Recently I’ve worked a lot with multithreading and wanted to share a very simple but useful tool. However, Qt-experts won’t be surprised.

TL;DR: The final solution can be found below.

Calling functions from another thread with signals

When I started to work with multithreading in Qt, I did all thread communication with signals and slots, because that was the only simple way I knew. I called functions from another thread using additional signals.

class Manager : public QObject
{
    Q_OBJECT
public:
    void action(const QString &parameter);
    Q_SIGNAL void actionRequested(const QString &parameter);
};

If Manager runs on thread A you can’t just call action() of course when you’re operating on thread B. However, you can emit manager->actionRequested(parameter) and Qt will call the connected slot (action()) on thread A using a Qt::QueuedConnection.

This approach has two big issues though:

1. You need to create weird signals for every function you want to call from another thread.
2. You can’t handle the results.

Now there are of course solutions to point 2, you can i.e. create another requested-signal on the calling object and call back, but your code will get much harder to understand.

It gets even worse if there are multiple places from where a function needs to be called. How do you know which callback to execute then?

I also knew about the old-variant of QMetaObject::invokeMethod which essentially has the same result handling problem, but additionally isn’t even checked at compile-time.

QMetaObject::invokeMethod(manager, "action", Qt::QueuedConnection,
                          Q_ARG(QString, parameter));

Executing a lambda on a QThread

I always wanted a solution that would allow to execute a lambda with captured variables as that would solve all of my issues. At some point I had the idea to create one signal/slot pair with a std::function<void()> parameter to do that, but it’s even easier. Since Qt 5.10 there’s a new version of QMetaObject::invokeMethod() that can do exactly what I needed.

auto parameter = QStringLiteral("Hello");
QMetaObject::invokeMethod(otherThreadsObject, [=] {
    qDebug() << "Hello from otherThreadsObject's thread" << parameter;
});

Note: You can’t use a QThread object as argument here, because the QThread object itself lives in the thread where it has been created.

I personally don’t like the name QMetaObject::invokeMethod, so I added an alias to my projects:

template<typename Function>
auto runOnThread(QObject *targetObject, Function function)
{
    QMetaObject::invokeMethod(targetObject, std::move(function));
}

The result handling as a caller also works pretty well:

runOnThread(object, [this, object] {
    // on object's thread
    auto value = object->action();

    runOnThread(this, [value]() {
        // on caller's thread again
        qDebug() << "Calculated result:" << value;
    });
});

One could only complain that all your code needs to be indented deeper each time you call runOnThread(). However, that could potentially be solved using C++20 coroutines.

Both Plasma Mobile Gear 22.09 and Plasma 5.26 have now hit Manjaro ARMs unstable branch, so it's time to get some testing in before it gets to stable branch.

To make testing easier, we have created new images, based on our unstable branch, with these shiny new packages. You can find the links below.

Plasma Mobile on PinePhone
Plasma Mobile on PinePhone Pro

We did have a few hiccups along the way. Namely a long standing bug on our end, prohibited the panels from starting. This was a configuration issue on our end, made visible by the update to Plasma 5.26, which we have now fixed.

Another small issue was with the Dialer. Functionality is still hit'n'miss, but in 22.09 there wass an issue where the dialer was not quite fullscreen. It started in fulscreen and then resized a little bit. Like below.

This was also recently fixed with a configuration update!

So please help test out these new packages, so we can have a fairly stable new Beta release soon!

Thank you all.

Let’s go for my web review for the week 2022-41.

How a deepfake Mark Ruffalo scammed half a million dollars from a lonely heart • Graham Cluley

Tags: tech, scam, fake, ai, machine-learning

It was only a matter of time I guess… this is sad.

https://grahamcluley.com/how-a-deepfake-mark-ruffalo-scammed-half-a-million-dollars-from-a-lonely-heart/

RSS Club: School vs Wikipedia - ratfactor

Tags: tech, wikipedia, google, school, science

I agree, I don’t get why Wikipedia gets bad reputation in school. I’m dismayed at then whatever bogus argument they have being used to push for using Google instead… it’s like, back in the days, asking pupils to not use the encyclopedia they maybe had at home and walk into the nearby pub to find information.

https://ratfactor.com/rss-club/school-vs-wikipedia

Self Hosting Git Repositories with Stagit | Jon Eskin’s Website

Tags: tech, git, self-hosting

Looks like a neat and light option to self-host git repositories.

https://jeskin.net/blog/self-hosting-git-with-stagit/

Moving files in ZSH - The wonderful world of zmv · filipe.kiss.ink

Tags: tech, shell, command-line, zsh

OK… didn’t know about zmv. This looks really cool, I’ll add it to my tool belt.

https://filipe.kiss.ink/zmv-zsh-rename/

cppq: Simple, reliable & efficient distributed task queue for C++17. Backed by Redis.

Tags: tech, c++, distributed

Looks like an interesting little C++ library. If ever you need a distributed task queue on your project.

https://github.com/jafarlihi/cppq

How Wine works 101

Tags: tech, linux, windows, wine

Very complicated software. If you ever wondered how it works. Now you know.

https://werat.dev/blog/how-wine-works-101/

Seven Sins of Numerical Linear Algebra – Nick Higham

Tags: tech, programming, matrix, linear-algebra, algorithm, mathematics

Useful list of gotchas if you need to dabble in linear algebra. You gotta love those floats.

https://nhigham.com/2022/10/11/seven-sins-of-numerical-linear-algebra/

Using a Framework will harm the maintenance of your software

Tags: tech, programming, architecture, framework

A bit messy sometimes and a few arguments seem weak to me. Still the core message holds: don’t let a framework rule your project.

https://berk.es/2022/09/06/frameworks-harm-maintenance/

TDD and ‘Discipline’

Tags: tech, programming, tdd

Excellent piece on joy being a better drive than discipline. This then dabbles into why TDD might not work for you.

https://ronjeffries.com/articles/-z022/0222ff/tdd-throughts/

Struggling to connect on your remote team?

Tags: tech, remote-working, culture

I don’t think I ever applied all of this. Still some of it definitely work, the rest are ideas worth trying at least.

https://threadreaderapp.com/thread/1574753781455400961.html

Know your carrying capacity - Mac Chaffee

Tags: work, life, organization

Very good point, make sure you know how much you can take and how much you’re actually carrying. We’re our worst enemy for these things.

https://www.macchaffee.com/blog/2022/carrying-capacity/

Take a Break You Idiot

Tags: work, life, burnout

I’ve witnessed that too many times. Take care people! Stay safe.

https://www.robinrendle.com/notes/take-a-break-you-idiot/

Mike Acton’s Expectations of Professional Software Engineers - Adam Johnson

Tags: tech, programming, team, craftsmanship, improving

Very good list. It sets the bar very high! I know most people will fail on a few of those items. It’s fine this gives a good direction and something to aim for.

https://adamj.eu/tech/2022/06/17/mike-actons-expectations-of-professional-software-engineers/

Role Title Terminology - Jacob Kaplan-Moss

Tags: management, organization

Nice summary of common terms used for roles in companies.

https://jacobian.org/2022/oct/12/role-title-terminology/

Bye for now!

KDE is now evaluating Sentry, a crash tracking system.

Who can get access? Everyone with a KDE developer account.

But what is it?

Since forever we have used Bugzilla to manage crash reports but this has numerous challenges that haven’t made any improvements in at least 10 years:

• Finding duplicates crashes is hard and in our case involves a human finding them
• When debug symbols are missing we need to ask the user to recreate the problem, which is not always possible
• Users need to worry about debug symbols (this is in part improved by the rise of debuginfod - yay!)
• We have no easily consumed graphs on how prevalent a specific crash is, and by extension we have a hard time judging the importance
• The user needs to actually write a report for us to learn of the crash (spoiler: most crashes never get this far)
• …

All in all it’s a fairly dissatisfactory situation we are in currently. Enter Sentry.

Sentry is a purpose-built crash tracking system. It receives crash reports via API ingestion points and traces missing frames with the help of debuginfod, can detect duplicates automatically and thus show us particularly aggressive crashes, and much more. Best yet, it supports many different programming languages which allows us to not only improve the quality of our software but also our infrastructure services.

The current evaluation instance is already amazing and helped fix numerous problems, and the current setup is not even using all features yet and we have hampered rollout a bit: only git builds currently submit data. If all goes well and we find it to be amazing I hope we’ll eventually be able to roll this out to production releases.

Let’s look at a crash I’ve fixed recently.

Here’s what Sentry received from the user:

Not terribly useful. So with the power of debuginfod it turned it into this:

I then applied some brain power to create a fix and consequently the crash has disappeared, as we can see in this neat graphic here:

Here’s a complete crash information page from a recent infrastructure problem in our bugzilla bot:

Also check out my Akademy talk:

https://youtu.be/A3LzemYMsIQ?t=15126

Day 0

Day 1

• Building the Future of Qt, Together: What have happened in The Qt Project during the last two years
• Goals old and new! : What are Goals that were the focus of the community for the next year
  
  
• A Brief History of Terminals, and what the future holds for Konsole: Moto was "Trying to sell konsole to non kde users". I am not a KDE user and I really liked some cool stuff you can do with terminal
• Full Steam ahead! :Seen how Plasma fits into the Steamdeck and what aspects of KDE made us the right choice for their new userbase

Day 2

• Launching an application - How hard can it be? It was what I wanted actually since we are going to launch an application with the Open Source Team of our Univeristy.
• Healthy Mind, Healthy Code : Maybe this was my favourite talk

This year, I had the amazing opportunity to attend Akademy in person (@ Barcelona) for the first time!

For context, I first started contributing to Plasma Mobile in 2020, right around when easily testable hardware (ex. PinePhone) was taking shape. I originally started with some contributions to some applications to learn Qt and C++, but have since then taken more responsibility with tasks from all around the software stack.

Talks 🔗

We first had a welcome event on Friday where attendees got to know each other. It was quite cool to finally be able to match usernames to faces, and finally meet the people I had been working with in-person.

I also met up with amazing people from the postmarketOS team! I had the chance to see a Fairphone 4 with the OS running Plasma Mobile smoothly, which was amazing.

Day 1 & 2 🔗

I had a great start… I missed the first two hours of talks on the first day because I slept in.

Luckily, my talk, Plasma Mobile in 2022 with Bhushan was in the afternoon. Unfortunately, Bhushan was unable to come in-person this time around. Hopefully I will be able to meet him next year!

You can see our talk here (at around 5:21:00):

I attended quite a few interesting talks:

• Konquering the World: Are We There Yet (Nate Graham) - The state of Plasma shipping with hardware
• Full Steam Ahead! (David Edmundson) - Steam Deck with Plasma
• Stop Crashing Already! (Harald Sitter) - Integrating Dr. Konqi with powerful tools for developers to find issues
• Getting your application ready for KF6 (Nicolas Fella & Alexander Lohnau)
• Asahi Linux (Hector Martin) - Information about the Asahi Linux project, how it came about
• Push Notifications - Infrastructure (not just) for Plasma Mobile (Volker Krause) - Status of building the framework to have push notifications on Plasma (Mobile!)
• Fedora, KDE, Kinoite, and Mobile (Neal Gompa) - Overview of Fedora shipping Plasma

… and there were many other cool shorter talks as well!

There were also people from Pine64 and Manjaro there that I met. It was really cool hearing about Pine64’s future plans for RISC V (coming soon!), as well as seeing some of the devices that Manjaro had running Plasma Mobile on (portable game console, mini tablet/netbook?).

Meetings/BoFs 🔗

After the weekend of talks, we had several days where rooms at the university we were at were available for BoFs.

BoFs, or “Birds of Feather” meetings are ways to gather people with similar interests in the same room, and discuss specific topics and plans.

There were quite a few BoF sessions, of which I attended a few:

Plasma Mobile BoF 🔗

This was my first time attending a BoF, as well as hosting one. We unfortunately had some trouble with audio, which made it hard to communicate with online attendees.

However, we did discuss the following topics:

• Helping Bhushan do Plasma Mobile Gear releases since he does them himself at the moment
• Moving some Plasma Mobile applications to KDE Gear due to limited changes
• How to proceed with QtFeedback (vibrations stack) for Qt 6 as it is unmaintained
• Possibility of switching to feedbackd (by Purism) from hfd-service instead
• Plan is one last release of Plasma Mobile with KF 5 (5.27), before branches are made for Plasma 6
• No large changes anticipated for Plasma Mobile 6
• SHIFTphones and Fairphone can run pmOS with Plasma Mobile, perhaps we can open communication channels with them?
• Manjaro was working with 2 tablet (?) vendors, they have positive reception and had a few suggestions

KDE PIM BoF 🔗

KDE PIM (Personal Information Management) refers to the KDE stack for applications like KMail, KOrganizer, Kalendar, etc.

Improving Akonadi for mobile devices was discussed, including the possibility to try using SQLite by default, which may improve resource consumption.

I had started working on a mail application called Raven for Plasma Mobile recently, and so it was also discussed how to better share code between it and other applications that use the Akonadi stack.

Plasma Ink BoF 🔗

I attended a BoF about an upcoming project, Plasma Ink, which brings Plasma to e-ink devices. They can be useful for reading, taking notes, as well as simply being an enjoyable interface to write content.

This platform however needs special consideration for the way content is rendered, since e-ink devices typically have slow-refresh screens, and so animations as well as colours need to be adjusted to be as light as possible.

Pine64 has been developing the PineNote which can run Plasma Ink theoretically, I had the chance to try one and was quite impressed at the responsiveness for pen notetaking.

While I likely will not be very involved with the project since I am preoccupied with Plasma Mobile, I hope it continues forward!

Debugging session with Aleix 🔗

We have had a severe regression for several months now with the lockscreen, which crashes frequently when waking from suspend: https://invent.kde.org/teams/plasma-mobile/issues/-/issues/156

I sat down with Aleix to really focus on trying to fix this issue, since he knows about KWin for more than me, though his PinePhone had not been working and so he couldn’t replicate it previously.

After hours of jumping around git commits of kscreenlocker (compiling it on device is painful), we realized that the issue was elsewhere in the stack. There is some sort of Wayland registry failure that occurs when kscreenlocker is started immediately after waking from suspend, which causes it to crash. We unfortunately did not have enough time to pinpoint the issue, but we do have some ways to move forward with investigating in the future. We suspect it may be related to when KWaylandServer was merged into KWin.

Convergent Forms BoF 🔗

The last BoF I attended was about convergent forms, and how we can design forms that use a single codebase, but have designs that work for both mobile and desktop.

Currently, we have special components in kirigami-addons for mobile, but are not necessarily great on desktop.

What was decided was to create a new “FormLayout” component in Kirigami, which can take a set of instructions to build the form, and generates the necessary components to display properly on whichever platform it is running on.

Closing 🔗

Overall, I had an amazing time at Akademy this year, and hope to attend more in the future!

The Planck Keyboard

#

Over the past two years I tried out a few different keyboards for fun.

I started with common form factors like TKL boards, went over 75% boards like the Q1 and then to a 60% HHKB.

For typing feel, the HHKB is really amazing, but unfortunately the programmable features of a stock HHKB board are very limited.

Now that I went down to 60%, I will give a more extreme keyboard a chance, the 40% Planck ortholinear keyboard.

This one is fully open-source, you can even produce your own PCBs and Co. You find more or less all stuff freely at GitHub.

Given that the Plank designer funded QMK, too, naturally you can fully customize the Planck boards.

Unlike for my tries with the Q1, this time I just went the plain QMK route, without any UI like the closed VIA or the open VIAL.

The Planck board offers a nice platform for experiments, given the plain grid layer that allows really to freely shuffle all your keys and experiment with extreme layouts.

Install QMK on NixOS

#

As I use at the moment NixOS at home, here the needed steps to get going with QMK on that distribution.

Install the qmk package. This will install the needed cross compile tool chains, too.

Ensure the udev rules are setup, e.g. add to your configuration.nix

services.udev.packages = [ pkgs.qmk-udev-rules ];

Run qmk setup, here with some own firmware location

qmk setup -H ~/install/qmk/firmware

Configure QMK to use the Planck as default

qmk config user.keyboard=planck/rev6_drop

Use my github name as keymap name

qmk config user.keymap=christoph-cullmann

Create own keymap based on default

qmk new-keymap

Compile the firmware

qmk compile

Put the keyboard in boot loader mode (e.g. trigger RESET)

Flash the firmware

qmk flash

Now the keyboard should auto-restart with the new firmware.

Have fun :)

#

Below the state of a finalized Planck board with some more or less standard first layer layout.

It even plays a nice startup sound on powering up.

My current keymap can be found here.

As the history of this repository shows, I already experimented if some different layouts.

Warning ^^

#

Yes, the paper on the left of the keyboard is a printout of the lower & raise keyboard layers.

My typing speed is still abysmal on that new layout and I guess I need to build as second one for at work, otherwise I will never get used to the layout if I swap daily between this and a HHKB.

Therefore, if you like to try such a board and are not a lot more experienced with switching between different layouts: you will need some time to get used to this.

Even just the removed row staggering is confusing the first few days.

As many readers of this blog are aware, openSUSE has been offering packages of git snapshots from KDE since quite a while. They are quite useful for those wiling to test, report bugs, and / or hack on the code, but also for those who want to see what’s brewing in KDE land (without touching their existing systems). However, a major drawback for non English speakers was the lack of translations.

What’s the problem with translations?

KDE translations are not hosted on the community’s git repositories, but are instead stored in KDE’s SVN server. The main reason they were not moved to git was to preserve the existing workflows of the translation teams (who might not be as technical as the actual hackers). Translations are then placed in tarballs at the times of betas / RCs / releases.

This unfortunately means that having a git checkout, like what the OBS does when building the unstable packages, will not carry any translations whatsoever. Worse, existing -lang packages for stable versions will raise dependency problems if present (because they require the exact same version of their corresponding binary paclage).

Also, since the KDE team tries to keep the same set of package defintions (spec files) between the stable and unstable OBS projects, this meant some extra complexity to take into account the fact that translations might or might not be there.

As far as I remember, since some time there was some tooling in KDE infrastructure to download translations at build time, but it was a big no-no for the OBS, as there is no network access during building for security reasons.

Two sides of a solution

This proved to be a problem also for KDE’s own release management. On September 2nd, KDE hacker Albert Astals Cid outlined a proposal to have an automated way to copy translations from SVN into their corresponding repository, with a series of scripts that would do so periodically.

After some discussion and once at Akademy, the switch was turned on October 2nd. This means that our git checkouts were getting translations!

Of course, some adjustments were needed: spec files in the KDE Unstable projects were not taking the presence of translations into account, and thus quite a number of builds were failing. krop, KDE team member extraordinaire, stepped in and fixed all the spec files. This in turn made him realize that some upstream KDE projects were not actually handling translations correctly in their CMake code, so he fixed them too.

Within a couple days, all KDE Unstable repositories (Frameworks, Applications and Extra) had translations enabled, where applicable. After many years, it became possible to test the latest KDE software and have it in your own language.

Do I need to do anything?

If you don’t have the language packages installed and you have installation of recommended packages enabled (the default), they should be installed automatically. If you have, like myself, forcibly installed the language packages from the stable repositories, you can force install the new ones (for example with zypper install -f <packagename>), or if you’re on Tumbleweed, accept to swap them when prompted (this occurs when a new stable version of KDE software is published in a snapshot). Or you can install them manually should you prefer to do so.

Should any issues with the packaging arise (e.g., missing dependencies, conflicts), please file a ticket on bugzilla.opensuse.org.

And as always, have a lot of fun!

I’m back from Akademy, it was a blast I was glad to be there and meet people in person again. Now let’s go for my web review for the week 2022-40.

TikTok Tracks You Across the Web, Even If You Don’t Use App - Consumer Reports

Tags: tech, social-media, surveillance, attention-economy

The most addictive and also tracking you everywhere it can (unsurprisingly). Toxicity at its highest.

https://www.consumerreports.org/electronics-computers/privacy/tiktok-tracks-you-across-the-web-even-if-you-dont-use-app-a4383537813/

A multi-language bindings generator for rust

Tags: tech, rust, bindings

This should hopefully ease the pain of mixing Rust with other languages.

https://github.com/mozilla/uniffi-rs

Pull Rust introductory support from Kees Cook

Tags: tech, linux, kernel, rust

This is definitely a big deal both for the kernel and for Rust.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8aebac82933ff1a7c8eede18cab11e1115e2062b

A curated collection of diagramming tools used by software engineering teams

Tags: tech, architecture, diagrams

A good list of tools for making diagrams in various situations.

https://github.com/shubhamgrg04/awesome-diagramming

Laurence Tratt: UML: My Part in its Downfall

Tags: tech, architecture, design, uml, history

Very interesting post about the history of UML and the MDA approach. Clearly MDA and UML v2 was the beginning of the end for UML. That’s too bad, I find UML still useful for sketching and communication between humans.

https://tratt.net/laurie/blog/2022/uml_my_part_in_its_downfall.html

Monday’s Engineering - Personal Development Plan

Tags: tech, hr, management, career

Interesting career ladder example. I especially like the various dimensions they focus on.

https://growth.monday.com/homepage/rd/engineering/?p=mr0-mr1-mr2-mr3-tr0-tr1-tr2-&f=no

Staff engineer archetypes. | Irrational Exuberance

Tags: tech, management, tech-lead, team

Interesting little taxonomy of staff engineer roles. This can help to know from where you’re talking in your organization.

https://lethain.com/staff-engineer-archetypes/

First make the change easy, then make the easy change

Tags: tech, life, xp, refactoring

Good point, this little wisdom from Kent Beck goes further than just code and refactoring.

https://www.adamtal.me/2019/05/first-make-the-change-easy-then-make-the-easy-change

An end to doomerism - Big Think

Tags: life, philosophy

Although I disagree with some of the examples she summons, I think she indeed has a point.

https://bigthink.com/progress/pessimism-is-a-barrier-to-progress/

Bye for now!

For a long time I have been fixing issues behind the scenes to support Autocrypt and fixing bugs around encryption.

But the best crypto support does not help if it is too complicated for users to use the system. PGP is complex and a lot of things can go wrong, so the UI should support the user to find solutions, if things are going the wrong way. For me it was obvious that I cannot do this on my own and found Eileen Wagner a UX designer who is experienced in crypto UX. It was a lot fun to work together with Eileen to improve the UX in Kontact ;)

It soon became obvious that the part that needs an overhaul is mostly sending. There is a lot that happens AFTER you press send. You may be faced with information that the keys are not good enough, or that a used key is near expiry. So we tried to improve the UX so that these issues will bubble up earlier so you can fix the issues before pressing send.

At least for me, it is often that I concentrate in order to finish a message before I need to go, and then press send in a hurry. So all dialogs and warnings are facing me while I'm in a hurry and I just want them to disappear. If instead, I know of those things in advance, I will have time to ask for a new key or search for the correct key for a particular recipient.

Here you see a sample of creating a message to several recipients after our improvments.

Eileen created a blog post about the thoughts behind the UX decisions made for Kontact. After several months of working together with Eileen, I realized that for outsiders, it is still hard to distinguish Kontact and KMail. Kontact is a bundle of several applications that are presented together. You are free to start and use every of those applications directly and will see no difference. You only will miss the small left-column to switch between the applications. KMail is the application that Kontact is using for the mail tab.

This work is possible because Eileen and I were funded by nlnet to improve Email Encryption in Kontact.

Near key expiry

I really like the feature that Kontact informs you about keys that will soon expire. Doing this makes it clear that I need to care about a key update and I can trigger it in advance. I know there is a lot of discussion about automatic key updates and several attempts to do this.

I am still using parcimonie for this task. But unfortunately not everyone is using a key server to communicate key updates, and nowadays there are several sources for keys update keyserver, WKD, PKA, DANE, ... Sure it would be easy to try an update in background, but starting a network connection without users consent is a no-go. So the first step is now to show the user that keys are near to expiry. In the second step, we will make it possible for the user to directly trigger an update. This will also be true if no suitable key was found for a recipient.

As I was inside the near-expiry feature code, I also added a fourth category for your own keys. I want to get informed about my own key expiry long before the key expires, to create and upload the key update, so when others are searching for the keys they already find the updated key.

Key cache usage

Until now Kontact always talked to gnupg directly using gpgme. In itself this is not an issue, but this connection is slow. This is why libkleo started to implement a key cache a while ago to cache all keys. Before, we had to wait for gnupg to answer all our requests. In my experience, that means sometimes I wait a minute or longer.

Now Kontact is also using this cache and we now can instantly show that we found PGP keys for all recipients, while typing the mail address. Do you see how fast the "green check mark" toggles while writing in the video? This "green check mark" indicates, that we found keys for all recipients. That's possible because of the key cache.

Trust levels

Gnupg now has the TOFU (trust on first use) feature that creates statistics about key usage and when we seen keys in our messages. When a key is used for a long time, the key is trusted more, and now you can detect a key with no history. This makes it harder for someone to present you with a new fake key. Of course, you get the best security by checking fingerprints and signing the recipient keys. But let’s be honest, who can do this for every key that one is using in our busy lives. For those who do not check every key, TOFU is actually a great improvement, as you build trust while using the keys.

In Kontact we are now display the trust levels instead of just validity, as the trust levels are taking the TOFU history into account. I personally cannot see any disadvantage to enabling trust-model 'tofu+pgp' in gnupg via (~/.gnupg/gpg.conf) and would highly suggest that everyone enable that in gnupg. It gives you the best of two worlds: You will be able to build trust on the keys by just using the keys (tofu part) and still can also check fingerprints (pgp part).

After enabling it I actually found out that until now the tofu data is not updated when I sent an encrypted message. However, it is done, if I use gnupg from the command line. I created a upstream bugreport for this. Until this is fixed tofu is a little bit useless, because no statistics are created. Key cache and key resolver also need to learn trust levels, as they are in charge to select the most trusted key to send messages to.

Settings

The settings in Kontact are in some corners a big list of checkboxes and it is not obvious where to find what. For Encryption we decided to merge several tabs together to present one page and name it Encryption.

There is also the signature feature, that is not connected with Cryptography but just about the mail signatures.

The critical point is the defaults for new users and we ended up having default encryption settings that can be overridden for each identity.

As all the work was done with Autocrypt in mind, I also mark Autocrypt support as stable. Now the user can enable Autocrypt within the settings page of the identity.

In the end I think these improvements take Kontact a big step forward and lets us use encryption more easily. I'm proud about the current state, but my To-Do list is still full until we have looked into all the corner cases.