I'm bit late to the train of Plasma 6 related posts... But anyway. I will go through some things I did.

For me working on Plasma 6 was pretty fun, I learned a lot of new things and fixed bunch of bugs and crashes.

The most resourceful ones can find my merge requests, but I am too lazy to link them all.

Things I did

Most of the things I did were a lot more in the background. I hunted down a lot of bugs and crashes, and tried to fix them myself or helped others fix them, in various projects, such as:

• Dolphin
• Plasmashell
• Kwin
• KNS
• And probably a lot of more I have already forgot... :D

But there was A LOT stuff: Around 100 merge requests in total! Pretty much all of them got in, thanks to all the reviews and education other KDE developers provided to me! :)

Again, thanks to everyone who has helped me to work on KDE projects! Thanks for your patience with me and all the knowledge you have parted to me. ❤️ I'll keep doing my best helping KDE projects, be it bug hunting or feature creation.

I have to say my software testing background has been very useful when it comes down to hunting down bugs, and I've learned a lot of things about Qt, C++ and QML. Still got much more to learn though, but that's what makes me so excited about programming!

I think one of the most useful things I've learned is how to use GDB. I can't provide anyone a crash course (at least in this blog post) but it is essential when hunting down weird bugs in plasmashell for example. I love debuggers integrated to editors like using LLDB-DAP in Kate, but sometimes GDB in terminal is all you can use, so it's good idea to learn to use it!

One big thing I worked on with others was fractional scaling related stuff: I didn't do any of the Kwin stuff around it, but I hunted down some weird bugs with window decorations having some weird gaps in them when windows are specific size. Hunting down all these bugs and weirdness took long time, and we're still looking into it, since it seems to be different in every system.. Floating point numbers and computers are very weird combo.

Another more visible thing I did was unifying separator colors and other items, you can find an issue about it here: Frame and outline color consistency and high-contrast setting changes. I have been bothered by the random differences between some elements, which can be especially noticeable in darker colorschemes, so I finally sat down and combed through related codebases. There's likely more to fix though, but there is now easy way for us to add high-contrast support for outlining elements! It just needs doing, and I haven't had the time.. Yet. :)

Things I learned

• GDB is a life saver
• Write down notes. All the time.
  • Journaling is a good idea!
• Working in open source is a lot about the social aspects!
  • Be nice to people! Duh!
  • But also don't let people walk over you!
  • Listen to others, and don't be afraid to share your opinion.
  • Ask many questions and write down the answers.
• Be patient
• Bug triaging is tough, but very important!
• Remember to rest (I'm bad at this)

Things I will do in future

I will continue hunting down various bugs and crashes and fixing them whenever I spot some, or something is raised to me as "hey this looks like something you could do."

I have also started working on couple things related to remote desktop:

• rdp: Proxy and Gateway settings
• Simple KCM for KRDP

Last but not least, I have looked into facelifting our dear Breeze theme, just a lil bit. Nothing drastic, some tell me they don't see any change and some do. But hopefully it would make Breeze look just a lil bit "softer" and "friendlier." :) You can see them here: Slightly rounder elements, slightly lighter outlines

All in all I am very happy with my current job working on KDE projects, fixing bugs and creating new cool things. I also kind of enjoy being a jack-of-all-trades (master of none), since I get to do a lot of different kinds of stuff, from something more "background" like KWin and plasmashell to something more visible like Breeze and Dolphin. Maybe eventually I will specialize around something, but for now I am bit all over the place which is fine by me lol.

I hope that some of my work has helped you as well. :)

I'll keep doing my best and learning more. (And hopefully write more blogposts.. lol.)

Thanks for reading!

Let’s go for my web review for the week 2024-13.

Google Ordered To Identify Who Watched Certain YouTube Videos

Tags: tech, google, law, surveillance

This is a worrying trend we see in law enforcement a bit everywhere. It’s a bit too convenient to make such requests even though it is unconstitutional.

https://www.forbes.com/sites/thomasbrewster/2024/03/22/feds-ordered-google-to-unmask-certain-youtube-users-critics-say-its-terrifying/

Redis Renamed to Redict - Andrew Kelley

Tags: tech, redis, foss, licensing, community

Indeed, time to leave Redis behind in favor of Redict. It’s not like one can expect new things to come out to such a project.

https://andrewkelley.me/post/redis-renamed-to-redict.html

A Return to Blu-ray as Streaming Value Evaporates | Audioholics

Tags: tech, streaming, movie, copyright, economics

Interesting, with the price hikes and bundles to come, we might indeed see a resurgence in physical media. It will stay niche for sure, but looks like demand is about to grow.

https://www.audioholics.com/news/a-return-to-blu-ray-as-streaming-value-evaporates

How People Create and Destroy Value with Generative AI | BCG

Tags: tech, ai, gpt, creativity, quality

Interesting study on the impact generative AI can have on people performances in business settings. There are a few nuggets in there. In particular anything related to problem solving people do worse with generative AI tools than without. And even worse than that when they’ve been trained (probably due to overconfidence). The place where it seems to help is for more creativity related tasks… at the individual level, but at the collective level creativity decreases due to homogenization. Definitely things to keep in mind.

https://www.bcg.com/publications/2023/how-people-create-and-destroy-value-with-gen-ai?ref=wheresyoured.at

Have We Reached Peak AI?

Tags: tech, ai, gpt, criticism, communication, copyright, law

Very interesting piece. The chances that it is another bubble are high. It’s currently surviving on a lot of wishful thinking and hypothetical. This really feels like borrowed time… I wonder what useful will remain once it all collapses. Coding assistants are very likely to survive. Clearly there could be interesting uses in a more sober approach.

https://www.wheresyoured.at/peakai/

Models All The Way Down

Tags: tech, ai, machine-learning, statistics, bias

Wondering where some of the biases of AI models generating images come from? This is an excellent deep dive into one of the most successful data sets used to train said models. And they’ve been curated by… statistical models, not humans. This unsurprisingly amplifies biases all the way to the final models.

This is an excellent piece, I highly recommend reading it.

https://knowingmachines.org/models-all-the-way#section5

Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own

Tags: tech, mozilla, browser, security

Those were nasty, good they’ve been patched already.

https://www.bleepingcomputer.com/news/security/mozilla-fixes-two-firefox-zero-day-bugs-exploited-at-pwn2own/

Hotel hotspot hijinks - P.T.C.

Tags: tech, web, automation, wifi

Some captive portals are indeed stupid. Why not automating going through them?

https://peateasea.de/hotel-hotspot-hijinks/

Why x86 Doesn’t Need to Die – Chips and Cheese

Tags: tech, cpu, hardware

Good exploration of the CPU architectures we have nowadays, and why the RISC vs CISC debate doesn’t make sense anymore.

https://chipsandcheese.com/2024/03/27/why-x86-doesnt-need-to-die/

Bump Allocation: Up or Down? • Core Dumped

Tags: tech, memory

Making your own allocator? This is definitely something to consider and measure.

https://coredumped.dev/2024/03/25/bump-allocation-up-or-down/

Why choose async/await over threads? – notgull – The world’s number one source of notgull

Tags: tech, rust, multithreading, coroutine

In which case you want one or the other? This is illustrated in the Rust case which has its own struggles, but the question applies more largely in my opinion.

https://notgull.net/why-not-threads/

Linux Crisis Tools

Tags: tech, production, linux, tools

Good reminder that you want the diagnosis tools in place and working before you get an actual problem in production.

https://www.brendangregg.com/blog/2024-03-24/linux-crisis-tools.html

shelmet 0.6.0

Tags: tech, python, processes, filesystem

Interesting API for running subprocesses and interact with files.

https://shelmet.readthedocs.io/en/latest/

ASON AltScript – Write Data Not Code

Tags: tech, data, json

Might be a good alternative to JSON in some cases.

https://altscript.com/

3D DOM viewer, copy-paste this into your console to visualise the DOM topographically

Tags: tech, web, browser, debugging, frontend

Interesting debug tool for web frontend code. It’d be nice as a browser extension.

https://gist.github.com/OrionReed/4c3778ebc2b5026d2354359ca49077ca

TDD: You’re Probably Doing It Just Fine - The Code Whisperer

Tags: tech, tdd, craftsmanship

All good points. Can we improve? Sure. Does it means we do it bad? No. Just do it more when it makes sense.

https://blog.thecodewhisperer.com/permalink/tdd-youre-probably-doing-it-just-fine

On Tech Debt: My Rust Library is now a CDO

Tags: tech, supply-chain, maintenance, complexity

This is about a Rust library but equally applies to any ecosystem which allows to easily pull a dependency. As soon as you pull them, you need to monitor their health for the sake of your own project.

https://lucumr.pocoo.org/2024/3/26/rust-cdo/

Two open source projects with great documentation

Tags: tech, documentation, architecture

Of course documentation, especially one presenting the architecture, shouldn’t be neglected. It takes time and skills of course.

https://johnjago.com/great-docs/

Bye for now!

We’re delighted to announce the first maintenance release of the 24.02 series, tackling regressions, bugs, and crashes. A big thank you to everyone who reported issues during this transition – keep up the great work!

KTextAddons 1.5.4 is a bugfix release of our text display and handling library

It fixes two notable bugs and updates translations

• Fix bug 484328: Kmail config dialog takes about 40 seconds to show up
• Use QListView::clicked (in emoji popup menu)

URL: https://download.kde.org/stable/ktextaddons/
Source: ktextaddons-1.5.4.tar.xz
SHA256: 64b80602e84b25e9164620af3f6341fa865b85e826ab8f5e02061ae24a277b20
Signed by: E0A3EB202F8E57528E13E72FD7574483BB57B18D Jonathan Esk-Riddell jr@jriddell.org https://jriddell.org/esk-riddell.gpg

This is a piece I also wrote for the enioka blog, so there is a French version available.

At enioka Haute Couture we started offering trainings a little while ago. True to our DNA this is focusing on software engineering practice rather than a given tool, framework or API. This is why we have courses on topics like software architecture, refactoring, dealing with legacy code, test driven development (TDD), code review and so on.

Also, not every team has the same needs. Some prefer a few intensive days during a given week, others prefer smaller sessions over an extended period. That’s why our courses are designed to be flexible. They can be tailored to build a multi-day session, or all the way down to many one hour knowledge building sessions.

Hopefully, this all sound great to you (for sure it does sound great to me). So why talk about this now? Is it some kind of advertisement stunt? Well… not really.

You see, while working on our training offers something happened. Almost three years ago GitHub announced GitHub Copilot. It was just a technical preview at the time. Since then, there has been an arms race in the large language model (LLM) domain. Like it or not, generative AI is here to stay and code assistants based on such models are used more and more.

I’m not one of those doom sayers claiming such models and assistants are going to take over our jobs. Likewise, I don’t think they’re going to double the daily productvity of developers. Still, they will necessarily impact how we work and the code which is produced. So keeping an eye on development practices, I’m less concerned about disappearing developer jobs and more concerned about a drop in the quality of the code produced.

Indeed, early studies indicate that code assistants when introduced in an unchecked manner tend to push the code quality down and tend to increase the amount of security issues introduced. Interestingly the main factors highlighted are behaviorial. Which means that before waiting for a magical new assistant which would code perfectly (spoiler: it won’t happen), we should rather improve the way we introduce and use those tools.

Which gets me back to the [enioka Haute Couture trainings]. In this new era, we have to acknowledge coding assistants during our trainings. This perfuses all the topics I mentioned previously. There is now a nagging question for all our software development practices: when is a coding assistant the right tool for the job?

If you’re practicing TDD or trying to improve your use of it, is it a good idea to have the coding assistant write the tests for you? Maybe not… since it is where you make important design decisions, you likely want to stay at the helm. Might come in handy to generate the code which must pass the tests though.

If you’re dealing with a legacy code base which needs to be modernized, for which part of the process the coding assistant will make you faster? Updating the code to a newer version of the language or dependencies? Extracting clearer modules and functions? Writing approval tests to secure all of that?

There are many more such questions… and you can explore the answers with us during one of our training sessions. We’ll keep talking TDD, legacy code… with a twist!

And of course, just like any other tools, what we’re proposing is not specific to a given solution. You use GitHub Copilot? Codeium? A specific in-house fine-tuned model? This is fine. We’ll take this into account during the training to adapt it as much as possible to the involved developers and their context.

If you want to discuss this further, feel free to get in touch with us.

Tellico 3.5.4 is available, with a few fixes.

Improvements and Bug Fixes

• Fixed bug with opening help from the config dialog (Bug 479591).
• Updated Open Library source to search for comics (Bug 479506).
• Fixed bug with filter dialog buttons (Bug 479771).
• Fixed display bug with entry status (Bug 479843).
• Fixed bug for entry selection after changing group field (Bug 480297).
• Fixed DVDFr searches with title accents.
• Updated FilmAffinity data source.

For a while Qt has been offering qmlls, a Language Server Protocol implementation for QML. This allows popular text editors like Kate (and some lesser known ones like Visual Studio Code) to work with QML code without having to write dedicated support for it.

Naturally many people are eager to use it to hack on KDE code. When trying to do that you probably have encountered some frustration with things not working as expected. So what’s going on there, and how can we make it work?

First and foremost one must mention that qmlls is still under heavy development. There’s a number of things missing that you’d expect from a fully featured LSP implementation. If you encounter something that looks like it should work but doesn’t, don’t hesitate to file a bugreport.

So how does one use qmlls? In Kate it should be activated out-of-the-box when opening a QML file. If that doesn’t work you might need to tweak the LSP-Client settings. For other editor please consult their documentation on how to enable LSP support.

One problem you are likely to encounter when using qmlls on KDE code is that it fails to find KDE-provided QML modules like Kirigami. This happens when the modules are installed into e.g. ~/kde/usr, which isn’t searched by Qt. One way to get around this is to build and install your own Qt into ~/kde/usr too, since that way the modules will be installed into the same prefix as Qt and Qt will find them. While building your own Qt is a worthwile thing to do in general it’s not a very satisfying solution. I hope we can find a better solution for this soon. See here for a related bugreport.

If your installation is set up in a way that qmlls can find the KDE-provided modules you might still encounter it warning on unknown modules or types. In order for qmlls to show information for a module the module needs a qmltypes file. These files provide machine-readable information about the types that the module exposes. The easiest way to make these available is porting the module to ecm_add_qml_module and declarative type registration. This was done for many KDE modules already, but there’s still a number of them missing. Help on that is very welcome! Something that isn’t obvious is that in order for the tooling to work correctly module dependencies need to be marked explicity via the DEPENDENCIES parameter in ecm_add_qml_module.

If all the modules and types are found correctly you will still encounter some warnings, but most of these should correspond to actual issues and non-optimal practices like using unqualified property lookups and context properties. qmlls is a great tool to guide you towards resolving those and thus modernizing and optimizing the code. There are however some classes of warnings for which we don’t have proper solutions yet:

• Our translation functions, i18n and friends, are considered unqualified lookups by qmllint/qmlls. This is because they are magically injected into the engine at runtime. It’s not clear how a solution for this could look like.
• When writing KCMs we expose the module’s C++ class via the kcm context property, which is opaque to the tools. A different approach is needed.

Despite the current limitations qmlls is already a very useful tool for working on QML code, assuming the project is set up properly.

Happy QML hacking!

If you are reading this from the future there’s an update available.

Let’s go for my web review for the week 2024-12.

There is no cookie banner law

Tags: tech, gdpr, law, surveillance

It’s not the regulation which brings the banners, it’s the companies insisting on tracking us.

https://www.amazingcto.com/cookie-banners-are-not-needed/

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds

Tags: tech, security

This is bad. Unlocking many doors is just a couple of taps a way if you’re already a guest.

https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/

Vision Pro is an over-engineered “devkit”

Tags: tech, apple, vr

Very thorough analysis of the Vision Pro value proposition. It shows quite well where it shines and where it should be improved.

https://hugo.blog/2024/03/11/vision-pro/

Microsoft reportedly runs GitHub’s AI Copilot at a loss • The Register

Tags: tech, gpt, copilot, economics

The price hike on the generative AI services will happen sooner or later. That much is clear.

https://www.theregister.com/2023/10/11/github_ai_copilot_microsoft/

The demise of coding is greatly exaggerated

Tags: tech, programming, ai, machine-learning, gpt, copilot

Definitely this. It might ultimately impact the abstraction levels accessible to us for coding… but the skills will still be needed. Natural language is too ambiguous for the task.

https://muratbuffalo.blogspot.com/2024/03/the-demise-of-coding-is-greatly.html?m=1

Core Guidelines are not Rules - Simplify C++!

Tags: tech, c++, complexity

When guidelines contradict each other. You need a proper way to communicate where a piece of code stands.

https://arne-mertz.de/2024/03/core-guidelines-are-not-rules/

The wrong way to speed up your code with Numba

Tags: tech, python, performance

As usual measure and don’t just assume when you want to optimize something. This is an interesting case in Python using Numba.

https://pythonspeed.com/articles/slow-numba/

How web bloat impacts users with slow devices

Tags: tech, web, frontend, performance

Indeed this. It’s not only about payload size, it’s also about CPU consumption. Our profession is still assuming too much that users will get faster CPU on a regular basis.

https://danluu.com/slow-device/

Obsolescence Paths: living with aging devices

Tags: tech, mobile, obsolescence

Interesting paper showing the main reasons why people ultimately change their phones. I find interesting that the opacity of storage management on mobile devices is such a factor.

https://hal.science/hal-04097867

A Few Words on Testing - by Thorsten Ball

Tags: tech, tests, tdd, quality

Indeed, don’t mindlessly add tests. I find interesting that the doubts raised in this piece are once again concluded using an old quote of Kent Beck. What he was proposing was fine and then over time people became clearly unreasonable.

https://registerspill.thorstenball.com/p/a-few-words-on-testing

Measuring Developer Productivity via Humans

Tags: tech, programming, productivity

Very interesting piece. The DORA metrics are a good thing but I always felt they’re kind of dry and missing something. On the other hand surveys which are more qualitative give also interesting results but come with their own biases. The idea pushed here for better qualitative surveys and to combine them with quantitative metrics like the DORA one is definitely a tempting way forward.

https://martinfowler.com/articles/measuring-developer-productivity-humans.html

Occasional paper: When Armor Met Lips — Crooked Timber

Tags: history, evolution

Very interesting theory on why the nautiloids started disappearing. A specie developed lips…

https://crookedtimber.org/2024/03/16/occasional-paper-when-armor-met-lips/

Bye for now!

We are excited to announce a call for submissions for the official desktop wallpaper of Kubuntu 24.04! This is a fantastic opportunity for artists, designers, and Kubuntu enthusiasts to showcase their talent and contribute to the visual identity of the upcoming Kubuntu release.

What We’re Looking For

We are in search of unique, inspiring, and beautiful wallpapers that reflect the spirit of Kubuntu and its community. Your design should captivate users with its creativity, while also embodying the essence of Kubuntu’s commitment to freedom, elegance, and technical excellence.

Submission Guidelines

Resolution: Submissions must be at least 3840×2160 pixels to ensure high quality on all displays.

**Format: **JPEG or PNG format is preferred.

Original Work: Your submission must be your original work and not include any copyrighted material unless you have permission to use it.

Theme: While we encourage creativity, your design should be suitable for a wide audience and align with the values and aesthetics of the Kubuntu community.

How to Submit

Please send your wallpaper submissions to Rick Timmis of the Kubuntu Council, via one of:

• Telegram: https://t.me/Rick_Timmis
• Matrix: @rick-timmis:ubuntu.com
• Mastodon: @RickTimmis@mastodon.social
• Email: rick-timmis@kubuntu.org
• IRC: irc.libera.chat #kubuntu-devel @rick-timmis.

Deadline

The deadline for submissions is March 31, 2024. We will review all submissions and select the design(s) to be included as part of the Kubuntu 24.04 release. The selected artist(s) will receive credit in the release notes and across our social media platforms, showcasing your contribution to users worldwide.

Let Your Creativity Shine

This is your chance to leave a mark on the Kubuntu community and be a part of the journey towards an exciting new release. We can’t wait to see your submissions and the diverse interpretations of what Kubuntu represents to you.

Embrace this opportunity to let your creativity shine and help make Kubuntu 24.04 the most visually stunning release yet. Good luck to all participants!

Recent events

A global theme on the kde third party store had an issue where it executed a script that removed user's data. It wasn't intended as malicious, but a mistake in some shell parsing. It was promptly identified and removed, but not before doing some damage to that user.

This has started a lot of discourse around the concept of the store, secuirty and upstream KDE. With the main question how can a theme have access to do this?

To developers it's not a surprise that third party plugins can do this sort of thing. It's as intended. A global theme can ship custom lockscreens, custom applets, custom settings and all of these can run arbitrary bundled code. You can't constrain this without limiting functionality.

To that end there's an explicit warning when downloading plugins.

Expectations

Our primary issue boils down to expectation management and communication.

There are plenty of other ways where users can download and run any other unfettered code from the internet; the Arch user repository (AUR), adding ubuntu PPAs and alike. This isn't a bad thing - it's useful and people do amazing things with this to benefit users.

Nothing on the KDE store happens without explicit user interaction either.

A problem is there's an expectation that because it's programs that it's inherently unsafe and a user needs to trust the source. Our issue is phrases like "global themes" or "Plasma applets" don't always carry this message.

The tech world has changed a lot over the past decade and whilst our code hasn't changed, users expectations have. More and more places provide well kept walled gardens where most actions accessible via the UI are safe-by-default - or at least claim to be!

I've also seen confusion that because a lot of our UI is written in a higher-level language (QML) that's enriched with javascript all browser sandboxing automatically applies. Even though that's not what we claim.

But ultimately if there is a gap in expectations, that's on us to fix.

What can we do better?

In the short term we need to communicate clearly what security expectations Plasma users should have for extensions they download into their desktops. Applets, scripts and services, being programs, are easily recognised as potential risks. It's harder to recognise that Plasma themes, wallpaper plugins and kwin scripts are not just passive artwork and data, but may potentially also include scripts that can have unintended or malicious consequences.

We need to improve the balance of accessing third party content that allows creators to share and have users to get this content easily, with enough speed-bumps and checks that everyone knows what risks are involved.

(UI from Flathub for potentially unsafe content)

Longer term we need to progress on two avenues. We need to make sure we separate the "safe" content, where it is just metadata and content, from the "unsafe" content with scriptable content.

Then we can look at providing curation and auditing as part of the store process in combination with slowly improving sandbox support.

Do I need to do anything as a user?

If you install content from the store, I would advise checking it locally or looking for reviews from trusted sources.

If you're a sys-admin you might want to consider adding the following to block users installing addons with the following kiosk snippet.

/etc/xdg/kdeglobals

[KDE Action Restrictions][$i]
ghns=false