I talked to Ben Cooksley about hosting Kapsule images on KDE infrastructure, and he's—understandably—not yet convinced that Kapsule needs its own image server. It's a fair pushback. This is all still experimental, and spinning up image hosting infrastructure for a project that might change direction is a reasonable thing to be cautious about.
So for now, I'll host the images on my own server. They probably won't be the default, since the server is in the US and download speeds won't be great for everyone. But they'll be available for testing and for anyone who wants the NVIDIA integration or other Kapsule-specific tweaks. I'll bug Ben again when the image story is more fleshed out and there's a clearer case for why KDE infrastructure should host them.
Beyond that: get the Konsole MRs (!1182 and !1183) reviewed and merged, and figure out why CI kills the kernel. The usual.
Plasma 6.6 makes your life as easy as possible, without sacrificing the flexibility or features that have made Plasma the most versatile desktop in the known universe.
With that in mind, we’ve improved Plasma’s usability and accessibility, and added practical new features into the mix.
Check out what’s new and how to use it in our (mostly) visual guide below:
Enjoy this new and improved on-screen keyboard
Extract text from screenshots in Spectacle
Set up a user account after the operating system has been installed
Those who like tailoring the look and feel of their environment can now turn their current setup into a new global theme! This custom global theme can be used for the day and night theme switching feature.
A more subtle way of modifying the look of your apps is by changing the color intensity of every frame:
Choose emoji (Meta+.) skin tones more easily with a new skin tone selector:
A major focus of Plasma 6.6 has been speeding up common workflows. So if the system has a camera, you can quickly connect to a new Wi-Fi network simply by scanning its QR code:
Hover the pointer over any app’s icon playing sound in the task manager, and scroll to adjust its volume:
And save yourself a click by enabling Open on hover in your Windows List widget. You can also filter out windows not on the current desktop or activity:
Hold down the Alt key and double-click on a file or folder on the desktop to bring up its properties:
To help everyone use and enjoy Plasma, we’ve improved accessibility across the board.
If you have colorblindness, check out the filters on System Settings’ Accessibility page, under Color Blindness Correction. Plasma 6.6. adds a new grayscale filter, bringing the total to four filters that account for different kinds of colorblindness:
Still in the area of enhancements for the visually impaired, our Zoom and Magnifier feature has gained a new tracking mode that always keeps the pointer centered on the screen, bringing the total to four modes:
In addition, we added support for “Slow Keys” on Wayland, and the standardized “Reduced Motion” accessibility setting.
Speaking of accessibility, Spectacle can now recognize and extract text from images it scans. Among other use cases, this makes it easy to write alt texts for visually-impaired users:
You can also filter windows out of a screencast by choosing a special option from the pop-up menu that appears when right-clicking a window’s title bar:
Plasma 6.6 also features a new on-screen keyboard! Say hello to the brand-new Plasma Keyboard:
Plasma Setup is the new first-run wizard for Plasma, and creates and configures user accounts separately from the installation process.
With Plasma Setup, the technical steps of operating system installation and disk partitioning can be handled separately from user-facing steps like setting up an account, connecting to a network, and so on. This facilitates important use cases such as:
Plasma 6.6 is overflowing with goodies, including:
To see the full list of changes, check out the complete changelog for Plasma 6.6.
In September, we lost our good friend Björn Balazs to cancer.
An active and passionate contributor, Björn was still holding meetings for his Privact project from bed even while seriously ill during Akademy 2025.
Björn’s drive to help people achieve the privacy and control over technology that he believed they deserved is the stuff FLOSS legends are made of.
Björn, you are sorely missed and this release is dedicated to you.
Here is an overview on the new features added to the Quick3D.Particles module for Qt 6.10 and 6.11. The goal was to support effects that look like they are interacting with the scene and to do this without expensive simulations/calculations. Specifically we'll be using rain effect as an example when going trough the new features.
Tellico 4.2 is available, with some improvements and bug fixes. This release now requires Qt6 (> 6.5) as well as KDE Frameworks 6. One notable behavior change is that when images are removed from the collection, the image files themselves are also removed from the collection data folder.
Users have provided substantial feedback in a number of areas to the mailing list recently, which is tremendously appreciated. I’m always glad to hear how Tellico is useful and how it can be better. Back up those data files!
Game AI engines, particularly those using tree search algorithms like alpha-beta pruning and MTD(f), are computationally intensive. As modern devices from desktops to mobile phones feature multi-core processors, parallelizing these algorithms has become essential for creating stronger AI opponents without sacrificing response time.
This blog explores various parallelization libraries and threading models suitable for game AI that I'm exploring to integrate with KDE's Mancala Engine, with a focus on cross platform compatibility and mobile architecture considerations.
Tree search algorithms like alpha-beta pruning are inherently sequential due to their dependency on pruning decisions. However, several parallelization strategies exist:
Each approach has trade-offs between speedup efficiency, implementation complexity, and scalability.
Overview: Native C++11+ threading support with no external dependencies.
Pros:
Cons:
Mobile Considerations:
Best For: Simple parallelization patterns, root parallelization, projects wanting minimal dependencies
Overview: Compiler-based parallelization using pragmas. Supported by GCC, Clang, MSVC, and ICC.
Pros:
toscalix
@lasath:bromansion.com
#pragma omp parallel for)Cons:
Mobile Considerations:
Best For: Quick parallelization wins, data-parallel loops, prototyping
Overview: High-level C++ template library for parallel programming, now open-source as oneTBB.
Pros:
Cons:
Mobile Considerations:
Best For: Complex parallelization patterns, production code, scalable performance
Overview: Standard library parallel algorithm execution policies.
Pros:
Cons:
Mobile Considerations:
Best For: Modern codebases, simple parallel transformations
Overview: Qt framework's high-level threading API.
Pros:
Cons:
Mobile Considerations:
Best For: KDE/Qt projects, applications already using Qt
Overview: Modern C++ parallel task programming library with a focus on task graphs.
Pros:
Cons:
Mobile Considerations:
Best For: Complex task dependencies, modern C++ projects
Overview: Improved threading primitives in C++20.
Pros:
Cons:
Mobile Considerations:
Best For: New projects targeting C++20+
The combination of modern C++ threading primitives and careful mobile optimization will create a significantly stronger AI opponent while maintaining good battery life and thermal characteristics.
So, while working with caching and scrapping, I understood the difference between immutable and mutable objects/datatypes very clearly. I had a scenario, where I am webscraping an API, the code looks like this.
soumyatheman
GSoCfrom aiocache import cached
@cached(ttl=7200)
async def get_forecast(station_id: str) -> list[dict]:
data: dict = await scrape_weather(station_id)
# doing some operation
return forecasts
and then using this utility tool in the endpoint.
async def get_forecast_by_city(
param: Annotated[StationIDQuery, Query()],
) -> list[UpcomingForecast]:
forecasts_dict: list[dict] = await get_forecast(param.station_id)
forecasts_dict.reversed()
forecasts: deque[UpcomingForecast] = deque([])
for forecast in forecasts_dict:
date_delta: int = (
date.fromisoformat(forecast["forecast_date"]) - date.today()
).days
if date_delta <= 0:
break
forecasts.appendleft(UpcomingForecast.model_validate(forecast))
return list(forecasts)
But, here is the gotcha, something I was doing inherently wrong. Lists in python are mutable objects. So, reversing the list modifies the list in place, without creating a new reference of the list. My initial approach was to do this
Welcome to a new issue of This Week in Plasma!
This week we put the finishing touches on Plasma 6.6! It’s due to be released in just a few days and it’s a great release with tons of impactful features, UI improvements, and bug fixes. I hope everyone loves it!
Meanwhile, check out what folks were up to this week:
Moved System Settings’ “Remote Desktop” page to the “Security & Privacy” group in System Settings. (Nate Graham, krdp MR #139)
Improved the way loop devices are handled in the Disks & Devices widget. (Bogdan Onofriichuk, plasma-workspace MR #6260)
Reduced visual jagginess in the split image effect of wallpaper previews that show both a light and dark version. (Fushan Wen, plasma-workspace MR #6283)
The Kicker Application Menu widget now supports using a non-square icon for its panel button, just like Kickoff does. (Christoph Wolk, plasma-desktop MR #3522)
Added a dedicated global action for un-tiling a quick-tiled window. It doesn’t have a keyboard shortcut by default, but you can assign one yourself. (Kevin Azzam, KDE Bugzilla #500636)
Videos in SDDM login screen themes can now be previewed in System Settings. (Blue Terracotta, sddm-kcm MR #99)
Improved the appearance of various dialogs created by KWin. Read more here! (Kai Uwe Broulik, kwin MR #8702)
You can now configure how long it takes the window switcher to appear after you start holding down Alt+Tab. (Guilherme Soares, KDE Bugzilla #486389)
In Kirigami-based apps, hovering the pointer over buttons that can be triggered with keyboard shortcuts now shows the shortcuts. (Joshua Goins, kirigami MR #2040)
Setting up a Samba share for one of your folders so people can connect to it over the network now turns on the Samba service (on systemd-based distros) if needed. This completes the project to make Samba sharing relatively painless! (Thomas Duckworth, KDE Bugzilla #466787)
Monitor names shown in the Brightness & Color widget now update as expected if you connect or disconnect them while the system is asleep. (Xaver Hugl, KDE Bugzilla #495223)
Fixed multiple issues that caused custom-tiled windows on screens that you disconnect to move to the wrong places on any of the remaining screens. (Xaver Hugl, kwin MR #7999)
Hardened KWin a bit against crashing when the graphics driver resets unexpectedly. (Vlad Zahorodnii, kwin MR #8769)
Fixed a case where Plasma could crash when used with the i3 tiling window manager. (Tobias Fella, KDE Bugzilla #511428)
Fixed a potential “division by 0” issue in system monitoring widgets and apps that messed up the display percentage of Swap sensors on systems with no swap space. (Kartikeya Tyagi, libksysguard MR #462)
Worked around a Wayland bug (yes, an actual Wayland bug — as in, a bug in one of its protocol definitions!) related to input method key repeat. Why work around the bug instead of fixing it? Because it’s already fixed in a newer version of the protocol, but KWin needs to handle apps that use the old version, too. (Xuetian Weng, kwin MR #8700)
Unified the appearance of HDR content in full-screen windows and windowed windows. (Xaver Hugl, KDE Bugzilla #513895)
Fixed a layout glitch in the System Tray caused by widgets that include line breaks (i.e. \n characters) in their names. (Christoph Wolk, KDE Bugzilla #515699)
The Web Browser widget no longer incorrectly claims that every page you visit tried to open a pop-up window. (Christoph Wolk, kdeplasma-addons MR #1003)
Fixed a layout glitch in the Quick Launch widget’s popup. (Christoph Wolk, kdeplasma-addons MR #1004)
You can now launch an app in your launcher widget’s favorites list right after overriding its .desktop file; no restart of plasmashell is required anymore. (Alexey Rochev, KDE Bugzilla #512332)
Fixed an issue that made inactive windows dragged from their titlebars get raised even when explicitly configured not to raise in this case. (Vlad Zahorodnii, KDE Bugzilla #508151)
When a battery-powered device is at a critically low power level, putting it to sleep and charging it to a normal level no longer makes it incorrectly run the “oh no, I’m critically low” action immediately after it wakes up. (Michael Spears, powerdevil MR #607)
The overall app ratings shown in Discover now match a simple average of the individual ratings. (Akseli Lahtinen, KDE Bugzilla #513139)
Searching for Activities using KRunner and KRunner-powered searches now works again. (Simone Checchia, KDE Bugzilla #513761
Worked around a Qt bug that caused extremely strange cache-related issues throughout Plasma and Kirigami-based apps that would randomly break certain components. (Tobias Fella, kirigami MR #2039)
Added support for setting custom modes for virtual screens. (Xaver Hugl, kwin MR #8766)
Added GPU temperature monitoring support for additional GPUs. (Barry Strong, ksystemstats MR #123)
Scrolling in scrollable views spawned by KWin (not Plasma, just KWin itself) no longer goes 8 times slower than it ought to. Thankfully there are very few such views, so almost nobody noticed the issue. However fixing it facilitates adding a “scroll to switch virtual desktops” feature to the Overview effect for Plasma 6.7! (Kai Uwe Broulik, kwin MR #8800)
Moving a file to the trash is now up to 50 times faster and more efficient. (Kai Uwe Broulik, kio MR #2147)
KDE has become important in the world, and your time and contributions have helped us get there. As we grow, we need your support to keep KDE sustainable.
Would you like to help put together this weekly report? Introduce yourself in the Matrix room and join the team!
Beyond that, you can help KDE by directly getting involved in any other projects. Donating time is actually more impactful than donating money. Each contributor makes a huge difference in KDE — you are not a number or a cog in a machine! You don’t have to be a programmer, either; many other opportunities exist.
You can also help out by making a donation! This helps cover operational costs, salaries, travel expenses for contributors, and in general just keep KDE bringing Free Software to the world.
Push a commit to the relevant merge request on invent.kde.org.
