After a very long pause, I am happy to announce the release of Nanonote 1.4.0.
Nanonote is a minimalist note-taking application. It consists of a text area, a context menu and... that's about it!
It's handy to jot down short term notes, as a temporary place to collect copy'n'paste blocks, to draft a long response for an instant messaging app without having to fear pressing Enter too soon or any other use you can come up with!
TODO lists
Nanonote can also be used to write TODO lists. This is even better now in 1.4.0 thanks to the new task feature from Daniel Laidig, which lets you quickly create and toggle checkable tasks with Ctrl+Enter.
Nanonote is not a Markdown editor, but I often found myself separating notes with Markdown-like headings. Issue #43, convinced me to add some light styling for headings:
More changes
For a complete list of changes, have a look at the CHANGELOG.
Get it!
You can find .deb, .rpm, macOS dmg and Windows installers on the release page.
For Linux users, Nanonote is now also available on Flathub.
KDE Connect was designed 10 years ago (!) with Android smartphones as one of our first supported platforms. Because of that, when designing the KDE Connect protocol we had to work around many technical limitations that Android had back in its infancy.
Below are the 3 main areas that will improve thanks to this and become KDE Connect 2.0 (even though some changes will show up sooner, because we release early, release often).
Reliability
The strength of KDE Connect (compared to some of the non-free alternatives that popped up in these last 10 years) is that KDE Connect only uses your local network for communication and doesn’t need intermediary servers in “the cloud“. This adds a challenge: devices running KDE Connect have to discover each other in the network before they can talk to each other.
Discovery is possible in the current protocol using UDP broadcasts, but the state of the art nowadays is to use multicast DNS (mDNS) instead, which is more reliable and less often blocked by the network configuration. We wanted (and tried) to adopt mDNS for a while, but it was a a bigger endeavour than what we could tackle.
By focussing full time on this, my goal is to implement an mDNS backend for KDE Connect on all supported platforms (Linux, Windows, MacOS, Android and iOS) before fall this year. Wish me luck!
Security
Before Android 5, only TLSv1 and a limited set of cipher suites could be used. We always try to stay compatible with old devices and to fight the programmed obsolescence that plagues modern technology, but that meant keeping the KDE Connect protocol compatible with insecure encryption protocols.
Starting with KDE Connect v1.22 for Android, we now require Android 5 or later so we can drop compatibility with insecure encryption in all the KDE Connect implementations (and not only Android). In addition to that, we are reviewing and updating the dependencies we bundle as part of the app to make sure we have the latest security patches.
Later this year, and also thanks to NLnet, we will get a security audit by Radically Open Security. This will be the second time KDE Connect is audited, after the openSUSE security team did so in 2020.
Accessibility
We recently adopted Material 3 in the Android app (thanks Dmitry Yudin for doing most of the work!) and KDE as a whole is getting ready to migrate our desktop apps to Qt6. These times are a perfect opportunity to review the accessibility of our user interfaces, and for that NLnet is helping us get anaccessibility audit by the HAN University also later this year.
All in all, exciting times for the KDE Connect project! Stay tuned for future updates :)
Testing various functionalities of Tokodon’s Main Timeline.
This is a continuation of my previous blog post where I shared my mid-journey experience while being a Season of KDE mentee.
Week 7-8:
These weeks were spent testing interaction buttons and different types of statuses.
My first task was to write a test for boost, favourite, and bookmark interaction buttons in Tokodon to see if they worked as intended. For this, I identified the behaviour of different buttons using accerciser and then added the missing accessibility description for the respective buttons. I then wrote an appium test as part of TimelineTest to assert if the buttons worked as intended.
Next was testing the different types of statuses, Tokodon has support for two types of statuses normal and spoiler status, spoiler status is just a normal status with a spoiler text and an option to hide or unhide the spoiler text. To check whether the status had a spoiler, I checked if the length of the spoiler text is equal to zero (root.spoilerText.length == 0) if the conditional gave a True value, I assigned the accessibility description(Accessible.description) as Normal Status else a Spoiler Status. The final code for setting the accessibility description was Accessible.description: root.spoilerText.length == 0 ? i18n("Normal Status") : i18n("Spoiler Status");, which I then verified using accerciser if it pointed to the correct place. Once I had the accessibility description set for the respective status, I expanded the TimelineTest to include a new test for asserting the accessible description of the statuses in the Main Timeline, We consider the test as passed if we find the two status types.
Week 9-10:
These weeks were spent fixing the build errors after rebase and checking different types of media-attachments in timelinetest.
My mentor Carl Schwan helped me rebase work/sok/offline-tokodon to the latest master so that I could work on the latest changes, which led Tokodon to stop building due to some build and dependencies error, so the subsequent week was spent on fixing various errors which I tackled by comparing the work/sok/offline-tokodon branch with the master branch and with previous commits, my mentor Carl was always available to give me clues whenever I felt stuck.
Once all the build errors were fixed and Tokodon was able to build successfully, I worked on adding tests for testing different types of media attachments on statuses, for which I referred to mastodon’s documentation to see what response is received while requesting different kinds of media attachment, which I then integrated into the already present statuses.json file, after which I was successful in displaying different kinds of media attachment.
Once all the different types of media attachments were visible, I expanded the TimelineTest test to include testing of media attachments by asserting whether the different types of media attachments were visible.
The final TimelineTest after implementing the above tasks can be seen in the gif below.
A bit of context/history: for those of you who follow Nate’s blog you might already know what I am talking about. Thanks to the awesome work done by aleasto on this MR, we closed this bug.
There are, of course, a few quirks to solve but essentially it works.
The @kdesig team has enabled a COPR repository for those who want to help us test the upgrades from F37 to F38.
BIG FAT WARNING: Fedora 38 is still in BETA
I will now explain shorty what are the steps you need to follow to perform the upgrade via Discover:
Now open Discover, go to the Update tab, click on Refresh and eventually on Update All:
Click on Restart Now to trigger the installation of our patched discover
Once you reboot, open Discover again and after a few seconds click on Upgrade to Fedora Linux 38:
Switch to the Update tab and wait until the progress bar finishes. Finally click on Update All:
Now be patient as many packages will need to be downloaded. When it finishes, you will be asked for your password:
Important note: there is a known bug which might trigger an error message at this point. If you see it, don’t panic, just close the message and click on Update All again. This time everything should work.
Time to Reboot, grab a coffee and after a few minutes… you shall boot into Fedora 38!!!
Please try it out and give us feedback on our Matrix room
It’s been a month since my first post about my work as KDE Software Platform Engineer, so let’s have a look at what I have been doing since then.
The scope of what falls under “Software Platform” work is arguably quite wide. I like to describe it as “Taking care of everything needed so that people can build and enjoy awesome software”. Of course that often means hacking on source code, but that is by no means the only thing I do. A significant part of what I do is talking to other people, discussing ideas, reviewing code, making architecture decisions, documenting things, triaging bugreports, and just generally being useful to others. A lot of this work is strategic in nature and the benefits will only show in the long term, but some short-term improvements happend this month also.
My main area of focus was working on polishing the Plasma 6 and Frameworks 6 stability. This means staying on top of things that happen throughout the stack as well as squashing remaining issues. As a result several more projects now have CI builds against the latest development branches of frameworks. Furthermore, I fixed several places where coexistence of Qt5/KF5-based and Qt6/KF6-based software was causing issues.
Qt is an vital part of our software stack, so an important part of being KDE Software Platform Engineer is being involved in its development. Last month I submitted a patch to Qt, fixing a build issues affecting our code. Besides that I have also reported some bugs that were affecting KDE and participated in code review. Another important piece of our stack is our Qt5 Patch Collection that collects bugfix patches for Qt5. I contributed two suchpatches by backporting them from upstream.
In terms of documentation I have published two blog posts recently. The first explains how to build the development version of Plasma using kdesrc-build. While doing that I have also fixed some related issues in kdesrc-build to make sure building things is as smooth as possible. The second one is explaining some technical details about how theming and platform integration works in Qt/KDE apps. I hope this helps with some of the discussions around this topic that are coming up once in a while.
Besides these “Bigger Picture” topics I have also worked on some concrete enhancements for KDE software. With aseriesofchanges various system windows no longer display an internal and technical application name like “Portal” or “KDE Daemon” in their window title. I have also restored the ability to configure the time interval for determining whether two mouse clicks should be interpreted as a double click. This was present in the legacy mouse settings, but got lost in the transition to libinput. Another thing that got improved was the VPN support in our network settings. When importing a VPN configuration fails Plasma now shows the relevant error message, giving you at least some indication about what’s wrong. Futhermore I fixed a crash when importing VPN configurations when the relevant NetworkManager plugin is missing.
Another area I was working on is our powermanagement settings. Currently they are quite complex, both in terms of UX and implementation. We are working on improving this, which involves quite a bit of technical ground work.
A month from now the Plasma team will meet in Augsburg, Germany for the first in-person Plasma Sprint since 2019. I have been planning and organizing this event. This will be an important opportunity to plan for an awesome Plasma future. However, such meetings are not cheap, so please consider donating to KDE e.V. to support it.
Flatpaks are amazing and all that. But application sandboxing, so an application cannot do anything it wants, is a challenge - even more so when you have two applications that need to talk to each other. Perhaps it shouldn’t come as a surprise that native-messaging sandboxing support for Flatpak has been in development for over a year. To celebrate its anniversary I thought I’d write down how to drill a native-messaging sized hole into the sandbox. This enables the use of native messaging even without portal integration, albeit also without sane degrees of sandboxing.
First off, please understand that this undermines the sandbox on a fairly fundamental level. So, don’t do this if you don’t keep your Firefox updated or visit particularly dodgy websites.
For the purposes of this post I’m assuming Firefox and KeePassXC are installed as Flatpaks in user scope.
First order of business is setting up KeePassXC so it writes its definition file in a place where Firefox can read it. Fortunately it has a setting for this:
~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/ is the path inside Firefox’ home where the defintion file will be written. Naturally we’ll also need to adjust the Flatpak permissions so KeePassXC can write to this path.
At this point Firefox knows about the native messaging host but it won’t be able to run it. Alas. We need some rigging here. The problem is that Firefox can’t simply flatpak run the native messaging host, it needs to spawn a host process (i.e. a process outside its sandbox) to then run the KeePassXC Flatpak and that then runs the NMH.
Fortunately the NMH definition files are fairly straight forward:
{"allowed_extensions":["keepassxc-browser@keepassxc.org"],
"description":"KeePassXC integration with native messaging support",
"name":"org.keepassxc.keepassxc_browser",
"path":"/home/me/.local/share/flatpak/exports/bin/org.keepassxc.KeePassXC",
"type":"stdio"}
The problem of course is that we cannot directly use that Flatpak bin but need the extra spawn step in between. What we need is a way to manipulate the definition file such that we can switch in a different path. systemd to the rescue!
Alright, there’s some stuff to unpack here. KeePassXC on startup writes the aforementioned definition file into Firefox’ NMH path. What we do with the help of systemd is monitor the file for changes and whenever it changes we’ll trigger our service, the service runs a mangler to modify the file so we can run another command instead. It’s basically an inotify watch.
Here’s the mangler (~/keepassxc-native-messaging-mangler):
It simply replaces the path of the executable with a wrapper script. Here’s the wrapper script (~/Downloads/keepassxc):
#!/bin/sh
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
# SPDX-FileCopyrightText: 2023 Harald Sitter <sitter@kde.org>
exec /usr/bin/flatpak-spawn --host --watch-bus "$HOME/.local/share/flatpak/exports/bin/org.keepassxc.KeePassXC" "$@"
flatpak-spawn is a special command that allows us to spawn processes outside the sandbox. To gain access we’ll have to allow Firefox to talk with the org.freedesktop.Flatpak DBus session service.
➡️ KeePassXC writes its NMH definition to Flatpak specific path
➡️ systemd acts on changes and starts mangler
➡️ mangler changes the path inside the definition to our wrapper
➡️ Firefox reads the definition and calls our wrapper
➡️ wrapper flatpak-spawns KeePassXC flatpak
➡️ Firefox (flatpak) talks to KeePassXC (flatpak)
Buttons are a fundamental element in user interfaces, but it’s easy to make some
accessibility mistakes when using icon-only buttons in QML.
First, please avoid icon-only buttons and only use then, when the icon is very
well known (e.g. arrows, delete or favorite icons) and the space is limited.
In case you still want to use an icon-only button. Make sure to set the text:
property and that it is also translatable. Otherwise, a screen reader won’t know
that to say about the button. This is because the text: property is used as
default value for the Accessible.name: property, so when it is not set
Accessible.name is empty and the screen reader can only say that the currently
focused control is a button. The trick to have both the text: property set and
an icon-only button is to use the display: property and assign it to the
AbstractButton.IconOnly.
Finally, another essential part is that an icon-only button requires a
tooltip. We need the tooltip in case the user is unsure about the meaning of
the icon and we need more details.
Note that this used the ToolTip attached property instead of a separate item
ToolTip {} as it is more memory efficient. With the attached property, we
share the tooltip instance across the entire application instead of instanciating
a ToolTip popup for each button.
Another month in the year, another collection of bugfixes and features I contributed to KDE!
Documentation Improvements
Something I want to improve for KDE Frameworks 6 is the API documentation, it’s pretty bad
sometimes:
[Bugfix]
For plasma-framework, we started marking private QML types as internal. I’m in the process of manually fixing up the custom QQuickItem types in plasma-framework
too, although I haven’t gotten around to opening up a merge request for that.
[Feature]
Because of $work, I discovered that we have a Rocket.chat client! I miss being able to quickly switch my presence
via the tray icon, so that’s the first thing I opened a merge request for.
Dr. Konqi
[Feature]
Someone pointed out that the margins in the bug reporting wizard was terrible, so I started a redesign of the whole UI trying to update it to look similar to our modern applications:
Tokodon
In preparation for the 23.04 gear release, I added a slew of new features and bugfixes!
[Feature]
As a treat for people who manage popular accounts - like our great KDE and Krita promo teams - I have a work-in-progress merge request to allow you to group notifications! I expect to find time next month to finish and polish this feature, but no promises yet.
This new version contains some bug fixes on multiple activities such as "Discover the International Morse code", "Control the hose-pipe" and music activities.
It also contains new graphics for all memory activities and for "Baby puzzle".
A new command-line argument (--difficulty {value|min-max}) has been added which allows users to force the difficulty filter at a given value or range.
The Andika font has been updated to its latest version (6.200).
It is fully translated in the following languages:
Breton
Catalan
Catalan (Valencian)
Greek
UK English
Spanish
Basque
French
Croatian
Italian
Lithuanian
Malayalam
Dutch
Norwegian Nynorsk
Polish
Portuguese
Brazilian Portuguese
Romanian
Slovenian
Turkish
Ukrainian
Chinese Traditional
It is also partially translated in the following languages:
I’m happy to announce KTechLab release version 0.51.0.
KTechLab is an IDE for microcontrollers and electronics.
This new release contains the following changes:
updated and improved translations
the Serial Port component, for better compatibility, uses Qt’s QSerialPort, instead of operating-system specific library calls
experimental support for Windows; it requires MSVC 2019 compiler
various stability fixes
modernisation of the codebase, porting away from some deprecated APIs
Instructions for building and running KTechLab are available in the README file from the source code; online version of that file is available
at
https://invent.kde.org/sdk/ktechlab/-/blob/master/README
; The very short instructions are: run sh build-simple.sh and then sh run-simple.sh.
albertvaka
albertvaka
@k3ys:matrix.org
