I’m back from Akademy, it was a blast I was glad to be there and meet people in person again. Now let’s go for my web review for the week 2022-40.

TikTok Tracks You Across the Web, Even If You Don’t Use App - Consumer Reports

Tags: tech, social-media, surveillance, attention-economy

The most addictive and also tracking you everywhere it can (unsurprisingly). Toxicity at its highest.

https://www.consumerreports.org/electronics-computers/privacy/tiktok-tracks-you-across-the-web-even-if-you-dont-use-app-a4383537813/

A multi-language bindings generator for rust

Tags: tech, rust, bindings

This should hopefully ease the pain of mixing Rust with other languages.

https://github.com/mozilla/uniffi-rs

Pull Rust introductory support from Kees Cook

Tags: tech, linux, kernel, rust

This is definitely a big deal both for the kernel and for Rust.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8aebac82933ff1a7c8eede18cab11e1115e2062b

A curated collection of diagramming tools used by software engineering teams

Tags: tech, architecture, diagrams

A good list of tools for making diagrams in various situations.

https://github.com/shubhamgrg04/awesome-diagramming

Laurence Tratt: UML: My Part in its Downfall

Tags: tech, architecture, design, uml, history

Very interesting post about the history of UML and the MDA approach. Clearly MDA and UML v2 was the beginning of the end for UML. That’s too bad, I find UML still useful for sketching and communication between humans.

https://tratt.net/laurie/blog/2022/uml_my_part_in_its_downfall.html

Monday’s Engineering - Personal Development Plan

Tags: tech, hr, management, career

Interesting career ladder example. I especially like the various dimensions they focus on.

https://growth.monday.com/homepage/rd/engineering/?p=mr0-mr1-mr2-mr3-tr0-tr1-tr2-&f=no

Staff engineer archetypes. | Irrational Exuberance

Tags: tech, management, tech-lead, team

Interesting little taxonomy of staff engineer roles. This can help to know from where you’re talking in your organization.

https://lethain.com/staff-engineer-archetypes/

First make the change easy, then make the easy change

Tags: tech, life, xp, refactoring

Good point, this little wisdom from Kent Beck goes further than just code and refactoring.

https://www.adamtal.me/2019/05/first-make-the-change-easy-then-make-the-easy-change

An end to doomerism - Big Think

Tags: life, philosophy

Although I disagree with some of the examples she summons, I think she indeed has a point.

https://bigthink.com/progress/pessimism-is-a-barrier-to-progress/

Bye for now!

For a long time I have been fixing issues behind the scenes to support Autocrypt and fixing bugs around encryption.

But the best crypto support does not help if it is too complicated for users to use the system. PGP is complex and a lot of things can go wrong, so the UI should support the user to find solutions, if things are going the wrong way. For me it was obvious that I cannot do this on my own and found Eileen Wagner a UX designer who is experienced in crypto UX. It was a lot fun to work together with Eileen to improve the UX in Kontact ;)

It soon became obvious that the part that needs an overhaul is mostly sending. There is a lot that happens AFTER you press send. You may be faced with information that the keys are not good enough, or that a used key is near expiry. So we tried to improve the UX so that these issues will bubble up earlier so you can fix the issues before pressing send.

At least for me, it is often that I concentrate in order to finish a message before I need to go, and then press send in a hurry. So all dialogs and warnings are facing me while I'm in a hurry and I just want them to disappear. If instead, I know of those things in advance, I will have time to ask for a new key or search for the correct key for a particular recipient.

Here you see a sample of creating a message to several recipients after our improvments.

Eileen created a blog post about the thoughts behind the UX decisions made for Kontact. After several months of working together with Eileen, I realized that for outsiders, it is still hard to distinguish Kontact and KMail. Kontact is a bundle of several applications that are presented together. You are free to start and use every of those applications directly and will see no difference. You only will miss the small left-column to switch between the applications. KMail is the application that Kontact is using for the mail tab.

This work is possible because Eileen and I were funded by nlnet to improve Email Encryption in Kontact.

Near key expiry

I really like the feature that Kontact informs you about keys that will soon expire. Doing this makes it clear that I need to care about a key update and I can trigger it in advance. I know there is a lot of discussion about automatic key updates and several attempts to do this.

I am still using parcimonie for this task. But unfortunately not everyone is using a key server to communicate key updates, and nowadays there are several sources for keys update keyserver, WKD, PKA, DANE, ... Sure it would be easy to try an update in background, but starting a network connection without users consent is a no-go. So the first step is now to show the user that keys are near to expiry. In the second step, we will make it possible for the user to directly trigger an update. This will also be true if no suitable key was found for a recipient.

As I was inside the near-expiry feature code, I also added a fourth category for your own keys. I want to get informed about my own key expiry long before the key expires, to create and upload the key update, so when others are searching for the keys they already find the updated key.

Key cache usage

Until now Kontact always talked to gnupg directly using gpgme. In itself this is not an issue, but this connection is slow. This is why libkleo started to implement a key cache a while ago to cache all keys. Before, we had to wait for gnupg to answer all our requests. In my experience, that means sometimes I wait a minute or longer.

Now Kontact is also using this cache and we now can instantly show that we found PGP keys for all recipients, while typing the mail address. Do you see how fast the "green check mark" toggles while writing in the video? This "green check mark" indicates, that we found keys for all recipients. That's possible because of the key cache.

Trust levels

Gnupg now has the TOFU (trust on first use) feature that creates statistics about key usage and when we seen keys in our messages. When a key is used for a long time, the key is trusted more, and now you can detect a key with no history. This makes it harder for someone to present you with a new fake key. Of course, you get the best security by checking fingerprints and signing the recipient keys. But let’s be honest, who can do this for every key that one is using in our busy lives. For those who do not check every key, TOFU is actually a great improvement, as you build trust while using the keys.

In Kontact we are now display the trust levels instead of just validity, as the trust levels are taking the TOFU history into account. I personally cannot see any disadvantage to enabling trust-model 'tofu+pgp' in gnupg via (~/.gnupg/gpg.conf) and would highly suggest that everyone enable that in gnupg. It gives you the best of two worlds: You will be able to build trust on the keys by just using the keys (tofu part) and still can also check fingerprints (pgp part).

After enabling it I actually found out that until now the tofu data is not updated when I sent an encrypted message. However, it is done, if I use gnupg from the command line. I created a upstream bugreport for this. Until this is fixed tofu is a little bit useless, because no statistics are created. Key cache and key resolver also need to learn trust levels, as they are in charge to select the most trusted key to send messages to.

Settings

The settings in Kontact are in some corners a big list of checkboxes and it is not obvious where to find what. For Encryption we decided to merge several tabs together to present one page and name it Encryption.

There is also the signature feature, that is not connected with Cryptography but just about the mail signatures.

The critical point is the defaults for new users and we ended up having default encryption settings that can be overridden for each identity.

As all the work was done with Autocrypt in mind, I also mark Autocrypt support as stable. Now the user can enable Autocrypt within the settings page of the identity.

In the end I think these improvements take Kontact a big step forward and lets us use encryption more easily. I'm proud about the current state, but my To-Do list is still full until we have looked into all the corner cases.

For the last several years the translation system in KDE’s UserBase wiki has been somewhat dysfunctional. After the recent upgrade of the wiki software that seems to have changed!

If you have made translations on UserBase that were not displayed, they should be shown now. It would be great if you could check them and let us know, if something is still missing. Also please check that the translation system works as expected.

A small group of people got together during Akademy to discuss the current state of UserBase. We have a lot of work ahead of us to get everything in shape, but we agreed to give it shot. Stay tuned for more on this.

KStars v3.6.1 is released on 2022.10.02 for MacOS, Linux, and Windows. It's a bi-monthly bugfix release with a couple of exciting features.

Due to major changes in this release, we are releasing it as Early Preview. We hope to release final stable release in a few weeks given the user feedback.

Optical Trains

Ekos introduces a new method to configure equipment by organizing them into Optical Trains. An optical train is a collection of devices arranged in orders from the telescope/lens up until the last imaging element. It includes everything in between including reducers, barlows, OAGs, rotators, filter wheels and so forth.

You will no longer select individual devices in Ekos modules, you simply select which train you want to use. Settings are now saved per-train basis so you can have different settings for each train. This is all done automatically and no need to save or load settings yourself.

Dark Guiding

Internal Guider

Hy Murveit increased the number of usable MultiStar references. It was limited to 10 previously but now you can increase it as appropriate given the seeing conditions.

State Machines

Wolfgang Reissenberger continues work on dedicated state machines. This is the next step towards dedicated state machines for EKOS. This step contains:

• Introduction of a dedicated meridian flip state machine encapsulating both the meridian flip state of the mount and the overall state. This state machine is shared between Capture and Mount, which avoids mutual state communication.
• First functionality regarding the meridian flip is shifted from Capture and Mount to the state machine. Nevertheless, the complex operations are still part of the Capture code and will be addressed in one of the next refactoring steps.

More Fixes & Improvements

Hy Murveit           fix align solver disconnect crash, disable ssolver logging

Hy Murveit           Analyze target distance should be plotted as a property of the last capture.

Wolfgang Reissenberger Problem with guide calibration after meridian flip

Sophie Taylor        Proper support for loading compressed image statistics

Robert Lancaster     Attempting to patch Find Dialog Crash Bug on MacOS

Marius P             guidealgorithms use C++ initialization instead of memset

Hy Murveit           Reduce the resolution in drawing artificial horizon to 1 degree

Hy Murveit           Bugfix--scheduler was ignoring artificial horizon ceiling constraints

alfred herrhausen    Summary Screen layout improvements, Total RMS added

Wolfgang Reissenberger No separate JPLParser creation for check of epoch_mjd, since this causes crashes

Jasem Mutlaq         Add support for DSLR lenses. User can select either scope or lens in equipment

Hy Murveit           Fix bug where deprecated XML caused extra sequence jobs

Hy Murveit           PAA: use the index and healpix of the 3rd PAA calibration image at the start of the refresh phase.

Wolfgang Reissenberger State machines for meridian flip and Capture

Wolfgang Reissenberger Bugfix for restarting a paused capture sequence after a meridian flip

Hy Murveit           Call checkCamera before loading a sequenceQueue in case UI has not yet been updated.

Wolfgang Reissenberger Handling attempts sending an RPC call if no connection established

Hy Murveit           Do not draw star circles when printing HFRs

Jasem Mutlaq         Warn users if one or more devices fail to connect

Today is a great day! I’m in Barcelona (typing this from my hotel room) to meet a good chunk of KDE for Akademy 2022. I can’t wait… it’s been a long time since the last edition was in person.

Well, the first few persons arrive, time for a late lunch I’d say. See you all at the welcome event and the venue.

Let’s go for my web review for the week 2022-39.

Penpot inks $8M as signups for its open source spin on Figma jump 5600% after Adobe’s $20B acquisition move | TechCrunch

Tags: tech, design, penpot

Go Penpot! Go! I hope to see it growing further.

https://techcrunch.com/2022/09/27/penpot-inks-8m-as-signups-for-its-open-source-spin-on-figma-jump-5600-after-adobes-20b-acquisition-move/?guccounter=1

So when did POP and IMAP become a “legacy protocol?” - The Boston Diaries - Captain Napalm

Tags: tech, microsoft, vendor-lockin

This is indeed a concerning move… it’s not about legacy, it’s about closing an ecosystem.

http://boston.conman.org//2022/09/22.1

The appeal of small computers • AndreGarzia.com

Tags: tech, computers, small

This! There’s definitely something interesting with those very focused devices. The problem though is carrying them + something else for other uses. This adds up quickly.

https://andregarzia.com/2022/09/The-appeal-of-small-computers.html

What Not to Recommend to Flatpak Users | TheEvilSkeleton

Tags: tech, flatpak

A little collection of dirty tricks that you should probably not use on Flatpak installs.

https://theevilskeleton.gitlab.io/2022/09/28/what-not-to-recommend-to-flatpak-users.html

CLI tool and python library that converts the output of popular command-line tools, file-types, and common strings to JSON, YAML, or Dictionaries. This allows piping of output to tools like jq and simplifying automation scripts.

Tags: tech, command-line, json

This looks interesting. Definitely something to add to the tool belt. Coupled with jq this becomes very powerful.

https://github.com/kellyjonbrazil/jc

Why Rust is actually good for your car. | by Johannes Foufas | Volvo Cars Engineering | Sep, 2022 | Medium

Tags: tech, rust, embedded, automotive

Interesting interview about some serious usage of Rust in the embedded space. That’s where I’d expect it to shine.

https://medium.com/volvo-cars-engineering/why-volvo-thinks-you-should-have-rust-in-your-car-4320bd639e09

Making python fast for free - adventures with mypyc – MeadSteve’s Dev Blog

Tags: tech, python, performance, mypy, compiler, type-systems

This is good news, this provide more venues for improving performances in Python modules next to switching to compiled Rust with something like PyO3. There’s clearly a case to be more for not having to rewrite when the codebase was already mostly Python.

https://blog.meadsteve.dev/programming/2022/09/27/making-python-fast-for-free/

I hold the opinion that state machines are underrated

Tags: tech, design, programming, statemachines

I definitely agree with this opinion. We definitely don’t use state machines enough

https://github.com/cpressey/Facts-about-State-Machines

Want cleaner code? Use the rule of six

Tags: tech, programming

This is an interesting simple rule so know when to split something, I like it.

https://davidamos.dev/the-rule-of-six/

The 4 minute bug | Alejandro AR (kinduff)

Tags: tech, bug, debugging, team

Definitely a case of a very interesting bug found in production. In the end, the root cause is the loss of context because people working on the components changed. Never underestimate the knowledge lost when someone leaves.

https://kinduff.com/2022/09/28/the-4-minute-bug/

Complexity and software engineering | Well, quite.

Tags: tech, complexity, technical-debt

Interesting points about complexity. Indeed it’s everywhere the problem is when you start to silently (and unwillingly) worship it… coupled with fear of changes this can only lead to piling more and more complexity in your systems.

https://wellquite.org/posts/complexity/

Guiding principle: Think Big, Work Small | by Jason Yip | Sep, 2022 | Medium

Tags: tech, agile, product-management, project-management, vision

This is an interesting way to frame it. I generally talk with people about making sure you got vision and horizon in your product backlog (which then requires adequate grooming). Still this sounds like a simpler to grasp wording here. Probably good for a first approach.

https://jchyip.medium.com/guiding-principle-think-big-work-small-8fb1fce6dd97

Be critical or be corrupted

Tags: tech, organization, project-management, product-management, management, metrics

Interesting way to highlight Goodhart’s Law. Indeed you can be corrupted by the very system you put in place if if it’s mainly driven by metrics. As much as possible, think qualitative, not quantitative.

https://www.cenizal.com/be-critical-or-be-corrupted/

How I interview engineers to assess ability to deliver impact | Metaview Blog

Tags: hr, interviews

Interesting set of tips for interviews. Definitely inspiring to dig deeper on a candidate motives and behaviors.

https://www.metaview.ai/resources/blog/how-i-interview-engineers-to-assess-ability-to-deliver-impact

Learning is Remembering

Tags: learning, memory

Good explanation of the relationship between memory and learning… it’s not quite what one would intuitively think, things need to be in long-term memory first which means you need to repeat things somehow so that they end up there (otherwise they’re just in the temporary working memory).

https://saveall.ai/blog/learning-is-remembering

Bye for now!

I’ve just merged in kio-gdrive master the support for Shared With Me files. This new feature will be shipped with the next KDE Gear 22.12 release.

Your shared files and folders will be presented in a virtual “Shared With Me” folder (similar to the “Shared With Me” tab in the Google web-UI):

The properties dialog in dolphin will also show the date the file/folder was shared with you (if available):

Please test it and report any bugs you’ll find :)

Let’s go for my web review for the week 2022-38.

World of Open Source: Europe Spotlight 2022

Tags: tech, foss, business, economics

Very interesting report although I admit I’m a bit skeptical at the strong “apolitical” message in it. This highlights very well a few challenges specific to Europe. We need to see them tackled I think. It’s nice to see moves in the public sector but clearly it needs to go further and faster. Same thing regarding the creation of OSPOs in companies.

https://www.linuxfoundation.org/research/world-of-open-source-europe-spotlight

Press release: Use of Google Analytics for web analytics

Tags: tech, google, surveillance

We all know you shouldn’t use Google Analytics. Now we also know that if you’re in Europe and you’re using it, it’s probably illegal.

https://www.datatilsynet.dk/english/google-analytics/use-of-google-analytics-for-web-analytics

Open Web Search – Promoting Europe’s Independence in Web Search – Funded by the Horizon Europe Programme

Tags: tech, web, search

Could this lead to the open web index we all need? I hope this research will have high impact.

https://openwebsearch.eu/

drones run linux: the free software movement isn’t enough

Tags: tech, foss, ethics

Slightly depressing when it’s laid out like this… still there is some truth to it. Maybe it’s time to rethink a few things.

https://j3s.sh/thought/drones-run-linux-free-software-isnt-enough.html

5 Figma Alternatives for UI & UX Designers - Stack Diary

Tags: tech, design, ux, self-hosting

Since I regularly see Figma used by customers I really hope this will boost adoption on Penpot. A good open alternative you can even self-host.

https://stackdiary.com/figma-alternatives/

Rendergraphs and how to implement one

Tags: tech, 3d

Interesting dive into the implementation of a render graph system for a 3D engine.

https://poniesandlight.co.uk/reflect/island_rendergraph_1/

Wasmtime Reaches 1.0: Fast, Safe and Production Ready!

Tags: tech, webassembly, portability

Definitely a big deal for the development of WebAssembly. We’ll have to see if the security promises hold but this definitely shows interesting features.

https://bytecodealliance.org/articles/wasmtime-1-0-fast-safe-and-production-ready

Ten challenges for Rust

Tags: tech, rust, complexity, community

Interesting set of challenges indeed. I think Rust is a bit at a crossroad now. The next few years will be crucial, either they will lead to further adoption or it will stagnate and slowly disappear.

https://www.ncameron.org/blog/ten-challenges-for-rust/

A personal experimental C++ Syntax 2 -> Syntax 1 compiler

Tags: tech, c++, complexity, safety

Now this is very interesting. An excellent teaser for Herb Sutter’s CppCon 2022 talk. Let’s see where that goes.

https://github.com/hsutter/cppfront

Entitlement in Open Source | Mike McQuaid

Tags: tech, foss, work, life

Good reminder of the sometimes uneasy relationship between users and maintainers. This needs to stay healthy. Users need to know their place and maintainers should feel OK saying no to things.

https://mikemcquaid.com/entitlement-in-open-source/

Cultivating Hospitality

Tags: business, hr, culture, organization

A very important and unfortunately underestimated factor for a sane and welcoming culture.

https://kevinyien.com/blog/cultivating-hospitality.html

We Spoke With the Last Person Standing in the Floppy Disk Business – Eye on Design

Tags: tech, surprising, culture, low-tech

The death of the floppy disk has been greatly exaggerated it seems. At least for now…

https://eyeondesign.aiga.org/we-spoke-with-the-last-person-standing-in-the-floppy-disk-business/

Photography for geeks

Tags: photography

A long and complete article about the important parameters when taking photos and processing them. So it gives a few tricks for shooting the picture but also when you sit in front of the computer.

https://lcamtuf.coredump.cx/photo_basics/

Bye for now!

Last month, I was in Saumur (France) to attempt a KDE Promo sprint. This was my first sprint since the pandemic, actually this might even be my first ever official KDE sprint as before the pandemic I primarely attended conferences (Akademy, Fosdem, Libre Graphics Meeting, Linux App Summit, …) but no official sprint.

The sprint took place during the weekend and was a great occassion to meet Allon, Aron and Neophytos for the first time. Aside from them I also meet Claudio, Paul, Joseph and Aniqua would I had already had the chance to meet before.

While the sprint was only 2 days long, I think we had some really productive discussions about the general strategie we should take and also how to move forward with some stuck tasks.

Personally I was quite happy to unblock one of my previous idea of creating “KDE for”-webpages. I already created a KDE for Kids page a long time ago but never managed to find the time and motivation to create more of them. So during the sprint, we started to brainstorm a bit for a “KDE for Creators” page, you can already take a look at the wip prototype here and if you have suggestions and want to help we have a phab task.

Aside from all the productive discussions, Allon made us discover Saumur. It’s a really nice city near the Loire. But I need to say that I was quite depressed at the level of water in the Loire, it looked almost empty. Good reminder that climate change is real and human made.

Aside from the sad state of the Loire, we also tasted a lot of good food. We had some gallete bretones on Sunday evening and it was delicious. Allon also invited us Saturday night at his place and he made fouée for us.

It’s a local speciallity and it was really good and I was so full at the end of the day. Thank you Allon and your family for being such wonderful hosts!

Tuesday night, I managed to break the screen of my laptop. This is particular annoying when you don’t have any external screen at home and need to work. Fortunately the scren wasn’t completely broken, and I managed to survice Wednesday, with half of the screen working.

From half of the screen working on Wednesday, the situation got worse on Tursday and I was forced to find another solution. My only other Linux powered devices at home were a PinePhone and my SteamDeck. Performance wise, the choice was easy and I choose to try to use my SteamDeck. And so my workstation on Tursday and Friday ended up like this:

I connected the dev environment of my laptop with SSH and it kinda worked. I did some commit. I even managed to do call and share my screen for a demo/presentation at work. But still the experience on the small screen wasn’t that great.

Fortunately, I ordered a new laptop (Thinkpad E14 gen 4) and it arrived on Friday afternoon. The new laptop has a working screen but no mainline wifi drivers. So took me a bit more time than expected to build and sign the out-of-tree drivers with secure boot enabled.

I love hardware.