If you're looking for an isolated and straightforward way to start contributing to KDE, you're in the right place. At KDE, we use fuzzing via oss-fuzz to try to ensure our libraries are robust against broken inputs. Here's how you can help us in this essential task.

What is Fuzzing?

Fuzzing involves feeding "random" [1] data into our code to check its robustness against invalid or unexpected inputs. This is crucial for ensuring the security and stability of applications that process data without direct user control.

Why is Fuzzing Important?

Imagine receiving an image via email, saving it to your disk, and opening it in Dolphin. This will make Dolphin create a thumbnail of the image. If the image is corrupted and our image plugin code isn't robust, the best-case scenario is that Dolphin crashes. In the worst case, it could lead to a security breach. Hence, fuzzing helps prevent such vulnerabilities.

How You Can Help:

We need to update the build of KDE libraries in oss-fuzz to use Qt6. This task could be challenging because it involves static compilation and ensuring the correct flags are passed for all compilation units.

Steps to Contribute:

1. Start with karchive Project
   

   • Download oss-fuzz and go into the karchive subfolder.
   • Update the Dockerfile to download Qt from the dev branch and KDE Frameworks from the master branch.

2. Update build.sh Script:

   • Modify the build.sh script to compile Qt6 (this will be harder since it involves moving from qmake to cmake) and KDE Frameworks 6.

3. Check karchive_fuzzer.cc:

   • This file might need updates, but they should be relatively easy.
   • At the top of karchive_fuzzer.cc, you'll find a comment with the three commands that oss-fuzz runs. Use these to test the image building, fuzzer building, and running processes.

Need Help?

If you have questions or need assistance, please contact me at aacid@kde.org or ping me on Matrix at @tsdgeos:kde.org

Note:

[1] Smart fuzzing engines don't generate purely random data. They use semi-random and semi-smart techniques to efficiently find issues in the code.

Today marks the release of  KDE Stopmotion 0.8.7!

About Stopmotion

Stopmotion is a Free Open Source application to create stop-motion animations. It helps you capture and edit the frames of your animation and export them as a single file.

Direct capture from webcams, MiniDV cameras, and DSLR cameras. It offers onion-skinning, import images from disk, and time lapse photography. Stopmotion supports multiple scenes, frame editing, basic sound track, animation playback at different frame rates, and GIMP integration for image. Movies can be exported to a file and to Cinelerra frame lists.

Technically, it is a C++ / Qt application with optional dependencies to camera capture libraries.

Changes in release 0.8.7

This release comes with no new features, but improvements to the project itself.

Changes

• The project is now officially called to KDE Stopmotion. The former name Linux Stopmotion is no longer used.
• Support for qmake has been removed. Use CMake instead.

Features

• Port serialization to libarchive. libtar is abandoned. (thanks to Bastian Germann)

Bugfixes

• The .sto files miss the tar trailer. (#16, thanks to Bastian Germann for providing a fix)

Improvements

• Use pkg-config to find dependencies vorbisfile and xml2 (thanks to Barak Pearlmutter)
• Remove code that relies on deprecations in Qt 5; this is a preparation to move to Qt 6.
  

Future plans

• Transition from Qt 5 to version 6. I am stuck with my port as QAudioDeviceInfo that was dropped in Qt 6. I need some help to port Stopmotion to the new way to handle audio with Qt 6 / Qt Mulimedia.
• We should integrate better to KDE's tech stack: Internationalization, using KDE libraries, update and reformat documentation.
  

Get involved!

If you are interested, give Stopmotion a try. Reach out to our mailing list stopmotion@kde.org or have a look into our project. Share your ideas or get involved!

I’m a heavy user of Firefox profiles. Apart from using different profiles for different activities, I also have a few extra profiles that all run in the Default activity.

This means that I need to have different icons shown in Plasma’s panel in order to be able to easily differentiate which profile a window belongs to.

Sure, I use the tasks applet which shows the window title instead of the icon-only one (I prefer usability to minimalism), but still, it isn’t enough as sometimes the active tab in a Firefox window might not have the most informative title.

Plasma seems to rely on the application name and the window class when choosing the icon it will show in the panel. Which means that, by default, all Firefox instances end up having the same icon.

Fortunately, Firefox allows you to specify the window class it should use through command line arguments.

firefox -P ProfileName --class WindowClassName

And, to connect a launcher to a specific window class, you just need to add the following line to the .desktop file:

StartupWMClass=WindowClassName

So, in order to have a nicely supported Firefox profile, you can create a launcher with a desktop file similar to the following:

[Desktop entry]
Exec=firefox -P SocialSites --class FirefoxSocialSites
Icon=user-available-symbolic
StartupWMClass=FirefoxSocialSites

It also works with Firefox derivatives such as Librewolf (which can be seen in the screenshot above) and others.

Wayland

For Wayland users, a comment by John Kizer might be useful:

On Wayland, I’ve ended up just using KWin Window Rules (based on a substring of the window title, and setting the desktop file name) in combination with .desktop files that launch Firefox to the site in question and have the desired icon associated.

EDIT: And another approach for Wayland by Christoph Martin:

There’s no need for messing around with window rules - at least not for Firefox.

If you use the –main flag instead of the –class flag for the Firefox invocation in your .desktop file, you should get the desired effect - at least in the Icons-Only Task Manager. Note that StartupWMClass still needs to match the value of the –main flag.

The above works on my machine, that is under Plasma 6.0.5 on the Fedora 40 KDE spin.

Credit: https://superuser.com/a/1784867

G2 posted some fun logos for Kate on reddit.

I think they are nice and flashy and well suited if you want to show your appreciation for Kate and like that art style and a good addition to our awesome icon and mascot.

Static Version

Animated Version

Licensing

G2 licensed these files under the CC BY-NC-SA 4.0. Feel free to share the stuff with this license and credit for G2.

Comments?

A matching thread for this can be found here on r/KDE.

Let’s go for my web review for the week 2024-23.

Alice in Wonderland: Simple Tasks Showing Complete Reasoning Breakdown in State-Of-the-Art Large Language Models

Tags: tech, ai, gpt, machine-learning, safety, research

Another cruel reminder that basic reasoning is not to be expected from LLMs. Here is a quote from the conclusion of the paper which makes it clear:

“We think that observations made in our study should serve as strong reminder that current SOTA LLMs are not capable of sound, consistent reasoning, as shown here by their breakdown on even such a simple task as the presented AIW problem, and enabling such reasoning is still subject of basic research. This should be also a strong warning against overblown claims for such models beyond being basic research artifacts to serve as problem solvers in various real world settings, which are often made by different commercial entities in attempt to position their models as a strong mature product for end-users. […] Observed breakdown of basic reasoning capabilities, coupled with such public claims (which are also based on standardized benchmarks), present an inherent safety problem. Models with insufficient basic reasoning are inherently unsafe, as they will produce wrong decisions in various important scenarios that do require intact reasoning.”

https://arxiv.org/abs/2406.02061

A critique of Cara.app: the ‘No AI’ Instagram and Artstation copycat child. - David Revoy

Tags: tech, social-media, art, criticism

Interesting critique of this new platform… it’s the beginning of the hype cycle but will probably exhibit the same decay phenomenon than other platforms.

https://www.davidrevoy.com/article1032/a-critique-of-caraapp-the-no-ai-instagram-and-artstation-copycat-child

Why are vulnerabilities out of control in 2024? – Open Source Security

Tags: tech, foss, security, data, data-science

The more releases out there the more vulnerabilities are (and could be) discovered. Some actions are necessary to get things under control properly.

https://opensourcesecurity.io/2024/06/03/why-are-vulnerabilities-out-of-control-in-2024/

Engineering for Slow Internet

Tags: tech, networking, reliability

A good reminder of everything which might go wrong when connectivity is bad. Most tools let you down in such a case.

https://brr.fyi/posts/engineering-for-slow-internet

Why do CPUs have multiple cache levels? | The ryg blog

Tags: tech, hardware, cpu

Very nice explanation and metaphors on how CPUs cache levels work.

https://fgiesen.wordpress.com/2016/08/07/why-do-cpus-have-multiple-cache-levels/

BenchExec: A Framework for Reliable Benchmarking and Resource Measurement

Tags: tech, benchmarking, tools

Looks like an interesting benchmarking tool. To keep an eye on.

https://github.com/sosy-lab/benchexec

TIL #099 – order values of dictionary by iterable of keys with operator.itemgetter | mathspp

Tags: tech, programming, python

Definitely a nice Python trick. Fairly elegant, I’ll try to remember it.

https://mathspp.com/blog/til/order-values-of-dictionary-by-iterable-of-keys-with-operator.itemgetter

Message authentication codes for safer distributed transactions

Tags: tech, filesystem, distributed, safety, cryptography

Interesting use of cryptography without a security concern. It’s more about safety and ensuring something wasn’t missed by mistake.

https://mazzo.li/posts/mac-distributed-tx.html

The state of Vulkan apps in 2024

Tags: tech, 3d, vulkan, portability

The difficult path for Vulkan. The data obviously is biased since it includes games and most of them are still targeting Windows and so DirectX. I’d be curious to see something similar excluding games (and so focusing on medical, industrial etc.).

https://www.carette.xyz/posts/state_of_vulkan_2024/

How I learned Vulkan and wrote a small game engine with it

Tags: tech, 3d, game, vulkan

Interesting dive into the experience of writing a small Vulkan engine (almost) from scratch.

https://edw.is/learning-vulkan/

How to Build Engineering Strategy

Tags: tech, management, strategy, vision

Packed with useful information. Clearly some things I’m eager to test in there.

https://blog.practicalengineering.management/how-to-build-engineering-strategy-42e464018177

xkcd: Earth Temperature Timeline

Tags: science, history, data-visualization

So yes, the climate changed before… now slowly scroll until the end to appreciate how brutal it is this time.

https://xkcd.com/1732/

Bye for now!

Edit 2024-07-13: applications for this position are closed.

KDE e.V., the non-profit organization supporting the KDE community, is looking for a proactive contractor to support and coordinate the KDE Goals process. The role involves providing project management, community engagement, event planning, and other needed services to help drive the success of KDE Goals. Please see the job ad for more details about this contracting opportunity.

We are looking forward to your application.

Every 2 to 3 years KDE selects 3 goals that the whole community can focus on for the coming years. For the past 2 years we have focused on improving the accessibility of our applications, worked to make our software more sustainable and automated and improved a lot of processes to make developing software in KDE smoother. To learn more about these goals check out the KDE Goals page. We will wrap up these goals at Akademy in Würzburg later this year.

It is now time to figure out what the next goals should be. We are starting this today by opening the floor for proposals. This means you (yes you!) can campaign for something you and others want to work on over the next 2 years and rally the KDE community behind it. To give you some inspiration you can have a look at the complete list of goals we’ve had in previous years.

How does it work?

You (and a small group of others) can submit a proposal by opening a ticket on this Phabricator board. Copy the template into a new ticket and explain your idea. The template gives you a few hints to help you create a meaningful proposal. This process is open until July 5th. (On July 5th we will start the refinement stage, where others can further help you improve the proposal.)

Some things to keep in mind

• The process is explicitly open to proposals from people who are not yet KDE contributors.
• The process is explicitly open to everyone, not just developers.
• We expect the champions of the goal to be the champions, not the only ones working on the goal. At the same time they will need to put in significant work to rally people around their goal.

What is different compared to previous editions?

We are tweaking the process a bit this time. If you’re familiar with the process from previous years here are the most important changes:

• We are moving from an individual champion to a small team of champions. Each goal should have someone who can carry the vision of the goal forward, someone who can technically steer it and someone to promote it. Other setups are possible where it makes sense for the particular goal but a goal needs a small team. Don’t have a team yet? That’s ok. Submit a proposal and say what you need. We will try to help find others to join.
• We are focusing the champion role more on driving the goal forward through others and less by doing all the work themselves.
• We will work with the goal champions on fundraising for specific projects that support their goal.

What’s the timeline?

• Starting today until July 5th: Propose goals and find team
• July 5th to August 15th: Refine proposals together with the community (identify issues, remove blockers, sharpen the proposal, …)
• August 15th to 31st: Voting on the proposed goals by active KDE contributors
• September 6/7th: Selected goals are announced at Akademy

Still got questions?

If you still have questions you can ask them in various places:

• In the office hour on June 14th at 7PM Berlin time. You can find the time in your timezone here. The meeting will happen on BigBlueButton.
• The KDE Goals matrix channel.
• The KDE Community mailing list.
• Reaching out to me directly.

Ruqola 2.2.0 is a feature and bugfix release of the Rocket.chat app.

Improvements:

• Allow to increase/decrease font (CTRL++/CTRL+-)
• Add channel list style (Condensed/Medium/Extended)
• Add forward message
• Improve mentions support.
• Add support for deep linking Deep Linking.
• Implement block actions.
• Implement personal token authentication. Bug 481400
• Add Plasma Activities Support
• Add Report User Support
• Implement Channel Sound Notification.
• Implement New Room Sound Notification.
• Implement Sorted/Unsorted markdown list.

Some bug fixing:

• Fix dark mode support.
• Fix jitsi support.Fix translate message in direct channel.
• Don't show @here/@all as user.
• Reduce memory footprint.
• Use RESTAPI for logging.
• Allow to send multi files.
• Fix preview url.

URL: https://download.kde.org/stable/ruqola/
Source: ruqola-2.2.0.tar.xz
SHA256: 4091126316ab0cd2d4a131facd3cd8fc8c659f348103b852db8b6d1fd4f164e2
Signed by: E0A3EB202F8E57528E13E72FD7574483BB57B18D Jonathan Esk-Riddell jr@jriddell.org
https://jriddell.org/esk-riddell.gpg

I was keeping myself on Plasma 5.x until recently. I got so accustomed to the Bismuth window tiling script for KWin that I couldn’t imagine myself updating to Plasma 6.x where Bismuth doesn’t work.

Unfortunately (?), one of the recent Debian updates broke Bismuth in Plasma 5.x as well, so I had nothing keeping me on the old version anymore. I’m now (again) running the development version of (most) KDE software.

Since the update, I managed to make the Qtile tiling window manager work with Plasma to some extent. But the integration between Qtile and Plasma I hacked was less than ideal, and I kept switching between KWin which worked perfectly, as KWin does, but without tiling, and my Frankenstein Qtile which didn’t work that well, but it had tiling.

Maybe I’ll write about it if I get back to hacking Qtile, but that might not happen any time soon because…

Krohnkite

Then I saw the news that the predecessor of Bismuth – the Krohnkite script has been ported to KWin 6 – see the announcement on reddit, github to get and review the code, and kde store for the package you can install.

Huge kudos to all who are involved in the rebirth, the script works as well as it did with KWin 5.

Window decoration

The only thing missing was the simple ‘just a line around the window’ window decoration that Bismuth had.

Now we have that as well, I’ve ported the original Bismuth window decoration to KWin 6 (nothing huge, just a few tiny changes to make it compile). The code, and the installation instructions are available on github.

Haruna version 1.1.2 is out.

You can get it now on flathub:

Availability of other package formats depends on your distro and the people who package Haruna.

Windows version:

• haruna-1.1.2-windows-gcc-x86_64.exe
• haruna-1.1.2-windows-gcc-x86_64.7z
• haruna-1.1.2-windows-gcc-x86_64-dbg.7z

If you like Haruna then support its development: GitHub Sponsors | Liberapay | PayPal

Feature requests and bugs should be posted on bugs.kde.org, but for bugs make sure to fill in the template and provide as much information as possible.

Changelog:

1.1.2

Bugfixes:

• Disabled track selection menus and buttons when there are no tracks to be selected
• Fixed custom command toggling
• Re-added "Scroll to playing item" and "Trash file" options to playlist context menu, lost during Qt6 port
• Fixed some mpv properties not being correctly set at startup
• Fixed video rendering on Windows