This is the first blog post of my GSOC journey. I will be sharing my works and experiences here. Stay tuned for more updates. In this blog, I’ll be sharing my experiences of the first two weeks of GSOC, what are the works I did, what are challenges I faced and how did I overcome them ( Did I really overcome them :P ).

On my first week I tried to understand the codebase of discover first, via doing small changes. So, the first thing I added was a new way of verification of snap publishers which is officially supported by snapcraft. Snapcraft has two tiers of verification:

This is the release schedule the release team agreed on

  https://community.kde.org/Schedules/KDE_Gear_24.08_Schedule

Dependency freeze is in around 4 weeks (July 18) and feature freeze one
after that. Get your stuff ready!
 

Let’s go for my web review for the week 2024-24.

Microsoft Will Switch Off Recall by Default After Security Backlash

Tags: tech, microsoft, privacy

Unsurprisingly they had to adjust under the pressure. The most blatant issues might be gone, it is still a bad idea at its core.

https://www.wired.com/story/microsoft-recall-off-default-security-concerns/

AI chatbots are intruding into online communities where people are trying to connect with other humans

Tags: tech, ai, machine-learning, gpt, criticism, ethics

Chatbots can be useful in some cases… but definitely not when people expect to connect with other humans.

https://theconversation.com/ai-chatbots-are-intruding-into-online-communities-where-people-are-trying-to-connect-with-other-humans-229473

Malicious VSCode extensions with millions of installs discovered

Tags: tech, vscode, security, ide

How trustworthy are the extensions you get in your editor or IDE? I’d expect most marketplaces to not be well harmed against such attacks.

https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-with-millions-of-installs-discovered/

HTTP/3 needs us (and other people) to make firewall changes

Tags: tech, http, quic, firewall

Good reminder that firewalls need to be adjusted for proper HTTP/3 support.

https://utcc.utoronto.ca/~cks/space/blog/sysadmin/HTTP3AndOurFirewalls

HTTP/3 in curl mid 2024 | daniel.haxx.se

Tags: tech, http, quic

Interesting status report about HTTP/3 support in curl. Shows quite well the various alternatives and how special HTTP/3 can be.

https://daniel.haxx.se/blog/2024/06/10/http-3-in-curl-mid-2024/

What is PID 0? · blog.dave.tf

Tags: tech, unix, linux, kernel, system, processes

Interesting deep dive in where the PIDs seen in user space come from. And also yes, there is something matching PID 0 which can be traced back to early UNIX systems.

https://blog.dave.tf/post/linux-pid0/

Scan HTML faster with SIMD instructions: Chrome edition – Daniel Lemire’s blog

Tags: tech, cpu, performance, SIMD

SIMD keeps providing interesting performance boosts for parsing work loads.

https://lemire.me/blog/2024/06/08/scan-html-faster-with-simd-instructions-chrome-edition/

Rolling your own fast matrix multiplication: loop order and vectorization – Daniel Lemire’s blog

Tags: tech, c++, compiler, performance, matrix

The ordering used for matrix multiplications definitely matters.

https://lemire.me/blog/2024/06/13/rolling-your-own-fast-matrix-multiplication-loop-order-and-vectorization/

You’ll regret using natural keys

Tags: tech, databases, design

Good advice on designing your database tables. The comments are good too, they allow to complete the picture.

https://blog.ploeh.dk/2024/06/03/youll-regret-using-natural-keys/

Brain dump – Pagination for database objects

Tags: tech, backend, databases

The right and wrong approaches for paginating results coming from a database.

https://www.n16f.net/blog/pagination-for-database-objects/

Optimal SQLite settings for Django

Tags: tech, django, databases, sqlite

Little and to the point reference on safer SQLite use. I should check if some of this would apply or is used by Akonadi as well.

https://gcollazo.com/optimal-sqlite-settings-for-django/

the Gilbert–Johnson–Keerthi algorithm explained as simply as possible

Tags: tech, geometry, mathematics, algorithm

Need to know if two shapes overlap? Good explanation of an elegant algorithm to do it.

https://computerwebsite.net/writing/gjk

Feynman’s Razor - by Defender of the Basic

Tags: tech, documentation, communication, gui

Nice reminder that even though we try to make things simpler to understand to people, there is a point where we can go too far.

https://defenderofthebasic.substack.com/p/feynmans-razor

Foreword for Fuzz Testing Book

Tags: tech, fuzzing, tests, history

Ever wondered where fuzz testing is coming from? This is an important bit of history.

https://pages.cs.wisc.edu/~bart/fuzz/Foreword1.html

Post-Architecture: An Open Approach to Software Engineering

Tags: tech, software, architecture

Indeed this is not for any environment and projects. So take it with a grain of salt. That said, I think this piece has a core truth to it which is more general. Software architectures shouldn’t be considered as something fixed as soon as they are planned, they need to be validated through use and to be prepared to evolve over time as needed.

https://arendjr.nl/blog/2024/06/post-architecture/

Bye for now!

After three months, KDE’s Kirigami tutorial has been ported to Qt6.

In case you are unaware of what Kirigami is:

• Qt provides two GUI technologies to create desktop apps: QtWidgets and QtQuick
• QtWidgets uses only C++ while QtQuick uses QML (plus optional C++ and JavaScript)
• Kirigami is a library made by KDE that extends QtQuick and provides a lot of niceties and quality-of-life components

Strictly speaking there weren’t that many API changes to Kirigami. The most notable changes were:

Hi! It has been over two weeks since the coding period began. In this blog post, I will provide a brief summary of my work during the first two weeks.

After spending some time reviewing the code, I decided to start by refactoring the existing code related to ASS format subtitles. This has two main goals: first, to enable Kdenlive to read as much information as possible from ASS subtitles (specifically, the features supported by libass) and load it into the memory; and second, to ensure that Kdenlive can save all this information back to the file. Since SubtitleModel already contains a significant amount of code for ASS format subtitles, my work mainly involved refining and expanding upon this existing code while maintaining compatibility.

So far, I have accomplished the following:

• Added initial support for reading and saving embedded fonts in ASS subtitles
• Optimized the storage method for subtitle styles
• Migrated from V4Style to V4+Style

Tasks still to be completed:

• Modify m_subtitleList to accommodate more information.
• Write unit tests for each feature

Once these steps are completed, we will have more comprehensive support for ASS format subtitles, marking the end of this phase of the ASS code refactoring. The next focus will be on refactoring the functionality for modifying subtitle styles. These two parts will be my primary focus for the next two weeks. Stay tuned!

A strange fact recently came into my purview – many users and developers don’t know what Open Source is.

Some time ago, there was a controversy regarding the Floorp web browser (a fork of Firefox) going closed source.

The cause for this was that some company forked Floorp and made a browser based on it. I’ll not comment on the irony that the author of a fork of a project complained that someone forked his project.

Obviously, this triggered a storm of negative reactions on quite a few platforms where fans of Free Software / Open Source software hang out.

The developer responded that this is just temporary, and that the browser will soon be Open Source again. After a while, the repositories became public again and all was fine.

The developer said that Floorp is again Open Source, the angry mob said good, the Floorp browser is again Open Source. And every discussion about Floorp got a plethora of comments that people should stop complaining, that Floorp is Open Source, and that the previous situation was just a misunderstanding.

Open Source

The term Open Source is well defined at opensource.org.

Making the source code of a program publicly available is not enough for something to be Open Source. Having an army of people saying that something is Open Source, is not enough for something to be Open Source.

If a license that the code is published under doesn’t conform to the criteria published on opensource.org, a program is not Open Source. A program whose license contains the following sentence, is, by definition, not Open Source:

You may not use or distribute this Software or any derivative works in any form for commercial purposes. Examples of commercial purposes would be running business operations, licensing, leasing, or selling the Software, or distributing the Software for use with commercial products.

– Floorp private components/LICENSE

This is strangely worded as it looks like you can not use the Floorp web browser to access, for example, a work e-mail account as that would be using it for commercial purposes. This is likely not what the license author intended – the intent of the license is to disallow creating commercial products by forking Floorp.

While it is a valid desire of the author not to have somebody else profit from his work, it is the thing that makes the Floorp web browser not Open Source.

You can call it ‘source available’, you can call it ‘fair code’ but you can not call it Open Source.

Update: A few days after this blog was published, Floorp moved the code from the private submodule to the main repository. So, it should be again Open Source. Let’s hope it remains like that.

Redefining Open Source

This blog post should have been written when the Floorp thing happened, but I thought this is just a random incident not worth the extra attention.

It seems I was wrong. It is something that people should start paying attention to.

A lot of people – developers and users alike, intentionally or not – misuse the term Open Source, and some of them like FUTO even go that far to redefine it and create their own incompatible The Open Source Definition that will suit their own purpose.

Open Source Confusion Cases

Now, the main purpose of this post isn’t for me to let off some steam, but to share a great project started by Dan Brown of attempting to find and list all projects which claim to be Open Source while their licenses say otherwise.

It can be found on his Github account.

Share your views to FSFE

Albert pointed out that FSFE is also interested in this topic:

The FSFE is looking for examples and thoughts about openwashing if you feel like it I’m sure they’ll welcome your input mastodon.social/@johas/112524760073638652

We’re already on Week 3 of the coding period of Google Summer of Code! As a reminder, I’m adding Python support to a few KDE Frameworks. During the first two weeks I added support for KWidgetsAddons, and it’s now almost finished except for two widgets whose bindings aren’t generated properly and don’t compile.

I also wrote (with the help of my mentor Carl) the necessary CMake code to build the library. That part is probably going to end (hopefully) in extra-cmake-modules so it can be used by anyone easily. The plan is to eventually submit each of the bindings to their repository so it’s easier to keep the C++ libraries in sync with their Python bindings.

This week I will be adding some examples for KWidgetAddons now that it’s on a usable status. If you want to see how it’s going, you can take a look at the code.

Do you find yourself opening up the same tabs in your terminal and running the same commands every day? Have you wanted to make this easier, say, by clicking a desktop icon or running a short command?

Recently, I saw a question along these lines in the KDE support room on Matrix. Someone wanted to have Konsole automatically open some tabs and run specific commands when it's started. Since I've done this kind of thing, for personal and professional environments, I thought I'd share. You too can avoid doing the same manual terminal setup day after day, and just get to what you're working on.

Here in Part 1, I'll outline how to open tabs with different profiles and run commands in them. Next week, in Part 2, I'll share how to set up layouts (a.k.a. split panes) and run commands in those. You can combine these techniques to make your setup truly flexible. Using aliases, functions and scripts, you can bring up a complex layout with one command or button click.

Inspiration

I have a motto: If I have to do the exact same thing more than twice (on a computer), I should probably script / automate it. It's an up front time investment that saves me a lot of manual tedium later.

My inspiration for scripting terminal layouts came from iTerm2's customization abilities. After a few years of using it on a work-provided MacBook Pro, I was spoiled. It's truly nice how easy it is to create profiles and save splits in the GUI. You can then tweak their configurations using any text editor. When I searched for how to do this with Linux terminals, I found quite a few people were also looking for an "iTerm2 equivalent for Linux".

Goal: Launch a Konsole window with tabs which run commands

💡 Note For more detailed instructions on using Konsole, please see the output of konsole --help and take a look at the Konsole Handbook

We'll start with that request from Matrix: having Konsole create tabs and run commands in them when it starts. Here are the steps I used to accomplish this. Feel free to use this as inspiration and adapt for your own needs.

Use case: Quickly set up a working environment that I use daily to save time every day. There will be a couple of tabs connected to different remote hosts, one that changes to a notes directory, and one running a system monitor.

Here's an overview of the steps:

• Create a Konsole profile which will run a command and optionally use another color theme
• Create a tab layout file to launch Konsole with which will open a tab with that profile
• Create a profile with a different command for an additional tab, and then identify commands for a couple of the other tabs
• Update the tab layout file to launch Konsole with all the desired tabs

Now let's get into the details.

Create the first Konsole profile

Making custom profiles for different hosts are where my adventures in customizing Konsole began.

Use case: I would like to automatically connect to my hosted VPS in a tab with a specific color theme.

Reasoning: Running commands using a theme is quicker and easier than typing by hand (especially as they get more complex). With a custom color scheme, I can see at a glance which tab has my server session vs. any other system. This helps me avoid typing commands for my server into another system and vice-versa.

💡 Note Profiles are stored as plain text files in /.local/share/konsole/. Profile names are cAsE senSiTive. Since profile files are plain text, you can create, edit, and delete them with scripts. That is beyond the scope of this post.

The first step is to set up a custom profile with a custom color theme, a custom tab title format, and a command.

I'm using "eternal terminal" (et) for its ability to reconnect, rather than ssh to connect to the VPS. I also have an entry for the host in .ssh/config

In Settings -> Manage Profiles - New I created a profile named VPS. The following are the options I changed. Others were left as-is ("hostname" is a stand-in for the actual VPS hostname):

Name: VPS
Command: et VPS
Tab title format: %n hostname
Tab Color: I chose a color
Appearance - Color scheme & font: I chose a different color scheme

Now that I have a custom profile, I can use it with a new tab in Konsole. When I go to File -> New Tab and click "VPS", the tab will open with the new profile, and the command will run to connect to the server.

You can use Konsole's command line options in the following way to have it launch with a tab using a profile.

konsole --new-tab --profile VPS

This command can be used with an alias, function, script, Windows batch file, desktop shortcut or whatever you prefer.

There's another way to launch Konsole which is better for opening multiple tabs. It uses a "tabs configuration file".

Create a tabs configuration file

💡 Note I have found this to be unreliable if any tab uses ssh or et There's an open bug report for this. Until this is resolved, you may have better luck with a shell script that opens multiple tabs, I'll add information below.

Now I'll create a tabs configuration file with the VPS profile in it.

Each line in this file describes a tab for Konsole to open. The format is detailed in the command line options documentation. I keep these in ~/konsole_layouts/, keep yours in whatever directory works for you. I'll save this file as "vps-tabs".

Each line must have at least a profile or a command field. It can have both, and there are other options as well.
Do not specify a command on a line for a tab if you also use a profile which itself has a command. This may lead to unexpected behavior.

If you only need to run a command in a tab, you can just use the command field. You combine a command with a profile (that has no command) if you want to customize the tab further.

This is what will go in the file for now for my first tab:

title: VPS ;; profile: VPS

The command below will start Konsole using this file. (Change file path to point to the file on your system). Opening Konsole in this way can also be done with an alias, script etc.

konsole --hold --tabs-from-file ~/konsole_layouts/vps-tabs

Notice that I'm using --hold which tells Konsole to keep tabs open even after their command has exited. This will help debugging any problems that might arise (unless the window crashes entirely or fails to load). Once things are set up and running smoothly, you don't need to use --hold, if you prefer.

Create additional profiles

Use case: At the start of the day, I want to automatically open tabs which connect to both servers I need to work with. I want an additional tab open to my notes directory and another one running a system monitor.

Time to add an additional profile to Konsole:

• Server2 - this will use ssh to connect to a second server and use a profile for a different color theme

I won't create profiles for the system monitor tab or the Notes tab. I'll run those commands directly from the tab configuration file.

Update the tabs file with additional tab definitions

At this point, I'll add lines to the tabs configuration file I created.

• A tab for the Server2 profile.
• A tab which changes to a notes directory, and uses the Sand profile with colors I prefer for them.
• A tab for the system monitor which runs the btm command and uses another profile with yet another color scheme.

The file now looks like this:

title: VPS ;; profile: VPS
title: SysAdminNotes ;; workdir: ~/Nextcloud/Notes/SysAdmin ;; profile: Sand
title: Server2 ;; profile: Server2
title: NavyBlue ;; command: btm ;; profile: NavyBlue

And now, when I run konsole --hold --tabs-from-file ~/konsole_layouts/vps-tabs, Konsole launches with all the tabs I need.

Bonus: Run commands after connecting to a remote host

It's possible with both ssh and et to run commands on a remote host after connection. For instance, I could update the command in my VPS profile like so:

Name: VPS
Command: et VPS -c 'sudo apt update && apt list --upgradable; exec /bin/zsh'
Tab title format: %n hostname
Tab Color: I chose a color
Appearance - Color scheme & font: I chose a different color scheme

The command not only connects to my VPS, it also displays a list of any available updates, and stays connected to the host. Note the exec /bin/zsh at the end. This will keep an interactive terminal open after other commands are run.

With ssh, to run a command on a remote host while staying connected, the command is slightly different:

ssh -t VPS 'sudo apt update && apt list --upgradable; zsh'

But what if I need to connect to a jumphost before the remote host and I still want to run a command after I connect?

This can be done with either SSH or Eternal Terminal. For SSH, the process is relatively easy, and plenty of sites online provide instructions. Eternal Terminal, on the other hand, is a bit more tricky.

It took some research and experimentation to get this working with Eternal Terminal, so here it is ("jumphost" is a placeholder for the actual hostname of the jumphost).

Command=et jumphost -c "ssh -t remotehost 'cd /some/directory && . ../some_script && cd ../another-directory; exec /bin/zsh'"

Alternative to using a tabs file: a shell script or function

If you have difficulties with using a tabs configuration file, you can use a shell script (or function) that takes advantage of the command line options Konsole has. For instance, using the -e flag we can have tabs run commands:

#!/usr/bin/env bash
konsole --new-tab -e echo This is tab 1 &
konsole --new-tab -e echo This is tab 2 &
konsole --new-tab -e echo This is tab 3 &
konsole --new-tab -e echo This is tab 4 &

You can combine commands with profiles as well:

#!/usr/bin/env bash
konsole --new-tab --profile VPS &
konsole --new-tab --profile Sand --workdir: ~/Nextcloud/Notes/SysAdmin &
konsole --new-tab --profile Server2 &
konsole --new-tab --profile NavyBlue -e btm &

Explore the Konsole docs and experiment!

Known issues

• Launching Konsole with --tabs-from-file will open an extra tab in addition to the ones from the configuration file. This has an open bug report.
• Sometimes, with --tabs-from-file, the new Konsole window immediately disappears. This may be related to ssh/et being in a command. I filed a bug report for that.
• If using a tabs configuration file, or a script: only use Eternal Terminal with one tab. Trying to use it with more than one tab will result in et core dumping in one of them.

Stallman was right; in the wake of Microsoft’s announcement of its much-maligned Recall feature and widespread public backlash to the terms and conditions for Adobe Creative Cloud products, it’s clear that trust in big tech and the software it produces is rapidly eroding. Under the circumstances, it’s no surprise that Free/Libre and Open Source Software (FLOSS) is seeing an uptick in interest from the public at large. So as ever more average users consider “switching to Linux,” it strikes me that while there exist tomes on the technical aspects, there seems to be much less written on the shift in thinking that is part and parcel of every experienced and well-adjusted FLOSS user. So if you’re making the switch or know someone who is, here’s some advice to make the most of the transition.

Welcome #

First of all: welcome to GNU/Linux! You’ve chosen the operating system that powers bullet trains, the world’s fastest supercomputers, U.S.A. air traffic control, CERN’s Large Hadron Collider, and Google, Amazon, and Microsoft’s cloud services, used by NASA, the People’s Liberation Army, the Turkish government, whitehouse.gov, the U.S.A. Department of Defense, France’s national police force, ministry of agriculture, and parliament, Iceland’s public schools, the Dutch Police Internet Research and Investigation Network, Burlington Coat Factory, Peugeot, DreamWorks Animation, the Chicago Mercantile Exchange, the London Stock Exchange, the New York Stock Exchange, and Stephen Fry.

As you’ve no doubt inferred by now, GNU/Linux users span from your everyday cat-video viewer to large institutions and organizations where operating system reliability and performance mean the difference between life and death. No matter where you are on this spectrum, with a little humility, open-mindedness, and perseverance, I promise that you can find your self every bit as happily at-home with GNU/Linux as you were with whatever OS you’ve been using up to this point. This may mean giving up a long-trusted piece of software for something new and different, but for many new users the most hard-won battle is a change in mentality.

You’re not a power-user anymore #

I’ve heard it said that the most “computer literate” people often find it especially arduous to adjust to GNU/Linux. I’ve been there; it’s a frightening thing to go from the person family, friends, and neighbors call to help with problems with any device that has so much as an LED on it to feeling like that clueless relative with a dozen toolbars installed on their outdated version of Internet Explorer. The reality is that while you’ve gotten very good at navigating the operating system that you’ve been using for the past twenty years, very little of that knowledge is useful in GNU/Linux. This is something you’re going to have to accept early on: no matter what distro you choose, it’s going to be different to Windows or MacOS in very fundamental ways.

This means that, no matter your mastery of Windows keyboard shortcuts, or how convoluted your AutoHotkey config may be, it’s going to take you some time to grasp the basics. Beyond that, the bar to become a GNU/Linux power-user is much, much higher than it is on proprietary operating systems. In case you’re feeling intimidated, know that this comes with some serious advantages. GNU/Linux systems come with a practically limitless potential for mastery, efficiency, and customization. In time, you’ll be able to customize your GUI to your exact specifications, automate system maintenance, and knock out common tasks with a speed you wouldn’t have thought possible on your old OS.

Embrace the new #

Switching to GNU/Linux is, in some ways, much more convenient than switching from, say, MacOS to Windows. Chiefly, most distros can be configured to run a wide range of software built for MacOS, Windows, or Android with minimal fuss. That said, I strongly encourage new users to explore FLOSS alternatives built on and for GNU/Linux. FLOSS projects often get a bad rap among users of proprietary operating systems because while a piece of software may run on these systems, the experience is rarely as good as it is on the system is was designed for: usually, GNU/Linux. FLOSS mainstays such as LibreOffice, Krita, Inkscape, Scribus, Kdenlive, and Ardour are at their best on GNU/Linux in terms of appearance, performance, and features. There are professionals of every stripe who do their work with an exclusively FLOSS toolset, from graphic design to video editing, audio production, data analytics, and more. If they can do it, so can you! Don’t let the one piece of proprietary software that just won’t work put you off of your new operating system when there’s a whole new ecosystem of incredible software to explore.

New users of FLOSS projects often complain that the user interface or workflow of the tool they’re trying is “unintuitive.” Occasionally, these complaints hit on an area that genuinely could use some improvement, but more often, new users are simply expressing frustration that the workflow of a FLOSS project is different from what they are used to. These applications are not mere clones of their proprietary counterparts; they are projects in their own right, with unique goals, ideals, features, and workflows. Getting through a work project a little more slowly at first is not necessarily a flaw in the tool, it likely just means that you need a bit more practice. In time, you’ll come to learn and appreciate killer features that go above and beyond the capabilities of software produced by even the largest tech companies.

As a GNU/Linux user, you’re part of a community #

When you switch to GNU/Linux, you’re not a customer any more. FLOSS projects are largely build by communities of volunteers who work on what they find interesting or important for their own reasons. There’s no support line to call, no one to complain to if something breaks, and no one is losing anything by you choosing not to use their software. If you need help, or if you want to help make a FLOSS project better, you’re going to have to engage with the wider community. Every project has a forum, a Matrix or IRC channel, or some other means of connecting users and developers. If you have a problem you can’t solve on your own, these are the places to go to get help. Sign up and make a good faith effort to learn the rules and etiquette of the community, and chances are someone will be more than willing to help you find a solution out of sheer civic-mindedness.

There is likewise a great deal of pleasure and satisfaction to be gained by returning that kindness: by being an active participator in the communities you join, you’ll help others overcome the stumbling blocks you once faced and foster connections with others who share your interests. Beyond the community alone, there is something wonderful about using software that you’ve helped shape; contributing well written bug reports, monetary donations, writing documentation, or testing new releases makes a direct positive impact on the tools you rely on each day. It’s one thing to use FLOSS projects for reasons of ethics, privacy, or mere utility, but seeing a page of documentation you’ve written go live for anyone in the world to learn from, seeing a bug you reported vanish after an update, a theme you created get added to a game, or experiencing your feature request given form in a release really draws you in. You’re no longer at the mercy of some large tech company who only cares about profit; you’re part of a community that cares about people, ideas, and making its software better, more efficient, more usable, and more useful for everyone.

The FLOSS mindset #

To distill what I’ve said above: Things are going to be different, and you may feel disempowered and frustrated for a while until you catch up again. The solution to this, beyond simple patience, is to embrace the fact that by using FLOSS projects, you become a part of the process of making them. Join the community with respect and humility, allow yourself to receive help and kindness from others, and you’ll begin to once again remember how it feels to earn your skills. In time, you’ll be the one offering help, you’ll dance circles around any Windows power-user, and you’ll be using tools that you’ve helped make better. Again I say: welcome. With these small shifts in your thinking, you’re going to be in for a good time.

If you're looking for an isolated and straightforward way to start contributing to KDE, you're in the right place. At KDE, we use fuzzing via oss-fuzz to try to ensure our libraries are robust against broken inputs. Here's how you can help us in this essential task.

What is Fuzzing?

Fuzzing involves feeding "random" [1] data into our code to check its robustness against invalid or unexpected inputs. This is crucial for ensuring the security and stability of applications that process data without direct user control.

Why is Fuzzing Important?

Imagine receiving an image via email, saving it to your disk, and opening it in Dolphin. This will make Dolphin create a thumbnail of the image. If the image is corrupted and our image plugin code isn't robust, the best-case scenario is that Dolphin crashes. In the worst case, it could lead to a security breach. Hence, fuzzing helps prevent such vulnerabilities.

How You Can Help:

We need to update the build of KDE libraries in oss-fuzz to use Qt6. This task could be challenging because it involves static compilation and ensuring the correct flags are passed for all compilation units.

Steps to Contribute:

1. Start with karchive Project
   

   • Download oss-fuzz and go into the karchive subfolder.
   • Update the Dockerfile to download Qt from the dev branch and KDE Frameworks from the master branch.

2. Update build.sh Script:

   • Modify the build.sh script to compile Qt6 (this will be harder since it involves moving from qmake to cmake) and KDE Frameworks 6.

3. Check karchive_fuzzer.cc:

   • This file might need updates, but they should be relatively easy.
   • At the top of karchive_fuzzer.cc, you'll find a comment with the three commands that oss-fuzz runs. Use these to test the image building, fuzzer building, and running processes.

Need Help?

If you have questions or need assistance, please contact me at aacid@kde.org or ping me on Matrix at @tsdgeos:kde.org

Note:

[1] Smart fuzzing engines don't generate purely random data. They use semi-random and semi-smart techniques to efficiently find issues in the code.