This feed does not validate.
line 34, column 386: (50 occurrences) [help]
... </description><author>Pablo Correa Gomez</author><dc:creator>Pablo Corre ...
^
... standing-and-improving-def-extractor-py/</guid></item><item><title>Hari ...
^
In addition, interoperability with the widest range of feed readers could be improved by implementing the following recommendations.
line 34, column 395: (50 occurrences) [help]
... tion><author>Pablo Correa Gomez</author><dc:creator>Pablo Correa Gomez</ ...
^
line 2535, column 0: (4 occurrences) [help]
<figure class="wp-block-image size-large has-custom-border"><img al ...
line 2781, column 0: (10 occurrences) [help]
<div><h2 id="working-solo">Working Solo</h2><a href="ht ...
</pre></td></tr></tbody></table></code>& ...
... igital-wellbeing-contract/</guid></item></channel></rss>
^
<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/"><channel><title>Planet GNOME</title><link>https://planet.gnome.org/</link><description>Planet GNOME - https://planet.gnome.org/</description><language>en</language><generator>rfeed v1.1.1</generator><docs>https://github.com/svpino/rfeed/blob/master/README.md</docs><item><title>Pablo Correa Gomez: Retrospective of my term as a Director for the GNOME Foundation</title><link>https://blogs.gnome.org/pabloyoyoista/2025/08/25/retrospective-of-my-term-as-a-director-for-the-gnome-foundation/</link><description><p>On the spring 2024 I presented my <a class="external" href="https://discourse.gnome.org/t/2024-board-candidate-pablo-correa-gomez/21081/5">candidature</a>, and eventually got elected for the Board of Directors at the GNOME Foundation. Directors are elected democratically by the GNOME Foundation members, and positions are usually up for election every 2 years. However, when I started my term there was one position open for a single year (due to some changes in composition of the Board). And I volunteered for it, thus my term expired more or less a month ago. When directors get elected, the information that voters have to decide on their vote is:</p><ul><li>Their personal connection to the candidates</li><li>The candidatures <a class="external" href="https://discourse.gnome.org/tag/elections2024">themselves</a></li><li>And further questions the voters might ask about specific topics</li></ul><p>For the shake of transparency and accountability, I am going to discuss my own personal candidature against the work that I contributed to the Board for the last year. Although pretty basic and a self-assessment, I believe this is important for any organization. Without retrospectives, feedback, and public discussion it is very hard to learn lesson, make improvements, and ensure knowledge transfer. Not to mention that public scrutiny and discussion are crucial for any kind of functional democratic governance. Though there are reasons to sometimes not discuss things in public, most of my work for the last year can indeed be discussed in public.</p><h2>Candidature goals</h2><p>I joined the Board to contribute mostly from the economic perspective. I wanted to become part of the Finance Committee to contribute to improve:</p><ul><li>The communication about economic and funds-related topics. My goal was to ensure that funds were handled more transparently, and build trust by making sure the information reported was detailed and correct. Avoiding issues like those of which I spoke in a previous <a href="https://blogs.gnome.org/pabloyoyoista/2024/05/19/analysis-of-gnome-foundation-public-economic-concerns-and-thoughts/">blog post</a>.</li><li>The way funds were assigned, to make sure those were spent on fulfilling the goals we set to the Foundation.</li></ul><p>Unfortunately, when I joined the Board there were some considerable governance issues still unresolved that we got handed over from the previous year. Given my status as a developer and recent community member based in Europe, I had not had time to build relationships with many people in the community. As such, I also set it as one of my goals to represent those people that I knew, which had been under-represented in the previous board.</p><h2>Goals into actions</h2><p>Let it be said that being part of a governance body for a non-profit in a foreign country with a different history and legal background can be challenging. A non-trivial amount of my time was dedicated to understanding and getting used to such a body: its internal rules, ways of working, and expectations. I wish the governance was closer to home (has anybody in the American continent worked in organizations with a General Assembly?), but that would be a discussion for another time. Now I will stick to discussing actions related to the goals above.</p><h4>Becoming part of the Finance Committee</h4><p>I presented my candidature to become the Treasurer. The Board did a <a class="external" href="https://gitlab.gnome.org/Teams/Board/-/blob/main/board-minutes/2024-07-17.md?ref_type=heads#new-business">vote</a>, and instead decided to appoint me as Vice-treasurer. As such, I had no powers, more than the right to attend the Finance Committee meetings, which was enough for me to work on my other self-stated goals. Unfortunately, despite multiple requests from different Board members, and assurances in <a class="external" href="https://gitlab.gnome.org/Teams/Board/-/blob/main/board-minutes/2024-08-09.md#2024-25-regular-meeting-kick-off">different</a> <a class="external" href="https://gitlab.gnome.org/Teams/Board/-/blob/main/board-minutes/2024-09-10.md#committee-check-in">meetings</a>, I was never called to a Finance Committee meeting. With the <a class="external" href="https://discourse.gnome.org/t/change-to-board-of-directors-roster-and-thanks-to-michael-downey/26352">resignation</a> of Michael Downey as a directory during the change of the year, I was then offered the Treasurer position. I declined the offer, since at that point I was not willing to volunteer more of my time for the Foundation.</p><h4>Economic-related communication and funds</h4><p>During the first months of my term I got heavily involved in this aspect. In addition to taking part in discussions and decision-making, I was one of the the main authors of a <a class="external" href="https://discourse.gnome.org/t/update-from-the-board-2024-10/24346">general economic update</a> and one focused specifically on the <a class="external" href="https://discourse.gnome.org/t/foundation-2024-2025-budget-and-economic-review/24436">budget</a>. It of course took input and effort from multiple directors, but I am confident that my contribution was considerable. Happily, those updates did have an impact on how people saw the Foundation and the project, with some hints that such work could help regain good will and trust from further people in the membership and the wider FOSS community. Those two were concentrated in the first half of my term, and although there are usually more economic news around budget planning, I did not contribute further work on this for the second half of my term.</p><p>Regarding the usage of funds, I was quite involved in the drafting and approval of the budget for 2024/2025. Even if Richard (then Interim Executive Director) took the lion&#8217;s share of the work. Such budget managed to retain spending essential for the fulfilling of the goals (conferences, infra), while at the same time making sure available restricted funds were put to use (parental controls and well-being). Unfortunately, some of the fears I expressed in my candidature were right, and expenses had to be cut considerably, leading to us not being able to support all the previous staffers. In general, those executive decisions were not made by me, but by the Executive Director. However, I am happy my input was taken into consideration, and we managed to have a budget that brought us to 2025.</p><h4>Governance and community engagement</h4><p>Although the governance issues were carried over from a previous board, I tried to apply the best of my judgement in every situation. I did communicate, when the situation allowed, with the community, and sit in countless meetings to both mediate and express my opinion. At some point, when I was not sure I was doing a good job, presented my resignation a considerable amount of people I knew had voted for me, and all considered it would be best for me to stay.</p><h2>Evaluation</h2><p>I put a lot of effort and time moving forward those things I promised in the first half of my term. Unfortunately, I was unable to continue with such engagement through the second half. Part of that had to be with bad management of my time and energy, where I surely burned too much too early. Another part had to be with the realization that many of the problems that I was hoping to tackle at the Foundation are symptoms of deeper structural issues at the project level. For example, no team or committee has official and effective communication channels. So why would the people running the project change their behavior just because being part ofΒ the Board? I believe I do not have the leverage, skills, or experience to tackle those issues at their core, which strongly reduced my motivation. I am happy, though, that senior members in the community are really <a class="external" href="https://www.bassi.io/articles/2025/08/03/governance-in-gnome/">trying</a>.</p><p>I am specially sorry I did not take the Treasurer position when I was offered it. This was less than I expected from myself. I offered my resignation to community members that I knew had voted me, but nobody took it. I also presented my resignation to another Board member which took most of the burden for my decision of not taking the role. It was also politely declined. In hindsight I maybe should have resigned anyway.</p><p>On the positive side, I learned a lot of lessons just by being on the Board, specially related to governance. I take most of those lessons with me to <a class="external" href="https://postmarketos.org/">postmarketOS</a>, and I hope they serve as an useful inter-FOSS lesson sharing experiment. They have surely already helped!</p><p>Overall, I am a bit disappointed with myself, as I would have expected to keep doing a lot of the things I did at the beginning for the whole of my term. At the same time, considering the complete year, I think my overall level of work and engagement was probably on average compared to the rest of the Board. In general, the whole experience was considerably draining, specially emotionally, as we were going through uncommon circumstances, e.g: governance issues, staff reduction, etc.</p><h2>Moving forward</h2><p>I do not plan to come back to do governance for the GNOME project for a while. I am very happy with what we are building in postmarketOS: the community and the full-stack and upstreaming commitment we bring with us. I hope the GNOME project and Foundation can transition to more open and structured models of governance, where tracking decisions, communicating regularly, and taking responsibility over good and bad decisions becomes the norm. I hope this posts motivates other directors to write their own retrospectives and hold themselves accountable in public in the future.</p><p>It is also encouraging to see that we have a new Executive Director, Steven, which rapidly understood many of the issues and needs of the project and organization in a similar way than I do. I wish him the best of successes, and thank him for taking over such an endeavor.</p><p>Thanks also to every Board member: Cassidy, Erik, Federico, Julian, Karen, Michael, Philip, Robert, as well as the staff I interacted Rosanna, Kristi, Bart, and Richard. I&#8217;ve seen the passion and effort, and it is truly remarkable. With this, I also want to give a special mention to Allan Day. He&#8217;s worked non-stop during months to decisively contribute to the Foundation staying afloat. Thank you very much for your work, it is unmatched.</p><p>If you have any feedback you want to share, thoughts about my term, improvements to suggest, or just some thanks, feel free to comment or <a href="mailto:pabloyoyoista@postmarketos.org">email</a> me. I am always happy to hear other people&#8217;s thoughts, and there&#8217;s no improvement without feedback!</p></description><author>Pablo Correa Gomez</author><dc:creator>Pablo Correa Gomez</dc:creator><pubDate>Mon, 25 Aug 2025 12:52:56 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/pabloyoyoista/2025/08/25/retrospective-of-my-term-as-a-director-for-the-gnome-foundation/</guid></item><item><title>Steven Deobald: 2025-08-22 Foundation Update</title><link>https://blogs.gnome.org/steven/2025/08/23/2025-08-22-foundation-update/</link><description><h2>## Bureaucracy</h2><p>You may have noted that there wasn&#8217;t a Foundation Update last week. This is because almost everything that has been happening at the Foundation lately falls under the banner of &#8220;bureaucracy&#8221; and/or &#8220;administration&#8221; and there isn&#8217;t much to say about either of those topics publicly.</p><p>Also, last Friday was GNOME&#8217;s 28th birthday and no one wants to hear about paper-shuffling on their birthday. <img alt="π" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f642.png" style="height: 1em;" /></p><p>I&#8217;m sorry to say there isn&#8217;t much to add this week, either. But I hope you did all take a moment to reflect on the nearly-three-decades-of-work that&#8217;s gone into GNOME last week.</p><p>Happy Belated Birthday, Computer. <img alt="π" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f382.png" style="height: 1em;" /></p></description><author>Steven Deobald</author><dc:creator>Steven Deobald</dc:creator><pubDate>Sat, 23 Aug 2025 03:48:40 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/steven/2025/08/23/2025-08-22-foundation-update/</guid></item><item><title>This Week in GNOME: #213 Fixed Rules</title><link>https://thisweek.gnome.org/posts/2025/08/twig-213/</link><description><p>Update on what happened across the GNOME project in the week from August 15 to August 22.<!--more--></p><h2 id="gnome-core-apps-and-libraries">GNOME Core Apps and Libraries</h2><h3 id="glycin">Glycin <a href="https://gitlab.gnome.org/GNOME/glycin">β</a></h3><p>Sandboxed and extendable image loading and editing.</p><p><a href="https://thisweek.gnome.org/reporters/78a55022fd487dd708fbc8b46a274879ddd95a53c11137fde5bd519ebf5699ab">Sophie (she/her)</a> announces</p><blockquote><p>Glycin 2.0.beta.3 has been released. Among the important changes are fixes for thumbnailers not working in certain configurations, loading speed for JPEG XL having been dramatically improved, fixed sandbox rules that broke image loading on some systems, and fixed editing for some JPEG images saved in progressive mode.</p></blockquote><h2 id="gnome-circle-apps-and-libraries">GNOME Circle Apps and Libraries</h2><h3 id="dΓ©jΓ -dup-backups">DΓ©jΓ Dup Backups <a href="https://apps.gnome.org/DejaDup/">β</a></h3><p>A simple backup tool.</p><p><a href="https://thisweek.gnome.org/reporters/3c28343ad45b86bbdc6c71d329672cea0fe60f3462f88407527a2822d4d304ba">Michael Terry</a> announces</p><blockquote><p>DΓ©jΓ Dup 49.beta was released! It just fixes a few small bugs and uses the new libadwaita shortcuts dialog.</p><p>But if you havenβt tried the 49.x branch yet, it has a big UI refactor and adds file-manager-based restore for Restic backups.</p><p>Read more details and install instructions in the <a href="https://discourse.gnome.org/t/deja-dup-backups-49-alpha-call-for-testing/29710">previous 49.alpha announcement</a>. Thanks for any testing you can do before this reaches the masses!</p></blockquote><h2 id="third-party-projects">Third Party Projects</h2><p><a href="https://thisweek.gnome.org/reporters/f632d3632503d479a4ea08f942f5a5e513d69f8fa619d4b2748dc5cf163801c3">Mir Sobhan</a> announces</p><blockquote><p>We forked the TWIG website and forged it into a βgood first issueβ tracker. It catches all GNOME-related projects on GitHub and GNOME GitLab to show issues labeled βgood first issueβ or βNewcomers.β This can help newcomers find places to contribute including myself.</p><p>Website: <a href="https://ggfi.mirsobhan.ir">https://ggfi.mirsobhan.ir</a>Repo: <a href="https://gitlab.gnome.org/misano/goodfirstissue">https://gitlab.gnome.org/misano/goodfirstissue</a></p></blockquote><p><a href="https://thisweek.gnome.org/reporters/09eb29c19eec5691c4e8389947fc22a6314a0f3b15c5c492f83a552d8b001106">DzΜeremi</a> says</p><blockquote><h2 id="chronograph-gets-a-big-new-40-update">Chronograph gets a BIG new 4.0 update!</h2><h2 id="what-is-chronograph">What is Chronograph?</h2><p><a href="https://flathub.org/apps/io.github.dzheremi2.lrcmake-gtk">Chronograph</a> is an app for syncing lyrics, making them display like karaoke in supported players. It comes with a beautiful GTK4 + LibAdwaita interface and includes a built-in metadata editor, so you can manage your music library along with syncing lyrics.Default LRC files can be published to the large lyrics database <a href="https://lrclib.net">LRClib.net</a>, which is widely used by many open-source players to fetch lyrics.Until now, Chronograph supported only line-by-line lyrics, which was enough for most cases since standard LRC is the most common format.<em><strong>But times changeβ¦</strong></em></p><h2 id="word-by-word-support">Word-by-Word support!</h2><p>Starting <strong>August 24th</strong>, Chronograph will gain support for Word-by-Word syncing. This feature uses the <strong>eLRC</strong> format (also known as LRC A2 or Enchanted LRC). In eLRC, each word has its own timestamp, allowing players that support it to <em>animate lyrics word-by-word</em>, giving you a true karaoke experience.And this is just the beginning: future updates will also bring support for <strong>TTML (Timed Text Markup Language)</strong>.</p><h3 id="final-notes">Final notes</h3><p>I hope youβll enjoy using the latest version of Chronograph, and together we can spread awareness of eLRC to the wider community. Sync lyrics of your loved songs! β₯οΈ</p><p><img height="812" src="https://thisweek.gnome.org/_astro/chronograph_library.CMcl3eq5_Z1HOd9M.webp" width="1026" /></p><p><img height="807" src="https://thisweek.gnome.org/_astro/chronograph_wbw_edit.L9yNvdA__ZNm1MJ.webp" width="1026" /></p><p><img height="807" src="https://thisweek.gnome.org/_astro/chronograph_wbw_sync.ggN6JXua_Z1BsdIp.webp" width="1026" /></p></blockquote><p><a href="https://thisweek.gnome.org/reporters/7eb6937cd9d14a3ed2be5dd83e1f7410a353e83d3791a28d6379100c73b34755">Nathan Perlman</a> announces</p><blockquote><h2 id="rewaita--give-adwaita-some-flavour">Rewaita β Give Adwaita some flavour</h2><p>Hi there, a few weeks ago I released <strong>Rewaita</strong>, a spiritual successor to <a href="https://github.com/GradienceTeam/Gradience">Gradience</a>. With it, you can recolour GTK4/Adwaita apps to popular colour schemes. Thatβs where the name comes from ~ Re(colour Ad)waita.</p><p>As of v1.0.4, released this week, you can create your own custom colour palettes if the ones we provide donβt suit you, and you can also change the window controls to be either coloured or MacOS-styled.</p><p>You can find it on <a href="https://flathub.org/apps/io.github.swordpuffin.rewaita">Flathub</a>, but also in the <a href="https://aur.archlinux.org/packages/rewaita">AUR</a> and <a href="https://github.com/NixOS/nixpkgs/pull/435343">NIXPKGS</a> (the Nix Package is still under review).</p><p>Rewaita is also going through rapid development, <a href="https://github.com/SwordPuffin/Rewaita">so any help would be appreciated</a>, or just leave us a star :). In particular, <a href="https://github.com/SwordPuffin/Rewaita/issues/11">GTK3 and Cinnamon support</a> are next up on the chopping block.</p><p><a href="https://thisweek.gnome.org/screenshot-dark.png"></a></p><p><a href="https://thisweek.gnome.org/screenshot-light.png"></a></p></blockquote><h2 id="miscellaneous">Miscellaneous</h2><p><a href="https://thisweek.gnome.org/reporters/579a4f3527aa9f46798ea4476441fef008f4a13ffad33b4822bae5de56028aa7">JumpLink</a> says</p><blockquote><p><strong>ts-for-gir</strong> - TypeScript bindings for GObject Introspection</p><p>This week weβve released a major improvement for GObject interface implementation: <strong>Virtual Interface Generation</strong>.</p><p>Instead of having to implement all methods of a GObject interface, developers can now only implement the virtual methods (<code>vfunc_*</code>). This matches the actual GObject-Introspection pattern and makes interface implementation much cleaner.</p><p><strong>Before</strong> (implement all methods):</p><pre class="astro-code github-dark" style="background-color: #24292e; color: #e1e4e8;" tabindex="0"><code><span class="line"><span style="color: #F97583;">class</span><span style="color: #B392F0;"> CustomPaintable</span><span style="color: #F97583;"> implements</span><span style="color: #B392F0;"> Gdk</span><span style="color: #E1E4E8;">.</span><span style="color: #B392F0;">Paintable</span><span style="color: #E1E4E8;"> {</span></span><span class="line"><span style="color: #6A737D;"> // Implement all methods manually</span></span><span class="line"><span style="color: #B392F0;"> get_current_image</span><span style="color: #E1E4E8;">()</span><span style="color: #F97583;">:</span><span style="color: #B392F0;"> Gdk</span><span style="color: #E1E4E8;">.</span><span style="color: #B392F0;">Paintable</span><span style="color: #E1E4E8;"> { </span><span style="color: #F97583;">...</span><span style="color: #E1E4E8;"> }</span></span><span class="line"><span style="color: #B392F0;"> get_flags</span><span style="color: #E1E4E8;">()</span><span style="color: #F97583;">:</span><span style="color: #B392F0;"> Gdk</span><span style="color: #E1E4E8;">.</span><span style="color: #B392F0;">PaintableFlags</span><span style="color: #E1E4E8;"> { </span><span style="color: #F97583;">...</span><span style="color: #E1E4E8;"> }</span></span><span class="line"><span style="color: #B392F0;"> get_intrinsic_width</span><span style="color: #E1E4E8;">()</span><span style="color: #F97583;">:</span><span style="color: #79B8FF;"> number</span><span style="color: #E1E4E8;"> { </span><span style="color: #F97583;">...</span><span style="color: #E1E4E8;"> }</span></span><span class="line"><span style="color: #6A737D;"> // ... and many more</span></span><span class="line"><span style="color: #E1E4E8;">}</span></span></code></pre><p><strong>After</strong> (only virtual methods):</p><pre class="astro-code github-dark" style="background-color: #24292e; color: #e1e4e8;" tabindex="0"><code><span class="line"><span style="color: #F97583;">class</span><span style="color: #B392F0;"> CustomPaintable</span><span style="color: #F97583;"> implements</span><span style="color: #B392F0;"> Gdk</span><span style="color: #E1E4E8;">.</span><span style="color: #B392F0;">Paintable</span><span style="color: #E1E4E8;">.</span><span style="color: #B392F0;">Interface</span><span style="color: #E1E4E8;"> {</span></span><span class="line"><span style="color: #6A737D;"> // Declare for TypeScript compatibility</span></span><span class="line"><span style="color: #F97583;"> declare</span><span style="color: #FFAB70;"> get_current_image</span><span style="color: #F97583;">:</span><span style="color: #B392F0;"> Gdk</span><span style="color: #E1E4E8;">.</span><span style="color: #B392F0;">Paintable</span><span style="color: #E1E4E8;">[</span><span style="color: #9ECBFF;">"get_current_image"</span><span style="color: #E1E4E8;">];</span></span><span class="line"><span style="color: #F97583;"> declare</span><span style="color: #FFAB70;"> get_flags</span><span style="color: #F97583;">:</span><span style="color: #B392F0;"> Gdk</span><span style="color: #E1E4E8;">.</span><span style="color: #B392F0;">Paintable</span><span style="color: #E1E4E8;">[</span><span style="color: #9ECBFF;">"get_flags"</span><span style="color: #E1E4E8;">];</span></span><span class="line"><span style="color: #E1E4E8;"> </span></span><span class="line"><span style="color: #6A737D;"> // Only implement virtual methods</span></span><span class="line"><span style="color: #B392F0;"> vfunc_get_current_image</span><span style="color: #E1E4E8;">()</span><span style="color: #F97583;">:</span><span style="color: #B392F0;"> Gdk</span><span style="color: #E1E4E8;">.</span><span style="color: #B392F0;">Paintable</span><span style="color: #E1E4E8;"> { </span><span style="color: #F97583;">...</span><span style="color: #E1E4E8;"> }</span></span><span class="line"><span style="color: #B392F0;"> vfunc_get_flags</span><span style="color: #E1E4E8;">()</span><span style="color: #F97583;">:</span><span style="color: #B392F0;"> Gdk</span><span style="color: #E1E4E8;">.</span><span style="color: #B392F0;">PaintableFlags</span><span style="color: #E1E4E8;"> { </span><span style="color: #F97583;">...</span><span style="color: #E1E4E8;"> }</span></span><span class="line"><span style="color: #E1E4E8;">}</span></span></code></pre><p>Weβve created a comprehensive example: <a href="https://github.com/gjsify/ts-for-gir/tree/main/examples/virtual-interface-test">https://github.com/gjsify/ts-for-gir/tree/main/examples/virtual-interface-test</a></p><p>This shows both <code>Gio.ListModel</code> and <code>Gdk.Paintable</code> implementations using the new pattern.</p><p><strong>Release</strong>: <a href="https://github.com/gjsify/ts-for-gir/releases/tag/4.0.0-beta.35">v4.0.0-beta.35</a> and <a href="https://github.com/gjsify/ts-for-gir/releases/tag/4.0.0-beta.36">v4.0.0-beta.36</a></p><p><strong>Note</strong>: Last week we also released <a href="https://github.com/gjsify/ts-for-gir/releases/tag/v4.0.0-beta.34">v4.0.0-beta.34</a> which introduced <strong>Advanced Variant Types</strong> by default, completing the gi.ts integration with enhanced TypeScript support for <code>GLib.Variant.deepUnpack()</code> and better type inference for GObject patterns.</p></blockquote><h2 id="thats-all-for-this-week">Thatβs all for this week!</h2><p>See you next week, and be sure to stop by <a href="https://matrix.to/#/#thisweek:gnome.org">#thisweek:gnome.org</a> with updates on your own projects!</p></description><author>This Week in GNOME</author><dc:creator>This Week in GNOME</dc:creator><pubDate>Fri, 22 Aug 2025 00:00:00 GMT</pubDate><guid isPermaLink="true">https://thisweek.gnome.org/posts/2025/08/twig-213/</guid></item><item><title>Sebastian Wick: Testing with Portals</title><link>https://blog.sebastianwick.net/posts/testing-with-portals/</link><description><p>At the Linux App Summit (LAS) in Albania three months ago, I gave a talk about testing in the <a href="https://github.com/flatpak/xdg-desktop-portal">xdg-desktop-portal</a> project. There is a <a href="https://www.youtube.com/watch?v=vZIAGmHMcMI">recording</a> of the presentation, and the <a href="https://conf.linuxappsummit.org/event/7/contributions/218/attachments/47/81/las-testing-with-portals.pdf">slides</a> are available as well.</p><p>To give a quick summary of the work I did:</p><ul><li>Revamped the CI</li><li>Reworked and improved the pytest based integration test harness</li><li>Added integration tests for new portals</li><li>Ported over all the existing GLib/C based integration tests</li><li>Support ASAN for detecting memory leaks in the tests</li><li>Made tests pretend to be either a host, Flatpak or Snap app</li></ul><p>The hope I had is that this will result in:</p><ul><li>Fewer regressions</li><li>Tests for new features and bug fixes</li><li>More confidence in refactoring</li><li>More activity in the project</li></ul><p>While itβs hard to get definite data on those points, at least some of it seems to have become reality. I have seen an increase in activity (there are other factors to this for sure), and a lot of PRs already come with tests without me even having to ask for it. Canonical is involved again, taking care of the Snap side of things. So far it seems like we didnβt introduce any new regressions, but this usually shows after a new release. The experience of refactoring portals also became a lot better because there is a baseline level of confidence when the tests pass, as well as the possibility to easily bisect issues. Overall Iβm already quite happy with the results.</p><p>Two weeks ago, Georges <a href="https://github.com/flatpak/xdg-desktop-portal/pull/1627">merged</a> the last piece of what I talked about in the LAS presentation, so weβre finally testing the code paths that are specific to host, Flatpak and Snap applications! I also continued a bit with improving the tests, and now they <a href="https://github.com/flatpak/xdg-desktop-portal/pull/1770">can be run with Valgrind</a>, which is super slow and thatβs why weβre not doing it in the CI, but it tends to find memory leaks which ASAN does not. With the existing tests, it found <a href="https://github.com/flatpak/xdg-desktop-portal/pull/1770/commits/3d6b2ccbc90e02640d709d0a19c5a634ad62164a">9 small memory leaks</a>.</p><p>If you want to improve the Flatpak story, come and contribute to xdg-desktop-portal. It&rsquo;s now easier than ever!</p></description><author>Sebastian Wick</author><dc:creator>Sebastian Wick</dc:creator><pubDate>Thu, 21 Aug 2025 23:00:55 GMT</pubDate><guid isPermaLink="true">https://blog.sebastianwick.net/posts/testing-with-portals/</guid></item><item><title>Michael Meeks: 2025-08-20 Wednesday</title><link>https://meeksfamily.uk/~michael/blog/2025-08-20.html</link><description><ul> <!-- --> <li> Up extremely early, worked for a few hours, out for a run with J. painful left hip. </li> <li> Merger/finance call, sync with Dave, Gokay &amp; Szymon, Lunch. </li> <li> Published the next strip: on Fixed Price projects <center> <a href="https://www.collaboraonline.com/torf/torf31"><img alt="The Open Road to Freedom - strip#31 - Fixed Price" src="https://meeksfamily.uk/~michael/images/torf31-thumb.png" /></a> </center> </li> <li> Productivity All Hands meeting. </li></ul></description><author>Michael Meeks</author><dc:creator>Michael Meeks</dc:creator><pubDate>Wed, 20 Aug 2025 13:22:18 GMT</pubDate><guid isPermaLink="true">https://meeksfamily.uk/~michael/blog/2025-08-20.html</guid></item><item><title>Thibault Martin: Cloud tech makes sense on-prem too</title><link>https://ergaster.org/posts/2025/08/20-cloud-tech-on-prem/</link><description><p>In <a href="https://ergaster.org/posts/2025/08/04-overegineering-homelab/">the previous post</a>, we talked about the importance to have a flexible homelab with Proxmox, and set it up. Long story short, I only have a single physical server but I like to experiment with new setups regularly. Proxmox is a baremetal hypervisor: a piece of software that lets me spin up Virtual Machines on top of my server, to act as mini servers.</p><p>Thanks to this set-up I can have a long-lived VM for my (single node) production k3s cluster, and I can spin up disposable VMs to experiment with, without impacting my production.</p><p>But it's more complex to install Proxmox, spin up a VM, and install k3s on it, as compared to just installing Debian and k3s on my baremetal server. We have already automated the Proxmox install process. <strong>Let's now automate the VM provisioning and deploy k3s on it, to make it simple and easy to re-provision a fully functional Virtual Machine on top of Proxmox!</strong></p><p></p><p>In this post we will configure opentofu so it can ask Proxmox to spin up a new VM, use cloud-init to do the basic pre-configuration of the VM, and use ansible to deploy k3s on it.</p><h2>Provisioning and pre-configuring a VM</h2><p>OpenTofu is software I execute on my laptop. It reads file describing what I want to provision, and performs the actual provisioning. I can use it to say "I want a VM with 4 vCPUs and 8GB of RAM on this Proxmox cluster," or "I want to add this A record to my DNS managed by Cloudflare." I need to write this down in <code>.tf</code> files, and invoke the <code>tofu</code> CLI to read those files and apply the changes.</p><p>Opentofu is quite flexible. It can connect to many different providers (e.g. Proxmox, AWS, Scaleway, Hetzner...) to spin up a variety of resources (e.g. a VM on Proxmox, an EC2 or EKS instance or AWS, etc). Proxmox, Amazon and other providers publish <em>Provider</em> plugins for opentofu, available in the <a href="https://search.opentofu.org/">OpenTofu Registry</a> (and in the <a href="https://registry.terraform.io/">Terraform Registry</a> since opentofu is backward compatible for now).</p><p></p><h3>Configuring Opentofu for Proxmox</h3><p>To use Opentofu with Proxmox, you need to pick and configure an Opentofu Provider for Proxmox. There seem to be two active implementations:</p><ul><li><a href="https://search.opentofu.org/provider/bpg/proxmox/latest">bpg/proxmox</a> is maintained by an individual</li><li><a href="https://search.opentofu.org/provider/telmate/proxmox/latest">telmate/proxmox</a> is maintained by the Telmate organization</li></ul><p>The former seems to have better test coverage, and friends have used it for months without a problem. I am taking a leap of faith and picking it.</p><p>The plugin needs to be configured so opentofu on my laptop can talk to Proxmox and spin up new VMs. To do so, I need to create a Proxmox service account that opentofu will use, so opentofu has sufficient privileges to create the VMs I ask it to create.</p><p>I will rely on the <code>pveum</code> (Proxmox Virtual Environment User Management) utility to create a role with the right privileges, create a new user/service account, and assign the role to the service account.</p><p>Once ssh'd into the Proxmox host, I can create the terraform user that opentofu will use</p><pre><code># pveum user add terraform@pve</code></pre><blockquote><p>[!info] I don't have to add a password</p><p>I will issue an API Key for opentofu to authenticate as this user. Not having a password reduces the attack surface by ensuring nobody can use this service account to log into the web UI.</p></blockquote><p>Then let's create the role</p><pre><code># pveum role add Terraform -privs "Datastore.Allocate \ Datastore.AllocateSpace \ Datastore.AllocateTemplate \ Datastore.Audit \ Pool.Allocate \ Sys.Audit \ Sys.Console \ Sys.Modify \ VM.Allocate \ VM.Audit \ VM.Clone \ VM.Config.CDROM \ VM.Config.Cloudinit \ VM.Config.CPU \ VM.Config.Disk \ VM.Config.HWType \ VM.Config.Memory \ VM.Config.Network \ VM.Config.Options \ VM.Console \ VM.Migrate \ VM.PowerMgmt \ SDN.Use"</code></pre><p>And now let's assign the role to the user</p><pre><code># pveum aclmod / -user terraform@pve -role Terraform</code></pre><p>Finally I can create an API token</p><pre><code># pveum user token add terraform@pve provider --privsep=0ββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββββ key β value βββββββββββββββββͺβββββββββββββββββββββββββββββββββββββββ‘β full-tokenid β terraform@pve!provider βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββ€β info β {"privsep":"0"} βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββ€β value β REDACTED βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββ</code></pre><p>I now have a service account up and ready. Let's create a <code>~/Projects/infra/tofu</code> folder that will contain my whole infrastructure's opentofu file. In that folder, I will create a <code>providers.tf</code> file to declare and configure the various providers I need. For now, this will only be Proxmox. I can configure my Proxmox provider so it knows where the API endpoint is, and what API key to use.</p><pre><code>terraform { required_providers { proxmox = { source = "bpg/proxmox" version = "0.80.0" } }} provider "proxmox" { endpoint = "https://192.168.1.220:8006/" api_token = "terraform@pve!provider=REDACTED"}</code></pre><p>For some operations, including VM provisioning, the API is not enough and the Proxmox provider needs to ssh into the Proxmox host to issue commands. I can configure the Proxmox provider to use my ssh agent.</p><p>This way, when I call the <code>tofu</code> command on my laptop to provision VMs on the Proxmox host, the provider will use the ssh-agent of my laptop to authenticate against the Proxmox host. This will make opentofu use my ssh keypair to authenticate. Since my ssh key is already trusted by the Proxmox host, opentofu will be able to log in seamlessly.</p><pre><code>provider "proxmox" { endpoint = "https://192.168.1.220:8006/" api_token = "terraform@pve!provider=REDACTED" insecure = true ssh { agent = true username = "root" }}</code></pre><blockquote><p>[!warning] Insecure but still somewhat secure</p><p>We add an <code>insecure</code> line to our configuration. It instructs opentofu to skip the TLS verification of the certificate presented by the Proxmox host. We do this because Proxmox generates a self-signed certificate our computer doesn't trust. We will understand what this means and fix that in a further blog post.</p><p>The main risk we're facing by doing so is to let another machine impersonate our Proxmox host. Since we're working on a homelab, in a home network, the chances of it happening are extraordinarily low, and this it can be considered a temporarily acceptable.</p></blockquote><p>After moving to the <code>tofu</code> directory, running <code>tofu init</code> will install the provider</p><pre><code>$ tofu init Initializing the backend... Initializing provider plugins...- Finding bpg/proxmox versions matching "0.80.0"...- Installing bpg/proxmox v0.80.0...- Installed bpg/proxmox v0.80.0 (signed, key ID F0582AD6AE97C188)</code></pre><p>And a <code>tofu plan</code> shouldn't return an error</p><pre><code>$ tofu plan No changes. Your infrastructure matches the configuration. OpenTofu has compared your real infrastructure against your configuration and found nodifferences, so no changes are needed.</code></pre><h3>Removing sensitive information</h3><p>If you made it so far, you probably think I am completely reckless for storing credentials in plain text files, and you would be correct to think so. Credentials should never be stored in plain text. Fortunately opentofu can grab sensitive credentials from environment variables.</p><p>I use Bitwarden to store my production credentials and pass them to opentofu when I step into my work directory. You can find all the details on how to do it on <a href="https://ergaster.org/posts/2025/07/28-direnv-bitwarden-integration/">this previous blog post</a>. Bear in mind that this works well for a homelab but I wouldn't recommend it for a production setup.</p><p>We need to create a new credential in the <code>Infra</code> folder of our vault, and call it <code>PROXMOX_VE_API_TOKEN</code>. Its content is the following</p><pre><code>terraform@pve!provider=yourApiKeyGoesHere</code></pre><p>Then we need to sync the vault managed by the bitwarden CLI, to ensure it has the credential we just added.</p><pre><code>$ bw syncSyncing complete.</code></pre><p>Let's update our <code>~/Projects/infra/.direnv</code> to make it retrieve the <code>PROXMOX_VE_API_TOKEN</code> environment variable when we step into our work directory.</p><pre><code>bitwarden_password_to_env Infra PROXMOX_VE_API_TOKEN</code></pre><p>And let's make direnv allow it</p><pre><code>$ direnv allow ~/Projects/infra/</code></pre><p>We can now remove the credential from <code>tofu/providers.tf</code></p><pre><code>provider "proxmox" { endpoint = "https://192.168.1.220:8006/" api_token = "terraform@pve!provider=REDACTED" insecure = true ssh { agent = true username = "root" }}</code></pre><h3>Spinning up a new VM</h3><p>Now I have a working proxmox provider for opentofu, it's time to spin up a first VM! I already use Debian for my Proxmox host, I'm familiar with Debian, it's very stable, and it has a reactive security team. I want to keep track of as few operating systems (OS) as possible, so whenever possible I will use it as the base OS for my VMs.</p><p>When I spin up a new VM, I can also pre-configure a few settings with <a href="https://cloud-init.io/">cloud-init</a>. Cloud-init defines standard files that my VM will read on first boot. Those files contain various instructions: I can use them to give a static IP to my VM, create a user, add it to the sudoers without a password, and add a ssh key to let me perform key-based authentication with ssh.</p><p>I need to use a "cloud image" of Debian for it to support cloud-init file. I can grab the link on <a href="https://www.debian.org/distrib/">Debian's official Download page</a>. I could upload it manually to Proxmox, but we're here to make things tidy and reproducible! So let's create a <code>tofu/cloud-images.tf</code> file where we will tell opentofu to ask the Proxmox node to download the file.</p><pre><code>resource "proxmox_virtual_environment_download_file" "debian_13_cloud_image" { content_type = "iso" datastore_id = "local" node_name = "proximighty" url = "https://cloud.debian.org/images/cloud/trixie/latest/debian-13-generic-amd64.qcow2" file_name = "debian-13-generic-amd64.img"}</code></pre><blockquote><p>[!info] No include needed!</p><p>Opentofu merges all the files in the root of a directory into a single file before processing it. There is no need to include/import our <code>tofu/providers.tf</code> file into <code>tofu/cloud-images.tf</code>!</p></blockquote><p>Let's run a <code>tofu plan</code> to see what opentofu would do.</p><pre><code>$ tofu planOpenTofu used the selected providers to generate the following execution plan. Resource actionsare indicated with the following symbols: + create OpenTofu will perform the following actions: # proxmox_virtual_environment_download_file.debian_13_cloud_image will be created + resource "proxmox_virtual_environment_download_file" "debian_13_cloud_image" { + content_type = "iso" + datastore_id = "local" + file_name = "debian-13-generic-amd64.img" + id = (known after apply) + node_name = "proximighty" + overwrite = true + overwrite_unmanaged = false + size = (known after apply) + upload_timeout = 600 + url = "https://cloud.debian.org/images/cloud/trixie/latest/debian-13-generic-amd64.qcow2" + verify = true } Plan: 1 to add, 0 to change, 0 to destroy.</code></pre><p>Everything looks alright, let's apply it to actually make the Proxmox host download the image!</p><pre><code>$ tofu apply OpenTofu used the selected providers to generate the following execution plan. Resource actionsare indicated with the following symbols: + create OpenTofu will perform the following actions: # proxmox_virtual_environment_download_file.debian_13_cloud_image will be created + resource "proxmox_virtual_environment_download_file" "debian_13_cloud_image" { + content_type = "iso" + datastore_id = "local" + file_name = "debian-13-generic-amd64.img" + id = (known after apply) + node_name = "proximighty" + overwrite = true + overwrite_unmanaged = false + size = (known after apply) + upload_timeout = 600 + url = "https://cloud.debian.org/images/cloud/trixie/latest/debian-13-generic-amd64.qcow2" + verify = true } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? OpenTofu will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes proxmox_virtual_environment_download_file.debian_13_cloud_image: Creating...proxmox_virtual_environment_download_file.debian_13_cloud_image: Creation complete after 8s [id=local:iso/debian-13-generic-amd64.img] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.</code></pre><p>Looking at the Proxmox UI I can see that the image has indeed been downloaded</p><p></p><p>Excellent! Now we can describe the parameters of the virtual machine we wan to create by creating a <code>tofu/k3s-main.tf</code> file that contains a <code>virtual_environment_vm</code> resource like so</p><pre><code>resource "proxmox_virtual_environment_vm" "k3s-main" { name = "k3s-main" description = "Production k3s' main VM" tags = ["production", "k3s", "debian"] node_name = "proximighty"}</code></pre><p>This is the meta-data of our VM, giving it a name and a Proxmox node to run onto. But we need to be more specific. Let's give it 4 CPUs, and 16 GB of RAM.</p><pre><code>resource "proxmox_virtual_environment_vm" "k3s-main" { name = "k3s-main" description = "Production k3s' main VM" tags = ["production", "k3s", "debian"] node_name = "proximighty" cpu { cores = 4 type = "x86-64-v4" } memory { dedicated = 16384 floating = 16384 # set equal to dedicated to enable ballooning }}</code></pre><p>To figure out the type of cpu to use for your VM, issue the following command on the Proxmox host</p><pre><code>$ /lib64/ld-linux-x86-64.so.2 --help[...]Subdirectories of glibc-hwcaps directories, in priority order: x86-64-v4 (supported, searched) x86-64-v3 (supported, searched) x86-64-v2 (supported, searched)[...]</code></pre><p>We can then give it a 50 GB disk with the <code>disk</code> block.</p><pre><code>resource "proxmox_virtual_environment_vm" "k3s-main" { name = "k3s-main" [...] disk { datastore_id = "local" interface = "virtio0" iothread = true size = 50 file_id = proxmox_virtual_environment_download_file.debian_13_cloud_image.id }}</code></pre><p>I use the <code>local</code> datastore and not <code>lvm-thin</code> despite running QEMU because I don't want to allow over-provisioning. <code>lvm-thin</code> would allow me to allocate a disk of 500 GB to my VM, even if I only have 100 GB available, because the VM will only fill the Proxmox drive with the actual content it uses. You can read more about storage on <a href="https://pve.proxmox.com/wiki/Storage">Proxmox's wiki</a>.</p><p>I use a <code>virtio</code> device, since a colleague told me "virtio uses a special communication channel that requires guest drivers, that are well supported out of the box on Linux. You can be way faster when the guest knows it's a VM and don't have to emulate something that was intended for actual real hardware. It's the same for your network interface and a bunch of other things. <strong>Usually if there is a virtio option you want to use that</strong>"</p><p>I set the <code>file_id</code> to the Debian cloud image we downloaded earlier.</p><p>I can then add a network interface that will use the <code>vmbr0</code> bridge I created when setting up my Proxmox host. I also need an empty <code>serial_device</code>, or Debian crashes.</p><pre><code>resource "proxmox_virtual_environment_vm" "k3s-main" { name = "k3s-main" [...] network_device { bridge = "vmbr0" } serial_device {}}</code></pre><p>Now, instead of spinning up an un-configured VM and manually retrieving the parameters set during boot, we will use cloud-init to pre-configure it. We will do the following:</p><ul><li>Configure the network to get a static IP</li><li>Configure the hostname</li><li>Configure the timezone to UTC</li><li>Add a user <code>thib</code> that <em>doesn't</em> have a password</li><li>Add <code>thib</code> to sudoers, without a password</li><li>Add my the public ssh key from my laptop to the trust keys of <code>thib</code> on the VM, so I can login with a ssh key and never have to use a password.</li></ul><p>The documentation of the Proxmox provider teach us that that <a href="https://search.opentofu.org/provider/bpg/proxmox/latest/docs/guides/cloud-init#native-proxmox-cloud-init-support">Proxmox has native support for cloud-init</a>. This cloud-init configuration is done in the <code>initialization</code> block of the <a href="https://search.opentofu.org/provider/bpg/proxmox/latest/docs/resources/virtual_environment_vm"><code>virtual_environment_vm</code></a> resource.</p><p>We will first give it an IP</p><pre><code>resource "proxmox_virtual_environment_vm" "k3s-main" { name = "k3s-main" [...] initialization { datastore_id = "local" ip_config { ipv4 { address = "192.168.1.221/24" gateway = "192.168.1.254" } } }}</code></pre><p>I'm only specifying the <code>datastore_id</code> because by default it uses <code>local-lvm</code>, which I have not configured on my Proxmox host.</p><p>To create a user and give it ssh keys I could use the <code>user_account</code> block inside <code>initialization</code>. Unfortunately it doesn't support adding the user to sudoers, nor installing extra packages. To circumvent that limitation I will have to <a href="https://cloudinit.readthedocs.io/en/latest/explanation/format.html#cloud-config-data">create a user config data file</a> and pass it to cloud-init.</p><p>Let's start by creating the user config data file resource within <code>tofu/k3s-main.tf</code></p><pre><code>resource "proxmox_virtual_environment_file" "user_data_cloud_config" { content_type = "snippets" datastore_id = "local" node_name = "proximighty" source_raw { data = &lt;&lt;-EOF #cloud-config hostname: mightykube timezone: UTC users: - default - name: thib lock_passwd: true groups: - sudo shell: /bin/bash ssh_authorized_keys: - ${trimspace("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGC++vbMTrSbQFKFgthj9oLaW1z5fCkQtlPCnG6eObB thib@ergaster.org")} sudo: ALL=(ALL) NOPASSWD:ALL - name: root lock_passwd: true package_update: true package_upgrade: true packages: - htop - qemu-guest-agent - vim runcmd: - systemctl enable qemu-guest-agent - systemctl start qemu-guest-agent - echo "done" &gt; /tmp/cloud-config.done EOF file_name = "user-data-cloud-config.yaml" }}</code></pre><p>It's a bit inelegant to keep a copy of my ssh key inside this file. Let's ask opentofu to read it from the actual file on my laptop instead by creating a <code>local_file</code> resource for it, in <code>tofu/k3s.tf</code></p><pre><code>data "local_file" "ssh_public_key" { filename = "/Users/thibaultmartin/.ssh/id_ed25519.pub"}</code></pre><p>If I try to plan the change, I get the following error</p><pre><code>$ tofu planβ·β Error: Inconsistent dependency lock fileβ β The following dependency selections recorded in the lock file are inconsistent with theβ current configuration:β - provider registry.opentofu.org/hashicorp/local: required by this configuration but no version is selectedβ β To update the locked dependency selections to match a changed configuration, run:β tofu init -upgrade</code></pre><p>Like the error message says, I can fix it with <code>tofu init</code></p><pre><code>$ tofu init -upgradeInitializing the backend... Initializing provider plugins...- Finding opentofu/cloudflare versions matching "5.7.1"...- Finding bpg/proxmox versions matching "0.80.0"...- Finding latest version of hashicorp/local...- Installing hashicorp/local v2.5.3...- Installed hashicorp/local v2.5.3 (signed, key ID 0C0AF313E5FD9F80)- Using previously-installed opentofu/cloudflare v5.7.1- Using previously-installed bpg/proxmox v0.80.0 Providers are signed by their developers.If you'd like to know more about provider signing, you can read about it here:https://opentofu.org/docs/cli/plugins/signing/ OpenTofu has made some changes to the provider dependency selections recordedin the .terraform.lock.hcl file. Review those changes and commit them to yourversion control system if they represent changes you intended to make. OpenTofu has been successfully initialized![...]</code></pre><p>I can now change the <code>user_data_cloud_config</code> resource to reference <code>ssh_public_key</code></p><pre><code>resource "proxmox_virtual_environment_file" "user_data_cloud_config" {[...] ssh_authorized_keys: - ${trimspace("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGC++vbMTrSbQFKFgthj9oLaW1z5fCkQtlPCnG6eObB thib@ergaster.org")} - ${trimspace(data.local_file.ssh_public_key.content)}[...]}</code></pre><p>Now let's update the <code>initialization</code> block of <code>k3s-main</code> to use that cloud-init file</p><pre><code>resource "proxmox_virtual_environment_vm" "k3s-main" { name = "k3s-main" [...] initialization { datastore_id = "local" ip_config { ipv4 { address = "192.168.1.221/24" gateway = "192.168.1.254" } } user_data_file_id = proxmox_virtual_environment_file.user_data_cloud_config.id }}</code></pre><p>We can check with <code>tofu plan</code> that everything is alright, and then actually apply the plan with <code>tofu apply</code></p><pre><code>$ tofu applydata.local_file.ssh_public_key: Reading...data.local_file.ssh_public_key: Read complete after 0s [id=930cea05ae5e662573618e0d9f3e03920196cc5f]proxmox_virtual_environment_file.user_data_cloud_config: Refreshing state... [id=local:snippets/user-data-cloud-config.yaml]proxmox_virtual_environment_download_file.debian_13_cloud_image: Refreshing state... [id=local:iso/debian-13-generic-amd64.img] OpenTofu used the selected providers to generate the following execution plan.Resource actions are indicated with the following symbols: + create OpenTofu will perform the following actions: # proxmox_virtual_environment_vm.k3s-main will be created + resource "proxmox_virtual_environment_vm" "k3s-main" { [...] } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? OpenTofu will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes proxmox_virtual_environment_vm.k3s-main: Creating...proxmox_virtual_environment_vm.k3s-main: Creation complete after 5s [id=100] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.</code></pre><p>Looking at Proxmox's console, I can see that the VM was created, it healthy, and I can even see that it has the <code>mightykube</code> hostname I had created for it.</p><p></p><p>Now I can try to ssh into the newly created VM from my laptop</p><pre><code>$ ssh thib@192.168.1.221The authenticity of host '192.168.1.221 (192.168.1.221)' can't be established.ED25519 key fingerprint is SHA256:39Qocnshj+JMyt4ABpD9ZIjDpOHhXqdet94QeSh+uDo.This key is not known by any other names.Are you sure you want to continue connecting (yes/no/[fingerprint])? yesWarning: Permanently added '192.168.1.221' (ED25519) to the list of known hosts.Linux mightykube 6.12.41+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.41-1 (2025-08-12) x86_64 The programs included with the Debian GNU/Linux system are free software;the exact distribution terms for each program are described in theindividual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extentpermitted by applicable law.thib@mightykube:~$ </code></pre><p>Let's check that I can perform actions as root without being prompted for a password</p><pre><code>thib@mightykube:~$ sudo apt updateGet:1 file:/etc/apt/mirrors/debian.list Mirrorlist [30 B]Get:2 file:/etc/apt/mirrors/debian-security.list Mirrorlist [39 B]Hit:3 https://deb.debian.org/debian trixie InReleaseHit:4 https://deb.debian.org/debian trixie-updates InReleaseHit:5 https://deb.debian.org/debian trixie-backports InReleaseHit:6 https://deb.debian.org/debian-security trixie-security InReleaseReading package lists... DoneBuilding dependency tree... DoneReading state information... DoneAll packages are up to date.</code></pre><p>Brilliant! Just like that, I have a VM on Proxmox, with a static IP address, a well-known user, ssh key authentication and no password to manage at all!</p><blockquote><p>[!warning] No password means no password!</p><p>When creating the VM, cloud-init creates a user but doesn't give it a password. It means we can only rely on SSH to control the VM. If we lose our SSH key or mess up with the sshd config and can't ssh into the VM, we're (kind of) locked out!</p><p>We have access to the VM console via Proxmox, but without a password we can't log into it. It is possible to rescue it by booting a live system and chrooting into our actual system, but it can be tedious. We'll cover that in a future blog post.</p></blockquote><p>We still have credentials in our <code>.tf</code> files so we can't commit them yet. We will extract the credentials a bit later, but first let's refactor our files for clarity.</p><h3>A single place to attribute IPs</h3><p>Since all my VMs will get a static IP, I want to make sure I keep a tidy list of all the IPs already used. This will help avoid IP clashes. Let's create a new <code>ips.tf</code> file to keep track of everything</p><pre><code>locals { reserved_ips = { proxmox_host = "192.168.1.220/24" k3s_main = "192.168.1.221/24" gateway = "192.168.1.254" }}</code></pre><p>When spinning up the VM for the main k3s node, I will be able to refer to the <code>local.reserved_ips.k3s_main</code> local variable. So let's update the <code>tofu/k3s-main.tf</code> file accordingly!</p><pre><code>resource "proxmox_virtual_environment_vm" "k3s-main" { name = "k3s-main" description = "Production k3s' main VM" tags = ["production", "k3s", "debian"] node_name = "proximighty" [...] initialization { datastore_id = "local" ip_config { ipv4 { address = "192.168.1.221/24" gateway = "192.168.1.254" address = local.reserved_ips.k3s_main gateway = local.reserved_ips.gateway } } user_data_file_id = proxmox_virtual_environment_file.user_data_cloud_config.id }}</code></pre><p>We now have a single file to allocate IPs to virtual machines. We can see at a glance whether an IP is already used or not. That should save us some trouble! Let's now have a look at the precautions we need to take to save our files with git.</p><h2>Keeping a safe copy of our state</h2><h3>What is tofu state</h3><p>We used opentofu to describe what resources we wanted to create. Let's remove the <code>resource "proxmox_virtual_environment_vm" "k3s-main"</code> we have created, and run <code>tofu plan</code> to see how opentofu would react to that.</p><pre><code>$ tofu plandata.local_file.ssh_public_key: Reading...data.local_file.ssh_public_key: Read complete after 0s [id=930cea05ae5e662573618e0d9f3e03920196cc5f]proxmox_virtual_environment_download_file.debian_13_cloud_image: Refreshing state... [id=local:iso/debian-13-generic-amd64.img]proxmox_virtual_environment_file.user_data_cloud_config: Refreshing state... [id=local:snippets/user-data-cloud-config.yaml]proxmox_virtual_environment_vm.k3s-main: Refreshing state... [id=100] OpenTofu used the selected providers to generate the following execution plan.Resource actions are indicated with the following symbols: - destroy OpenTofu will perform the following actions: # proxmox_virtual_environment_vm.k3s-main will be destroyed # (because proxmox_virtual_environment_vm.k3s-main is not in configuration) - resource "proxmox_virtual_environment_vm" "k3s-main" { [...] } Plan: 0 to add, 0 to change, 1 to destroy.</code></pre><p>If I remove a resource block, opentofu will try to delete it. But it might not be aware of other VMs I could have deployed. Hang on but that might be dangerous! If I already had 3 VMs running on Proxmox and started using opentofu after that, would it destroy them all, since I didn't describe them in my files?!</p><p>Fortunately for us, no. Opentofu needs to know what it is in charge of, and leave the rest alone. When I provision something via opentofu, it adds it to a local inventory of all the things it manages. That inventory is called a state file and looks like the following (prettified via <code>jq</code>)</p><pre><code>{ "version": 4, "terraform_version": "1.10.5", "serial": 13, "lineage": "24d431ee-3da9-4407-b649-b0d2c0ca2d67", "outputs": {}, "resources": [ { "mode": "data", "type": "local_file", "name": "ssh_public_key", "provider": "provider[\"registry.opentofu.org/hashicorp/local\"]", "instances": [ { "schema_version": 0, "attributes": { "content": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGC++vbMTrSbQFKFgthj9oLaW1z5fCkQtlPCnG6eObB thib@ergaster.org\n", "content_base64": "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUlHQysrdmJNVHJTYlFGS0ZndGhqOW9MYVcxejVmQ2tRdGxQQ25HNmVPYkIgdGhpYkBlcmdhc3Rlci5vcmcK", "content_base64sha256": "YjQvgHA99AXWCaKLep6phGgdlmkZHvXU3OOhRSsQvms=", "content_base64sha512": "tRp4/iG90wX0R1SghdvXwND8Hg6ADNuMMdPXANUYDa2uIjkRkLRgK5YPK6ACz5cbW+SbqvGPGzYpWNNFLGIFpQ==", "content_md5": "ed5ee6428ea7c048fe8019bb1a2206b3", "content_sha1": "930cea05ae5e662573618e0d9f3e03920196cc5f", "content_sha256": "62342f80703df405d609a28b7a9ea984681d9669191ef5d4dce3a1452b10be6b", "content_sha512": "b51a78fe21bdd305f44754a085dbd7c0d0fc1e0e800cdb8c31d3d700d5180dadae22391190b4602b960f2ba002cf971b5be49baaf18f1b362958d3452c6205a5", "filename": "/Users/thibaultmartin/.ssh/id_ed25519.pub", "id": "930cea05ae5e662573618e0d9f3e03920196cc5f" }, "sensitive_attributes": [] } ] }, [...] ], "check_results": null}</code></pre><p>The tofu state is a local representation of what opentofu manages. It's absolutely mandatory for opentofu to work: this is how opentofu knows if it needs to deploy, update, or tear down resources. So we need to keep in a safe place, and my laptop is not a safe place at all. It can fail or get stolen. Since the state is a text based file, I could use git to keep remote copies of it.</p><p>But as you can see, the tofu state file contains my public key, that it read from a local file. The state file contains a structured view of what is in the <code>.tf</code> files it manages. So far we have not added any sensitive credentials, but we might do it and not realize they will end up in state, and thus on a git repo.</p><p>Fortunately, opentofu comes with tools that let us encrypt the state, so we can commit it to a remote git repository with more peace of mind.</p><h3>Encrypting the tofu state</h3><p>Before encrypting our state, the opentofu documentation has <a href="https://opentofu.org/docs/language/state/encryption/#general-guidance-and-pitfalls-please-read">an important section to read</a> so you understand what it entails.</p><p>We need to migrate our unencrypted plan to an encrypted one. Let's bear in mind that there's no way back if we screw up, so let's make a backup first (and delete it when we're done). Note that a properly encrypted state can be migrated to a decrypted one. A botched encrypted state will likely be irrecoverable. Let's just copy it in a different directory</p><pre><code>$ cd ~/Project/infra/tofu$ mkdir ~/tfbackups$ cp terraform.tfstate{,.backup} ~/tfbackups/</code></pre><p>To encrypt our state, we need to choose an encryption method: as a single admin homelabber I'm going for the simpler and sturdier method. I don't want to depend on extra infrastructure for secrets management, so I'm using <a href="https://opentofu.org/docs/language/state/encryption/#pbkdf2">PBKDF2</a>, which roughly means "generating an encryption key from a long passphrase."</p><p>With that in mind, let's follow <a href="https://opentofu.org/docs/language/state/encryption/#pre-existing-project">the documentation to migrate a pre-existing project</a>. Let's open our <code>providers.tf</code> file and add an <code>encryption</code> block within the <code>terraform</code> one.</p><pre><code>terraform { encryption { method "unencrypted" "migrate" {} key_provider "pbkdf2" "password_key" { passphrase = "REDACTED" } method "aes_gcm" "password_based" { keys = key_provider.pbkdf2.password_key } state { method = method.aes_gcm.password_based fallback { method = method.unencrypted.migrate } } } required_providers { proxmox = { source = "bpg/proxmox" version = "0.80.0" } }} provider "proxmox" { endpoint = "https://192.168.1.220:8006/" ssh { agent = true username = "root" }}</code></pre><p>This block instructs terraform to encrypt the state with a key generated from our password. It also tells it to expect a pre-existing unencrypted state to exist, that it's okay to read and encrypt it.</p><p>Note that I've used the encryption passphrase directly in that block. We will move it to a safer place later, but for now let's keep things simple.</p><p>Let's now apply this plan to see if our state gets encrypted correctly, but <strong>make sure you do have a cleartext backup first.</strong></p><pre><code>$ cd ~/Projects/infra/tofu$ tofu apply</code></pre><p>After the apply, we can have a look at the <code>terraform.tfstate</code> file to check that it has indeed been encrypted.</p><pre><code>{ "serial": 13, "lineage": "24d431ee-3da9-4407-b649-b0d2c0ca2d67", "meta": { "key_provider.pbkdf2.password_key": "eyJzYWx0[...]" }, "encrypted_data": "ONXZsJhz[...]", "encryption_version": "v0"}</code></pre><p>I know that opentofu people probably know what they're doing, but I don't like that <code>password_key</code> field. It starts with <code>eyJ</code>, <a href="https://ergaster.org/til/base64-encoded-json/">so that must be a base64 encoded json object</a>. Let's decode that</p><pre><code>$ echo "eyJzYWx0[...]" | base64 -d{"salt":"jzGRZLVANeFJpJRxj8RXg48FfOoB++GF/Honm6sIF9Y=","iterations":600000,"hash_function":"sha512","key_length":32}</code></pre><p>All good, it's just the salt, iterations, hash function and key length parameters. Those are pretty much public, we can commit the file to our repo! But... what about the <code>terraform.tfstate.backup</code> file? Let's examine this one</p><pre><code>{ "version": 4, "terraform_version": "1.10.5", "serial": 12, "lineage": "24d431ee-3da9-4407-b649-b0d2c0ca2d67", "outputs": {}, "resources": [ { "mode": "data", "type": "local_file", "name": "ssh_public_key", "provider": "provider[\"registry.opentofu.org/hashicorp/local\"]", "instances": [ { "schema_version": 0, "attributes": { "content": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGC++vbMTrSbQFKFgthj9oLaW1z5fCkQtlPCnG6eObB thib@ergaster.org\n", [...] } ] }, [...] ], "check_results": null}</code></pre><p>Oh dear! That one is <em>not</em> encrypted! I didn't find any utility for it since terraform can't do "rollbacks", and I couldn't find docs for it. I've deleted the file and I could still perform <code>tofu apply</code> without a problem. The next iterations should be encrypted, but I will add it to my <code>.gitignore</code> just in case!</p><p>We're not <em>quite</em> ready to commit our files though. We still have a secret in plain text! We give away the encryption key we use. Let's extract it into an environment variable so we don't leak it.</p><h3>Removing sensitive information</h3><p>We need to create a new credential in the <code>Infra</code> folder of our vault, and call it <code>TF_ENCRYPTION</code>. Its content is the following</p><pre><code>key_provider "pbkdf2" "password_key" { passphrase = "yourPassphraseGoesHere" }</code></pre><p>Then we need to sync the vault managed by the bitwarden CLI, to ensure it has the credential we just added.</p><pre><code>$ bw syncSyncing complete.</code></pre><p>Let's update our <code>~/Projects/infra/.direnv</code> to make it retrieve the <code>TF_ENCRYPTION</code> environment variable</p><pre><code>bitwarden_password_to_env Infra PROXMOX_VE_API_TOKEN TF_ENCRYPTION</code></pre><p>And let's make direnv allow it</p><pre><code>$ direnv allow ~/Projects/infra/</code></pre><p>Let's remove the block that provided our password from the <code>encryption</code> block in <code>providers.tf</code></p><pre><code>terraform { encryption { method "unencrypted" "migrate" {} key_provider "pbkdf2" "password_key" { passphrase = "REDACTED" } method "aes_gcm" "password_based" { keys = key_provider.pbkdf2.password_key } state { method = method.aes_gcm.password_based fallback { method = method.unencrypted.migrate } } } [...]}</code></pre><p>And let's try a <code>tofu plan</code> to confirm that opentofu could read the passphrase from the environment variable</p><pre><code>$ tofu planβ·β Warning: Unencrypted method configuredβ β on line 0:β (source code not available)β β Method unencrypted is present in configuration. This is a security risk andβ should only be enabled during migrations.β΅data.local_file.ssh_public_key: Reading...data.local_file.ssh_public_key: Read complete after 0s [id=930cea05ae5e662573618e0d9f3e03920196cc5f]proxmox_virtual_environment_download_file.debian_13_cloud_image: Refreshing state... [id=local:iso/debian-13-generic-amd64.img]proxmox_virtual_environment_file.user_data_cloud_config: Refreshing state... [id=local:snippets/user-data-cloud-config.yaml]proxmox_virtual_environment_vm.k3s-main: Refreshing state... [id=100] No changes. Your infrastructure matches the configuration. OpenTofu has compared your real infrastructure against your configuration and foundno differences, so no changes are needed.</code></pre><p>Brilliant! We can now also remove the <code>migrate</code> and <code>fallback blocks</code> so opentofu doesn't trust unencrypted content at all, which will prevent malicious actors from tampering with our file.</p><pre><code>terraform { encryption { method "unencrypted" "migrate" {} method "aes_gcm" "password_based" { keys = key_provider.pbkdf2.password_key } state { method = method.aes_gcm.password_based fallback { method = method.unencrypted.migrate } } } [...]}</code></pre><p>Finally we can delete our cleartext backup</p><pre><code>$ rm -Rf ~/tfbackups</code></pre><p>VoilΓ , we have an encrypted state that we can push to a remote Github repository, and our state will be reasonably safe for today's standards!</p><h2>Fully configuring and managing the VM</h2><p>As we've seen when setting up the Proxmox host, ansible can be used to put a machine in a desired state. It can write a playbook to install k3s and copy the kubeconfig file to my admin laptop.</p><p>Then there's the question of: how do we make opentofu (who provisions the VMs) and ansible (who deploys services on the VMs) talk to each other? In an ideal world, I would tell opentofu to provision the VM, and then to run an ansible playbook on the hosts it has created.</p><p>There's an <a href="https://registry.terraform.io/providers/ansible/ansible/latest/docs">ansible opentofu provider</a> that's supposed to play this role. I didn't find intuitive to use, and most people around me told me they found it so cumbersome they didn't use it. There is a more flexible and sturdy solution: ansible dynamic inventories!</p><h3>Creating a dynamic inventory for k3s VMs</h3><p>Ansible supports creating inventories by calling plugins that will retrieve information from sources. The <a href="https://docs.ansible.com/ansible/latest/collections/community/general/proxmox_inventory.html">Proxmox inventory source plugin</a> lets ansible query Proxmox and retrieve information about VMs, and automatically group them together.</p><p>Hang on. Are we really going to create a dynamic inventory <em>for a single VM?</em> I know we're over engineering things for the sake of learning, but <em>isn't it a bit too much?</em> As always, it's important to consider what problem we're trying to solve. To me, we're solving two different problems:</p><ol><li><strong>We make sure that there is a single canonical source of truth</strong>, and it is opentofu. The IP defined in opentofu, it's the one provisioned on Proxmox, and it's the one the dynamic inventory will use to perform operations on the VM. If the VM needs to change its IP, we only have to update it in opentofu, and ansible will follow along.</li><li><strong>We build a sane foundation for more complex setups</strong>. It will be easy to extend when deploying more VMs to run complex clusters, while not adding unnecessary complexity.</li></ol><p>So let's start by making sure we have the Proxmox plugin installed. It is part of the <code>community.general</code> collection on <code>ansible-galaxy</code>, so let's install it</p><pre><code>$ ansible-galaxy collection install community.general</code></pre><p>Then in the <code>~/Projects/infra/ansible/inventory</code> directory, we can create a <code>proximighty.proxmox.yaml</code>. The file has to end with <code>.proxmox.yaml</code> for the Proxmox plugin to work.</p><pre><code>plugin: community.general.proxmoxurl: https://192.168.1.200:8006user: "terraform@pve"token_id: "provider"token_secret: "REDACTED"</code></pre><p>Let's break it down:</p><ul><li><code>plugin</code> tells ansible to use the Proxmox inventory source plugin.</li><li><code>url</code> is the URL of the Proxmox cluster.</li><li><code>user</code> is the Proxmox user we authenticate as. Here I'm reusing the same value as the service account we have created for opentofu.</li><li><code>token_id</code> is the ID of the token we have issued for the user. I'm also reusing the same value as the API Key we have created for opentofu.</li><li><code>token_secret</code> is the password for the API Key. Here again I'm reusing the same value as the API Key we have created for opentofu. I'm writting it in the plain text file for now, we will clean it up later.</li></ul><p>Now we can try to pass that dynamic inventory configuration to ansible for it to build an inventory from Proxmox.</p><pre><code>$ ansible-inventory -i proximighty.proxmox.yaml --list[WARNING]: * Failed to parse/Users/thibaultmartin/Projects/infra/ansible/inventory/proximighty.proxmox.yamlwith auto plugin: HTTPSConnectionPool(host='192.168.1.200', port=8006): Max retriesexceeded with url: /api2/json/nodes (Caused by SSLError(SSLCertVerificationError(1,'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get localissuer certificate (_ssl.c:1028)')))[WARNING]: * Failed to parse/Users/thibaultmartin/Projects/infra/ansible/inventory/proximighty.proxmox.yamlwith yaml plugin: Plugin configuration YAML file, not YAML inventory[WARNING]: * Failed to parse/Users/thibaultmartin/Projects/infra/ansible/inventory/proximighty.proxmox.yamlwith ini plugin: Invalid host pattern 'plugin:' supplied, ending in ':' is notallowed, this character is reserved to provide a port.[WARNING]: Unable to parse/Users/thibaultmartin/Projects/infra/ansible/inventory/proximighty.proxmox.yaml asan inventory source[WARNING]: No inventory was parsed, only implicit localhost is available{ "_meta": { "hostvars": {} }, "all": { "children": [ "ungrouped" ] }}</code></pre><p>And it fails! This is unfortunately not a surprise. We asked the plugin to look up into Proxmox and gave it a https URL. But when Proxmox runs for the first time, it generates a self-signed certificate. It is a perfectly fine certificate we can use to handle https requests. The only problem is that our laptop doesn't trust the Proxmox host, who signed the certificate for itself.</p><p>The good news is that <a href="https://pve.proxmox.com/wiki/Certificate_Management">Proxmox can retrieve certificates</a> signed by authorities our laptop trusts! The bad news is that we need to understand what we're doing to do it properly. Like earlier, when we configured the Proxmox provider for opentofu, let's ask the Proxmox plugin to use the certificate even if it doesn't trust the authority who signed it. Since we're in a homelab on a home network, the risk of accidentally reaching a host that impersonates our Proxmox host is still fairly low, so it's acceptable to temporarily take this risk here again.</p><p>Let's add the following line to our dynamic inventory configuration to ignore the certificate signature</p><pre><code>plugin: community.general.proxmoxurl: https://192.168.1.200:8006user: "terraform@pve"token_id: "provider"token_secret: "REDACTED"validate_certs: false</code></pre><p>And now, running the inventory command again</p><pre><code>$ cd ~/Projects/infra/ansible/inventory$ ansible-inventory -i proximighty.proxmox.yaml --list{ "_meta": { "hostvars": {} }, "all": { "children": [ "ungrouped", "proxmox_all_lxc", "proxmox_all_qemu", "proxmox_all_running", "proxmox_all_stopped", "proxmox_nodes", "proxmox_proximighty_lxc", "proxmox_proximighty_qemu" ] }, "proxmox_all_qemu": { "hosts": [ "k3s-main" ] }, "proxmox_all_running": { "hosts": [ "k3s-main" ] }, "proxmox_nodes": { "hosts": [ "proximighty" ] }, "proxmox_proximighty_qemu": { "hosts": [ "k3s-main" ] }}</code></pre><p>Great! We can see that our k3s-main VM appears! We didn't learn a lot about it though. Let's ask the Proxmox plugin to give us more information about the VMs with the <a href="https://docs.ansible.com/ansible/latest/collections/community/general/proxmox_inventory.html#parameter-want_facts"><code>want_facts</code></a> parameter</p><pre><code>plugin: community.general.proxmoxurl: https://192.168.1.200:8006user: "terraform@pve"token_id: "provider"token_secret: "REDACTED"want_facts: truevalidate_certs: false</code></pre><p>Let's run it again and see if we get more interesting results</p><pre><code>$ cd ~/Projects/infra/ansible/inventory$ ansible-inventory -i proximighty.proxmox.yaml --list{ "_meta": { "hostvars": { "k3s-main": { "proxmox_acpi": 1, "proxmox_agent": { "enabled": "0", "fstrim_cloned_disks": "0", "type": "virtio" }, "proxmox_balloon": 16384, "proxmox_bios": "seabios", "proxmox_boot": { "order": "virtio0;net0" }, "proxmox_cicustom": { "user": "local:snippets/user-data-cloud-config.yaml" }, "proxmox_cores": 4, "proxmox_cpu": { "cputype": "x86-64-v4" }, "proxmox_cpuunits": 1024, "proxmox_description": "Production k3s' main VM", "proxmox_digest": "b68508152b464627d06cba6505ed195aa3d34f59", "proxmox_ide2": { "disk_image": "local:100/vm-100-cloudinit.qcow2", "media": "cdrom" }, "proxmox_ipconfig0": { "gw": "192.168.1.254", "ip": "192.168.1.221/24" }, "proxmox_keyboard": "en-us", "proxmox_memory": "16384", "proxmox_meta": { "creation-qemu": "9.2.0", "ctime": "1753547614" }, "proxmox_name": "k3s-main", "proxmox_net0": { "bridge": "vmbr0", "firewall": "0", "virtio": "BC:24:11:A6:96:8B" }, "proxmox_node": "proximighty", "proxmox_numa": 0, "proxmox_onboot": 1, "proxmox_ostype": "other", "proxmox_protection": 0, "proxmox_qmpstatus": "running", "proxmox_scsihw": { "disk_image": "virtio-scsi-pci" }, "proxmox_serial0": "socket", "proxmox_smbios1": { "uuid": "0d47f7c8-e0b4-4302-be03-64aa931a4c4e" }, "proxmox_snapshots": [], "proxmox_sockets": 1, "proxmox_status": "running", "proxmox_tablet": 1, "proxmox_tags": "debian;k3s;production", "proxmox_tags_parsed": [ "debian", "k3s", "production" ], "proxmox_template": 0, "proxmox_virtio0": { "aio": "io_uring", "backup": "1", "cache": "none", "discard": "ignore", "disk_image": "local:100/vm-100-disk-0.qcow2", "iothread": "1", "replicate": "1", "size": "500G" }, "proxmox_vmgenid": "e00a2059-1310-4b0b-87f7-7818e7cdb9ae", "proxmox_vmid": 100, "proxmox_vmtype": "qemu" } } }, "all": { "children": [ "ungrouped", "proxmox_all_lxc", "proxmox_all_qemu", "proxmox_all_running", "proxmox_all_stopped", "proxmox_nodes", "proxmox_proximighty_lxc", "proxmox_proximighty_qemu" ] }, "proxmox_all_qemu": { "hosts": [ "k3s-main" ] }, "proxmox_all_running": { "hosts": [ "k3s-main" ] }, "proxmox_nodes": { "hosts": [ "proximighty" ] }, "proxmox_proximighty_qemu": { "hosts": [ "k3s-main" ] }}</code></pre><p>That's a tonne of information! Probably more than we need, and we still don't know how to connect to a specific host. Let's add some order into that. First, let's group all the VMs that have <code>k3s</code> in their tags under a an ansible group called <code>k3s</code></p><pre><code>plugin: community.general.proxmoxurl: https://192.168.1.200:8006user: "terraform@pve"token_id: "provider"token_secret: "REDACTED"want_facts: truegroups: k3s: "'k3s' in (proxmox_tags_parsed|list)"validate_certs: false</code></pre><p>And now let's tell ansible how to figure out what IP to use for a host. Since we are the ones provisioning the VMs, we know for sure that we have configured them to use a static IP, on the single virtual network interface we gave them.</p><p>Let's use the <a href="https://docs.ansible.com/ansible/latest/collections/community/general/proxmox_inventory.html#parameter-compose"><code>compose</code></a> parameter to populate an <code>ansible_host</code> variable that contains the IP of the VM.</p><pre><code>plugin: community.general.proxmoxurl: https://192.168.1.200:8006user: "terraform@pve"token_id: "provider"token_secret: "REDACT"want_facts: truegroups: k3s: "'k3s' in (proxmox_tags_parsed|list)"compose: ansible_host: proxmox_ipconfig0.ip | default(proxmox_net0.ip) | ansible.utils.ipaddr('address')validate_certs: false</code></pre><p>And finally let's test this again</p><pre><code>$ cd ~/Projects/infra/ansible/inventoryansible-inventory -i proximighty.proxmox.yaml --list{ "_meta": { "hostvars": { "k3s-main": { "ansible_host": "192.168.1.221", "proxmox_acpi": 1, "proxmox_agent": { "enabled": "0", "fstrim_cloned_disks": "0", "type": "virtio" }, [...] } } }, "all": { "children": [ "ungrouped", "proxmox_all_lxc", [...] "k3s" ] }, "k3s": { "hosts": [ "k3s-main" ] }, [...]}</code></pre><p>Brilliant! We now have a <code>k3s</code> group, that contains our single <code>k3s-main</code> VM, and it's been able to retrieve its IP successfully! Let's create a simple playbook to try to execute on the VM one command that works and one that doesn't.</p><p>Let's create a <code>~/Projects/infra/ansible/k3s/test.yaml</code></p><pre><code>---- name: Execute commands on the k3s host hosts: k3s remote_user: thib tasks: - name: Echo on the remote server ansible.builtin.command: echo "It worked" changed_when: false - name: Get k3s installed version ansible.builtin.command: k3s --version register: k3s_version_output changed_when: false ignore_errors: true</code></pre><p>The only two notable things here are</p><ul><li><code>hosts</code> is the name of the group we created in the dynamic inventory</li><li><code>remote_user</code> is the user I have pre-configured via cloud-init when spinning up the VM</li></ul><pre><code>$ cd$ ansible-playbook -i inventory/proximighty.proxmox.yaml k3s/test.yaml PLAY [Execute commands on the k3s host] ******************************************** TASK [Gathering Facts] *************************************************************ok: [k3s-main] TASK [Echo on the remote server] ***************************************************ok: [k3s-main] TASK [Get k3s installed version] ***************************************************fatal: [k3s-main]: FAILED! =&gt; {"changed": false, "cmd": "k3s --version", "msg": "[Errno 2] No such file or directory: b'k3s'", "rc": 2, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}...ignoring PLAY RECAP *************************************************************************k3s-main : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=1 </code></pre><p>It works! Now that we know how to build an inventory based on Proxmox tags and could make a simply ansible playbook use it, let's move forward and actually deploy k3s on our VM!</p><h3>Deploying k3s on the k3s-main VM</h3><p>The k3s maintainers have created a <a href="https://github.com/k3s-io/k3s-ansible/">k3s-ansible playbook</a> that can preconfigure a machine to ensure it will be ready to make k3s run, and deploy a single or multi-node cluster. It's a great playbook and it's important not to reinvent the wheel. But I also like to understand what I execute, and keep things minimal to limit the risk of breakage.</p><p>Let's take inspiration from this excellent playbook to build one tailored for our (very simple) needs: deploying k3s-server on a single node. When trying to install k3s server via the playbook on Debian, it executes 2 roles:</p><ul><li><a href="https://github.com/k3s-io/k3s-ansible/blob/master/roles/prereq/tasks/main.yml"><code>prereq</code></a> that performs a series of checks to ensure k3s can be installed and run well</li><li><a href="https://github.com/k3s-io/k3s-ansible/blob/master/roles/k3s_server/tasks/main.yml"><code>k3s_server</code></a> that downloads, preconfigures and install k3s</li></ul><p>We know that the OS powering our virtual machine is always going to be a Debian cloud image. None of the checks in <code>prereq</code> are useful for a fresh vanilla Debian stable. So let's skip it entirely.</p><p>Let's have a closer look at what <code>k3s_server</code> does, and carry the important bits over to our playbook. We want to</p><ol><li>Check whether k3s is already installed so we don't override it if it was already installed</li><li>Download the install script</li><li>Execute the install script to download k3s</li><li>Create a systemd service for k3s to start automatically</li><li>Enable the service</li><li>Copy the kubeconfig file generated by k3s to our laptop, and merge it with our kubeconfig under the cluster name and context <code>mightykube</code></li></ol><p>To do things cleanly, we will create a <code>k3s_server</code> role in a <code>k3s</code> directory.</p><pre><code>---- name: Get k3s installed version ansible.builtin.command: k3s --version register: k3s_server_version_output changed_when: false ignore_errors: true - name: Set k3s installed version when: not ansible_check_mode and k3s_server_version_output.rc == 0 ansible.builtin.set_fact: k3s_server_installed_version: "{{ k3s_server_version_output.stdout_lines[0].split(' ')[2] }}" - name: Download and execute k3s installer if k3s is not already installed when: not ansible_check_mode and (k3s_server_version_output.rc != 0 or k3s_server_installed_version is version(k3s_server_version, '&lt;')) block: - name: Download K3s install script ansible.builtin.get_url: url: https://get.k3s.io/ timeout: 120 dest: /usr/local/bin/k3s-install.sh owner: root group: root mode: "0755" - name: Install K3s binary ansible.builtin.command: cmd: /usr/local/bin/k3s-install.sh environment: INSTALL_K3S_SKIP_START: "true" INSTALL_K3S_VERSION: "{{ k3s_server_version }}" changed_when: true - name: Copy K3s service file [Single] ansible.builtin.template: src: "k3s-single.service.j2" dest: "/etc/systemd/system/k3s.service" owner: root group: root mode: "0644" register: k3s_server_service_file_single - name: Enable and check K3s service ansible.builtin.systemd: name: k3s daemon_reload: true state: started enabled: true - name: Check whether kubectl is installed on control node ansible.builtin.command: 'kubectl' register: k3s_server_kubectl_installed ignore_errors: true delegate_to: 127.0.0.1 become: false changed_when: false # Copy the k3s config to a second file to detect changes.# If no changes are found, we can skip copying the kubeconfig to the control node.- name: Copy k3s.yaml to second file ansible.builtin.copy: src: /etc/rancher/k3s/k3s.yaml dest: /etc/rancher/k3s/k3s-copy.yaml mode: "0600" remote_src: true register: k3s_server_k3s_yaml_file_copy - name: Apply k3s kubeconfig to control node if file has change and control node has kubectl installed when: - k3s_server_kubectl_installed.rc == 0 - k3s_server_k3s_yaml_file_copy.changed block: - name: Copy kubeconfig to control node ansible.builtin.fetch: src: /etc/rancher/k3s/k3s.yaml dest: "~/.kube/config.new" flat: true - name: Change server address in kubeconfig on control node ansible.builtin.shell: | KUBECONFIG=~/.kube/config.new kubectl config set-cluster default --server=https://{{ hostvars[groups['k3s'][0]]['ansible_host'] }}:6443 delegate_to: 127.0.0.1 become: false register: k3s_server_csa_result changed_when: - k3s_server_csa_result.rc == 0 - name: Setup kubeconfig context on control node - mightykube ansible.builtin.replace: path: "~/.kube/config.new" regexp: 'default' replace: 'mightykube' delegate_to: 127.0.0.1 become: false - name: Merge with any existing kubeconfig on control node ansible.builtin.shell: | TFILE=$(mktemp) KUBECONFIG=~/.kube/config.new:~/.kube/config kubectl config set-context mightykube --user=mightykube --cluster=mightykube KUBECONFIG=~/.kube/config.new:~/.kube/config kubectl config view --flatten &gt; ${TFILE} mv ${TFILE} ~/.kube/config delegate_to: 127.0.0.1 become: false register: k3s_server_mv_result changed_when: - k3s_server_mv_result.rc == 0 </code></pre><p>Let's also create a template file for the systemd service under <code>~/Projects/infra/ansible/k3s/roles/k3s_server/templates</code></p><pre><code>[Unit]Description=Lightweight KubernetesDocumentation=https://k3s.ioWants=network-online.targetAfter=network-online.target [Install]WantedBy=multi-user.target [Service]Type=notifyEnvironmentFile=-/etc/default/%NEnvironmentFile=-/etc/sysconfig/%NEnvironmentFile=-/etc/systemd/system/k3s.service.envKillMode=processDelegate=yes# Having non-zero Limit*s causes performance problems due to accounting overhead# in the kernel. We recommend using cgroups to do container-local accounting.LimitNOFILE=1048576LimitNPROC=infinityLimitCORE=infinityTasksMax=infinityTimeoutStartSec=0Restart=alwaysRestartSec=5sExecStartPre=-/sbin/modprobe br_netfilterExecStartPre=-/sbin/modprobe overlayExecStart=/usr/local/bin/k3s server </code></pre><p>Let's create a <code>~/Projects/infra/ansible/k3s/k3s_server/default/main.yaml</code> to set the version of k3s we want to install, and that we might change in the future when doing upgrades.</p><pre><code>k3s_server_version: "v1.33.3+k3s1"</code></pre><p>Finally, let's create a <code>~/Projects/infra/ansible/k3s/deploy.yaml</code> that calls the role we just created on the <code>k3s</code> servers group.</p><pre><code>---- name: Install k3s hosts: k3s remote_user: thib tasks: - name: Install k3s server ansible.builtin.import_role: name: k3s_server </code></pre><p>We can now use everything together by calling the playbook we created (and the role it calls) with the dynamic inventory generated by the Proxmox plugin. Let's try!</p><pre><code>$ cd ~/Projects/infra/ansible$ ansible-playbook -i inventory/proximighty.proxmox.yaml k3s/deploy.yaml</code></pre><p>Using <code>kubectl</code> on my laptop, I can confirm that my single node cluster is ready</p><pre><code>$ kubectl get nodesNAME STATUS ROLES AGE VERSIONmightykube Ready control-plane,master 4m v1.33.3+k3s1</code></pre><p>Great! We have used ansible to automate the installation of a single node k3s cluster, and how to control it from our laptop. Thanks to our dynamic inventory, ansible also figured out what VM to install it onto automatically. Look, Mom! We have a Kubernetes at home!</p><p>It's time to clean things up and remove sensitive credentials from our ansible scripts.</p><h3>Removing sensitive information</h3><p>When writing our ansible playbook, we didn't add new credentials. When setting up opentofu we created an API Key, and stored it in our Bitwarden vault under the name <code>PROXMOX_VE_API_TOKEN</code>. When configuring the dynamic inventory, we reused that same API key but wrote it in the plain text file.</p><p>There is a minor difference though. Opentofu uses the API Key formatted as</p><pre><code>terraform@pve!provider=REDACTED</code></pre><p>Ansible on the other hand uses the API Key formatted as</p><pre><code>user: "terraform@pve"token_id: "provider"token_secret: "REDACTED"</code></pre><p>The information is the same, but formatted differently. Fortunately for us, ansible supports <a href="https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html#searching-strings-with-regular-expressions">searching strings with regular expressions</a>. The regex to break it down into the three parts we need is rather simple:</p><pre><code>([^!]+)!([^=]+)=(.+)</code></pre><p>Ansible also has a <a href="https://docs.ansible.com/ansible/latest/collections/ansible/builtin/env_lookup.html">lookup method</a> to read environment variables. Let's put all the pieces together in our dynamic inventory file</p><pre><code>plugin: community.general.proxmoxurl: https://192.168.1.200:8006user: 'terraform@pve'token_id: 'provider'token_secret: 'REDACTED'user: "{{ (lookup('ansible.builtin.env', 'PROXMOX_VE_API_TOKEN') | regex_search('([^!]+)!([^=]+)=(.+)', '\\1'))[0] }}"token_id: "{{ (lookup('ansible.builtin.env', 'PROXMOX_VE_API_TOKEN') | regex_search('([^!]+)!([^=]+)=(.+)', '\\2'))[0] }}"token_secret: "{{ (lookup('ansible.builtin.env', 'PROXMOX_VE_API_TOKEN') | regex_search('([^!]+)!([^=]+)=(.+)', '\\3'))[0] }}"want_facts: truegroups: k3s: "'k3s' in (proxmox_tags_parsed|list)"compose: ansible_host: proxmox_ipconfig0.ip | default(proxmox_net0.ip) | ansible.utils.ipaddr('address')validate_certs: false</code></pre><p>VoilΓ ! Just like that we have removed the secrets from our files, and we're ready to commit them!</p><blockquote><p>[!info] Why not use the <a href="https://docs.ansible.com/ansible/latest/collections/community/general/bitwarden_lookup.html">Bitwarden plugin for ansible</a>?</p><p>It's a good alternative, but I already rely on direnv to extract the relevant secrets from my vault and store them temporarily in environment variables.</p><p>Using the Bitwarden plugin in my playbook would tightly couple the playbook to ansible. By relying on the environment variables, only direnv is coupled to Bitwarden!</p></blockquote><p>Now we can spin up a VM and install k3s on it in a handful of seconds! Our homelab is making steady progress. Next up we will see how to get services running on our cluster with GitOps!</p><p><em>A huge thanks to my friends and colleagues Davide, <a href="https://sandhose.fr">Quentin</a>, Ark, <a href="https://half-shot.uk">Half-Shot</a>, and Ben!</em></p></description><author>Thibault Martin</author><dc:creator>Thibault Martin</dc:creator><pubDate>Wed, 20 Aug 2025 10:00:00 GMT</pubDate><guid isPermaLink="true">https://ergaster.org/posts/2025/08/20-cloud-tech-on-prem/</guid></item><item><title>Peter Hutterer: Why is my device a touchpad and a mouse and a keyboard?</title><link>http://who-t.blogspot.com/2025/08/why-is-my-device-touchpad-and-mouse-and.html</link><description><p>If you have spent any time around HID devices under Linux (for example if youare an avid mouse, touchpad or keyboard user) then you may have noticed thatyour single physical device actually shows up as multiple device nodes (forfree! and nothing happens for free these days!).If you haven't noticed this, run <code>libinput record</code> and you may bepart of the lucky roughly 50% who get free extra event nodes.</p> <p>The pattern is always the same. Assuming you have a device named <code>FooBar ExceptionalDog 2000 AI</code>[1] what you will see are multiple devices <pre>/dev/input/event0: FooBar ExceptionalDog 2000 AI Mouse/dev/input/event1: FooBar ExceptionalDog 2000 AI Keybard /dev/input/event2: FooBar ExceptionalDog 2000 AI Consumer Control </pre> The Mouse/Keyboard/Consumer Control/... suffixes are a quirk of the kernel'sHID implementation which splits out a device based on the <b>Application Collection</b>. [2]</p><p>A <a href="https://who-t.blogspot.com/2018/12/understanding-hid-report-descriptors.html">HID report descriptor</a>may use collections to group things together. A "Physical Collection" indicates"these things are (on) the same physical thingy". A "Logical Collection" indicates"these things belong together". And you can of course nest these thingsnear-indefinitely so e.g. a logical collection inside a physical collection isa common thing.</p><p>An "Application Collection" is a high-level abstractions to group something togetherso it can be detected by software. The "something" is defined by the HID usage for thiscollection. For example, you'll never guess what this device might be based on the<a href="https://github.com/hidutils/hid-recorder">hid-recorder</a> output:<pre># 0x05, 0x01, // Usage Page (Generic Desktop) 0# 0x09, 0x06, // Usage (Keyboard) 2# 0xa1, 0x01, // Collection (Application) 4...# 0xc0, // End Collection 74</pre> Yep, it's a keyboard. Pop the champagne[3] and hooray, you deserve it.</p><p>The kernel, ever eager to help, takes top-level application collections (i.e.those not inside another collection) and applies a usage-specific suffix to thedevice. For the above Generic Desktop/Keyboard usage you get "Keyboard", the otherones currently supported are "Keypad" and "Mouse" as well as the slightly moreniche "System Control", "Consumer Control" and "Wireless Radio Control" and"System Multi Axis". In the Digitizer usage page we have "Stylus", "Pen","Touchscreen" and "Touchpad". Any other Application Collection iscurrently unsuffixed (though see [2] again, e.g. the hid-uclogic driver uses "Touch Strip" and other suffixes).</p><p>This suffix is necessary because the kernel also splits out the data sentwithin each collection as separate evdev event node. Since HID is (mostly)hidden from userspace this makes it much easier for userspace to identifydifferent devices because you can look at a event node and say "well, it hasbuttons and x/y, so must be a mouse" (this is exactly what udev does when applying the various <code>ID_INPUT</code> properties, with varyinglevels of success).</p><p>The side effect of this however is that your device may show up as multipledevices and <i>most of those extra devices will never send events</i>. Sometimesthat is due to the device supporting multiple modes (e.g. a touchpad may by default emulatea mouse for backwards compatibility but once the kernel toggles it to touchpadmode the mouse feature is mute). Sometimes it's just laziness when vendors re-usethe same firmware and leave unused bits in place.</p><p>It's <i>largely</i> a cosmetic problem only, e.g. libinput treats every eventnode as individual device and if there is a device that never sends events itwon't affect the other event nodes. It can cause user confusion though: "whydoes my laptop say there's a mouse?" and in some cases it can cause functionaldegradation - the two I can immediately recall are udev detecting the mousenode of a touchpad as pointing stick (because i2c mice aren't a thing), hencethe pointing stick configuration may show up in unexpected places. And fakemouse devices prevent features like "disable touchpad if a mouse is plugged in"from working correctly. At the moment we don't have a good solution for detecting these fake devices - short of shipping giant databases with product-specific entrieswe cannot easily detect which device is fake. After all, a Keyboard node on agaming mouse may only send events if the user configured the firmware to send keyboard events, and the same is true for a Mouse node on a gaming keyboard.</p><p>So for now, the only solution to those is a per-user <a href="https://wayland.freedesktop.org/libinput/doc/latest/ignoring-devices.html">udev rule to ignore a device</a>. If we everfigure out a better fix, expect to find a gloating blog post in this very space.</p> <p><small>[1] input device naming is typically bonkers, so I'm just sticking with precedence here<br />[2] if there's a custom kernel driver this may not apply and there are quirks to change this so this isn't true for all devices<br />[3] or sparkling wine, let's not be regionist here<br /></small></p></description><author>Peter Hutterer</author><dc:creator>Peter Hutterer</dc:creator><pubDate>Wed, 20 Aug 2025 11:12:00 GMT</pubDate><guid isPermaLink="true">http://who-t.blogspot.com/2025/08/why-is-my-device-touchpad-and-mouse-and.html</guid></item><item><title>Cassidy James Blaede: Hereβs to Whatβs Next</title><link>https://cassidyjames.com/blog/heres-to-whats-next/</link><description><img src="https://cassidyjames.com/images/binoculars.jpg" /> <p>For the past three and a half years, Iβve done the most rewarding work of my life with <a href="https://endlessaccess.org">Endless Access</a> (formerly Endless OS Foundation). Iβve helped ship Endless OS on computers to tens of thousands of people in need around the globeβpeople who might not otherwise have access to a real computer and especially reliable access to all of the offline knowledge and tools that come out of the box. Iβve visited students and teachers in the rural US who are struggling due to a lack of funding, and watched as their eyes lit up when they got ahold of Endless Key, an app packed full of safe and fun offline materials to support their self-guided learning. And Iβve helped learners and educators both unlock so much creativity and skill-building with our game-making learning programs and related open source projects.</p> <p>Unfortunately, all good things must come to an end: due to strategic decisions at the organization, my particular role wonβt exist in the coming months. That said, I have some time to look for my next challenge and adventureβand I am excited to do so purposefully.</p> <h3 id="what-is-next">What <em>is</em> next?</h3> <p><img alt="Binoculars" class="card" src="https://cassidyjames.com/images/binoculars.jpg" /></p> <p>At the end of the day, my family has to eat and we have to pay for a roof over our heads; otherwise, retiring into the wilderness to raise my kids, garden, and play with LEGO would sound pretty nice right about now! Given that I need a decent income to support us, Iβm currently looking for a role with some combination of the following:</p> <ul> <li>open source</li> <li>connecting people</li> <li>empowering people to build things</li> <li>tech for good</li></ul> <p>These are both broad and vague because I donβt have a perfect vision of what I want; my ideal job would hit all four of those, but Iβm also a realist and know that I might not be able to support my family with some utopian gig working on something like GNOME with my specific skills and experience. (That said, if youβd like to hire me for that, Iβm all ears!) I would love to continue working at a nonprofit, but Iβm open to a company that is strongly aligned with my values. Iβd prefer to work on a core product that is open source, but I could see myself working for an org that at least substantially supports open source. I donβt think I want to be a community managerβunless I can be convinced the org knows precisely what they want and that lines up with my approachβbut I do have a passion for connecting with people and helping them.</p> <p>If you know of something that sounds like it would be a good fit, please reach out via <a href="mailto:job@cassidyjames.com">email</a>, <a href="https://signal.me/#eu/MaAGJHh_C36AKgv_VOidJ0e2WrFDp1TFEGV88d1GF_sDioh_00NLP6FmKtvJ1OmO">Signal</a>, <a href="https://matrix.to/#/@cassidyjames:gnome.org">Matrix</a>, or <a href="https://mastodon.blaede.family/@cassidy">Mastodon</a>. You can also check out my <a href="https://cassidyjames.com/resume">rΓ©sumΓ©</a> or <a href="https://linkedin.com/in/cassidy-james-blaede">connect on LinkedIn</a>.</p> <p>And donβt worry: no matter what I end up taking on next, I plan to keep my volunteer position on the GNOME Foundation Board of Directors and stick around the GNOME and Flathub communities to help as much as I am able. π</p></description><author>Cassidy James Blaede</author><dc:creator>Cassidy James Blaede</dc:creator><pubDate>Wed, 20 Aug 2025 00:00:00 GMT</pubDate><guid isPermaLink="true">https://cassidyjames.com/blog/heres-to-whats-next/</guid></item><item><title>Michael Meeks: 2025-08-19 Tuesday</title><link>https://meeksfamily.uk/~michael/blog/2025-08-19.html</link><description><ul> <!-- --> <li> Up early, breakfast, bid a fond farewell to the American Meeks' - into planning call, lunch, sync with Laser. </li> <li> Monthly Management meeting, customer sync, admin catch-up, sync with Lily, dinner. </li></ul></description><author>Michael Meeks</author><dc:creator>Michael Meeks</dc:creator><pubDate>Tue, 19 Aug 2025 21:00:00 GMT</pubDate><guid isPermaLink="true">https://meeksfamily.uk/~michael/blog/2025-08-19.html</guid></item><item><title>Sam Thursfield: Status update, 19/08/2025</title><link>https://samthursfield.wordpress.com/2025/08/19/status-update-19-08-2025/</link><description><p>Hello! I&#8217;m working on an interesting project this month, related to open source Linux operating systems. Actually I&#8217;m not working on it this week, I&#8217;m instead battling with vinyl floor tiles. Don&#8217;t let anyone tell you they are easy to fit. But I think on the 5th attempt I&#8217;ve got the technique. The wooden mallet is essential.</p> <figure class="wp-block-image size-large is-resized"><a href="https://samthursfield.wordpress.com/wp-content/uploads/2025/08/img_20250818_163348.jpg"><img alt="Vinyl floor tiles, frustrated face" class="wp-image-3051" height="1024" src="https://samthursfield.wordpress.com/wp-content/uploads/2025/08/img_20250818_163348.jpg?w=768" style="width: 800px; height: 800px;" width="768" /></a></figure> <p>When I started these &#8220;status update&#8221; posts, back in <a href="https://samthursfield.wordpress.com/2021/11/17/status-update-november-2021/">2021</a>, I imagined they&#8217;d be to talk about open technology projects I was working on, mixed with a bit of music and art and so on. In fact I write more about politics these days. Let me explain why.</p> <p>In my <a href="https://samthursfield.wordpress.com/2025/05/18/book-club-2025-edition/">book review </a>earlier this year I mentioned economics dude Gary Stevenson. I still didn&#8217;t read his book but I do watch all his videos now and I&#8217;m learning a lot.</p> <p>I learned a bit about the housing crisis, for example. The housing crisis in Manchester had several major effects on my life. I just read today in <a href="https://manchestermill.co.uk/living-in-exile-the-saharawis-find-home-in-levenshulme/?ref=the-mill-newsletter">The Manchester Mill</a> that the average rent in Salford jumped from Β£640/mo to Β£1,121/mo in a decade. </p> <p>(Lucky for me, I got into computers early in life, and nobody understands their secrets so they still have to pay a good salary to those of us who do. So far I&#8217;ve weathered the crisis. Many of my friends don&#8217;t have that luck, and some of them have been struggling for 15 years already. Some even had to become <em>project managers</em>.)</p> <p>Until about 2020, I assumed the Manchester housing crisis was caused by people moving up from London. Galicia had some of the lowest rent I&#8217;d ever seen, when I first moved here, and it&#8217;s only around 2021, when rents started suddenly doubling just as I&#8217;d seen happen in Manchester, that I realised the same crisis was about to play out here as well, and perhaps it wasn&#8217;t entirely the fault of Gen-X Londoners. I thought, maybe it&#8217;s a Europe-wide housing crisis?</p> <p>Let me summarize the video Gary Stevenson did about the housing crisis (<a href="https://www.youtube.com/watch?v=BTlUyS-T-_4">this one</a>), to save you 28 minutes. It&#8217;s not just houses but <em>all types of asset</em> which are rapidly going up in price, and it&#8217;s happening worldwide. We notice the houses because we need them to live normal lives, unlike other types of asset such as gold or government bonds which most of us can live without.</p> <p>The most recent video is titled like this: <strong>&#8220;Is the economy causing a mental health crisis?</strong>&#8220;. I&#8217;ve embedded it below. (<em>It&#8217;s hosted on a platform controlled by Google, but Gary is good enough to turn off the worst of the YouTube ads, those bastards that pop up during a video in mid-sentence or while you&#8217;re figuring out a yoga pose</em>.)</p> <figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper"><div class="jetpack-video-wrapper"><div class="embed-youtube"></div></div></div></figure> <p>My answer to that question, when I saw it, was &#8220;<strong>Yes, obviously</strong>&#8220;. For example, if rent increases by 75% in your city and you&#8217;re forced back into living with your parents age 35, it&#8217;s tough to deal with alright. What do you think? </p> <p>But the video is about more than that. The reason asset prices are through the roof is because <em>the super rich are taking all the assets</em>. The 1% have more money than ever. Wealth inequality is rapidly rising, and nothing is stopping it. For thousands of years, the aristocracy owned all the land and castles and manor houses, and the rest of us had a few cabbages and, perhaps if you were middle class, a pig.</p> <p>The second half of the 20th century levelled the playing field and put in place systems which evened things out and meant your grandparents maybe could buy a house. The people in charge of those systems have given up, or have been overpowered by the super rich.</p> <p>In fact, the video &#8220;Is the economy causing a mental health crisis?&#8221; is about the effect on your mental health when you realize that all of society as you know it is headed towards complete collapse.</p> <p>(Lucky for me, I grew up thinking society was headed for collapse due to the climate crisis, so I listened to a lot of punk rock and over-developed my capacity for nihilism. Maybe my mind looks for crises everywhere? Or maybe I was born in a time well-supplied with global crises. I share a birthday with the Chernobyl disaster.)</p> <p>So how does all this relate back to open technology?</p> <p>Maybe it doesn&#8217;t. I went to the GNOME conference last month and had very little overtly &#8220;political&#8221; conversations. We chatted about GNOME OS, live-streaming, openQA, the GNOME Foundation, the history of the GNOME project, accessibility at conferences, our jobs, and so on. Which was great, I for some reason find all that stuff mega interesting. (Hence why I went there instead of a conference about 21st century world politics).</p> <p>Or maybe it does. Tech is part of everyone&#8217;s lives now. Some of the most powerful organizations in the world now are tech companies and they get their power <em>from being omnipresent. </em>Software engineers <em>built </em>all of this. What were we thinking? </p> <p>I think we just enjoyed getting paid to work on fun problems. I suppose none of today&#8217;s tech billionaires seemed like particularly evil-minded people in the mid 2000s. Spotify used to talk about reducing MP3 piracy, not gutting the income streams of 95% of professional recording artists. Google used to have a now laughable policy of &#8220;Don&#8217;t be evil&#8221;.</p> <div class="wp-block-image"><figure class="aligncenter size-large"><a href="https://samthursfield.wordpress.com/wp-content/uploads/2025/08/image-1.png"><img alt="" class="wp-image-3040" height="400" src="https://samthursfield.wordpress.com/wp-content/uploads/2025/08/image-1.png?w=400" width="400" /></a></figure></div> <p>There is one exception who were clearly evil bastards in the 2000s as well. The US anti-trust case against Microsoft, settled in 2001, is an evidence trail of lies and anti-competitive behaviour under Bill Gates&#8217; leadership. Perhaps in an attempt to one-up his predecessor, the Satya Nadella Microsoft is now helping the far-right government of Israel to commit war crimes every day. <a href="https://noazureforapartheid.com/">No Azure for Apartheid</a>. At least they are consistent, I suppose.</p> <p>In fact, I first got interested in Linux due to Microsoft. Initially for selfish reasons. I was a child with a dialup internet connection, and I just wanted to have 5 browser windows open without the OS crashing. (For younger readers &#8212; browser tabs weren&#8217;t invented until the 21st century).</p> <p>Something has kept me interested in open operating systems, even in this modern era when you can download an MP3 in 5 seconds instead of 5 consecutive evenings. It&#8217;s partly the community of fun people around Linux. It&#8217;s partly that it led me to the job that has seen me through the housing crisis so far. And its partly the sense that we<em> are</em> the alternative to Big Tech.</p> <p>Open source isn&#8217;t going to &#8220;take over the world&#8221;. That&#8217;s what Microsoft, Spotify and Google were always going to do (and have now done). I&#8217;m honestly not sure where open source is going. Linux will go wherever hardware manufacturers force it to go, as it always has done.</p> <p>GNOME may or may not make it mainstream one day. I&#8217;m all for it, if it means some funding for <a href="https://gitlab.gnome.org/GNOME/localsearch/">localsearch</a> maintainers. If it doesn&#8217;t, that&#8217;s also fine, and we don&#8217;t <em>need </em>to be part of some coherent plan to save the world or to achieve a particular political aim. Nothing goes according to plan anyway. Its fine to work on stuff just cus its interesting. </p> <p>What we <em>are</em> doing is leading by example, showing that its <em>possible</em> to develop high quality software independently of any single corporation. You can create institutions where contributors do what we think is right, instead of doing what lunatics like Sam Altman or Mark Zockerborg think.</p> <p>At the same time, <em>everything</em> is political.</p> <p>What would happen if I travelled back to 2008 and asked the PHP developers building Facebook: &#8220;Do you think this thing could play a determining role in a genocide in Myanmar?&#8221;</p> <p>I met someone this weekend who had just quit Spotify. She isn&#8217;t a tech person. She didn&#8217;t even know Bandcamp exists. Just didn&#8217;t want to give more money to a company that&#8217;s clearly evil. This is the future of tech, if there is any. People who pay attention to the world, who are willing to do things the hard way and stop giving money to people who are clearly evil.</p> <p></p> <p></p></description><author>Sam Thursfield</author><dc:creator>Sam Thursfield</dc:creator><pubDate>Tue, 19 Aug 2025 13:05:21 GMT</pubDate><guid isPermaLink="true">https://samthursfield.wordpress.com/2025/08/19/status-update-19-08-2025/</guid></item><item><title>Christian Hergert: Status Week 33</title><link>https://blogs.gnome.org/chergert/2025/08/18/status-week-33/</link><description><p>This week is still largely focused on finalizing API/ABI for the 1.0 of Foundry in a few weeks.</p><h2>Foundry</h2><ul><li><p>Did a bunch of work on LLM completion and and conversation APIs. They are not focused on supporting everything possible but instead making some of the common stuff extremely simple. That goes for both the model size of things and the UI side of things.</p><p>For example, heavy usage of GListModel everywhere we can.</p></li><li><p>Created new abstractions for LlmTool, LlmToolProviders, and the actual call of a tool (aptly, LlmToolCall). One reason this all takes so much time to scaffold is that you want to allow some amount of flexibility when connecting models, but also avoid too much API surface area.</p><p>I think I&#8217;ve managed to do that here.</p></li><li><p>Landed Ollama implementation of the <code>FoundryLlmConversation</code> API. The ollama server appears to be stateless, which means copying the conversation over-and-over as you go. I guess this at least gives you an idea of your context window.</p></li><li><p>Setup a couple tool call implementations to test out that infrastructure. For example, it&#8217;s really easy to tell the model that you build with <code>build</code> tool and then provide it the results.</p></li><li><p>Fixed some licensing issues where I mostly just forgot to update the headers when copying them over. Things should be in a good place now for distributions to adhere to their SPDX rules.</p></li><li><p>Language settings now have a very last resort setting which are the &#8220;defaults&#8221; we ship with the library. That is just sensible stuff like using 4 spaces for tabs/indent in Python.</p><p>Settings at any layer can override these values.</p></li><li><p>Lots of work on project templates. We have both GTK 4 and Adwaita templates again. They support C/Python/rust/JavaScript like Builder does too.</p><p>But this time I tried to go a bit further. They should have a bunch of integration bits setup which we didn&#8217;t get to before.</p></li><li><p>Setup an example Flatpak manifest for applications wanting to use libfoundry (see <code>examples/flatpak/</code>) that should help get you started.</p></li><li><p>Setup i18n/l10n for <code>libfoundry</code>. I don&#8217;t think anything is consuming translations for GNOME 49 though, so mostly just gets us up and running for 50.</p></li><li><p>Landed some new API for working with the stage/index within <code>FoundryGitVcs</code>. Tested it with a speed-run challenge a bit later on in this report.</p></li></ul><h2>Assist</h2><ul><li><p>To test out the LLM APIs and ensure they can actually be used I did a speed-run to implement a &#8220;Foundry-based Developer Chat&#8221; with a time limit of two hours.</p><p>The reality is that I&#8217;m still _much_ faster writing code with all of my templates and snippets than I thought.</p><p>The new templates in Foundry are killer though.</p></li><li><p>It requires a model which supports tool calls if you want to do anything interesting with it. I&#8217;m not sure if there are models which can do both written output _and_ tool-calls which makes this a bit annoying to wait while it figures out it should call a tool.</p></li><li><p>While doing this, I realized a bunch of little things to fix in the LLM APIs. One piece still missing that I&#8217;d want to have in the future is the ability for specialized <code>FoundryLlmMessage</code> which not only have text content but typed data as well.</p><p>For example, a tool call that is essentially a <code>ls</code> should really display the output as an interactive directory list and not text.</p><p>But since this was a speed run, I did not implement that. Only made sure that the APIs could adapt to it in the future.</p></li></ul><h2>Staged</h2><ul><li><p>Started another speed-run app to test out the version control engine we have in Foundry. This one is basically just to replace my very quick use of <code>git-gui</code> to line stage patches.</p><p>Came up with a neat way to highlight old/new versions of a file and then display them with <code>GtkListView</code> instead of using a source view. No reason to power up the editing infrastructure if you&#8217;ll never be editing.</p></li></ul><h2>Manuals</h2><ul><li><p>Discovered I wasn&#8217;t getting notifications since the move to the <code>GNOME/</code> namespace so flushed out the backlog of MR there.</p></li></ul><h2>GtkSourceView</h2><ul><li><p>Fix click-through on the overview map which broke again during this development cycle. My fault for not reviewing and/or testing better.</p></li><li><p>Now that we have GNOME CI doing LSAN/ASAN/UBSAN/coverage/scanbuild I went ahead and fixed a bunch of leaks that are part of the testsuite.</p><p>Additionally, it helped me find a few that were there in everyday code use, so that is always a lovely thing to fix.</p></li></ul><h2>Ptyxis</h2><ul><li><p>Merge some last minute string changes before we can&#8217;t anymore.</p></li><li><p>Still having to unfortunately close issues which come from Debian not sourcing <code>/etc/profile.d/vte.sh</code> by default, thus breaking integration features.</p><p>The good news I hear is that will be changing before long.</p></li><li><p>Other good news is that Ptyxis has landed in the 25.10 builds and will also be landing in Debian unstable in the near future as the default terminal.</p></li><li><p>After some back-and-forth I merged support for the kgx palette as the &#8220;GNOME&#8221; palette in Ptyxis. My very hopeful desire is that this becomes something maintained by the design team. The problem is just that terminal colors are a huge piles of hacks on hacks.</p></li><li><p>Nightly builds should be fixed. Apparently something changed in the CI setup and since we&#8217;re under <code>chergert/ptyxis/</code> and not <code>GNOME/</code> it didn&#8217;t get automatically applied.</p></li><li><p>Some styling changed in libadwaita this cycle and I needed to adapt how we propagate our styling to tab close buttons.</p><p>Really though, this all just needs to be redone (like Text Editor and Builder) to use <code>var()</code> properly in CSS.</p></li></ul><h2>Libspelling</h2><ul><li><p>Merged patch improving life-cycle tracking of the piecetable/b+tree regions (branches/leaves).</p></li></ul><h2>Sysprof</h2><ul><li><p>More code review and future feature planning so we can land GSoC things after I branch for 49 (very soon I hope).</p></li></ul><h2>Other</h2><ul><li><p>Turned 41, saw Stevie Ray Vaughan&#8217;s broadcaster guitar, finally had the &#8220;weird&#8221; pizza at Lovely&#8217;s fifty/fifty, jammed at MoPOP with my niece.</p></li><li><p>Lots of random little things this week to lend a hand/ear here or there as we get closer to release.</p></li></ul></description><author>Christian Hergert</author><dc:creator>Christian Hergert</dc:creator><pubDate>Mon, 18 Aug 2025 23:59:06 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/chergert/2025/08/18/status-week-33/</guid></item><item><title>Sebastian Wick: Display Next Hackfest 2025</title><link>https://blog.sebastianwick.net/posts/display-next-hackfest-2025/</link><description><p>A few weeks ago, a bunch of display driver and compositor developers met once again for the third iteration of the Display Next Hackfest. The tradition was started by Red Hat, followed by Igalia (thanks Melissa), and now AMD (thanks Harry). We met in the AMD offices in Markham, Ontario, Canada; and online, to discuss issues, present things we worked on, figure out future steps on a bunch of topics related to displays, GPUs, and compositors.</p><figure><img alt="A bunch of people with laptops sitting at desks facing each other. A screens in the background with remote attendees." src="https://blog.sebastianwick.net/posts/display-next-hackfest-2025/display-hackfest-next-0.jpeg" /><figcaption> <h4>The Display Next Hackfest in the AMD Markham offices</h4> </figcaption></figure> <p>It was really nice meeting everyone again, and also seeing some new faces! Notably, <a href="https://poynton.ca/">Charles Poynton</a> who &ldquo;decided that HD should have 1080 image rows, and square pixels&rdquo;, and Keith Lee who works for AMD and designed their color pipeline, joined us this year. This turned out to be invaluable. It was also great to see AMD not only organizing the event, but also showing genuine interest and support for what we are trying to achieve.</p><p>This year&rsquo;s edition is likely going to be the last dedicated Display Next Hackfest, but weβre already plotting to somehow fuse it with XDC next year in some way.</p><p>If youβre looking for a more detailed technical rundown of what we were doing there, you can read <a href="https://zamundaaa.github.io/wayland/2025/07/22/display-next-hackfest-2025.html">Xaverβs</a>, or <a href="https://bootlin.com/blog/back-from-display-next-hackfest-2025/">Louisβ</a> blog posts, or our <a href="https://hwentland.github.io/work/2025hackfest-notes.html">notes</a>.</p><p>With all that being said, here is an incomplete list of things I found exciting:</p><ul><li>The biggest update of the Atomic KMS API (used to control displays) is about to get merged. The Color Pipeline API is something <a href="https://gitlab.freedesktop.org/pq/color-and-hdr/-/issues/11">I came up with</a> three years ago, and thanks to the tireless efforts of AMD, Intel and Igalia and others, this is about to become reality. Read <a href="https://melissawen.github.io/blog/2025/05/19/drm-info-with-kms-color-api">Melissaβs blog post</a> for more details.</li><li>As part of the work enabling displaying HDR content in Wayland compositors, we&rsquo;ve been unhappy with the current HDR modes in displays, as they are essentially created for video playback and have lots of unpredictable behavior. To address this, myself and Xaver have since last year been lobbying for displays to allow the use of Source Based Tone Mapping (SBTM), and this year, it seems that what we have asked for have made it to the right people. Let&rsquo;s see!</li><li>In a similar vein, on mobile devices we want to dynamically increase or decrease the HDR headroom, depending on what content applications want to show. This requires backlight changes to be somewhat atomic and having a mapping to luminance. The planned KMS backlight API will allow us to expose this, if the platform supports it. I worked a lot on backlight support in mutter this year so we can immediately start using this when it becomes available.</li><li>Charles, Christopher, and I had a discussion about compositing HDR and SDR content, and specifically about how to adjust content that was mastered for a dark viewing environment that is being shown in a bright viewing environment, so that the perception is maintained. I believe that we now have a complete picture of how compositing should work, and Iβm working on documenting this in the <a href="https://gitlab.freedesktop.org/pq/color-and-hdr/">color-and-hdr</a> repo.</li><li>For Variable Refresh Rates (VRR) we want a new KMS API to set the minimum and maximum refresh cycle, where setting min=max gives us a fixed refresh rate without a mode set. To make use of VRR in more than the single-fullscreen-window case, we also agreed that a Wayland protocol letting clients communicate their preferred refresh rate would be a good idea.</li></ul><p>Like always, lots of work ahead of us, but itβs great to actually see the progress this year with the entire ecosystem having HDR support now.</p><figure><img alt="Me sitting at a desk with 4 small glasses of beer in front of me" src="https://blog.sebastianwick.net/posts/display-next-hackfest-2025/display-hackfest-next-1.jpeg" /><figcaption> <h4>Sampling local craft beers</h4> </figcaption></figure> <p>See you all at XDC this year (or at least the one next year)!</p></description><author>Sebastian Wick</author><dc:creator>Sebastian Wick</dc:creator><pubDate>Fri, 15 Aug 2025 17:41:49 GMT</pubDate><guid isPermaLink="true">https://blog.sebastianwick.net/posts/display-next-hackfest-2025/</guid></item><item><title>This Week in GNOME: #212 Happy Birthday!</title><link>https://thisweek.gnome.org/posts/2025/08/twig-212/</link><description><p>Update on what happened across the GNOME project in the week from August 08 to August 15.<!--more--></p><p><a href="https://thisweek.gnome.org/reporters/9eedba11c7e457b8ba65972af3b2af61eb58cefc34a2b9c88d114b59d3b4c1dd">Cassidy</a> says</p><blockquote><p>On August 15, 1997, Miguel de Icaza <a href="https://mail.gnome.org/archives/gtk-list/1997-August/msg00123.html">announced</a> the start of GNOME on the GTK mailing list. Twenty-eight years later a lot has changed, but we continue to develop and iterate on βa free and complete set of user friendly applications and desktop toolsβ¦ based entirely on free software.β</p><p>To help us continue this work far into the future, we hope you join us in celebrating our birthday by <a href="https://donate.gnome.org">becoming a Friend of GNOME today</a>! π</p></blockquote><h2 id="gnome-core-apps-and-libraries">GNOME Core Apps and Libraries</h2><p><a href="https://thisweek.gnome.org/reporters/e3230d121c8381abb58fb07eaea08fe380837fb56b303dfe877383ec5a133327">FineFindus</a> announces</p><blockquote><p>We have now merged the next part of the Rust port of GNOME Disks, which ports the disk image restore dialog (or the more common use case: flashing ISO disk images to USB drives) to Rust.This also enables the new Disk Image Mounter to write disk images to drives when clicking on a disk image file without opening GNOME Disks.</p><p><img height="780" src="https://thisweek.gnome.org/_astro/gnome_disk_restore_dialog.Bb35FhC3_6gBa9.webp" width="550" /></p></blockquote><h3 id="libadwaita">Libadwaita <a href="https://gitlab.gnome.org/GNOME/libadwaita">β</a></h3><p>Building blocks for modern GNOME apps using GTK4.</p><p><a href="https://thisweek.gnome.org/reporters/e3a9c56a9ce41ddc9c066c03a9ec1c2e6e38363097df4ac55cb1666e45210164">Alice (she/her) π³οΈββ§οΈπ³οΈβπ</a> reports</p><blockquote><p>A week ago GTK landed CSS media queries support. As of today, libadwaita supports it too, both in its own styles and in app-provided styles. So, apps can now write CSS like this:</p><pre class="astro-code github-dark" style="background-color: #24292e; color: #e1e4e8;" tabindex="0"><code><span class="line"><span style="color: #B392F0;">:root</span><span style="color: #E1E4E8;"> {</span></span><span class="line"><span style="color: #FFAB70;"> --my-custom-color</span><span style="color: #E1E4E8;">: </span><span style="color: #79B8FF;">black</span><span style="color: #E1E4E8;">;</span></span><span class="line"><span style="color: #E1E4E8;">}</span></span><span class="line"></span><span class="line"><span style="color: #85E89D;">my-widget</span><span style="color: #E1E4E8;"> {</span></span><span class="line"><span style="color: #79B8FF;"> color</span><span style="color: #E1E4E8;">: </span><span style="color: #79B8FF;">var</span><span style="color: #E1E4E8;">(</span><span style="color: #FFAB70;">--my-custom-color</span><span style="color: #E1E4E8;">);</span></span><span class="line"><span style="color: #E1E4E8;">}</span></span><span class="line"></span><span class="line"><span style="color: #F97583;">@media</span><span style="color: #E1E4E8;"> (prefers-color-scheme: dark) {</span></span><span class="line"><span style="color: #B392F0;"> :root</span><span style="color: #E1E4E8;"> {</span></span><span class="line"><span style="color: #FFAB70;"> --my-custom-color</span><span style="color: #E1E4E8;">: </span><span style="color: #79B8FF;">white</span><span style="color: #E1E4E8;">;</span></span><span class="line"><span style="color: #E1E4E8;"> }</span></span><span class="line"><span style="color: #E1E4E8;">}</span></span><span class="line"></span><span class="line"><span style="color: #F97583;">@media</span><span style="color: #E1E4E8;"> (prefers-contrast: more) {</span></span><span class="line"><span style="color: #85E89D;"> my-widget</span><span style="color: #E1E4E8;"> {</span></span><span class="line"><span style="color: #79B8FF;"> box-shadow</span><span style="color: #E1E4E8;">: </span><span style="color: #79B8FF;">inset</span><span style="color: #79B8FF;"> 0</span><span style="color: #79B8FF;"> 0</span><span style="color: #79B8FF;"> 0</span><span style="color: #79B8FF;"> 1</span><span style="color: #F97583;">px</span><span style="color: #79B8FF;"> var</span><span style="color: #E1E4E8;">(</span><span style="color: #FFAB70;">--border-color</span><span style="color: #E1E4E8;">);</span></span><span class="line"><span style="color: #E1E4E8;"> }</span></span><span class="line"><span style="color: #E1E4E8;">}</span></span></code></pre><p><code>style-dark.css</code>, <code>style-hc.css</code> and <code>style-hc-dark.css</code> are still supported for this cycle, but they will be deprecated early next cycle and removed in libadwaita 2.0, so apps are encouraged to switch to media queries.</p></blockquote><h3 id="maps">Maps <a href="https://apps.gnome.org/Maps">β</a></h3><p>Maps gives you quick access to maps all across the world.</p><p><a href="https://thisweek.gnome.org/reporters/e73431565fde01d560b5f73af1a3614dd7e0c30942d74879d09ff1204625759e">mlundblad</a> reports</p><blockquote><p>Maps now shows highway shields in place popovers when clicking on road labels (when custom localized shields are defined). And also the userβs avatar is shown in the OpenStreetMap account dialog for setting POI editing (when the user has set an avatar on their account)</p><p><img height="743" src="https://thisweek.gnome.org/_astro/highway-shield-in-place-details-1.CNKd06kg_zaIah.webp" width="858" /></p><p><img height="743" src="https://thisweek.gnome.org/_astro/highway-shields-in-place-details-2.V3M_evKj_1SFmUT.webp" width="858" /></p><p><img height="743" src="https://thisweek.gnome.org/_astro/osm-account-avatar.C0J5maoj_ZsfOmX.webp" width="858" /></p></blockquote><h2 id="third-party-projects">Third Party Projects</h2><p><a href="https://thisweek.gnome.org/reporters/bb3e9d7926c189910307ea63a7f7d27f088a692038123855623ceb10966d0998">Jeff</a> reports</p><blockquote><p>In this blog post, Mitchell Hashimoto discusses the recent rewrite of the Ghostty GTK frontend. He focuses on how Zig interfaces with the GObject type system and using Valgrind to ensure that memory leaks are not introduced by application code. <a href="https://mitchellh.com/writing/ghostty-gtk-rewrite">https://mitchellh.com/writing/ghostty-gtk-rewrite</a></p></blockquote><p><a href="https://thisweek.gnome.org/reporters/c509221633bb6e87912ced8c18ea4ae2761b2049a54cce2d6e66792033cc1cfb">andypiper</a> says</p><blockquote><p>Oh, hi. Long time reader, first time poster. I released Fedinspect, a little GNOME app for developers to π inspect the configuration of <a href="https://jointhefediverse.net/">fediverse</a> servers, and also run WebFinger lookup queries for individual ActivityPub actors. It will query nodeinfo and other .well-known URIs for these servers, and you can dig into JSON responses and HTTP headers as needed. Maybe niche, hopefully useful to some folks!</p><p>You can <a href="https://flathub.org/apps/org.andypiper.Fedinspect">find it on Flathub</a>. Also, the icon in particular could do with some help to be a bit more GNOMEish, so <a href="https://codeberg.org/andypiper/fedinspect-gtk">feel free to help out</a> if youβre so inclined!</p><p><img height="2428" src="https://thisweek.gnome.org/_astro/fedinspect.Cp-nuJ3y_Z1HdnBd.webp" width="1932" /></p></blockquote><p><a href="https://thisweek.gnome.org/reporters/88a714eaaa0f98ce1e3735b7c089b643750a19d8b548ee98e9417b3f67c32e28">Ronnie Nissan</a> reports</p><blockquote><p><a href="https://flathub.org/apps/io.github.getnf.embellish">Embellish v0.5.1</a> was released today, featuring a redesign to the header bar and a new Icons page to explore, search and copy Nerd Fonts icons.</p><p>The codebase also switched to using Blueprint instead of UI files.</p><p>The issue where the list of fonts would jump to the top whenever a font was installed or removed has also been fixed.</p><p>Embellish is available only through Flathub, hope you enjoy the new feature.</p><p><img height="722" src="https://thisweek.gnome.org/_astro/embellish-v0.5.1-icons-page.fT8r5Ghv_1NFS5f.webp" width="672" /></p></blockquote><p><a href="https://thisweek.gnome.org/reporters/061d41eb80a43440bf9447406e072b686064bc0a68d55d07a985bc5822f385ef">Alain</a> says</p><blockquote><p>π Planify 4.13.2 β Improvements, Fixes &#x26; More Control Over Your TasksThe new 4.13.2 release of Planify is here, focusing on delivering a more stable, smoother, and customizable task management experience.</p><p>Hereβs whatβs new and improved:</p><ul><li>Better all-day event handling β Events are now correctly detected based on your local time.</li><li>More control with Todoist β If you canβt log in via OAuth, you can now manually enter your Todoist token.</li><li>Improved text editing β The description area now has a limited height with scrolling, placeholders behave correctly, and your text wonβt reset when repositioning the cursor.</li><li>Natural sorting β Lists now correctly order strings with numbers (e.g., item2 before item10).</li><li>Smoother navigation β Improved visual alignment for note-type tasks and the option to display completed tasks directly below pending ones with pagination.</li><li>Stability fixes β Adjustments to project view transitions, keyboard shortcuts, task duplication, and more.</li></ul><p>π¬ Weβve also updated translations, added a Discord link, and made several under-the-hood optimizations.</p><p><img height="778" src="https://thisweek.gnome.org/_astro/planner.CahrUhYJ_1XojCl.webp" width="1079" /></p></blockquote><p><a href="https://thisweek.gnome.org/reporters/0fd9cb6e7823840869419af2670b2f48e47d6e4e9813a4712bb2fbbd9e1bf110">Sepehr Rasouli</a> reports</p><blockquote><p><a href="https://flathub.org/apps/io.github.sepehr_rs.Sudoku">Sudoku V1.1.2</a> is here! Sudoku is a new modern app focused on delivering a clean, distraction-free experience. Designed with simplicity and comfort in mind, it features a straightforward interface that helps players stay focused and enjoy the game without unnecessary clutter or complications.</p><p>Features:</p><ul><li>Modern GTK4 and libadwaita interface</li><li>Keyboard shortcuts for quick access to all functions</li><li>Save and load games seamlessly to continue your progress anytime</li><li>Highlight active row and cell to improve focus and ease of play</li><li>Conflict highlighting to spot mistakes β perfect for learning</li><li>Fun for all skill levels, from beginners to experts</li></ul><p>The project is still in its early stages, so contributions are warmly welcome!</p><p><img height="738" src="https://thisweek.gnome.org/_astro/sudoku-dark.DfQMc3Wg_q5SgT.webp" width="850" /></p></blockquote><p><a href="https://thisweek.gnome.org/reporters/696a79d300f2c36e7120630dab1e85058bb69e6fa93840b82bc3dfa3b6977d3e">Semen Fomchenkov</a> announces</p><blockquote><h2 id="introducing-hashsum--a-modern-checksum-utility">Introducing Hashsum β a modern checksum utility</h2><p>This week, the <strong>ALT Gnome</strong> and <strong>ALT Linux Team</strong> present <a href="https://altlinux.space/alt-gnome/Hashsum"><strong>Hashsum</strong></a> β a file checksum calculation utility built with <strong>GTK4/Libadwaita</strong>, inspired by the ideas behind <strong>Collision</strong> and <strong>GTK Hash</strong>.</p><p>We greatly appreciate the minimalist interface of <strong>Collision</strong>, but most GTK developers in our community create applications in Vala, so we decided to take the base from Collision and rewrite it from Crystal to make future development and maintenance easier. With Hashsum, weβve combined the clean UI of Collision with the broad algorithm support of GTK Hash, adding the conveniences our community has been asking for.</p><h2 id="features">Features</h2><ul><li>Modern <strong>GTK4/Libadwaita</strong> interface inspired by <strong>Collision</strong>.</li><li>Support for the following algorithms: <strong>MD5</strong>, <strong>SHA-1</strong>, <strong>SHA-256</strong>, <strong>SHA-512</strong>, <strong>BLAKE3</strong>, <strong>CRC-32</strong>, <strong>Adler-32</strong>, <strong>GOST R 34.11-94</strong>, <strong>Streebog-256/512</strong> (via <em>gcrypt</em> and <em>blake3</em>).</li><li>Flexible selection: enable only the algorithms you actually need.</li><li>Accurate progress display for large file computations.</li><li><strong>Files</strong> (<em>Nautilus</em>) plugin: calculate checksums directly from the file managerβs context menu.</li><li>Developed in <strong>Vala</strong> with love.</li></ul><h2 id="whats-next">Whatβs next?</h2><p>We plan to submit Hashsum to <strong>Flathub</strong>, but our immediate focus will be on adding features important to the community β ensuring itβs not just a direct analog of Collision.Ideas and bug reports are welcome: <strong><a href="https://altlinux.space/alt-gnome/Hashsum/issues/new">https://altlinux.space/alt-gnome/Hashsum/issues/new</a></strong></p><p>Best regards to the developers of the Collision project β your enthusiasm and drive for innovation are truly inspiring.</p><p><img height="978" src="https://thisweek.gnome.org/_astro/Hashsum-1.CHcH-d9w_Z1pQOFf.webp" width="807" /></p><p><img height="978" src="https://thisweek.gnome.org/_astro/Hashsum-2.CpxOOYti_1AAjVE.webp" width="807" /></p></blockquote><h3 id="parabolic">Parabolic <a href="https://flathub.org/apps/details/org.nickvision.tubeconverter">β</a></h3><p>Download web video and audio.</p><p><a href="https://thisweek.gnome.org/reporters/b77e70357e23d9014c0bf6590a1f80bae500e21461bfab9eabc65fd8567d6dd7">Nick</a> announces</p><blockquote><p>Parabolic <a href="https://github.com/NickvisionApps/Parabolic/releases/tag/2025.8.0">V2025.8.0</a> is here! This release contains new features, bug fixes, and an updated <code>yt-dlp</code>.</p><p>Hereβs the full changelog:</p><ul><li>Added the ability to update yt-dlp from within the app when a newer version is available</li><li>Added padding to single digit numbered titles in playlist downloads</li><li>Replaced None translation language with en_US</li><li>Fixed an issue where validating some media would cause the app to crash</li><li>Fixed an issue where the app would not open on Windows</li><li>Fixed an issue where download rows disappeared on GNOME</li><li>Updated yt-dlp</li></ul><p><img height="829" src="https://thisweek.gnome.org/_astro/Parabolic_V2025.8.0.9IJNaNlj_1S9pcr.webp" width="1046" /></p></blockquote><h3 id="fractal">Fractal <a href="https://gitlab.gnome.org/World/fractal">β</a></h3><p>Matrix messaging app for GNOME written in Rust.</p><p><a href="https://thisweek.gnome.org/reporters/cb8ebb1826d577060c92faada43d4ec4c2dff3628749a1dfc63866b2747e19b3">KΓ©vin Commaille</a> says</p><blockquote><p>Knock, knock, knockβ¦ on <del>wood</del> rooms, baby π΅ Ooh ooh ooh ooh ooh ooh πΆ Thatβs right, Fractal 12 adds support for knocking, among other things. Read all about the improvements since 11.2:</p><ul><li>Requesting invites to rooms (aka knocking) is now possible, as is enabling such requests for room admins.</li><li>The upcoming room version 12 is supported, with the special power level of room creators.</li><li>A room can be marked as unread via the context menu in the sidebar.</li><li>You can now see if a section in the sidebar has any notifications or activity when it is collapsed.</li><li>Clicking on the name of the sender of a message adds a mention to them in the composer.</li><li>The safety setting to hide media previews in rooms is now synced between Matrix clients and we added another safety setting (which is also synced) to hide avatars in invites.</li></ul><p>As usual, this release includes other improvements and fixes thanks to all our contributors, and our upstream projects.</p><p>We want to address special thanks to the translators who worked on this version. We know this is a huge undertaking and have a deep appreciation for what youβve done. If you want to help with this effort, head over to <a href="https://l10n.gnome.org/">Damned Lies</a>.</p><p>This version is available right now on <a href="https://flathub.org/apps/org.gnome.Fractal">Flathub</a>.</p><p>If you want to join the gang, you can start by fixing one of our <a href="https://gitlab.gnome.org/World/fractal/-/issues/?label_name%5B%5D=4.%20Newcomers">newcomers issues</a>. We are always looking for new members!</p></blockquote><h2 id="internships">Internships</h2><p><a href="https://thisweek.gnome.org/reporters/ac7c633dc6d4af73820620771f530a64f6a3d30f156d65ff13026936aa5d2e37">Aryan Kaushik</a> reports</p><blockquote><p>The GNOME Foundation is interested in participating in the December-March cohort of Outreachy.</p><p>If you are interested in mentoring AND have a project idea in mind, please visitΒ <a href="https://gitlab.gnome.org/Teams/Engagement/internship-project-ideas/-/issues">https://gitlab.gnome.org/Teams/Engagement/internship-project-ideas/-/issues</a> and submit your proposal by 10th September 2025.</p><p>We are always on the lookout for project ideas that move the GNOME project forward!</p><p>If you have any questions, please feel free to post them on our matrix - <a href="https://matrix.to/#/#internship:gnome.org">#internship:gnome.org</a> or e-mailΒ <a href="mailto:soc-admins@gnome.org">soc-admins@gnome.org</a>.</p><p>Looking forward to your proposals!</p></blockquote><h2 id="gnome-foundation">GNOME Foundation</h2><p><a href="https://thisweek.gnome.org/reporters/9143e882f165daa6337ff08ea407ba2fd030447de25d67c8eb0acdaf3005d958">steven</a> says</p><blockquote><p>New Foundation Update:</p><p><a href="https://blogs.gnome.org/steven/2025/08/08/2025-08-08-foundation-update/">https://blogs.gnome.org/steven/2025/08/08/2025-08-08-foundation-update/</a></p><ul><li>bureaucracy (yay?)</li><li>apology to GIMP</li><li>advisory board room</li><li>early draft budget</li><li>501(c)(3) structural improvements</li><li>explaining the travel policy freeze</li></ul></blockquote><h2 id="thats-all-for-this-week">Thatβs all for this week!</h2><p>See you next week, and be sure to stop by <a href="https://matrix.to/#/#thisweek:gnome.org">#thisweek:gnome.org</a> with updates on your own projects!</p></description><author>This Week in GNOME</author><dc:creator>This Week in GNOME</dc:creator><pubDate>Fri, 15 Aug 2025 00:00:00 GMT</pubDate><guid isPermaLink="true">https://thisweek.gnome.org/posts/2025/08/twig-212/</guid></item><item><title>Gedit Technology blog: Mid-August News</title><link>https://gedit-text-editor.org/blog/2025-08-14-mid-august-news.html</link><description><p> Misc news about the <a href="https://gedit-text-editor.org/" target="_blank">gedit</a> text editor, mid-August edition! (Some sections are a bit technical).</p> <h3>Code Comment plugin rewritten</h3><p> I forgot to talk about it in the mid-July news, but the Code Comment plugin has been rewritten in C (it was previously implemented in Python) and the bulk of it is implemented as re-usable code in libgedit-tepl. The implementation is now shared between <a href="https://gitlab.gnome.org/World/gedit/enter-tex" target="_blank">Enter TeX</a> and gedit.</p> <h3>File loading and saving: a new GtkSourceEncoding class</h3><p> I've modified the GtkSourceEncoding class that is part of libgedit-gtksourceview, and adapted gedit accordingly. The new version of GtkSourceEncoding comes from an experiment that I did in libgedit-tepl several years ago.</p><p> GtkSourceEncoding represents a character set (or "charset" for short). It is used in combination with <code>iconv</code> to convert text files from one encoding to another (for example from ISO-8859-15 to UTF-8).</p><p> The purpose of the experiment that was done in libgedit-tepl (the TeplEncoding class) was to accomodate the needs for a <a href="https://www.freedesktop.org/wiki/Software/uchardet/" target="_blank">uchardet</a> usage (note that uchardet is not yet used by gedit, but it would be useful). uchardet is a library to automatically detect the encoding of some input text. It returns an iconv-compatible charset, as a string.</p><p> It is <em>this string</em> - returned by uchardet - that we want to store and pass to <code>iconv</code> unmodified, to not lose information.</p><p> The problem with the old version of GtkSourceEncoding: there was a fixed set of GtkSourceEncoding instances, all <code>const</code> (so without the need to free them). When trying to get an instance for an unknown charset string, NULL was returned. So this was not appropriate for a uchardet usage (or at least, not a clean solution: with the charset string returned by uchardet it was not guaranteed that a corresponding GtkSourceEncoding instance was available).</p><p> Since GtkSourceEncoding is used in a lot of places, we don't want to change the code to represent a charset as just a string. And a simple string is anyway too basic, GtkSourceEncoding provides useful features.</p><p> So, long story short: the new GtkSourceEncoding class returns new instances that must be freed, and has a constructor that just makes a copy of the charset string (there is the <code>get_charset()</code> method to get back the string, unmodified).</p><p> So gedit can keep using the GtkSourceEncoding abstraction, and we are one step closer to being able to use uchardet or something similar!</p> <h3>Know more about the gedit's maintainer</h3><p> I now have a personal web site, or more accurately a single web <em>page</em>:<br /> <a href="https://wilmet-software.be/" target="_blank">wilmet-software.be</a> (SΓ©bastien Wilmet)</p><p> gedit is a 27-years-old project, the first lines were written in 1998 (and <em>normally</em> it won't be part of the <a href="https://en.wikipedia.org/wiki/27_Club" target="_blank">27 Club</a>!). I've been a contributor to the project for 14 years, so more than half the project existence. Time flies!</p> <h3>Robust file loading - some progress</h3><p> After the rework of GtkSourceEncoding (which is part of the File Loading and Saving subsystem in libgedit-gtksourceview), I've made good progress to make the file loading more robust - although there is more work still to do.</p><p> It is a basis in programming to check all program input. gedit makes things a bit harder to accomplish this. To open a <em>document</em>:</p><ul> <li> There is first the problem of the character encoding. It is not sufficient for a general-purpose text editor to accept only UTF-8. So text files can be almost anything in binary form. </li> <li> Then gedit allows to open documents containing invalid characters in the specified or auto-detected encoding. With this, documents can <em>really</em> be anything in binary form. </li> <li> Finally the GtkTextView widget used at the heart of gedit has several limitations: (1) very big files (like log files or database dumps) are not supported, a limit on the content size must be set (and if reached, still allow to load the file with truncated content). (2) very long lines cause performance problems and can freeze the application. </li></ul> <p> So, the good news is that progress has been made on this. (There is only a good news, let's stay positive!).</p> <p><small> If you appreciate the work that I do in gedit, I would like to know your feedback, what I should improve or which important feature is missing. You can contact me <a href="https://wilmet-software.be/" target="_blank">by email</a> for example, or on a <a href="https://gedit-text-editor.org/" target="_blank">discussion channel</a>. Thank you :-) !</small></p></description><author>Gedit Technology blog</author><dc:creator>Gedit Technology blog</dc:creator><pubDate>Thu, 14 Aug 2025 10:00:00 GMT</pubDate><guid isPermaLink="true">https://gedit-text-editor.org/blog/2025-08-14-mid-august-news.html</guid></item><item><title>Aryan Kaushik: GUADEC 2025 Experience</title><link>https://www.aryank.in/posts/2025-08-13-guadec-2025-experience/</link><description><h1>Ciao a tutti!</h1><p>In this blog, I'm pumped to share my experience attending GUADEC 2025 held in Brescia, Italy.</p><h4><strong>Let's start :)</strong></h4><p>During the conference, I presented multiple talks -</p><p><a href="https://www.youtube.com/live/-xEhHObnCug?t=10745s">My main talk on GNOME Internships, Google Summer of Code, Outreachy</a></p><p><a href="https://www.youtube.com/live/18Ir6RXkIeA?t=27547">Lightning talk on Need for GUADEC and Regional events</a></p><p><a href="https://www.youtube.com/live/Z7F3fghCQB4?t=28832">Lightning talk on GNOME Extensions as the gateway ****</a></p><p>BoF on GNOME Foundation Internships - Unrecorded π
</p><p>The main talk was on Day 1 of the conference, which was quite exciting. I had the pleasure of sharing my journey and insights on how to leverage FOSS internships like GSoC and Outreachy to build a successful career in open source.</p><p>Attending this conference was far from easy. Due to the tragic Air India flight incident, I had to scrap my original travel plans and book a last-minute alternative to Italy. It was stressful β both emotionally and financially, but I was determined to make it to GUADEC.</p><p>Another trouble was with Visa; I had to apply for a Schengen Visa, which was hectic to say the least. Submitting 150+ pages of documents and waking up the GNOME Foundation team at night (their time) just to get some random letters the VFS office (embassy delegates) wanted during the submission process was bliss. So sincere thanks to Steven (ED), Anisa, Kristi, Rosanna, Asmit and others for helping me out with this at the very last minute. You all are heroes!</p><p>I usually carry double the required documents just to be on the safe side, but this was just something else.</p><p>Anyway, let's proceed with the blog :D</p><p><img alt="University of Brescia image" src="https://www.aryank.in/images/uploads/guadec25_university_of_brescia.jpg" /></p><h4><strong>The touchdown</strong></h4><p>Due to a lack of flights to Brescia, I had to take a flight to Milan and then travel by train to Brescia.</p><p>But, since this was my first conference after graduating the same month (yipeee), I fortunately was able to extend my trip for the first time ever.</p><p>This let me explore Italy, a dream come true. I visited Milan and the Monza circuit before heading to Brescia.</p><p><img alt="Milan image" src="https://www.aryank.in/images/uploads/guadec25_milan.jpg" /></p><p>I have no clue about racing, but visiting the Monza circuit was a surreal experience. The history, the cars, and the atmosphere were just amazing.</p><p><img alt="Duomo di milano image" src="https://www.aryank.in/images/uploads/guadec25_milan_2.jpg" /></p><h4><strong>The pre-conference party</strong></h4><p>After some nice struggles with public transport in Brescia (I loved it afterwards though), I decided to take a 20-minute walk to the venue of the pre-conference party.</p><p>I don't mind walking, but as I was waiting for the bus, initially, I got late and had to walk fast. The worst part? The bus that didn't allow me to board was constantly catching up to me for half the journey, boosting the frustration.</p><p><img alt="Brescia image" src="https://www.aryank.in/images/uploads/guadec25_brescia.jpg" /></p><p>But well... I finally reached! Met some of my friends and had nice conversations with the organisers, attendees, speakers and some really engaging discussions with Mauro from Canonical.</p><p>After which, he consented to me kidnapping him for an Indian dinner. The place we got to was closed (I hate Google Maps), but fortunately, we found another Indian restaurant in very close proximity.</p><p>We had tons of exchanges about the future of Ubuntu, Canonical and GNOME. It was great to meet in person after GUADEC 2023.</p><h4><strong>The first day of the conference</strong></h4><p>The first day was quite good, got to attend the talks which I was looking forward to and was also able to help with the Ubuntu booth setup (well, not much but somewhat?).</p><p><img alt="&quot;Canonical booth image&quot;" src="https://www.aryank.in/images/uploads/guadec25_canonical_booth.jpg" /></p><p>After tackling some great wifi chip delights, we were able to get the anonymous forms up and running for the booth.</p><p>And then came my talk. Maria Majadas introduced me (she is awesome btw!), and after some setup tackling, I was able to present my talk on &quot;Making a career out of FOSS Internships GSoC/Outreachy&quot;.</p><p>I had to rush a bit due to the time constraints, but I was able to cover most of the points I wanted to. So yay!</p><p>Afterwards, I was able to volunteer for moderating the talk, &quot;The state of GTK&quot; by Matthias, which was quite insightful. It was great to see the progress GTK has made and the future plans.</p><p>We then had a great panel discussion, which was quite a nice twist.</p><p><img alt="Panel discussion image" src="https://www.aryank.in/images/uploads/guadec25_panel_session.jpg" /></p><p>Later Aarti and Sri (Who both are awesome), whom I met for the first time in person, invited me for some snacks and drinks. The stories they shared were just so amazing and inspiring.Due to them, for the first time at GUADEC, I was able to have normal conversations and not just very professional ones. This elevated the conference 10x for me.</p><p>If you both are reading this, I just want to say you both are amazing, and I hope to see you again soon!</p><p>Then Mauro kidnapped me for a nice Italian dinner. We found a nice pizzeria with amazing views and food. I let him order for me, just like he did with me :).</p><p>And I have to say, that was the best pizza I ever had.</p><p><img alt="Brescia dinner and drinks image" src="https://www.aryank.in/images/uploads/guadec25_day1_dinner.jpg" /></p><p>Also, I learned some new pizza cutting tricks and info on why you should NEVER share Pizza (apart from exchanging slices to try). This will stay with me for life xD.</p><p>Oh man, that was a lot for the first day. I was exhausted but happy.</p><h4><strong>The second day of the conference</strong></h4><p>On the second day, the highlight talks for me were &quot;Getting Things Done in GNOME&quot;, &quot;State of the Shell&quot; and &quot;Have a GTK app with no tests? No Problem!&quot; (Which I had the pleasure to attend and moderate).</p><p><img alt="Getting Things Done in GNOME image" src="https://www.aryank.in/images/uploads/guadec25_getting_things_done_in_gnome.jpg" /></p><p>I also gave another lightning talk on &quot;Why do we need GUADEC or GNOME events?&quot; which was quite fun. I shared my experiences and insights on the importance of such events in fostering community and collaboration.</p><p>Thanks to Rosanna for giving me the idea to do so. It was really great to share my thoughts and experiences with the community.</p><p>After the conference, I took a detour to visit the beautiful Brescia Castle. The views were out of this world. I also, instead of taking the bus to the top or climbing up stairs, took the gravel path around the castle (It had fences which I decided to jump over :)). But it was worth it, climbing this way allowed me to see every corner of the city layer by layer. That you can't beat!</p><p><img alt="Brescia Castle image" src="https://www.aryank.in/images/uploads/guadec25_brescia_castle.jpg" /></p><h4><strong>The third day of the conference</strong></h4><p>As you can guess by now, it was great as well, and I gave another talk - &quot;GNOME Extensions: the gateway drug to GNOME&quot; and also helped in moderating some sessions.</p><p>Also, I'll highly recommend you to watch the talk on Gnurd - https://www.youtube.com/live/Z7F3fghCQB4?si=H_HgN6IHeRdSVu10&amp;t=27391It was nice!</p><p>And we ended the day with a great dinner celebrating 25 years of GUADEC. The food was amazing, the company was great, and the atmosphere was just perfect.</p><h4><strong>The BoFs</strong></h4><p>Being a GNOME GSoC'22 Intern, and now a part of the GNOME Internship Committee, I had my fourth and final talk (kind of), GNOME Internship Committee Meetup, where we discussed the future of the program, the challenges we face, and how we can improve it.</p><p>Thanks, Felipe, for organising it and inviting me to be a part of it. It was great to see the progress we have made and the plans we have for the future.</p><p>The next day, I attended the &quot;GTK Settings Hackfest&quot; BoF, and it reminded me why physical meetups are so powerful. Discussing my blockers directly with the maintainers and fixing stuff together. It can't get more delightful than that!</p><p>We then went to Lake Iseo for a trip. And the picture will give you a glimpse of the beauty of the place.</p><p><img alt="Lake Iseo" src="https://www.aryank.in/images/uploads/guadec25_iseo.jpg" /><img alt="Lake Iseo second image" src="https://www.aryank.in/images/uploads/guadec25_iseo_2.jpg" /></p><h4><strong>The Bergamo tour</strong></h4><p>The tour was a great opportunity to check out Bergamo and interact with people.</p><p>Special shoutout to Ignacy for being my partner in crime for clicking pictures. The skyline, the view from the top and the food were just amazing. We had a great time exploring the city and taking pictures.</p><p><img alt="Bergamo" src="https://www.aryank.in/images/uploads/guadec25_bergamo.jpg" /></p><p>It was also Federico's birthday, so we celebrated it with a cake and some drinks. Celebrating the founder at the 25th GUADEC was the cherry on top.</p><p>Federico also gave great insights about Coffee. I was looking forward to buying a Bialetti Moka pot, but I wasn't sure. But after his advice, I splurged. And I have to say, it was worth it. The coffee is just amazing, and the experience of making it is just delightful.Instant is not the same anymore :(.</p><p>So thanks to Federico, I now have a taste of Italy at home. Next stop, getting a grinder!</p><p><img alt="Bialetti" src="https://www.aryank.in/images/uploads/guadec25_bialetti.jpg" /></p><h4><strong>Meeting people</strong></h4><p>At last, I met many new people and got to learn a lot. Made new friends, got to meet people I look up to and many more.</p><p>I hope I wasn't that introverted, but yeah, slowly getting comfortable around new people, especially thanks to Aarti and Sri for making me feel comfortable and helping me break the ice.</p><p><img alt="GUADEC 25 peeps" src="https://www.aryank.in/images/uploads/guadec25_awesome_people.jpg" /></p><h4><strong>The End</strong></h4><p>This GUADEC was just awesome. And I was also able to visit 4 cities in Italy, which was a dream come true. Normally, due to college, I couldn't visit any other city than the conference city, but this time I was able to extend my trip and explore Italy a bit.</p><p>Thanks to all the people for making the event so great. It was an experience like no other. I would also like to thank GNOME Foundation for sponsoring the trip :)I hope I used it to the fullest and made the most out of it. :D</p><p>I also renewed my GNOME Foundation membership just recently, which is awesome.</p><p><img alt="Sponsored by gnome badge" src="https://www.aryank.in/images/uploads/sponsored-by-foundation.png" /></p></description><author>Aryan Kaushik</author><dc:creator>Aryan Kaushik</dc:creator><pubDate>Wed, 13 Aug 2025 20:00:00 GMT</pubDate><guid isPermaLink="true">https://www.aryank.in/posts/2025-08-13-guadec-2025-experience/</guid></item><item><title>Christian Hergert: Week 32 Status</title><link>https://blogs.gnome.org/chergert/2025/08/11/week-32-status/</link><description><h2>Foundry</h2><p>This week was largely around getting the new template engine landed so it can be part of the 1.0 ABI. Basically just racing to get everything landed in time to commit to the API/ABI contract.</p><ul><li><p><code>FoundryTextBuffer</code> gained some new type prerequisites to make it easier for writing applications against them. Since Foundry is a command line tool as well as a library, we don&#8217;t just use <code>GtkTextBuffer</code> since the CLI doesn&#8217;t even link against GTK. But it is abstracted in such a way that the GTK application would implement the <code>FoundryTextBuffer</code> interface with a derived <code>GtkSourceBuffer</code>.</p></li><li><p><code>FoundryTextSettings</code> has landed which provides a layered approach to text editor settings similar (but better) than we have currently in GNOME Builder. There is a new modeline implementation, editorconfig, and gsettings backed settings provider which apply in that order (with per-file overrides allowed at the tip).</p><p>Where the settings-backed implementation surpasses Builder is that it allows for layering there too. You can have user-overrides by project, project defaults, as well as Foundry defaults.</p><p>I still need to get the default settings per-language that we have already (and are mostly shared with Text Editor too) as reasonable defaults.</p></li><li><p>To allow changing the GSettings-based text settings above, the <code>foundry settings set ...</code> command gained support for specific paths using the same <code>:/</code> suffix that the <code>gsettings</code> command uses.</p></li><li><p>Spent some time on the upcoming chat API for models so I can experiment with what is possible when you control the entire tools stack.</p></li><li><p>Dropped some features so they wouldn&#8217;t be part of the 1.0. We can implement them later on as time permits. Specifically I don&#8217;t want to commit to a MCP or DAP implementation yet since I&#8217;m not fond of either of them as an API.</p></li><li><p>The <code>FoundryInput</code> subsystem gained support for license and language inputs. This makes it much simpler to write templates in the new internal template format.</p></li><li><p>Allow running <code>foundry template create ./FILE.template</code> to create a set of files or project from a template file. That allows you to interate on your own templates for your project without having to have them installed at the right location.</p></li><li><p>Wrote new project templates for empty project, shared library project, and gtk4 projects. Still need to finish the gtk4 project a bit to match feature parity with the version from Builder.</p><p>I very much am happy with how the library project turned out because this time around it supports Gir, Pkgconfig, Vapi generation, gi-doc, and more. I still need to get library potfile support though.</p><p>I also wrote new templates for creating gobjects and gtkwidgets in C (but we can port to other languages if necessary). This is a new type of &#8220;code template&#8221; as opposed to &#8220;project template&#8221;. It still allows for multiple files to be created in the target project.</p><p>What is particularly useful about it though is that we can allow projects to expose templates specific to that project in the UI. In Foundry, that means you have template access to create new plugins, LSPs, and services quite easily.</p></li><li><p>Projects can specify their default license now to make more things just happen automatically for contributors when creating new files.</p></li><li><p>Templates can include the default project license header simply now by doing `{{include &#8220;license.c&#8221;}} where the suffix gets the properly commented license block.</p></li><li><p>The API for expand templates has changed to return a <code>GListModel</code> of <code>FoundryTemplateOutput</code>. The primary motivator here is that I want to be able to have UI in Builder that lets you preview template before actually saving the templates to disk.</p></li><li><p>A new API landed that we had in Builder for listing build targets. Currently, only the <code>meson</code> plugin implements the <code>FoundryBuildTargetProvider</code>. This is mostly plumbing for upcoming features.</p></li><li><p>The new template format is a bit of amalgamation from a few formats that is just based on my experience trying to find a way to maintain these templates.</p><p>It starts with a <code>GKeyFile</code> block that describes the template and inputs to the template.</p><p>Then you have a series of what looks like markdown code blocks. You can have conditionals around them which allows for optionally including files based on input.</p><p>The filename for the blocks can also be expanded based on template inputs. The expansions are just <code>TmplExpr</code> expressions from template-glib.</p><p>An example can be found at:</p><p>https://gitlab.gnome.org/GNOME/foundry/-/blob/main/plugins/meson-templates/library.project</p></li></ul><h2>Template-GLib</h2><ul><li><p>Found some oopsies in how <code>TmplExpr</code> evaluated branches so fixed those up. Last year I wrote most of a C compiler and taking a look at this code really makes me want to rewrite it all. The intermixing of Yacc and GObject Introspection is ripe for improvement.</p></li><li><p>Added support for <code>==</code> and <code>!=</code> of <code>GStrv</code> expressions.</p></li></ul><h2>Other</h2><ul><li><p>Play CI whack-a-mole for ICU changes in nightly SDKs</p></li><li><p>Propagate foundry changes to projects depending on it so that we have useful flatpak manifests with minimal feature flags enabled.</p></li><li><p>Took a look at some performance issues in GNOME OS and passed along some debugging techniques. Especially useful for when all you got is an array of registers and need to know something.</p></li><li><p>Libpeas release for GNOME 49 beta</p></li></ul></description><author>Christian Hergert</author><dc:creator>Christian Hergert</dc:creator><pubDate>Mon, 11 Aug 2025 20:15:38 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/chergert/2025/08/11/week-32-status/</guid></item><item><title>Peter Hutterer: xkeyboard-config 2.45 has a new install location</title><link>http://who-t.blogspot.com/2025/08/xkeyboard-config-245-has-new-install.html</link><description><p> This is a heads ups that if you install xkeyboard-config 2.45 (the package that provides the XKB <b>data</b> files), some manual interaction may be needed. <a href="https://xkeyboard-config.freedesktop.org/blog/2-45-release/#breaking-changes-2">Version 2.45 has changed the install location</a> after over 20 years to be a) more correct and b) more flexible.</p><p> When you select a keyboard layout like "fr" or "de" (or any other ones really), what typically happens in the background is that an XKB parser (xkbcomp if you're on X, libxkbcommon if you're on Wayland) goes off and parses the data files provided by xkeyboard-config to populate the layouts. For historical reasons these data files have resided in <code>/usr/share/X11/xkb</code> and that directory is hardcoded in more places than it should be (i.e. more than zero). As of xkeyboard-config 2.45 however, the data files are now installed in the much more sensible directory <code>/usr/share/xkeyboard-config-2</code> with a matching <code>xkeyboard-config-2.pc</code> for anyone who relies on the data files. The old location is symlinked to the new location so everything keeps working, people are happy, no hatemail needs to be written, etc. Good times.</p><p> The reason for this change is two-fold: moving it to a package-specific directory opens up the (admittedly mostly theoretical) use-case of some other package providing XKB data files. But even more so, it finally allows us to start versioning the data files and introduce new formats that may be backwards-incompatible for current parsers. This is not yet the case however, the current format in the new location is <b>guaranteed</b> to be the same as the format we've always had, it's really just a location change in preparation for future changes.</p><p> Now, from an upstream perspective this is not just hunky, it's also dory. Distributions however struggle a bit more with this change because of packaging format restrictions. RPM for example is quite unhappy with a <a href="https://docs.fedoraproject.org/en-US/packaging-guidelines/Directory_Replacement/">directory being replaced by a symlink</a> which means that <a href="https://src.fedoraproject.org/rpms/xkeyboard-config/pull-request/3">Fedora</a> and <a href="https://build.opensuse.org/request/show/1293638">OpenSuSE</a> have to resort to the <code>.rpmmoved</code> hack. If you have ever used the <a href="https://who-t.blogspot.com/2021/02/a-pre-supplied-custom-keyboard-layout.html">custom layout</a> and/or added other files to the XKB data files you will need to <b>manually move those files from <code>/usr/share/X11/xkb.rpmmoved/</code> to the new equivalent location</b>. If you have never used that layout and/or modified local you can just delete <code>/usr/share/X11/xkb.rpmmoved</code>. Of course, if you're on Wayland you shouldn't need to modify system directories anyway since you can do <a href="https://xkbcommon.org/doc/current/user-configuration.html">it in your $HOME</a>.</p><p> Corresponding issues on what to do on <a href="https://gitlab.archlinux.org/archlinux/packaging/packages/xkeyboard-config/-/issues/1">Arch</a> and <a href="https://bugs.gentoo.org/957712">Gentoo</a>, I'm not immediately aware of other distributions's issues but if you search for them in your bugtracker you'll find them.</p></description><author>Peter Hutterer</author><dc:creator>Peter Hutterer</dc:creator><pubDate>Mon, 11 Aug 2025 11:44:00 GMT</pubDate><guid isPermaLink="true">http://who-t.blogspot.com/2025/08/xkeyboard-config-245-has-new-install.html</guid></item><item><title>Steven Deobald: 2025-08-08 Foundation Update</title><link>https://blogs.gnome.org/steven/2025/08/08/2025-08-08-foundation-update/</link><description><h2 id="opaque-things">## Opaque Things</h2><p>Very unfortunately, most of my past two weeks have been spent on &#8220;opaque things.&#8221; Let&#8217;s just label that whole bundle &#8220;bureaucracy&#8221; for now.</p><p>&nbsp;</p><h2 id="apology">## Apology</h2><p>I owe a massive apology to the GIMP team. These folks have been incredibly patient while the GNOME Foundation, as their fiscal host, sets up a bunch of new paperwork for them. It&#8217;s been a slow process.</p><p>Due to the above bureaucracy, this process has been even slower than usual. Particularly on GIMP&#8217;s big pearl anniversary year, this is especially frustrating for them and the timing is awful.</p><p>As long as I am in this role, I accept responsibility for the Foundation&#8217;s struggles in supporting the GIMP project. I&#8217;m sorry, folks, and I hope we get past the current round of difficulties quickly so we can provide the fiscal hosting you deserve.</p><p>&nbsp;</p><h2>## Advisory Board Room</h2><p>One of my favourite parts of GUADEC was our Advisory Board day. I really enjoyed hearing what all our Advisory Board members are working on, their challenges, and how they might collaborate with one another. It was a <em>really</em> productive day and we all agreed we&#8217;d like to continue that feeling throughout the year. We&#8217;ve started a new Advisory Board Room, as a result. The medium for this meeting place may change (as required), but it&#8217;s my commitment to support it, since the Foundation is the town hall for these organizations. SUSE, Canonical, Red Hat, the Document Foundation, Endless, and Debian were all in attendance at GUADEC β it was an honour to bring these folks together. We recently had postmarketOS join our Advisory Board and, given how much progress they&#8217;ve already made, I&#8217;m excited to see them breathe new life into the GNOME ecosystem. The desktop is rock solid. Mobile is growing quickly. I can&#8217;t wait to listen to more of these conversations.</p><p>&nbsp;</p><h2 id="draft-budget">## Draft Budget</h2><p>Thanks to Deepa&#8217;s tremendous work teasing apart our financial reporting, she and I have a draft budget to present to the Board on their August 12th regular meeting.</p><p>The board has already seen a preliminary version of the budget as of their July 27th meeting and an early draft as of last week. Our schedule has an optional budget review August 26th, another required budget review on September 9th and, if we need a final meeting to pass the budget, we can do that at the September 23rd board meeting. Last year, Richard passed the first on-time GNOME Foundation budget in many years. I&#8217;m optimistic we can pass a clear, uncomplicated budget a month early in 2025.</p><p>(Our fiscal year is October &#8211; September.)</p><p>I&#8217;m incredibly grateful to Deepa for all the manual work she&#8217;s put into our finances during an already busy summer. Deepa&#8217;s also started putting in place a tagging mechanism with our bookkeepers which will hopefully resolve this in a more automatic way in the future. The tagging mechanism will work in conjunction with our chart of accounts, which doesn&#8217;t really represent the GNOME Foundation&#8217;s operating capital at all, as a 501(c)(3)&#8217;s chart of accounts is geared toward the picture we show to the IRS, not the picture we show to the Board or use to pass a budget. It&#8217;s the same data, but two very different lenses on it.</p><p>Understanding is the first step. After a month of wrestling with the data, we now understand it. Automation is the second step. The board should know exactly where the Foundation stands, financially, every year, every quarter, and every month&#8230; without the need for manual reports.</p><p>&nbsp;</p><h2 id="501-c-3-structural-improvements">## 501(c)(3) Structural Improvements</h2><p>As I mention in my <a class="external" href="https://www.youtube.com/live/Z7F3fghCQB4?si=hRzQazbKPcKJugZs&amp;t=210">GUADEC keynote</a>, the GNOME Foundation has a long road ahead of it to become an ideal 501(c)(3) &#8230; but we just need to make sure we&#8217;re focused on continuous improvement. Other non-profits also struggle with their own structural challenges, since charities can take many different shapes and are often held together almost entirely by volunteers. Every organization is different, every organization wants to succeed.</p><p>I had the pleasure of some consultation conversations this week with Amy Parker of the OpenSSL Foundation and Halle Baksh, a 501(c) expert from California. Delightful folks. Super helpful.</p><p>One of the greatest things I&#8217;m finding about working in the non-profit space is that we have a tremendous support network. Everyone wants us to succeed and every time we&#8217;re ready to take the next step, there will be someone there to help us level up. Every time we do, the Foundation will get more mature and, as a result, more effective.</p><p>&nbsp;</p><h2>## Travel Policy Freeze</h2><p>I created some confusion by mentioning the travel policy freeze in my AGM slides. A group of hackers asked me at dinner on the last night in Brescia, &#8220;does this mean that all travel for contributors is cancelled?&#8221;</p><p>No, absolutely not. The travel policy freeze means that every travel request must be authorized by the Executive Director and the President; we have temporarily suspended the Travel Committee&#8217;s spending authority. We will of course still sponsor visas for interns and other program-related travel. The intention of the travel policy freeze is to reduce administrative travel costs and add them to program travel, not the other way around.</p><p>Sorry if I freaked anyone out. The goal (as long as I&#8217;m around) will always be to push Foundation resources toward programs like development, infrastructure, and events.</p><p>&nbsp;</p><h2 id="getting-back-to-work">## Getting Back To Work</h2><p>Sorry again for the short update. I&#8217;m optimistic that we&#8217;ll get over this bureaucratic bump in the road soon enough. Thanks for your patience.</p></description><author>Steven Deobald</author><dc:creator>Steven Deobald</dc:creator><pubDate>Sat, 09 Aug 2025 01:02:32 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/steven/2025/08/08/2025-08-08-foundation-update/</guid></item><item><title>Richard Hughes: LVFS Sustainability Plan</title><link>https://blogs.gnome.org/hughsie/2025/08/08/lvfs-sustainability-plan/</link><description><p><strong>tl;dr:</strong> I&#8217;m asking the biggest users of the LVFS to sponsor the project.</p><p>The Linux Foundation is kindly paying for all the hosting costs of the LVFS, and Red Hat pays for all my time &#8212; but as LVFS grows and grows that&#8217;s going to be less and less sustainable longer term. Weβre trying to find funding to hire additional resources as a βme replacementβ so that there is backup and additional attention to LVFS (and so that I can go on holiday for two weeks without needing to take a laptop with me).</p><p>This year there will be a fair-use quota introduced, with different sponsorship levels having a different quota allowance. Nothing currently happens if the quota is exceeded, although there will be additional warnings asking the vendor to contribute. The βassociateβ (free) quota is also generous, with 50,000 monthly downloads and 50 monthly uploads. This means that almost all the 140 vendors on the LVFS should expect no changes.</p><p>Vendors providing millions of firmware files to end users (and deriving tremendous value from the LVFSβ¦) should really either be providing a developer to help write shared code, design abstractions and review patches (like AMD does) or allocate some funding so that we can pay for resources to take action for them. So far no OEMs provide any financial help for the infrastructure itself, although two have recently offered &#8212; and we&#8217;re now in a position to &#8220;<em>say yes</em>&#8221; to the offers of help.</p><p>I&#8217;ve written a <a class="external" href="https://docs.google.com/presentation/d/1l_Rmkn2-UwOkS0XK5d6u9pi29TZpmG-upa4Lu5HuEy4/edit?usp=sharing">LVFS Project Sustainability Plan</a> that explains the problem and how OEMs should work with the Linux Foundation to help fund the LVFS.</p><p>I&#8217;m aware funding open source software is a delicate matter and I certainly do not want to cause anyone worry. We need the LVFS to have strong foundations; it needs to grow, adapt, and be resilient β and it needs vendor support.</p><p>Draft timeline, which is probably a little aggressive for the OEMs &#8212; so the dates might be moved back in the future:</p><p><strong>APR 2025</strong>: We started showing the historical percentage βfair useβ download utilization graph in vendor pages. As time goes on this will also be recorded into per-protocol sections too.</p><p><a href="https://blogs.gnome.org/hughsie/files/2025/08/Screenshot-2025-08-08-at-12-40-00-LVFS-Vendor-Quota.png"><img alt="downloads over time" class="aligncenter size-large wp-image-9995" height="300" src="https://blogs.gnome.org/hughsie/files/2025/08/Screenshot-2025-08-08-at-12-40-00-LVFS-Vendor-Quota-1024x465.png" width="660" /></a></p><p><strong>JUL 2025</strong>: We started showing the historical percentage βfair useβ upload utilization, also broken into per-protocol sections:</p><p><a href="https://blogs.gnome.org/hughsie/files/2025/08/Screenshot-2025-08-08-at-13-34-46-LVFS-Vendor-Quota.png"><img alt="uploads over time" class="aligncenter size-large wp-image-9997" height="300" src="https://blogs.gnome.org/hughsie/files/2025/08/Screenshot-2025-08-08-at-13-34-46-LVFS-Vendor-Quota-1024x465.png" width="660" /></a></p><p><strong>JUL 2025</strong>: We started restricting logos on the main index page to vendors joining as startup or above level &#8212; note Red Hat isn&#8217;t sponsoring the LVFS with money (but they do pay my salary!) &#8212; I&#8217;ve just used the logo as a placeholder to show what it would look like.</p><p><a href="https://blogs.gnome.org/hughsie/files/2025/08/lvfs-index.png"><img alt="" class="aligncenter size-full wp-image-9999" height="417" src="https://blogs.gnome.org/hughsie/files/2025/08/lvfs-index.png" width="799" /></a></p><p><strong>AUG 2025</strong>: I created this blogpost and sent an email to the lvfs-announce mailing list.</p><p><strong>AUG 2025</strong>: We allow vendors to join as startup or premier sponsors shown on the main page and show the badge on the vendor list</p><p><a href="https://blogs.gnome.org/hughsie/files/2025/08/Screenshot-2025-07-23-at-16-27-15-LVFS-Vendor-Status.png"><img alt="" class="aligncenter size-large wp-image-10000" height="64" src="https://blogs.gnome.org/hughsie/files/2025/08/Screenshot-2025-07-23-at-16-27-15-LVFS-Vendor-Status-1024x100.png" width="660" /></a></p><p><strong>DEC 2025</strong>: Start showing over-quota warnings on the per-firmware pages</p><p><a href="https://blogs.gnome.org/hughsie/files/2025/08/Screenshot-2025-08-08-at-13-42-04-LVFS-Firmware-Details.png"><img alt="" class="aligncenter size-large wp-image-10002" height="133" src="https://blogs.gnome.org/hughsie/files/2025/08/Screenshot-2025-08-08-at-13-42-04-LVFS-Firmware-Details-1024x206.png" width="660" /></a></p><p><strong>DEC 2025</strong>: Turn off detailed per-firmware analytics to vendors below startup sponsor level</p><p><a href="https://blogs.gnome.org/hughsie/files/2025/08/Screenshot-2025-08-08-at-13-43-09-LVFS-Firmware-Details.png"><img alt="" class="aligncenter size-large wp-image-10001" height="88" src="https://blogs.gnome.org/hughsie/files/2025/08/Screenshot-2025-08-08-at-13-43-09-LVFS-Firmware-Details-1024x136.png" width="660" /></a></p><p><strong>APR 2026</strong>: Turn off access to custom LVFS API for vendors below Startup Sponsorship level, for instance:</p><ul><li><code>/lvfs/component/{}/modify/json</code></li><li><code>/lvfs/vendors/auth</code></li><li><code>/lvfs/firmware/auth</code></li></ul><p><strong>APR 2026</strong>: Limit the number of authenticated automated robot uploads for less than Startup Sponsorship levels.</p><p>Comments welcome!</p></description><author>Richard Hughes</author><dc:creator>Richard Hughes</dc:creator><pubDate>Fri, 08 Aug 2025 13:28:48 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/hughsie/2025/08/08/lvfs-sustainability-plan/</guid></item><item><title>Andy Wingo: whippet hacklog: adding freelists to the no-freelist space</title><link>https://wingolog.org/archives/2025/08/07/whippet-hacklog-adding-freelists-to-the-no-freelist-space</link><description><div><p>August greetings, comrades! Today I want to bookend some recent work on<a href="https://wingolog.org/archives/2025/07/08/guile-lab-notebook-on-the-move">my Immix-inspired garbagecollector</a>:firstly, an idea with muddled results, then a slog through heuristics.</p><h3>the big idea</h3><p>My mostly-marking collectorβs main space is called the <a href="https://arxiv.org/abs/2503.16971">βnofl spaceβ</a>.Its name comes from its historical evolution from mark-sweep to mark-region:instead of sweeping unused memory to freelists and allocating from thosefreelists, sweeping is interleaved with allocation; βnoflβ meansβno free-listβ. As it finds holes, the collector bump-pointer allocates into thoseholes. If an allocation doesnβt fit into the current hole, the collector sweepssome more to find the next hole, possibly fetching another block. Spacefor holes that are too small is effectively wasted as fragmentation;mutators will try again after the next GC. Blocks with lots ofholes will be chosen for opportunistic evacuation, which is the heapdefragmentation mechanism.</p><p>Hole-too-small fragmentation has bothered me, because it presents apotential pathology. You donβt know how a GC will be used or what theuserβs allocation pattern will be; if it is a mix of medium (say, akilobyte) and small (say, 16 bytes) allocations, one could imagine amedium allocation having to sweep over lots of holes, discarding them inthe process, which hastens the next collection. Seems wasteful,especially for non-moving configurations.</p><p>So I had a thought: why not collect those holes into a <a href="https://github.com/wingo/whippet/blob/main/src/nofl-holeset.h">size-segregatedfreelist</a>? We just cleared the hole, the memory is core-local, and wemight as well. Then before fetching a new block, the allocatorslow-path can see if it can service an allocation from the second-chancefreelist of holes. This decreases locality a bit, but maybe itβs worthit.</p><p>Thing is, I implemented it, and I donβt know if itβs worth it! It seemsto interfere with evacuation, in that the blocks that would otherwise bemost profitable to evacuate, because they contain many holes, areinstead filled up with junk due to second-chance allocation from thefreelist. I need to do more measurements, but I think my big-brainedidea is a bit of a wash, at least if evacuation is enabled.</p><h3>heap growth</h3><p>When running the new collector in Guile, we have a performance oracle inthe form of BDW: it had better be faster for Guile to compile a Schemefile with the new nofl-based collector than with BDW. In this use casewe have an additional degree of freedom, in that unlike the lab tests ofnofl vs BDW, we donβt impose a fixed heap size, and instead allowheuristics to determine the growth.</p><p>BDWβs built-in heap growth heuristics are very opaque. You give it aheap multiplier, but as a divisor truncated to an integer. Itβs veryimprecise. Additionally, there are nonlinearities: BDW is relativelymore generous for smaller heaps, because attempts to model and amortizetracing cost, and there are some fixed costs (thread sizes, static datasizes) that donβt depend on live data size.</p><p>Thing is, BDWβs heuristics work pretty well. For example, I had aprocess that ended with a heap of about 60M, for a peak live data sizeof 25M or so. If I ran my collector with a fixed heap multiplier, itwouldnβt do as well as BDW, because it collected much more frequentlywhen the heap was smaller.</p><p>I ended up switching from the primitiveβsize the heap as a multiple of live dataβ strategy to live data plus asquare root factor; this is like what Racket ended up doing in itssimple implementation of <a href="https://marisa.moe/balancer.html">MemBalancer</a>. (I do have a proper implementationof MemBalancer, with time measurement and shrinking and all, but Ihavenβt put it through its paces yet.) With this fix I can meet BDWβs performancefor my Guile-compiling-Guile-with-growable-heap workload. It would benice to exceed BDW of course!</p><h3>parallel worklist tweaks</h3><p>Previously, in parallel configurations, trace workers would each have a<a href="https://inria.hal.science/hal-00802885/document">Chase-Lev deque</a> to which they could publish objects needing tracing.Any worker could steal an object from the top of a workerβs publicdeque. Also, each worker had a local, unsynchronized FIFO worklist,some 1000 entries in length; when this worklist filled up, the workerwould publish its contents.</p><p>There is a pathology for this kind of setup, in which one worker can endup with a lot of work that it never publishes. For example, if thereare 100 long singly-linked lists on the heap, and the worker happens to have them all onits local FIFO, then perhaps they never get published, because the FIFOnever overflows; you end up not parallelising. This seems to be the casein one microbenchmark. I switched to not have local worklists at all;perhaps this was not the right thing, but who knows. Will poke infuture.</p><h3>a hilarious bug</h3><p>Sometimes you need to know whether a given address is in an objectmanaged by the garbage collector. For the nofl space itβs pretty easy,as we have big slabs of memory; bisecting over the array of slabs isfast. But for large objects whose memory comes from the kernel, wedonβt have that. (Yes, you can reserve a big olβ region with<tt>PROT_NONE</tt> and such, and then allocate into that region; I donβt dothat currently.)</p><p>Previously I had a splay tree for lookup. Splay trees are great but notso amenable to concurrent access, and parallel marking is one place where we need to do this lookup. So I prepare a sorted array before marking, and thenbisect over that array.</p><p>Except a funny thing happened: I switched the bisect routine to returnthe start address if an address is in a region. Suddenly, weirdfailures started happening randomly. Turns out, in some places I wastesting if bisection succeeded with an <tt>int</tt>; if the region happened tobe 32-bit-aligned, then the nonzero 64-bit <tt>uintptr_t</tt> got truncated to its low 32bits, which were zero. Yes, crusty reader, Rust would have caught this!</p><h3>fin</h3><p>I want this new collector to work. Getting the growth heuristic goodenough is a step forward. I am annoyed that second-chance allocationdidnβt work out as well as I had hoped; perhaps I will find some timethis fall to give a proper evaluation. In any case, thanks for reading,and hack at you later!</p></div></description><author>Andy Wingo</author><dc:creator>Andy Wingo</dc:creator><pubDate>Thu, 07 Aug 2025 15:02:04 GMT</pubDate><guid isPermaLink="true">https://wingolog.org/archives/2025/08/07/whippet-hacklog-adding-freelists-to-the-no-freelist-space</guid></item><item><title>Jussi Pakkanen: Let's properly analyze an AI article for once</title><link>https://nibblestew.blogspot.com/2025/08/lets-properly-analyze-ai-article-for.html</link><description><p>Recently the CEO of Github wrote a blog post called <a href="https://ashtom.github.io/developers-reinvented">Developers reinvented</a>. It was reposted with various clickbait headings like&nbsp;<a href="https://www.finalroundai.com/blog/github-ceo-thomas-dohmke-warns-developers-embrace-ai-or-quit">GitHub CEO Thomas Dohmke Warns Developers: "Either Embrace AI or Get Out of This Career"</a>&nbsp;(that one feels like an LLM generated summary of the actual post, which would be ironic if it wasn't awful). To my great misfortune I read both of these. Even if we ignore whether AI is useful or not, the writings contain some of the absolute worst reasoning and stretched logical leaps I have seen in years, maybe decades. If you are ever in the need of finding out how not to write a "scientific" text on any given subject, this is the disaster area for you.</p><p>But before we begin, a detour to the east.</p><h1 style="text-align: left;">Statistics and the Soviet Union</h1><p style="text-align: left;">One of the great wonders of statistical science of the previous century was without a doubt the Soviet Union. They managed to invent and perfect dozens of ways to turn data to your liking, no matter the reality. Almost every official statistic issued by USSR was a lie. Most people know this. But even most of those do not grasp <i>just how much</i> the stats differed from reality. I sure didn't until I read <a href="https://www.goodreads.com/book/show/39679779-empire-of-the-absurd">this book</a>. Let's look at some examples.</p><h2 style="text-align: left;">Only ever report percentages</h2><p style="text-align: left;">The USSR's glorious statistics tended to be of the type "manufacturing of shoes grew over 600% this five year period". That certainly sounds a lot better than "In the last five years our factory made 700 pairs of shoes as opposed to 100" or even "7 shoes instead of 1". If you are really forward thinking, you can even cut down shoe production on those five year periods when you are not being measured. It makes the stats even more impressive, even though in reality many people have no shoes at all.</p><p style="text-align: left;">The USSR classified the real numbers as state secrets because the truth would have made them look bad. If a corporation only gives you percentages, they may be doing the same thing. Apply skepticism as needed.</p><h2 style="text-align: left;">Creative comparisons</h2><p style="text-align: left;">The previous section said the manufacturing of shoes has grown. Can you tell what it is not saying? That's right, growth over what? It is implied that the comparison is to the previous five year plan. But it is not. Apparently a common comparison in these cases was the production amounts of the year 1913. This "best practice" was not only used in the early part of the 1900s, it was used far into the 1980s.</p><p style="text-align: left;">Some of you might wonder why 1913 and not 1916, which was the last year before the bolsheviks took over? Simply because that was the century's worst year for Russia as a whole. So if you encounter a claim that "car manufacturing was up 3700%" some year in 1980s Soviet Union, now you know what that actually meant.</p><h2 style="text-align: left;">"Better" measurements</h2><p style="text-align: left;">According to official propaganda, the USSR was the world's leading country in wheat production. In this case they even listed out the production in absolute tonnes. In reality it was all fake. The established way of measuring wheat yields is to measure the "dry weight", that is, the mass of final processed grains. When it became apparent that the USSR could not compete with imperial scum, they changed their measurements to "wet weight". This included the mass of <i>everything</i> that came out from the nozzle of a harvester, such as stalks, rats, mud, rain water, dissidents and so on.</p><p style="text-align: left;">Some people outside the iron curtain even believed those numbers. Add your own analogy between those people and modern VC investors here.</p><h1 style="text-align: left;">To business then</h1><p style="text-align: left;">The actual blog post starts with this thing that can be considered a picture.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnvKIDpXIXw4sobIuJol13Nyvo2k3lS465_e8v-HNDYAR0pMz653j2pKgenz8pJodfFpqdJaAT-N68z-M_REejgPWmv9z0j87EqFsQ6prRY_u8AezZKHjpvbvXvMx2fgOd3B9HqUeIumtRiaZFDRZJwERKKr0Q-zHq83XD6T2nrPbo1VwyTLPlBqzg01Q/s720/reinvented.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnvKIDpXIXw4sobIuJol13Nyvo2k3lS465_e8v-HNDYAR0pMz653j2pKgenz8pJodfFpqdJaAT-N68z-M_REejgPWmv9z0j87EqFsQ6prRY_u8AezZKHjpvbvXvMx2fgOd3B9HqUeIumtRiaZFDRZJwERKKr0Q-zHq83XD6T2nrPbo1VwyTLPlBqzg01Q/s320/reinvented.png" width="320" /></a></div><p style="text-align: left;">What message would this choice of image tell about the person using it in their blog post?</p><p style="text-align: left;"></p><ol style="text-align: left;"><li>Said person does not have sufficient technical understanding to grasp the fact that children's toy blocks should, in fact, be affected by gravity (or that perspective is a thing, but we'll let that pass).</li><li>Said person does not give a shit about whether things are correct or could even work, as long as they look "somewhat plausible".</li></ol>Are these the sort of traits a person in charge of <i>the largest software development platform on Earth</i>&nbsp;should have? No, they are not.<p></p><p style="text-align: left;">To add insult to injury, the image seems to have been created with the Studio Ghibli image generator, which Hayao Miyazaki described as an abomination on art itself. Cultural misappropriation is high on the list of core values at Github HQ it seems.</p><p style="text-align: left;">With that let's move on to the actual content, which is this post from Twitter (to quote Matthew Garrett, I will respect their name change once Elon Musk starts respecting his child's).</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgt9Ybd7z0kDtsXvmnc398YA5WEL1wzhJm7zvZMY8N68ms8UfUBkIvrz0upLIlZzPAAYytcOyE84bEoCCFA_lxafqrOTDKpGZtQD9IqYeIZsBgj_F_YBCtW6MEsZsfemMvAb4B2shrZHywPf5da8cyB3MYuYJF4EcFhqu_1j4nAhvanCQPi4fE5Is7mNCg/s808/evidence.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgt9Ybd7z0kDtsXvmnc398YA5WEL1wzhJm7zvZMY8N68ms8UfUBkIvrz0upLIlZzPAAYytcOyE84bEoCCFA_lxafqrOTDKpGZtQD9IqYeIZsBgj_F_YBCtW6MEsZsfemMvAb4B2shrZHywPf5da8cyB3MYuYJF4EcFhqu_1j4nAhvanCQPi4fE5Is7mNCg/s320/evidence.png" width="320" /></a></div><p style="text-align: left;">Oh, wow! A field study. That makes things clear. With evidence and all! How can we possibly argue against that?</p><p style="text-align: left;">Easily. As with a child.</p><p style="text-align: left;">Let's look at this "study" (and I'm using the word in its loosest possible term here) and its details with an actual critical eye. The first thing is statistical representativeness. The sample size is 22. According to <a href="http://www.raosoft.com/samplesize.html">this sample size calculator</a> I found, a required sample size for just one thousand people would be 278, but, you know, one order of magnitude one way or another, who cares about those? Certainly not business big shot movers and shakers. Like Stockton Rush for example.</p><p style="text-align: left;">The math above assumes an unbiased sampling. The post does not even attempt to answer whether that is the case. It would mean getting answers to questions like:</p><p style="text-align: left;"></p><ul style="text-align: left;"><li>How were the 22 people chosen?</li><li>How many different companies, skill levels, nationalities, genders, age groups etc were represented?</li><li>Did they have any personal financial incentive on making their new AI tools look good?</li><li>Were they under any sort of duress to produce the "correct" answers?</li><li>What was/were the exact phrase(s) that was asked?</li><li>Were they the same for all participants?</li><li>Was the test run multiple times until it produced the desired result?</li></ul>The latter is an age old trick where you run a test with random results over and over on small groups. Eventually you will get a run that points the way you want. Then you drop the earlier measurements and publish the last one. In "the circles" this is known as <i>data set selection</i>.<p></p><p style="text-align: left;">Just to be sure, I'm <i>not</i> saying that is what they did. But if someone drove a dump truck full of money to my house and asked me to create a "study" that produced these results, that is exactly how I would&nbsp;do it. (I would not actually do it because I have a spine.)</p><p style="text-align: left;">Moving on. The main headline grabber is "Either you embrace AI or get out of this career". If you actually read the post (I know), what you find is that this is actually a quote from one of the participants. It's a bit difficult to decipher from the phrasing but my reading is that this is not a grandstanding hurrah of all things AI, but more of a "I guess this is something I'll have to get used to" kind of submission. That is not evidence, certainly not of the clear type. It is an opinion.</p><p style="text-align: left;">The post then goes on a buzzwordsalad tour of statements that range from the incomprehensible to the puzzling. Perhaps the weirdest is this nugget on education:</p><blockquote><p style="text-align: left;">Teaching [programming] in a way that evaluates rote syntax or memorization of APIs is becoming obsolete.</p></blockquote><p style="text-align: left;">It is not "becoming obsolete". It has been considered the wrong thing to do for as long as computer science has existed. Learning the syntax of most programming languages takes a few lessons, the rest of the semester is spent on actually using the language to solve problems. Any curriculum not doing that is just plain bad. Even worse than CS education in Russia in 1913.</p><p style="text-align: left;">You might also ponder that if the author is <i>so</i> out of touch with reality in this simple issue, how completely off base the rest of his statements might be. In fact the statement is so wrong at such a fundamental level that it has probably been generated with an LLM.</p><h1 style="text-align: left;">A magician's shuffle</h1><p style="text-align: left;">As nonsensical as the Twitter post is, we have not yet even mentioned the biggest misdirection in it. You might not even have noticed it yet. I certainly did not until I read the actual post. Try if you can spot it.</p><p style="text-align: left;">Ready? Let's go.</p><p style="text-align: left;">The actual fruit of this "study" boils down to this snippet.</p><blockquote><p style="text-align: left;">Developers rarely mentioned βtime savedβ as the core benefit of working in this new way with agents. They were all about increasing ambition.</p></blockquote><p style="text-align: left;">Let that sink in. For the last several years the main supposed advantage of AI tools has been the fact that they save massive amounts of developer time. This has lead to the "fire all your developers and replace them with AI bots" trend sweeping the nation. Now even this AI advertisement of a "study" can not find any such advantages and starts backpedaling into something completely different. Just like we have always been at war with Eastasia, AI has never been about "productivity". No. No. It is all about "increased ambition", whatever that is. The post then carries on with this even more baffling statement.</p><blockquote><p style="text-align: left;">When you move from thinking about reducing effort to expanding scope, only the most advanced agentic capabilities will do.</p></blockquote><p style="text-align: left;">Really? Only the most advanced agentics you say? That is a bold statement to make given that the leading reason for software project failure is scope creep. This is the one area where human beings have decades long track record for beating any artificial system. Even if machines were able to do it better, "Make your project failures more probable! Faster! Spectacularer!" is a tough rallying cry to sell.&nbsp;</p><p style="text-align: left;">&nbsp;To conclude, the actual findings of this "study" seem to be that:</p><p style="text-align: left;"></p><ol style="text-align: left;"><li>AI does not improve developer productivity or skills</li><li>AI does increase developer ambition</li></ol>This is strictly worse than the current state of affairs.</description><author>Jussi Pakkanen</author><dc:creator>Jussi Pakkanen</dc:creator><pubDate>Wed, 06 Aug 2025 02:41:00 GMT</pubDate><guid isPermaLink="true">https://nibblestew.blogspot.com/2025/08/lets-properly-analyze-ai-article-for.html</guid></item><item><title>Georges Basile Stavracas Neto: GUADEC 2025</title><link>https://feaneron.com/2025/08/05/guadec-2025/</link><description><p>I&#8217;m back from GUADEC 2025. I&#8217;m still super tired, but I wanted to write down my thoughts before they vanish into the eternal void.</p> <p>First let me start with a massive thank you for everyone that helped organize the event. It looked extremely well rounded, the kind of well rounded that can only be explained by <em>a lot</em> of work from the organizers. Thank you all!</p> <div class="wp-block-spacer"></div> <h2 class="wp-block-heading">Preparations</h2> <p>For this GUADEC I did something special: little calendars!</p> <figure class="wp-block-image alignwide size-full is-style-rounded is-style-rounded--1"><img alt="3D printed calendars on the table" class="wp-image-11213" src="https://feaneron.com/wp-content/uploads/2025/08/DSC00509Editado.jpg" /></figure> <p>These were 3D printed from a custom model I&#8217;ve made, based on the app icon of GNOME Calendar. I brought a small batch to GUADEC, and to my surprise &#8211; and joy &#8211; they vanished in just a couple of hours in the first day! It was very cool to see the calendars around after that:</p> <figure class="wp-block-gallery alignwide has-nested-images columns-2 is-cropped is-style-rectangular wp-block-gallery-2 is-layout-flex wp-block-gallery-is-layout-flex"><figure class="wp-block-image size-large has-custom-border"><img alt="A hand holding a 3D printed calendar" class="wp-image-11211" height="683" src="https://feaneron.com/wp-content/uploads/2025/08/DSC00510-1024x683.jpg" style="border-radius: 12px;" width="1024" /></figure> <figure class="wp-block-image size-large has-custom-border"><img alt="Someone using a smartphone, with a 3D printed calendar visible" class="wp-image-11216" height="1920" src="https://feaneron.com/wp-content/uploads/2025/08/DSC00545-edited-scaled.jpg" style="border-radius: 12px;" width="2560" /></figure> <figure class="wp-block-image size-large has-custom-border"><img alt="Someone walking with a backpack with a 3D printed calendar" class="wp-image-11215" src="https://feaneron.com/wp-content/uploads/2025/08/DSC00632.jpg" style="border-radius: 12px;" /></figure> <figure class="wp-block-image size-large has-custom-border"><img alt="A backpack with a 3D printed calendar hanging out" class="wp-image-11214" src="https://feaneron.com/wp-content/uploads/2025/08/DSC00407.jpg" style="border-radius: 12px;" /></figure></figure> <h2 class="wp-block-heading">Talks</h2> <p>This year I gave two talks:</p> <ul class="wp-block-list"><li><a href="https://www.youtube.com/watch?v=4BsL0VyCoWs&amp;t=1949s">GNOME Live Streaming &amp; Outreach</a></li> <li><a href="https://www.youtube.com/live/18Ir6RXkIeA?si=MWu34g4mBlt46bcw&amp;t=10805">State of Portals</a></li></ul> <p>The first one was rather difficult. On the one hand, streaming GNOME development and interacting with people online for more than 6 years has given me many anecdotal insights about the social dynamics of free software. On the other hand, it was very difficult to materialize these insights and summarize them in form of a talk.</p> <p>I&#8217;ve received good feedback about this talk, but for some reason I still left it feeling like it missed <em>something</em>. I don&#8217;t know what, exactly. But if anyone felt energized to try some streaming, goal accomplished I guess? <img alt="π" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f642.png" style="height: 1em;" /></p> <p>The second talk was just a regular update on the XDG Desktop Portal project. It was made with the sole intention of preparing territory for the Flatpak &amp; Portals BoF that occurred later. Not much to say about it, it was a technical talk, with some good questions and discussions after that.</p> <p>As for the talks that I&#8217;ve watched, to me there is one big highlight for this GUADEC: <a href="https://www.youtube.com/watch?v=18Ir6RXkIeA&amp;t=3378s">Emmanuelle&#8217;s &#8220;Getting Things Done in GNOME&#8221;</a>.</p> <figure class="wp-block-image alignwide size-large is-style-rounded is-style-rounded--3"><img alt="Emmanuele on stage with &quot;How do things happen in GNOME?&quot; on the projector" class="wp-image-11219" height="769" src="https://feaneron.com/wp-content/uploads/2025/08/DSC00542-1024x769.jpg" width="1024" /></figure> <p>Emmanuele published the contents of this talk <a href="https://www.bassi.io/articles/2025/08/03/governance-in-gnome/">in article form</a> recently.</p> <p>Sometimes, when we&#8217;re in the inflection point towards something, the right person with the right sensitivities can say the right things. I think that&#8217;s what Emmanuele did here. I think myself and others have already been feeling that the &#8220;maintainer&#8221;, in the traditional sense of the word, wasn&#8217;t a fitting description of how things have been working lately. Emmanuele gifted us with new vocabulary for that: &#8220;special interest group&#8221;. By the end of GUADEC, we were comfortably using this new descriptor.</p> <p></p> <div class="wp-block-spacer"></div> <h2 class="wp-block-heading">Photography</h2> <p>It&#8217;s not exactly a secret that I started dipping my toes towards a long admired hobby: photography. This GUADEC was the first time I traveled with a camera and a lens, and actually attempted to document the highlights and impressions.</p> <p>I&#8217;m not going to dump all of it here, but I found Brescia absolutely <em>fascinating</em> and fell in love with the colors and urban vision there. It&#8217;s not the most walkable or car-free city I&#8217;ve ever been, but there are certain aspects to it that caught my attention!</p> <p>The buildings had a lovely color palette, sometimes bright, sometimes pastel:</p> <div class="wp-block-jetpack-tiled-gallery alignwide is-style-rectangular"><div class="has-rounded-corners-12"><div class="tiled-gallery__gallery"><div class="tiled-gallery__row"><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><a href="https://feaneron.com/wp-content/uploads/2025/08/DSC00457-1024x683.jpg"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/DSC00457-1024x683.jpg?ssl=1" /></a></figure></div><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><a href="https://feaneron.com/wp-content/uploads/2025/08/DSC00466-1024x683.jpg"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/DSC00466-1024x683.jpg?ssl=1" /></a></figure></div><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><a href="https://feaneron.com/wp-content/uploads/2025/08/DSC00917-1-768x1024.jpg"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/DSC00917-1-768x1024.jpg?ssl=1" /></a></figure></div></div><div class="tiled-gallery__row"><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><a href="https://feaneron.com/wp-content/uploads/2025/08/DSC00527-1024x768.jpg"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/DSC00527-1024x768.jpg?ssl=1" /></a></figure></div><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><a href="https://feaneron.com/wp-content/uploads/2025/08/DSC01100-768x1024.jpg"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/DSC01100-768x1024.jpg?ssl=1" /></a></figure></div></div></div></div></div> <div class="wp-block-spacer"></div> <p>Some of the textures of the material of walls were intriguing:</p> <div class="wp-block-jetpack-tiled-gallery alignwide is-style-rectangular"><div class="has-rounded-corners-12"><div class="tiled-gallery__gallery"><div class="tiled-gallery__row"><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><a href="https://feaneron.com/wp-content/uploads/2025/08/DSC00591-768x1024.jpg"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/DSC00591-768x1024.jpg?ssl=1" /></a></figure></div><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><a href="https://feaneron.com/wp-content/uploads/2025/08/DSC01088-768x1024.jpg"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/DSC01088-768x1024.jpg?ssl=1" /></a></figure></div><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><a href="https://feaneron.com/wp-content/uploads/2025/08/DSC01087-1024x768.jpg"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/DSC01087-1024x768.jpg?ssl=1" /></a></figure></div></div><div class="tiled-gallery__row"><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><a href="https://feaneron.com/wp-content/uploads/2025/08/DSC00548.jpg"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/DSC00548.jpg?ssl=1" /></a></figure></div><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><a href="https://feaneron.com/wp-content/uploads/2025/08/DSC01033-1024x768.jpg"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/DSC01033-1024x768.jpg?ssl=1" /></a></figure></div><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><a href="https://feaneron.com/wp-content/uploads/2025/08/DSC00855-768x1024.jpg"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/DSC00855-768x1024.jpg?ssl=1" /></a></figure></div><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><a href="https://feaneron.com/wp-content/uploads/2025/08/DSC00590-768x1024.jpg"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/DSC00590-768x1024.jpg?ssl=1" /></a></figure></div></div></div></div></div> <div class="wp-block-spacer"></div> <p>I fell in love with how Brescia lights itself:</p> <div class="wp-block-jetpack-tiled-gallery alignwide is-style-rectangular"><div class="has-rounded-corners-12"><div class="tiled-gallery__gallery"><div class="tiled-gallery__row"><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/image-16-1024x768.png?ssl=1" /></figure></div><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/image-6-1024x768.png?ssl=1" /></figure></div><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/image-15-768x1024.png?ssl=1" /></figure></div></div><div class="tiled-gallery__row"><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/image-7-1024x768.png?ssl=1" /></figure></div><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/image-10-1024x768.png?ssl=1" /></figure><figure class="tiled-gallery__item"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/image-14-1024x768.png?ssl=1" /></figure></div></div><div class="tiled-gallery__row"><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/image-17-1024x768.png?ssl=1" /></figure></div></div></div></div></div> <div class="wp-block-spacer"></div> <p>I was fascinated by how many Vespas (and similar) could be found around the city, and decided to photograph them all! Some of the prettiest ones:</p> <div class="wp-block-jetpack-tiled-gallery alignwide is-style-rectangular"><div class="has-rounded-corners-12"><div class="tiled-gallery__gallery"><div class="tiled-gallery__row"><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/image-21-768x1024.png?ssl=1" /></figure></div><div class="tiled-gallery__col"><figure class="tiled-gallery__item"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/image-19-1024x768.png?ssl=1" /></figure><figure class="tiled-gallery__item"><img alt="" src="https://i0.wp.com/feaneron.com/wp-content/uploads/2025/08/image-20-1024x682.png?ssl=1" /></figure></div></div></div></div></div> <div class="wp-block-spacer"></div> <p>The prize for best modeling goes to Sri!</p> <figure class="wp-block-image alignwide size-large is-style-rounded is-style-rounded--4"><img alt="" class="wp-image-11249" height="768" src="https://feaneron.com/wp-content/uploads/2025/08/DSC00661-1024x768.jpg" width="1024" /></figure> <div class="wp-block-spacer"></div> <h2 class="wp-block-heading">Conclusion</h2> <p>Massive thanks to everyone that helped organize GUADEC this year. It was a fantastic event. It was great to see old friends, and meet new people in there. There were many newcomers attending this GUADEC!</p> <p>And here&#8217;s the GUADEC dinner group photo!</p> <div class="wp-block-spacer"></div> <figure class="wp-block-image alignfull size-full"><img alt="Group photo during the GUADEC dinner party" class="wp-image-11250" src="https://feaneron.com/wp-content/uploads/2025/08/GUADEC-2025-dinner-team-photo.png" /></figure></description><author>Georges Basile Stavracas Neto</author><dc:creator>Georges Basile Stavracas Neto</dc:creator><pubDate>Tue, 05 Aug 2025 18:46:49 GMT</pubDate><guid isPermaLink="true">https://feaneron.com/2025/08/05/guadec-2025/</guid></item><item><title>Thibault Martin: TIL that You can spot base64 encoded JSON, certificates, and private keys</title><link>https://ergaster.org/til/base64-encoded-json/</link><description><p>I was working on my homelab and examined a file that was supposed to contain encrypted content that I could safely commit on a Github repository. The file looked like this</p><pre><code>{ "serial": 13, "lineage": "24d431ee-3da9-4407-b649-b0d2c0ca2d67", "meta": { "key_provider.pbkdf2.password_key": "eyJzYWx0IjoianpHUlpMVkFOZUZKcEpSeGo4UlhnNDhGZk9vQisrR0YvSG9ubTZzSUY5WT0iLCJpdGVyYXRpb25zIjo2MDAwMDAsImhhc2hfZnVuY3Rpb24iOiJzaGE1MTIiLCJrZXlfbGVuZ3RoIjozMn0=" }, "encrypted_data": "ONXZsJhz37eJA[...]", "encryption_version": "v0"}</code></pre><p>Hm, key provider? Password key? In an encrypted file? That doesn't sound right. The problem is that this file is generated by taking a password, deriving a key from it, and encrypting the content with that key. I don't know what the derived key could look like, but it could be that long indecipherable string.</p><p>I asked a colleague to have a look and he said "Oh that? It looks like a base64 encoded JSON. Give it a go to see what's inside."</p><p>I was incredulous but gave it a go, and it worked!!</p><pre><code>$ echo "eyJzYW[...]" | base64 -d{"salt":"jzGRZLVANeFJpJRxj8RXg48FfOoB++GF/Honm6sIF9Y=","iterations":600000,"hash_function":"sha512","key_length":32}</code></pre><p>I couldn't believe my colleague had decoded the base64 string on the fly, so I asked. "What gave it away? Was it the trailing equal signs at the end for padding? But how did you know it was base64 encoded <em>JSON</em> and not just a base64 string?"</p><p>He replied,</p><blockquote><p>Whenever you seeΒ <code>ey</code>, that'sΒ <code>{"</code>Β and then if it's followed by a letter, you'll getΒ <code>J</code>Β followed by a letter.</p></blockquote><p>I did a few tests in my terminal, and he was right! You can spot base64 json with your naked eye, and you don't need to decode it on the fly!</p><pre><code>$ echo "{" | base64ewo=$ echo "{\"" | base64eyIK$ echo "{\"s" | base64eyJzCg==$ echo "{\"a" | base64eyJhCg==$ echo "{\"word\"" | base64eyJ3b3JkIgo=</code></pre><p>But there's even better! As <a href="https://toot.now/@tyzbit">tyzbit</a> reported on the fediverse, you can even spot base64 encoded certificates and private keys! They all start with <code>LS</code>, which reminds of the LS in "TLS certificate."</p><pre><code>$ echo -en "-----BEGIN CERTIFICATE-----" | base64LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0t</code></pre><blockquote><p>[!warning] Errata</p><p>As pointed out by <a href="https://news.ycombinator.com/item?id=44803260">gnabgib</a> and <a href="https://news.ycombinator.com/item?id=44803259">athorax</a> on Hacker News, this actually detects the leading dashes of the PEM format, commonly used for certificates, and a YAML file that starts with <code>---</code> will yield the same result</p><pre><code>$ echo "---\n" | base64LS0tXG4K</code></pre><p>This is not a silver bullet!</p></blockquote><p><em>Thanks Davide and Denis for showing me this simple but pretty useful trick, and thanks tyzbit for completing it with certs and private keys!</em></p></description><author>Thibault Martin</author><dc:creator>Thibault Martin</dc:creator><pubDate>Tue, 05 Aug 2025 13:00:00 GMT</pubDate><guid isPermaLink="true">https://ergaster.org/til/base64-encoded-json/</guid></item><item><title>Matthew Garrett: Cordoomceps - replacing an Amiga's brain with Doom</title><link>https://mjg59.dreamwidth.org/73001.html</link><description>There's a lovely device called a <a href="https://github.com/captain-amygdala/pistorm">pistorm</a>, an adapter board that glues a Raspberry Pi GPIO bus to a Motorola 68000 bus. The intended use case is that you plug it into a 68000 device and then run an emulator that reads instructions from hardware (ROM or RAM) and emulates them. You're still limited by the ~7MHz bus that the hardware is running at, but you can run the instructions as fast as you want.<br /><br />These days you're supposed to run a custom built OS on the Pi that just does 68000 emulation, but initially it ran Linux on the Pi and a userland 68000 emulator process. And, well, that got me thinking. The emulator takes 68000 instructions, emulates them, and then talks to the hardware to implement the effects of those instructions. What if we, well, just don't? What if we just run all of our code in Linux on an ARM core and then talk to the Amiga hardware?<br /><br />We're going to ignore x86 here, because it's weird - but most hardware that wants software to be able to communicate with it maps itself into the same address space that RAM is in. You can write to a byte of RAM, or you can write to a piece of hardware that's effectively pretending to be RAM[1]. The Amiga wasn't unusual in this respect in the 80s, and to talk to the graphics hardware you speak to a special address range that gets sent to that hardware instead of to RAM. The CPU knows nothing about this. It just indicates it wants to write to an address, and then sends the data.<br /><br />So, if we are the CPU, we can just indicate that we want to write to an address, and provide the data. And those addresses can correspond to the hardware. So, we can write to the RAM that belongs to the Amiga, and we can write to the hardware that isn't RAM but pretends to be. And that means we can run whatever we want on the Pi and then access Amiga hardware.<br /><br />And, obviously, the thing we want to run is Doom, because that's what everyone runs in fucked up hardware situations.<br /><br />Doom was Amiga kryptonite. Its entire graphical model was based on memory directly representing the contents of your display, and being able to modify that by just moving pixels around. This worked because at the time VGA displays supported having a memory layout where each pixel on your screen was represented by a byte in memory containing an 8 bit value that corresponded to a lookup table containing the RGB value for that pixel.<br /><br />The Amiga was, well, not good at this. Back in the 80s, when the Amiga hardware was developed, memory was expensive. Dedicating that much RAM to the video hardware was unthinkable - the Amiga 1000 initially shipped with only 256K of RAM, and you could fill all of that with a sufficiently colourful picture. So instead of having the idea of each pixel being associated with a specific area of memory, the Amiga used bitmaps. A bitmap is an area of memory that represents the screen, but only represents one bit of the colour depth. If you have a black and white display, you only need one bitmap. If you want to display four colours, you need two. More colours, more bitmaps. And each bitmap is stored in an independent area of RAM. You never use more memory than you need to display the number of colours you want to.<br /><br />But that means that each bitplane contains packed information - every byte of data in a bitplane contains the bit value for 8 different pixels, because each bitplane contains one bit of information per pixel. To update one pixel on screen, you need to read from every bitmap, update one bit, and write it back, and that's a lot of additional memory accesses. Doom, but on the Amiga, was slow not just because the CPU was slow, but because there was a lot of manipulation of data to turn it into the format the Amiga wanted and then push that over a fairly slow memory bus to have it displayed.<br /><br />The <a href="https://en.wikipedia.org/wiki/CDTV">CDTV</a> was an aesthetically pleasing piece of hardware that absolutely sucked. It was an Amiga 500 in a hi-fi box with a caddy-loading CD drive, and it ran software that was just awful. There's no path to remediation here. No compelling apps were ever released. It's a terrible device. I love it. I bought one in 1996 because a local computer store had one and I pointed out that the company selling it had gone bankrupt some years earlier and literally nobody in my farming town was ever going to have any interest in buying a CD player that made a whirring noise when you turned it on because it had a fan and eventually they just sold it to me for not much money, and ever since then I wanted to have a CD player that ran Linux and well spoiler 30 years later I'm nearly there. That CDTV is going to be our test subject. We're going to try to get Doom running on it without executing any 68000 instructions.<br /><br />We're facing two main problems here. The first is that all Amigas have a firmware ROM called Kickstart that runs at powerup. No matter how little you care about using any OS functionality, you can't start running your code until Kickstart has run. This means even documentation describing bare metal Amiga programming assumes that the hardware is already in the state that Kickstart left it in. This will become important later. The second is that we're going to need to actually write the code to use the Amiga hardware.<br /><br />First, <a href="https://www.bonequest.com/150">let's talk about Amiga graphics</a>. We've already covered bitmaps, but for anyone used to modern hardware that's not the weirdest thing about what we're dealing with here. The CDTV's chipset supports a maximum of 64 colours in a mode called "Extra Half-Brite", or EHB, where you have 32 colours arbitrarily chosen from a palette and then 32 more colours that are identical but with half the intensity. For 64 colours we need 6 bitplanes, each of which can be located arbitrarily in the region of RAM accessible to the chipset ("chip RAM", distinguished from "fast ram" that's only accessible to the CPU). We tell the chipset where our bitplanes are and it displays them. Or, well, it does for a frame - after that the registers that pointed at our bitplanes no longer do, because when the hardware was DMAing through the bitplanes to display them it was incrementing those registers to point at the next address to DMA from. Which means that every frame we need to set those registers back.<br /><br />Making sure you have code that's called every frame just to make your graphics work sounds intensely irritating, so Commodore gave us a way to avoid doing that. The chipset includes a coprocessor called "copper". Copper doesn't have a large set of features - in fact, it only has three. The first is that it can program chipset registers. The second is that it can wait for a specific point in screen scanout. The third (which we don't care about here) is that it can optionally skip an instruction if a certain point in screen scanout has already been reached. We can write a program (a "copper list") for the copper that tells it to program the chipset registers with the locations of our bitplanes and then wait until the end of the frame, at which point it will repeat the process. Now our bitplane pointers are always valid at the start of a frame.<br /><br />Ok! We know how to display stuff. Now we just need to deal with not having 256 colours, and the whole "Doom expects pixels" thing. For the first of these, I stole code from <a href="https://doomwiki.org/wiki/ADoom">ADoom</a>, the only Amiga doom port I could easily find source for. This looks at the 256 colour palette loaded by Doom and calculates the closest approximation it can within the constraints of EHB. ADoom also includes a bunch of CPU-specific assembly optimisation for converting the "chunky" Doom graphic buffer into the "planar" Amiga bitplanes, none of which I used because (a) it's all for 68000 series CPUs and we're running on ARM, and (b) I have a quad core CPU running at 1.4GHz and I'm going to be pushing all the graphics over a 7.14MHz bus, the graphics mode conversion is <em>not</em> going to be the bottleneck here. Instead I just wrote a series of nested for loops that iterate through each pixel and update each bitplane and called it a day. The set of bitplanes I'm operating on here is allocated on the Linux side so I can read and write to them without being restricted by the speed of the Amiga bus (remember, each byte in each bitplane is going to be updated 8 times per frame, because it holds bits associated with 8 pixels), and then copied over to the Amiga's RAM once the frame is complete.<br /><br />And, kind of astonishingly, this works! Once I'd figured out where I was going wrong with RGB ordering and which order the bitplanes go in, I had a recognisable copy of Doom running. Unfortunately there were weird graphical glitches - sometimes blocks would be entirely the wrong colour. It took me a while to figure out what was going on and then I felt stupid. Recording the screen and watching in slow motion revealed that the glitches often showed parts of two frames displaying at once. The Amiga hardware is taking responsibility for scanning out the frames, and the code on the Linux side isn't synchronised with it at all. That means I could update the bitplanes while the Amiga was scanning them out, resulting in a mashup of planes from two different Doom frames being used as one Amiga frame. One approach to avoid this would be to tie the Doom event loop to the Amiga, blocking my writes until the end of scanout. The other is to use double-buffering - have two sets of bitplanes, one being displayed and the other being written to. This consumes more RAM but since I'm not using the Amiga RAM for anything else that's not a problem. With this approach I have two copper lists, one for each set of bitplanes, and switch between them on each frame. This improved things a lot but not entirely, and there's still glitches when the palette is being updated (because there's only one set of colour registers), something Doom does rather a lot, so I'm going to need to implement proper synchronisation.<br /><br />Except. This was only working if I ran a 68K emulator first in order to run Kickstart. If I tried accessing the hardware without doing that, things were in a weird state. I could update the colour registers, but accessing RAM didn't work - I could read stuff out, but anything I wrote vanished. Some more digging cleared that up. When you turn on a CPU it needs to start executing code from somewhere. On modern x86 systems it starts from a hardcoded address of 0xFFFFFFF0, which was traditionally a long way any RAM. The 68000 family instead reads its start address from address 0x00000004, which overlaps with where the Amiga chip RAM is. We can't write anything to RAM until we're executing code, and we can't execute code until we tell the CPU where the code is, which seems like a problem. This is solved on the Amiga by powering up in a state where the Kickstart ROM is "overlayed" onto address 0. The CPU reads the start address from the ROM, which causes it to jump into the ROM and start executing code there. Early on, the code tells the hardware to stop overlaying the ROM onto the low addresses, and now the RAM is available. This is poorly documented because it's not something you need to care if you execute Kickstart which every actual Amiga does and I'm only in this position because I've made poor life choices, but ok that explained things. To turn off the overlay you write to a register in one of the Complex Interface Adaptor (CIA) chips, and things start working like you'd expect.<br /><br />Except, they don't. Writing to that register did nothing for me. I assumed that there was some other register I needed to write to first, and went to the extent of tracing every register access that occurred when running the emulator and replaying those in my code. Nope, still broken. What I finally discovered is that you need to pulse the reset line on the board before some of the hardware starts working - powering it up doesn't put you in a well defined state, but resetting it does.<br /><br />So, I now have a slightly graphically glitchy copy of Doom running without any sound, displaying on an Amiga whose brain has been replaced with a parasitic Linux. Further updates will likely make things even worse. Code is, of course, <a href="https://gitlab.com/mjg59/cordoomceps">available</a>.<br /><br />[1] This is why we had trouble with late era 32 bit systems and 4GB of RAM - a bunch of your hardware wanted to be in the same address space and so you couldn't put RAM there so you ended up with less than 4GB of RAM<br /><br /><img alt="comment count unavailable" height="12" src="https://www.dreamwidth.org/tools/commentcount?user=mjg59&amp;ditemid=73001" style="vertical-align: middle;" width="30" /> comments</description><author>Matthew Garrett</author><dc:creator>Matthew Garrett</dc:creator><pubDate>Tue, 05 Aug 2025 00:30:19 GMT</pubDate><guid isPermaLink="true">https://mjg59.dreamwidth.org/73001.html</guid></item><item><title>Victor Ma: It's alive!</title><link>https://victorma.ca/posts/gsoc-6/</link><description><p>In the last two weeks, I&rsquo;ve been working on my lookahead-based word suggestion algorithm. And it&rsquo;s finally functional! There&rsquo;s still a lot more work to be done, but it&rsquo;s great to see that the <a href="http://localhost:1313/posts/gsoc-5/#design-doc">original problem</a> I set out to solve is now solved by my new algorithm.</p><h2 id="without-my-changes">Without my changes</h2><p>Here&rsquo;s what the upstream Crosswords Editor looks like, with a problematic grid:</p><p><figure> <img alt="Broken behaviour" src="https://victorma.ca/posts/gsoc-6/broken.png" /></figure> </p><p>The editor suggests words like <em>WORD</em> and <em>WORM</em>, for the 4-Across slot. But none of the suggestions are valid, because the grid is actually unfillable. This means that there are no possible word suggestions for the grid.</p><p>The words that the editor suggests do work for 4-Across. But they do not work for 4-Down. They all cause 4-Down to become a nonsensical word.</p><p>The problem here is that the current word suggestion algorithm only looks at the row and column where the cursor is. So it sees 4-Across and 1-Down&mdash;but it has no idea about 4-Down. If it could see 4-Down, then it would realise that no word that fits in 4-Across also fits in 4-Down&mdash;and it would return an empty word suggestion list.</p><h2 id="with-my-changes">With my changes</h2><p>My algorithm fixes the problem by considering <em>every</em> intersecting slot of the current slot. In the example grid, the current slot is 4-Across. So, my algorithm looks at 1-Down, 2-Down, 3-Down, and 4-Down. When it reaches 4-Down, it sees that no letter fits in the empty cell. Every possible letter leads to either 4-Across or 4-Down or both slots to contain an invalid word. So, my algorithm correctly returns an empty list of word suggestions.</p><p><figure> <img alt="Fixed behaviour" src="https://victorma.ca/posts/gsoc-6/fixed.png" /></figure> </p></description><author>Victor Ma</author><dc:creator>Victor Ma</dc:creator><pubDate>Tue, 05 Aug 2025 00:00:00 GMT</pubDate><guid isPermaLink="true">https://victorma.ca/posts/gsoc-6/</guid></item><item><title>Julian Hofer: Git Forges Made Simple: gh & glab</title><link>https://julianhofer.eu/blog/2025/git-forges/</link><description><p>When I set the goal for myself to contribute to open source back in 2018,I mostly struggled with two technical challenges:</p><ul><li>Python virtual environments, and</li><li>Git together with GitHub.</li></ul><p>Solving the former is nowadays my <a href="https://prefix.dev/">job</a>,so let me write up my current workflow for the latter.</p> <p>Most people use Git in combination with modern Git forges like GitHub and GitLab.Git doesnβt know anything about these forges, which is why CLI tools exist to close that gap.Itβs still good to know how to handle things without them, so I will also explain how to do things with only Git.For GitHub thereβs <a href="https://cli.github.com/"><code dir="auto">gh</code></a> and for GitLab thereβs <a href="https://docs.gitlab.com/editor_extensions/gitlab_cli/"><code dir="auto">glab</code></a>.Both of them are Go binaries without any dependencies that work on Linux, macOS and Windows.If you donβt like any of the provided installation methods, you can simply download the binary, make it executable and put it in your <code dir="auto">PATH</code>.</p><p>Luckily, they also have mostly the same command line interface.First, you have to login with the command that corresponds to your git forge:</p> <p>In the case of <code dir="auto">gh</code> this even authenticates Git with GitHub.With GitLab, you still have to set up authentication via <a href="https://docs.gitlab.com/user/ssh/">SSH</a>.</p><div><h2 id="working-solo">Working Solo</h2><a href="https://julianhofer.eu/blog/rss.xml#working-solo"><span><svg height="16" viewBox="0 0 24 24" width="16" xmlns="http://www.w3.org/2000/svg"><path d="m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z" fill="currentcolor"></path></svg></span><span>Section titled βWorking Soloβ</span></a></div><p>The simplest way to use Git is to use it like a backup system.First, you create a new repository on either <a href="https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-new-repository">Github</a> or <a href="https://docs.gitlab.com/user/project/">GitLab</a>.Then you clone the repository:</p><div><figure><figcaption><span></span><span>Terminal window</span></figcaption><pre><code><div><div><span>git</span><span> </span><span>clone</span><span> </span><span>&#x3c;REPO></span></div></div></code></pre><div><button title="Copy to clipboard">"><div></div></button></div></figure></div><p>From that point on, all you have to do is:</p><ul><li>do some work</li><li>commit</li><li>push</li><li>repeat</li></ul><p>On its own there arenβt a lot of reasons to choose this approach over a file syncing service like <a href="https://nextcloud.com/sign-up/">Nextcloud</a>.No, the main reason you do this, is because you are either already familiar with the git workflow, or want to get used to it.</p><div><h2 id="contributing">Contributing</h2><a href="https://julianhofer.eu/blog/rss.xml#contributing"><span><svg height="16" viewBox="0 0 24 24" width="16" xmlns="http://www.w3.org/2000/svg"><path d="m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z" fill="currentcolor"></path></svg></span><span>Section titled βContributingβ</span></a></div><p>Git truly shines as soon as you start collaborating with others.On a high level this works like this:</p><ul><li>You modify some files in a Git repository,</li><li>you propose your changes via the Git forge,</li><li>maintainers of the repository review your changes, and</li><li>as soon as they are happy with your changes, they will integrate your changes into the main branch of the repository.</li></ul><div><h3 id="starting-out-with-a-fresh-branch">Starting Out With a Fresh Branch</h3><a href="https://julianhofer.eu/blog/rss.xml#starting-out-with-a-fresh-branch"><span><svg height="16" viewBox="0 0 24 24" width="16" xmlns="http://www.w3.org/2000/svg"><path d="m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z" fill="currentcolor"></path></svg></span><span>Section titled βStarting Out With a Fresh Branchβ</span></a></div><p>Letβs go over the exact commands.</p><ol><li><p>You will want to start out with the latest upstream changes in the default branch.You can find out its name by running the following command:</p><div><figure><figcaption><span></span><span>Terminal window</span></figcaption><pre><code><div><div><span>git</span><span> </span><span>ls-remote</span><span> </span><span>--symref</span><span> </span><span>origin</span><span> </span><span>HEAD</span></div></div></code></pre><div></div></figure></div></li><li><p>Chances are it displays either <code dir="auto">ref/heads/main</code> or <code dir="auto">refs/heads/master</code>.The last component is the branch, so the default branch will be called either <code dir="auto">main</code> or <code dir="auto">master</code>.Before you start a new branch, you will run the following two commands to make sure you start with the latest state of the repository:</p><div><figure><figcaption><span></span><span>Terminal window</span></figcaption><pre><code><div><div><span>git</span><span> </span><span>switch</span><span> </span><span>&#x3c;DEFAULT-BRANCH></span></div></div><div><div><span>git</span><span> </span><span>pull</span></div></div></code></pre><div><button title="Copy to clipboard">git pull"><div></div></button></div></figure></div></li><li><p>You switch and create a new branch with:</p><div><figure><figcaption><span></span><span>Terminal window</span></figcaption><pre><code><div><div><span>git</span><span> </span><span>switch</span><span> </span><span>--create</span><span> </span><span>&#x3c;BRANCH></span></div></div></code></pre><div><button title="Copy to clipboard">"><div></div></button></div></figure></div><p>That way you can work on multiple features at the same time and easily keep your default branch synchronized with the remote repository.</p></li></ol><div><h3 id="open-a-pull-request">Open a Pull Request</h3><a href="https://julianhofer.eu/blog/rss.xml#open-a-pull-request"><span><svg height="16" viewBox="0 0 24 24" width="16" xmlns="http://www.w3.org/2000/svg"><path d="m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z" fill="currentcolor"></path></svg></span><span>Section titled βOpen a Pull Requestβ</span></a></div><p>The next step is to open a pull request on GitHub or merge request on GitLab.Even though they are named differently, they are exactly the same thing.Therefore, I will call both of them pull requests from now on.The idea of a pull request is to integrate the changes from one branch into another branch (typically the default branch).However, you donβt necessarily want to give every potential contributor the power to create new branches on your repository.That is why the concept of forks exists.Forks are copies of a repository that are hosted on the same Git forge.Contributors can now create branches on their own forks and open pull requests based on these branches.</p><ol><li><p>If you donβt have push access to the repository, now itβs time to create your own fork.</p> </li><li><p>Then, you open the Pull Request</p> </li></ol><div><h2 id="checking-out-pull-requests">Checking out Pull Requests</h2><a href="https://julianhofer.eu/blog/rss.xml#checking-out-pull-requests"><span><svg height="16" viewBox="0 0 24 24" width="16" xmlns="http://www.w3.org/2000/svg"><path d="m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z" fill="currentcolor"></path></svg></span><span>Section titled βChecking out Pull Requestsβ</span></a></div><p>Often, you want to check out a pull request on your own machine to verify that it works as expected.</p></description><author>Julian Hofer</author><dc:creator>Julian Hofer</dc:creator><pubDate>Mon, 04 Aug 2025 00:00:00 GMT</pubDate><guid isPermaLink="true">https://julianhofer.eu/blog/2025/git-forges/</guid></item><item><title>Emmanuele Bassi: Governance in GNOME</title><link>https://www.bassi.io/articles/2025/08/03/governance-in-gnome/</link><description><h2>How do things happen in <span class="caps">GNOME</span>?</h2><p>Things happen in <span class="caps">GNOME</span>? Could have fooled me,&nbsp;right?</p><p>Of course, things happen in <span class="caps">GNOME</span>. After all, we have been releasing everysix months, on the dot, for nearly 25 years. Assuming we&#8217;re not constantlyre-releasing the same source files, then we have to come to the conclusionthat things change inside each project that makes <span class="caps">GNOME</span>, and thus thingshappen that involve more than one&nbsp;project.</p><p>So let&#8217;s roll back a&nbsp;bit.</p><h2><span class="caps">GNOME</span>&#8217;s original&nbsp;sin</h2><p>We all know Havoc Pennington&#8217;s <a href="https://ometer.com/preferences.html">essay onpreferences</a>; it&#8217;s one of <span class="caps">GNOME</span>&#8217;sfoundational texts, we refer to it pretty much constantly both inside andoutside the contributors community. It has guided our decisions and tastefor over 20 years. As far as foundational text goes, though, it applies todesign philosophy, not to project&nbsp;governance.</p><p>When talking about the inception and technical direction of the <span class="caps">GNOME</span> projectthere are really two foundational texts that describe the goals of <span class="caps">GNOME</span>, aswell as the mechanisms that are employed to achieve those&nbsp;goals.</p><p>The first one is, of course, Miguel&#8217;s announcement of the <span class="caps">GNOME</span> projectitself, sent to the <span class="caps">GTK</span>, Guile, and (for good measure) the <span class="caps">KDE</span> mailing&nbsp;lists:</p><blockquote><p>We will try to reuse the existing code for <span class="caps">GNU</span> programs asmuch as possible, while adhering to the guidelines of the project.Putting nice and consistent user interfaces over all-timefavorites will be one of the projects. &#8212; Miguel de Icaza, <a href="https://mail.gnome.org/archives/gtk-list/1997-August/msg00123.html">&#8220;The <span class="caps">GNOME</span> Desktop project.&#8221; announcement&nbsp;email</a></p></blockquote><p>Once again, everyone related to the <span class="caps">GNOME</span> project is (or should be) familiarwith this&nbsp;text.</p><p>The second foundational text is not as familiar, outside of the core groupof people that were around at the time. I am referring to Derek Glidden&#8217;sdescription of the differences between <span class="caps">GNOME</span> and <span class="caps">KDE</span>, written five yearsafter the inception of the project. I isolated a small fragment of&nbsp;it:</p><blockquote><p>Development strategies are generally determined by whatever light show happensto be going on at the moment, when one of the developers will leap up and screamβI <span class="caps">WANT</span> <span class="caps">IT</span> <span class="caps">TO</span> <span class="caps">LOOK</span> <span class="caps">JUST</span> <span class="caps">LIKE</span> <span class="caps">THAT</span>β and then straight-arm his laptop against thewall in an hallucinogenic frenzy before vomiting copiously, passing out andfalling face-down in the middle of the dance floor. &#8212; Derek Glidden, <a href="https://www.bassi.io/~ebassi/GNOMEvKDE.md.html">&#8220;<span class="caps">GNOME</span> vs <span class="caps">KDE</span>&#8221;</a></p></blockquote><p>What both texts have in common is subtle, but explains the origin of theproject. You may not notice it immediately, but once you see it you can&#8217;tunsee it: it&#8217;s the over-reliance on personal projects and taste, to besublimated into a shared vision. A &#8220;bottom up&#8221; approach, with &#8220;nice andconsistent user interfaces&#8221; bolted on top of &#8220;all-time favorites&#8221;, with zeroindication of how those nice and consistent UIs would work on extant codebases, all driven by somebody&#8217;s with a visionβdrug induced or otherwiseβthatdecides to lead the project towards its&nbsp;implementation.</p><p>It&#8217;s been nearly 30 years, but <span class="caps">GNOME</span> still works that&nbsp;way.</p><p>Sure, we&#8217;ve had a <span class="caps">HIG</span> for 25 years, and the shared development resourcesthat the project provides tend to mask this, to the point that everyoneoutside the project assumes that all people with access to the <span class="caps">GNOME</span> commitbit work on the whole project, as a single unit. If you are here, listening(or reading) to this, you know it&#8217;s not true. In fact, it is so comicallyremoved from the lived experience of everyone involved in the project thatwe generally joke about&nbsp;it.</p><h2>Herding cats and vectors&nbsp;sum</h2><p>During my first <span class="caps">GUADEC</span>, back in 2005, I saw a great slide from Seth Nickell,one of the original <span class="caps">GNOME</span> designers. It showed <span class="caps">GNOME</span> contributorsrepresented as a jumble of vectors going in all directions, cancelling eachcomponent out; and the occasional movement in the project was the result ofsomebody pulling/pushing harder in their&nbsp;direction.</p><p>Of course, this is not the exclusive province of <span class="caps">GNOME</span>: you could take mostcomplex free and open source software projects and draw a similar diagram. Icontend, though, that when it comes to <span class="caps">GNOME</span> this is not emergent behaviourbut it&#8217;s baked into the project from its very inception: a loosey-gooseycollection of cats, herded together by whoever shows up with &#8220;a vision&#8221;,but, also, a collection of loosely coupled projects. Over the years we triedto put a rest to the notion that <span class="caps">GNOME</span> is a box of <span class="caps">LEGO</span>, meant to beassembled together by distributors and users in the way they most like it;while our software stack has graduated from the &#8220;thrown together at the lastminute&#8221; quality of its first decade, our community is still very muchfollowing that very same model; the only way it <strong>seems</strong> to work is becausewe have a few people maintaining a lot of&nbsp;components.</p><h2>On&nbsp;maintainers</h2><p>I am a software nerd, and one of the side effects of this terminal conditionis that I like optimisation problems. Optimising software is inherentlyboring, though, so I end up trying to optimise processes and people. Thefundamental truth of process optimisation, just like software, is to avoidunnecessary workβwhich, in some cases, means optimising away the people&nbsp;involved.</p><p>I am afraid I will have to be blunt, here, so I am going to ask for yourforgiveness in&nbsp;advance.</p><p>Let&#8217;s say you are a maintainer inside a community of maintainers. Dealingwith people is hard, and the lord forbid you talk to other people about whatyou&#8217;re doing, what they are doing, and what you can do together, so you onlyhave a few options&nbsp;available.</p><p>The first one is: you carve out your niche. You start, or take over, aproject, or an aspect of a project, and you try very hard to make yourselfindispensable, so that everything ends up passing through you, and everyonehas to defer to your taste, opinion, or&nbsp;edict.</p><p>Another option: <span class="caps">API</span> design is opinionated, and reflects the thoughts of theperson behind it. By designing platform <span class="caps">API</span>, you try to replicate yourtoughts, taste, and opinions into the minds of the people using it, like theeggs of parasitic wasp; because if everybody thinks like you, then therewon&#8217;t be conflicts, and you won&#8217;t have to deal with details, like &#8220;how tomake this application work&#8221;, or &#8220;how to share functionality&#8221;; or, you know,having to develop a theory of mind for relating to other&nbsp;people.</p><p>Another option: you try to reimplement the entirety of a platform byyourself. You start a bunch of projects, which require starting a bunch ofdependencies, which require refactoring a bunch of libraries, which ends upcascading into half of the stack. Of course, since you&#8217;re by yourself, youend up with a consistent approach to everything. Everything is as it oughtto be: fast, lean, efficient, a reflection of your taste, commitment, and<em>ethos</em>. You made everyone else redundant, which means people depend on you,but also nobody is interested in helping you out, because you are now takenfor granted, on the one hand, and nobody is able to get a word edgewise intowhat you made on the&nbsp;other.</p><p>I purposefully did not name names, even though we can all recognise somebodyin these examples. For instance, I recognise myself. I have been all ofthese examples, at one point or another over the past 20&nbsp;years.</p><h2>Painting a target on your&nbsp;back</h2><p>But if this is what it looks like from within a project, what it looks likefrom the outside is even&nbsp;worse.</p><p>Once you start dragging other people, you raise your visibility; peoplestart learning your name, because you appear in the issue tracker, onMatrix/<span class="caps">IRC</span>, on Discourse and Planet <span class="caps">GNOME</span>. Youtubers and journalists startasking you questions about the project. Randos on web forums startassociating you to everything <span class="caps">GNOME</span> does, or does not; to features, design,and bugs. You become responsible for every decision, whether you are or not,and this leads to being the embodiment of all evil the project does. You&#8217;llget hate mail, you&#8217;ll be harrassed, your words will be used against you andthe project for ever and&nbsp;ever.</p><h2>Burnout and&nbsp;you</h2><p>Of course, that ends up burning people out; it would be absurd if it didn&#8217;t.Even in the best case possible, you&#8217;ll end up burning out just by reachingempathy fatigue, because everyone has access to you, and everyone has theirown problems and bugs and features and wouldn&#8217;t it be great to solve everyproblem in the world? This is similar to working for non profits as opposedto the typical corporate burnout: you get into a feedback loop where youdon&#8217;t want to distance yourself from the work you do because the work you dogives meaning to yourself and to the people that use it; and yet working onit hurts you. It also empowers bad faith actors to hound you down to theends of the earth, until you realise that turning sand into computers was aterrible mistake, and we should have torched the first personal computerdown on&nbsp;sight.</p><h2>Governance</h2><p>We want to have structure, so that people know what to expect and how tonavigate the decision making process inside the project; we also want toavoid having a sacrificial lamb that takes on all the problems in the worldon their shoulders until we burn them down to a cinder and they have toleave. We&#8217;re 28 years too late to have a benevolent dictator, self-appointedor otherwise, and we don&#8217;t want to have a public consultation every time wewant to deal with a systemic feature. What do we&nbsp;do?</p><h3>Examples</h3><p>What do other projects have to teach us about governance? We are not theonly complex free software project in existence, and it would be an appalingmeasure of narcissism to believe that we&#8217;re special in any way, shape or&nbsp;form.</p><h3>Python</h3><p>We should all know what a <a href="https://peps.python.org">Python <span class="caps">PEP</span></a> is, but ifyou are not familiar with the process I strongly recommend going through it.It&#8217;s well documented, and pretty much the de facto standard for any complexfree and open source project that has achieved escape velocity from acentralised figure in charge of the whole decision making process. The realachievement of the Python community is that it adopted this policy longbefore their centralised figure called it quits. The interesting thing ofthe <span class="caps">PEP</span> process is that it is used to codify the governance of the projectitself; the <span class="caps">PEP</span> template is a <span class="caps">PEP</span>; teams are defined through PEPs; targetplatforms are defined through PEPs; deprecations are defined through PEPs;all project-wide processes are defined through&nbsp;PEPs.</p><h3>Rust</h3><p>Rust has a similar process for language, tooling, and standard librarychanges, called <a href="https://github.com/rust-lang/rfcs">&#8220;<span class="caps">RFC</span>&#8221;</a>. The <span class="caps">RFC</span> processis more lightweight on the formalities than Python&#8217;s PEPs, but it&#8217;s stillvery well defined. Rust, being a project that came into existence in aPost-<span class="caps">PEP</span> world, adopted the same type of process, and used it to codifyteams, governance, and any and all project-wide&nbsp;processes.</p><h3>Fedora</h3><p>Fedora change proposals exist to discuss and document both self-containedchanges (usually fairly uncontroversial, given that they are proposed by thesame owners of module being changed) and system-wide changes. The maindifference between them is that most of the elements of a system-wide changeproposal are required, wheres for self-contained proposals they can beoptional; for instance, a system-wide change must have a contingency plan, away to test it, and the impact on documentation and release notes, whereasas self-contained change does&nbsp;not.</p><h3><span class="caps">GNOME</span></h3><p>Turns out that we once did have <a href="https://gitlab.gnome.org/Archive/gep">&#8220;<span class="caps">GNOME</span> EnhancementProposals&#8221;</a> (<span class="caps">GEP</span>), mainly modelled onPython&#8217;s <span class="caps">PEP</span> from 2002. If this comes as a surprise, that&#8217;s because theylasted for about a year, mainly because it was a reactionary process to tryand funnel some of the large controversies of the 2.0 development cycle intoa productive outlet that didn&#8217;t involve flames and people dramaticallyquitting the project. GEPs failed once the community fractured, and peoplestarted working in silos, either under their own direction or, more likely,under their management&#8217;s direction. What&#8217;s the point of discussing aproject-wide change, when that change was going to be implemented by peoplealready working&nbsp;together?</p><p>The <span class="caps">GEP</span> process mutated into the lightweight &#8220;module proposal&#8221; process,where people discussed adding and removing dependencies on the desktopdevelopment mailing listβsomething we also lost over the 2.x cycle, mainlybecause the amount of discussions over time tended towards zero. The peopleinvolved with the change knew what those modules brought to the release, andpeople unfamiliar with them were either giving out unsolicited advice, orwere simply not reached by the desktop development mailing list. Thediscussions turned into external dependencies notifications, which also diedup because apparently asking to compose an email to notify the release teamthat a new dependency was needed to build a core module was far too much ofa bother for project&nbsp;maintainers.</p><p>The creation and failure of <span class="caps">GEP</span> and module proposals is both an indicationof the need for structure inside <span class="caps">GNOME</span>, and how this need collides with theexpectation that project maintainers have not just complete control overevery aspect of their domain, but that they can also drag out the processuntil all the energy behind it has dissipated. Being in charge for the longrun allows people to just run out the clock on everybody&nbsp;else.</p><h2>Goals</h2><p>So, what should be the goal of a proper technical governance model for the<span class="caps">GNOME</span>&nbsp;project?</p><h3>Diffusing&nbsp;responsibilities</h3><p>This should be goal zero of any attempt at structuring the technicalgovernance of <span class="caps">GNOME</span>. We have too few people in too many critical positions.We can call it &#8220;efficiency&#8221;, we can call it &#8220;bus factor&#8221;, we can call it&#8220;bottleneck&#8221;, but the result is the same: the responsibility for anything istoo concentrated. This is how you get conflict. This is how you get burnout.This is how you paralise a whole project. By having too few people inpositions of responsibility, we don&#8217;t have enough slack in the governancemodel; it&#8217;s an illusion of&nbsp;efficiency.</p><p>Responsibility is not something to hoard: it&#8217;s something to&nbsp;distribute.</p><h3>Empowering the&nbsp;community</h3><p>The community of contributors should be able to know when and how a decisionis made; it should be able to know what to do once a decision is made. Rightnow, the process is opaque because it&#8217;s done inside a million differentrooms, and, more importantly, it is not recorded for posterity. RandomGitLab issues should not be the only place where people can be informed thatsome decision was&nbsp;taken.</p><h3>Empowering&nbsp;individuals</h3><p>Individuals should be able to contribute to a decision without necessarilybecoming responsible for a whole project. It&#8217;s daunting, and requires ameasure of <em>hubris</em> that cannot be allowed to exist in a shared space. In asimilar fashion, we should empower people that want to contribute to theproject by reducing the amount of fluff coming from people with zero stakesin it, and are interested only in giving out an opinion on their perfectlyspherical, frictionless desktop&nbsp;environment.</p><p>It is <em>free and open source software</em>, not <em>free and open mic night down atthe pub</em>.</p><h3>Actual decision making&nbsp;process</h3><p>We say we work by rough consensus, but if a single person is responsible formultiple modules inside the project, we&#8217;re just deceiving ourselves. Ishould not be able to design something on my own, commit it to all projectsI maintain, and then go home, regardless of whether what I designed is goodor&nbsp;necessary.</p><h2>Proposed <span class="caps">GNOME</span>&nbsp;Changesβ</h2><p>β Name subject to&nbsp;change</p><h3>PGCs</h3><p>We have better tools than what the <span class="caps">GEP</span> used to use and be. We have bettercommunication venues in 2025; we have better validation; we have betterpublishing&nbsp;mechanisms.</p><p>We can take a lightweight approach, with a well-defined process, and use itnot for actual design or decision-making, but for discussion anddocumentation. If you are trying to design something and you use thisprocess, you are by definition Doing It Wrongβ’. You should have a designready, and series of steps to achieve it, as part of a proposal. You shouldalready know the projects involved, and already have an idea of the effortneeded to make something&nbsp;happen.</p><p>Once you have a formal proposal, you present it to the various stakeholders,and iterate over it to improve it, clarify it, and amend it, until you havesomething that has a rough consensus among all the parties involved. Oncethat&#8217;s done, the proposal is now in effect, and people can refer to itduring the implementation, and in the future. This way, we don&#8217;t have to askpeople to remember a decision made six months, two years, ten years ago:it&#8217;s already&nbsp;available.</p><h3>Editorial&nbsp;team</h3><p>Proposals need to be valid, in order to be presented to the community atlarge; that validation comes from an editorial team. The editors of theproposals are not there to evaluate its contents: they are there to ensurethat the proposal is going through the expected steps, and that discussionsrelated to it remain relevant and constrained within the accepted period andscope. They are there to steer the discussion, and avoid architectureastronauts parachuting into the issue tracker or Discourse to give theirunwarranted&nbsp;opinion.</p><p>Once the proposal is open, the editorial team is responsible for itsinclusion in the public website, and for keeping track of its&nbsp;state.</p><h3>Steering&nbsp;group</h3><p>The steering group is the final arbiter of a proposal. They are responsiblefor accepting it, or rejecting it, depending on the feedback from thevarious stakeholders. The steering group does not design or direct <span class="caps">GNOME</span> asa whole: they are the ones that ensure that communication between the partshappens in a meaningful manner, and that rough consensus is&nbsp;achieved.</p><p>The steering group is also, by design, not the release team: it is made ofrepresentatives from all the teams related to technical&nbsp;matters.</p><h2>Is this&nbsp;enough?</h2><p>Sadly,&nbsp;no.</p><p>Reviving a process for proposing changes in <span class="caps">GNOME</span> without addressing theshortcomings of its first iteration would inevitably lead to a repeat of its&nbsp;results.</p><p>We have better tooling, but the problem is still that we&#8217;re demanding thateach project maintainer gets on board with a process that has no mechanismto enforce&nbsp;compliance.</p><p>Once again, the problem is that we have a bunch of fiefdoms that need to beopened up to ensure that more people can work on&nbsp;them.</p><h2>Whither&nbsp;maintainers</h2><p>In what was, in retrospect, possibly one of my least gracious and yet mostprophetic moments on the desktop development mailing list, I once said that,if it were possible, I would have already replaced all <span class="caps">GNOME</span> maintainerswith a shell script. Turns out that we did replace a lot of what maintainersused to do, and we used <a href="https://gitlab.gnome.org/Infrastructure/openshift-images/gnome-release-service">a large Pythonservice</a>to do&nbsp;that.</p><p>Individual maintainers should not exist in a complex projectβfor both theproject&#8217;s and the contributors&#8217; sake. They are inefficiency made manifest, abottleneck, a point of contention in a distributed environment like <span class="caps">GNOME</span>.Luckily for us, we almost made them entirely redundant already! Thanks tothe release service and <span class="caps">CI</span> pipelines, we don&#8217;t need a person spinning up arelease archive and uploading it into a file server. We just need somebodyto tag the source code repository, and anybody with the right permissionscould do&nbsp;that.</p><p>We need people to review contributions; we need people to write releasenotes; we need people to triage the issue tracker; we need people tocontribute features and bug fixes. None of those tasks require the&#8220;maintainer&#8221;&nbsp;role.</p><p>So, let&#8217;s get rid of maintainers once and for all. We can delegate theactual release tagging of core projects and applications to the <span class="caps">GNOME</span>release team; they are already releasing <span class="caps">GNOME</span> anyway, so what&#8217;s the pointin having them wait every time for somebody else to do individual releases?All people need to do is to write down what changed in a release, and thatshould be part of a change itself; we have centralised release notes, and wecan easily extract the list of bug fixes from the commit log. If you canensure that a commit message is correct, you can also get in the habit ofupdating the <code>NEWS</code> file as part of a merge&nbsp;request.</p><p>Additional benefits of having all core releases done by a central authorityare that we get people to update the release notes every time somethingchanges; and that we can sign all releases with a <span class="caps">GNOME</span> key that downstreamscan rely&nbsp;on.</p><h2>Embracing special interest&nbsp;groups</h2><p>But it&#8217;s still not&nbsp;enough.</p><p>Especially when it comes to the application development platform, we havealready a bunch of components with an informal scheme of sharedresponsibility. Why not make that scheme&nbsp;official?</p><p>Let&#8217;s create the <span class="caps">SDK</span> special interest group; take all the developers forthe base libraries that are part of <span class="caps">GNOME</span>βGLib, Pango, <span class="caps">GTK</span>, libadwaitaβandformalise the group of people that currently does things like development,review, bug fixing, and documentation writing. Everyone in the group shouldfeel empowered to work on all the projects that belong to that group. Wealready are, except we end up deferring to somebody that is usually too busyto cover every single&nbsp;module.</p><p>Other special interest groups should be formed around the desktop, the coreapplications, the development tools, the <span class="caps">OS</span> integration, the accessibilitystack, the local search engine, the system&nbsp;settings.</p><p>Adding more people to these groups is not going to be complicated, orintroduce instability, because the responsibility is now shared; we wouldnot be taking somebody that is already overworked, or even potentially newto the community, and plopping them into the hot seat, ready for a&nbsp;burnout.</p><p>Each special interest group would have a representative in the steeringgroup, alongside teams like documentation, design, and localisation, thusensuring that each aspect of the project technical direction is included inany discussion. Each special interest group could also have additionalsub-groups, like a web services group in the system settings group; or anetworking group in the <span class="caps">OS</span> integration&nbsp;group.</p><h2>What happens if I say&nbsp;no?</h2><p>I get it. You like being in charge. You want to be the one calling theshots. You feel responsible for your project, and you don&#8217;t want otherpeople to tell you what to&nbsp;do.</p><p>If this is how you feel, then there&#8217;s nothing wrong with parting ways withthe <span class="caps">GNOME</span>&nbsp;project.</p><p><span class="caps">GNOME</span> depends on a ton of projects hosted outside <span class="caps">GNOME</span>&#8217;s owninfrastructure, and we communicate with people maintaining those projectsevery day. It&#8217;s 2025, not 1997: there&#8217;s no shortage of code hosting servicesin the world, we don&#8217;t need to have them all on <span class="caps">GNOME</span>&nbsp;infrastructure.</p><p>If you want to play with the other children, if you want to be part of<span class="caps">GNOME</span>, you get to play with a shared set of rules; and that means sharingall the toys, and not hoarding them for&nbsp;yourself.</p><h2>Civil&nbsp;service</h2><p>What we really want <span class="caps">GNOME</span> to be is a group of people working together. Wealready are, somewhat, but we can be better at it. We don&#8217;t want rule anddesign by committee, but we do need structure, and we need that structure tobe based on expertise; to have distinct sphere of competence; to havecontinuity across time; and to be based on rules. We need somethingflexible, to take into account the needs of <span class="caps">GNOME</span> as a project, and becapable of growing in complexity so that nobody can be singled out, brigadedon, or burnt to a cinder on the sacrificial&nbsp;altar.</p><p>Our days of passing out in the middle of the dance floor are long gone. Wemight not all be oldβactually, I&#8217;m fairly sure we aren&#8217;tβbut <span class="caps">GNOME</span> has longceased to be something we can throw together at the last minute just becausesomebody assumed the mantle of a protean ruler, and managed to involvethemselves with every single project until they are the literal embodiementof an autocratic force capable of dragging everybody else towards a goal,until the burn out and have to leave for their own&nbsp;sake.</p><p>We <strong>can</strong> do better than this. We <strong>must</strong> do&nbsp;better.</p><h2>To sum&nbsp;up</h2><p>Stop releasing individual projects, and let the release team do it when&nbsp;needed.</p><p>Create teams to manage areas of interest, instead of single&nbsp;projects.</p><p>Create a steering group from representatives of those&nbsp;teams.</p><p>Every change that affects one or more teams has to be discussed anddocumented in a public setting among contributors, and then published forfuture&nbsp;reference.</p><p>None of this should be controversial because, outside of the publishing bit,it&#8217;s how we are already doing things. This proposal aims at making itofficial so that people can actually rely on it, instead of having to divinethe process out of thin&nbsp;air.</p><hr /><h2>The next&nbsp;steps</h2><p>We&#8217;re close to the <span class="caps">GNOME</span> 49 release, now that <span class="caps">GUADEC</span> 2025 has ended, sopeople are busy working on tagging releases, fixing bugs, and the work onthe release notes has started. Nevertheless, we can already start planningfor an implementation of a new governance model for <span class="caps">GNOME</span> for the next&nbsp;cycle.</p><p>First of all, we need to create teams and special interest groups. We don&#8217;thave a formal process for that, so this is also a great chance atintroducing the change proposal process as a mechanism for structuring thecommunity, just like the Python and Rust communities do. Teams will needtheir own space for discussing issues, and share the load. The first teamI&#8217;d like to start is an &#8220;introspection and language bindings&#8221; group, for allbindings hosted on <span class="caps">GNOME</span> infrastructure; it would act as a point ofreference for all decisions involving projects that consume the <span class="caps">GNOME</span>software development platform through its machine-readable <span class="caps">ABI</span> description.Another group I&#8217;d like to create is an editorial group for the developer anduser documentation; documentation benefits from a consistent editorialvoice, while the process of writing documentation should be open toeverybody in the&nbsp;community.</p><p>A very real issue that was raised during <span class="caps">GUADEC</span> is bootstrapping thesteering committee; who gets to be on it, what is the committee&#8217;s remit, howit works. There are options, but if we want the steering committee to be arepresentation of the technical expertise of the <span class="caps">GNOME</span> community, it alsohas to be established by the very same community; in this sense, the boardof directors, as representatives of the community, could work ondefining the powers and compositions of this&nbsp;committee.</p><p>There are many more issues we are going to face, but I think we can startfrom these and evaluate our own version of a technical governance model thatworks for <span class="caps">GNOME</span>, and that can grow with the project. In the next couple ofweeks I&#8217;ll start publishing drafts for team governance and thepower/composition/procedure of the steering committee, mainly for iterationand&nbsp;comments.</p></description><author>Emmanuele Bassi</author><dc:creator>Emmanuele Bassi</dc:creator><pubDate>Sun, 03 Aug 2025 20:48:00 GMT</pubDate><guid isPermaLink="true">https://www.bassi.io/articles/2025/08/03/governance-in-gnome/</guid></item><item><title>Tobias Bernard: GUADEC 2025</title><link>https://blogs.gnome.org/tbernard/2025/08/03/guadec-2025/</link><description><p>Last week was this yearβs GUADEC, the first ever in Italy! Here are a few impressions.</p><h3 id="local-first">Local-First</h3><p>One of my main focus areas this year was local-first, since thatβs what weβre working on right now with the <a class="external" href="https://github.com/p2panda/reflection">Reflection</a> project (see the <a href="https://blogs.gnome.org/tbernard/2025/06/30/aardvark-summer-2025-update">previous blog post</a>). Together with Julian and Andreas we did two lightning talks (one on local-first generally, and one on Reflection in particular), and two BoF sessions.</p><figure class="wp-caption alignnone" id="attachment_10611" style="width: 660px;"><img alt="" class="size-large wp-image-10611" height="389" src="https://blogs.gnome.org/tbernard/files/2025/08/21-1024x604.jpg" width="660" /><figcaption class="wp-caption-text" id="caption-attachment-10611">Local-First BoF</figcaption></figure><p>At the BoFs we did a bit of Reflection testing, and reached a new record of people simultaneously trying the app:</p><figure class="wp-caption alignnone" id="attachment_10620" style="width: 660px;"><img alt="" class="size-large wp-image-10620" height="453" src="https://blogs.gnome.org/tbernard/files/2025/08/32-1024x703.png" width="660" /><figcaption class="wp-caption-text" id="caption-attachment-10620">This also uncovered a padding bug in the users popover :)</figcaption></figure><p>Andreas also explained the p2anda stack in detail using a new diagram we made a few weeks back, which visualizes how the various components fit together in a real app.</p><figure class="wp-caption alignnone" id="attachment_10621" style="width: 500px;"><img alt="" class="size-full wp-image-10621" height="694" src="https://blogs.gnome.org/tbernard/files/2025/08/diagram.png" width="500" /><figcaption class="wp-caption-text" id="caption-attachment-10621">p2panda stack diagram</figcaption></figure><p>We also discussed some longer-term plans, particularly around having a system-level sync service. The motivation for this is twofold: We want to make it as easy as possible for app developers to add sync to their app. Itβs never going to be βfreeβ, but if we can at least abstract some of this in a useful way thatβs a big win for developer experience. More importantly though, from a security/privacy point of view we really donβt want every app to have unrestricted access to network, Bluetooth, etc. which would be required if every app does its own p2p sync.</p><p>One option being discussed is taking the networking part of p2panda (including iroh for p2p networking) and making it a portal API which apps can use to talk to other instances of themselves on other devices.</p><p>Another idea was a more high-level portal that works more like a file βshareβ system that can sync arbitary files by just attaching the sync context to files as xattrs and having a centralized service handle all the syncing. This would have the advantage of not requiring special UI in apps, just a portal and some integration in Files. Real-time collaboration would of course not be possible without actual app integration, but for many use cases thatβs not needed anyway, so perhaps we could have both a high- and low-level API to cover different scenarios?</p><p>There are still a <em>lot</em> of open questions here, but itβs cool to see how things get a little bit more concrete every time :)</p><p>If you&#8217;re interested in the details, check out the <a class="external" href="https://pad.gnome.org/localfirstbof2025">full notes from both BoF sessions</a>.</p><h3 id="design">Design</h3><p>Jakub and I gave the traditional design team talk &#8211; a bit underprepared and last-minute (thanks Jakub for doing most of the heavy lifting), but it was cool to see in retrospect how much we got done in the past year despite how much energy unfortunately went into unrelated things. The all-new slate of websites is especially cool after so many years of gnome.org et al looking very stale. You can <a class="external" href="https://teams.pages.gitlab.gnome.org/Design/guadec-talk-2025/talk.pdf">find the slides here</a>.</p><figure class="wp-caption alignnone" id="attachment_10612" style="width: 660px;"><img alt="" class="size-large wp-image-10612" height="447" src="https://blogs.gnome.org/tbernard/files/2025/08/1-1024x694.jpg" width="660" /><figcaption class="wp-caption-text" id="caption-attachment-10612">Jakub giving the design talk</figcaption></figure><p>Inspired by the <a href="https://blogs.gnome.org/tbernard/2025/06/01/summer-of-gnome-os"><em>Summer of GNOME OS</em></a> challenge many of us are doing, we worked on concepts for a <a class="external" href="https://gitlab.gnome.org/Teams/Design/other-app-mockups/-/blob/master/test-ride/testride.png">new app to make testing sysexts</a> of merge requests (and nightly Flatpaks) easier. The working title is βTest Rideβ (a more sustainable version of Appleβs βTest Flightβ :P) and we had fun <a class="external" href="https://mastodon.social/@jimmac/114932258937001384">drawing bicycles</a> for the icon.</p><figure class="wp-caption alignnone" id="attachment_10626" style="width: 660px;"><img alt="" class="size-large wp-image-10626" height="479" src="https://blogs.gnome.org/tbernard/files/2025/08/testride-1024x743.png" width="660" /><figcaption class="wp-caption-text" id="caption-attachment-10626">Test Ride app mockup</figcaption></figure><p>Jakub and I also worked on <a class="external" href="https://gitlab.gnome.org/Teams/Design/other-app-mockups/-/blob/master/podium/podium.png">new designs for Georgesβ presentation app</a> Spiel (which is being rebranded to βPodiumβ to avoid the name clash with <a class="external" href="https://github.com/project-spiel/libspiel">the a11y project</a>). The idea is to make the app more resilient and data more future-proof, by going with a file-based approach and simple syntax on top of Markdown for (limited) layout customization.</p><figure class="wp-caption alignnone" id="attachment_10613" style="width: 660px;"><img alt="" class="wp-image-10613 size-large" height="497" src="https://blogs.gnome.org/tbernard/files/2025/08/23-1024x771.jpg" width="660" /><figcaption class="wp-caption-text" id="caption-attachment-10613">Georges and Jakub discussing Podium designs</figcaption></figure><h3 id="miscellaneous">Miscellaneous</h3><ul><li>There was a lot of energy and excitement around GNOME OS. It feels like weβve turned a corner, finally leaving the βscience experimentβ stage and moving towards βdaily-drivable betaβ.</li><li>I was very happy that the community appreciation award went to Alice Mikhaylenko this year. The impact her libadwaita work has had on the growth of the app ecosystem over the past 5 years can not be overstated. Not only did she build dozens of useful and beautiful new adaptive widgets, she also has a great sense for designing APIs in a way that will get people to adopt them, which is no small thing. Kudos, very well deserved!</li><li>While some of the Foundation conflicts of the past year remain unresolved, I was happy to see that Stevenβs and the boardβs plans are going in the right direction.</li></ul><h3 id="brescia">Brescia</h3><p>The conference was really well-organized (thanks to Pietro and the local team!), and the venue and city of Brescia had a number of advantages that were not always present at previous GUADECs:</p><ul><li>The city center is small and walkable, and everyone was staying relatively close by</li><li>The university is 20 min by metro from the city center, so it didnβt feel like a huge ordeal to go back and forth</li><li>Multiple vegan lunch options within a few minutes walk from the university</li><li>Lots of tables (with electrical outlets!) for hacking at the venue</li><li>Lots of nice places for dinner/drinks outdoors in the city center</li><li>Many dope ice cream places</li></ul><figure class="wp-caption alignnone" id="attachment_10622" style="width: 660px;"><img alt="" class="size-large wp-image-10622" height="495" src="https://blogs.gnome.org/tbernard/files/2025/08/12-1024x768.jpg" width="660" /><figcaption class="wp-caption-text" id="caption-attachment-10622">Piazza della Loggia at sunset</figcaption></figure><p>A few (minor) points that could be improved next time:</p><ul><li>The timetable started veeery early every day, which contributed to a general lack of sleep. Realistically people are not going to sleep before 02:00, so starting the program at 09:00 is just too early. My experience from multi-day events in Berlin is that 12:00 is a good time to start if you want everyone to be awake :)</li><li>The BoFs could have been spread out a bit more over the two days, there were slots with three parallel ones and times with nothing on the program.</li><li>The venue closing at 19:00 is not ideal when people are in the zone hacking. Doesnβt have to be all night, but the option to hack until after dinner (e.g.Β 22:00) would be nice.</li><li>Since that the conference is a week long accommodation can get a bit expensive, which is not ideal since most people are paying for their own travel and accommodation nowadays. Itβd have been great if there was a more affordable option for accommodation, e.g. at student dorms, like at previous GUADECs.</li><li>A frequent topic was how it&#8217;s not ideal to have everyone be traveling and mostly unavailable for reviews a week before feature freeze. It&#8217;s also not ideal because any plans you make at GUADEC are not going to make it into the September release, but will have to wait for March. What if the conference was closer to the beginning of the cycle, e.g. in May or June?</li></ul><p>A few more random photos:</p><figure class="wp-caption alignnone" id="attachment_10615" style="width: 660px;"><img alt="" class="size-large wp-image-10615" height="497" src="https://blogs.gnome.org/tbernard/files/2025/08/2-1024x771.jpg" width="660" /><figcaption class="wp-caption-text" id="caption-attachment-10615">Matthias showing us fancy new dynamic icon stuff</figcaption></figure><figure class="wp-caption alignnone" id="attachment_10616" style="width: 660px;"><img alt="" class="wp-image-10616 size-large" height="495" src="https://blogs.gnome.org/tbernard/files/2025/08/5-1024x768.jpg" width="660" /><figcaption class="wp-caption-text" id="caption-attachment-10616">Dinner on the first night feat. yours truly, Robert, Jordan, Antonio, Maximiliano, Sam, Javier, Julian, Adrian, Markus, Adrien, and Andreas</figcaption></figure><figure class="wp-caption alignnone" id="attachment_10625" style="width: 660px;"><img alt="" class="size-large wp-image-10625" height="877" src="https://blogs.gnome.org/tbernard/files/2025/08/7-771x1024.jpg" width="660" /><figcaption class="wp-caption-text" id="caption-attachment-10625">Adrian and Javier having an ad-hoc Buildstream BoF at the pizzeria</figcaption></figure><figure class="wp-caption alignnone" id="attachment_10617" style="width: 660px;"><img alt="" class="wp-image-10617 size-large" height="497" src="https://blogs.gnome.org/tbernard/files/2025/08/15-1024x771.jpg" width="660" /><figcaption class="wp-caption-text" id="caption-attachment-10617">Robert and Maximiliano hacking on Snapshot</figcaption></figure></description><author>Tobias Bernard</author><dc:creator>Tobias Bernard</dc:creator><pubDate>Sun, 03 Aug 2025 10:27:14 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/tbernard/2025/08/03/guadec-2025/</guid></item><item><title>Daiki Ueno: Optimizing CI resource usage in upstream projects</title><link>https://blogs.gnome.org/dueno/optimizing-ci-resource-usage-in-upstream-projects/</link><description><p>At <a class="external" href="https://www.gnutls.org/">GnuTLS</a>, our journey into optimizing GitLab CI began when we faced a significant challenge: we lost our GitLab.com Open Source Program subscription. While we are still hoping that this limitation is <a class="external" href="https://gitlab.com/gitlab-org/gitlab/-/issues/543742">temporary</a>, this meant our available CI/CD resources became considerably lower. We took this opportunity to find smarter ways to manage our pipelines and reduce our footprint.</p><p>This blog post shares the strategies we employed to optimize our GitLab CI usage, focusing on reducing running time and network resources, which are crucial for any open-source project operating with constrained resources.</p><p><span id="more-719"></span></p><h3>CI on every PR: a best practice, but not cheap</h3><p>While running CI on every commit is considered a best practice for secure software development, our experience <a class="external" href="https://opensource.com/article/23/3/podman-gitlab-runners">setting up</a> a self-hosted GitLab runner on a modest Virtual Private Server (VPS) highlighted its cost implications, especially with limited resources. We provisioned a VPS with 2GB of memory and 3 CPU cores, intending to support our GnuTLS CI pipelines.</p><p>The reality, however, was a stark reminder of the resource demands. A single CI pipeline for GnuTLS took an excessively long time to complete, often stretching beyond acceptable durations. Furthermore, the extensive data transfer involved in fetching container images, dependencies, building artifacts, and pushing results quickly led us to reach the bandwidth limits imposed by our VPS provider, resulting in throttled connections and further delays.</p><p>This experience underscored the importance of balancing CI best practices with available infrastructure and budget, particularly for resource-intensive projects.</p><h3>Reducing CI running time</h3><p>Efficient CI pipeline execution is paramount, especially when resources are scarce. GitLab provides an excellent <a class="external" href="https://docs.gitlab.com/ci/pipelines/pipeline_efficiency/">article</a> on pipeline efficiency, though in practice, project specific optimization is needed. We focused on three key areas to achieve faster pipelines:</p><ul><li>Tiering tests</li><li>Layering container images</li><li>De-duplicating build artifacts</li></ul><h4>Tiering tests</h4><p>Not all tests need to run on every PR. For more exotic or costly tasks, such as extensive fuzzing, generating documentation, or large-scale integration tests, we adopted a tiering approach. These types of tests are resource-intensive and often provide value even when run less frequently. Instead of scheduling them for every PR, they are triggered manually or on a periodic basis (e.g., nightly or weekly builds). This ensures that critical daily development workflows remain fast and efficient, while still providing comprehensive testing coverage for the project without incurring excessive resource usage on every minor change.</p><h4>Layering container images</h4><p>The tiering of tests gives us an idea which CI images are more commonly used in the pipeline. For those common CI images, we transitioned to using a more minimal base container image, such as <code>fedora-minimal</code> or <code>debian:&lt;flavor&gt;-slim</code>. This reduced the initial download size and the overall footprint of our build environment.</p><p>For specialized tasks, such as generating documentation or running cross-compiled tests that require additional tools, we adopted a layering approach. Instead of building a monolithic image with all possible dependencies, we created dedicated, smaller images for these specific purposes and layered them on top of our minimal base image as needed within the CI pipeline. This modular approach ensures that only the necessary tools are present for each job, minimizing unnecessary overhead.</p><h4>De-duplicating build artifacts</h4><p>Historically, our CI pipelines involved many &#8220;configure &amp;&amp; make&#8221; steps for various options. One of the major culprits of long build times is repeatedly compiling source code, oftentimes resulting in almost identical results.</p><p>We realized that many of these compile-time options could be handled at runtime. By moving configurations that didn&#8217;t fundamentally alter the core compilation process to runtime, we simplified our build process and reduced the number of compilation steps required. This approach transforms a lengthy compile-time dependency into a quicker runtime check.</p><p>Of course, this approach cuts both ways: while it simplifies the compilation process, it could increase the code size and attack surface. For example, support for legacy protocol features such as SSL 3.0 or SHA-1 that may lower the entire security should still be able to be switched off at the compile time.</p><p>Another caveat is that some compilation options are inherently incompatible with each other. One example is that thread sanitizer cannot be enabled with address sanitizer at the same time. In such cases a separate build artifact is still needed.</p><h3>The impact: tangible results</h3><p>The efforts put into optimizing our GitLab CI configuration yielded significant benefits:</p><ul><li>The size of the container image used for our standard build jobs is now <strong>2.5GB</strong> smaller than before. This substantial reduction in image size translates to faster job startup times and reduced storage consumption on our runners.</li><li><strong>9 &#8220;configure &amp;&amp; make&#8221;</strong> steps were removed from our standard build jobs. This streamlined the build process and directly contributed to faster execution times.</li></ul><p>By implementing these strategies, we not only adapted to our reduced resources but also built a more efficient, cost-effective, and faster CI/CD pipeline for the GnuTLS project. These optimizations highlight that even small changes can lead to substantial improvements, especially in the context of open-source projects with limited resources.</p><p>For further information on this, please consult the actual <a class="external" href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1991">changes</a>.</p><h3>Next steps</h3><p>While the current optimizations have significantly improved our CI efficiency, we are continuously exploring further enhancements. Our future plans include:</p><ul><li><strong>Distributed GitLab runners with external cache:</strong> To further scale and improve resource utilization, we are considering running GitLab runners on multiple VPS instances. To coordinate these distributed runners and avoid redundant data transfers, we could set up an external cache, potentially using a solution like <a class="external" href="https://www.min.io/">MinIO</a>. This would allow shared access to build artifacts, reducing bandwidth consumption and build times.</li><li><strong>Addressing flaky tests:</strong> Flaky tests, which intermittently pass or fail without code changes, are a major bottleneck in any CI pipeline. They not only consume valuable CI resources by requiring entire jobs to be rerun but also erode developer confidence in the test suite. In TLS testing, it is common to write a test script that sets up a server and a client as a separate process, let the server bind a unique port to which the client connects, and instruct the client to initiate a certain event through a control channel. This kind of test could fail in many ways regardless of the test itself, e.g., the port might be already used by other tests. Therefore, rewriting tests without requiring a complex setup would be a good first step.</li></ul></description><author>Daiki Ueno</author><dc:creator>Daiki Ueno</dc:creator><pubDate>Sun, 03 Aug 2025 02:22:45 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/dueno/optimizing-ci-resource-usage-in-upstream-projects/</guid></item><item><title>Jonathan Blandford: GUADEC 2025: Thoughts and Reflections</title><link>https://blogs.gnome.org/jrb/2025/08/02/guadec-2025-thoughts-and-reflections/</link><description><p style="text-align: left;">Another year, another GUADEC. This was the 25th anniversary of the first GUADEC, and the 25th one I&#8217;ve gone to. Although there have been multiple bids for Italy during the past quarter century, this was the first successful one. It was definitely worth the wait, as it was one of the best GUADECs in recent memory.</p><figure class="wp-caption aligncenter" id="attachment_7612" style="width: 300px;"><a href="https://blogs.gnome.org/jrb/files/2025/08/PXL_20250726_2029029132-scaled.jpg"><img alt="A birthday cake with sparklers stands next to a sign saying GUADEC 2025" class="wp-image-7612 size-medium" height="218" src="https://blogs.gnome.org/jrb/files/2025/08/PXL_20250726_2029029132-300x218.jpg" width="300" /></a><figcaption class="wp-caption-text" id="caption-attachment-7612">GUADEC&#8217;s 25th anniversary cake</figcaption></figure><p>This was an extremely smooth conference β way smoother than previous years. The staff and volunteers really came through in a big way and did heroic work! I watched Deepesha, Asmit, Aryan, Maria, Zana, Kristi, Anisa, and especially Pietro all running around making this conference happen. I&#8217;m super grateful for their continued hard work in the project. GNOME couldn&#8217;t happen without their effort.</p><figure class="wp-caption aligncenter" id="attachment_7620" style="width: 300px;"><a href="https://blogs.gnome.org/jrb/files/2025/08/IMG-20250801-WA0006.jpg"><img alt="A brioche and espresso cup sit on a table" class="wp-image-7620 size-medium" height="177" src="https://blogs.gnome.org/jrb/files/2025/08/IMG-20250801-WA0006-300x177.jpg" width="300" /></a><figcaption class="wp-caption-text" id="caption-attachment-7620">La GNOME vita</figcaption></figure><h2>Favorite Talks</h2><p>I commented on some talks as they happened (<a class="external" href="https://mastodon.cloud/@blandford/114906925353105047">Day 1</a>, <a class="external" href="https://mastodon.cloud/@blandford/114912680108928267">Day 2</a>, <a class="external" href="https://mastodon.cloud/@blandford/114918662794657572">Day 3</a>). I could only attend one track at a time so missed a lot of them, but the talks I saw were fabulous. They were much higher quality than usual this year, and I&#8217;m really impressed at this community&#8217;s creativity and knowledge. As I said, it really was a strong conference.</p><p>I did an informal poll of assorted attendees I ran into on the streets of Brescia on the last night, asking what their favorite talks were. Here are the results:</p><figure class="wp-caption aligncenter" id="attachment_7613" style="width: 282px;"><a href="https://blogs.gnome.org/jrb/files/2025/08/whither-maintainers.jpg"><img alt="Emmanuele standing in front of a slide that says &quot;Whither Maintainers&quot;" class="wp-image-7613 size-medium" height="300" src="https://blogs.gnome.org/jrb/files/2025/08/whither-maintainers-282x300.jpg" width="282" /></a><figcaption class="wp-caption-text" id="caption-attachment-7613">Whither Maintainers</figcaption></figure><ul><li><a class="external" href="https://www.youtube.com/watch?v=18Ir6RXkIeA&amp;t=3378s"><strong>Emmanuele&#8217;s talk on &#8220;Getting Things Done In GNOME&#8221;:</strong></a> This talk clearly struck a chord amongst attendees. He proposed a path forward on the technical governance of the project. It also had a &#8220;Wither Maintainers&#8221; slide that lead to a lot of great conversations.</li><li><a class="external" href="https://www.youtube.com/watch?v=4BsL0VyCoWs&amp;t=1949s"><strong>George&#8217;s talk on streaming:</strong></a> This was very personal, very brave, and extremely inspiring. I left the talk wanting to try my hand at live streaming my coding sessions, and I&#8217;m not the only one.</li><li><a class="external" href="https://youtu.be/Z7F3fghCQB4?t=27367"><strong>The poop talk, by Niels:</strong></a> This was a very entertaining lightning talk with a really important message at the end.</li><li><a class="external" href="https://www.youtube.com/watch?v=-xEhHObnCug&amp;t=170s"><strong>Enhancing Screen Reader Functionality in Modern Gnome by Lukas:</strong></a> Unfortunately, I was at the other track when this one happened so I don&#8217;t know much about it. I&#8217;ll have to go back and watch it! That being said, it was so inspiring to see how many people at GUADEC were working on accessibility, and how much progress has been made across the board. I&#8217;m in awe of everyone that works in this space.</li></ul><h3>Honorable mentions</h3><ul><li><a class="external" href="https://www.youtube.com/watch?v=4BsL0VyCoWs&amp;t=0s"><strong>Emmanuele on Fixing GObject: </strong></a>This was an unexpected talk. He started by proposing something pretty outlandish, and by the end of the talk it seemed not only plausible, but likely.</li><li><a class="external" href="https://youtu.be/18Ir6RXkIeA?t=26797"><strong>Logan&#8217;s lightning talk about writing apps using GTK Inspector:</strong></a> Just plain fun.</li><li><strong>Martin&#8217;s BOF on <a class="external" href="https://github.com/tchx84/Gameeky">Gameeky</a>:</strong> Totally unhinged, totally out of control, totally entertaining. I have no idea what this game&#8217;s final form will be, but I&#8217;m enjoying watching it evolve.</li><li><a class="external" href="https://www.youtube.com/watch?v=4BsL0VyCoWs&amp;t=10292s"><strong>Florian on hacking the shell: </strong></a>This presented a nice setup to make it easier to develop against the shell. Given how important extensions are to our ecosystem, this could help a lot.</li></ul><p>In reality, there were many amazing talks beyond the ones I listed. I highly recommend you go back and see them. I know I&#8217;m planning on it!</p><h2>Crosswords at GUADEC</h2><figure class="wp-caption aligncenter" id="attachment_7615" style="width: 300px;"><a href="https://blogs.gnome.org/jrb/files/2025/08/crosswords-guadec-2025.jpg"><img alt="" class="size-medium wp-image-7615" height="300" src="https://blogs.gnome.org/jrb/files/2025/08/crosswords-guadec-2025-300x300.jpg" width="300" /></a><figcaption class="wp-caption-text" id="caption-attachment-7615">Refactoring gnome-crosswords</figcaption></figure><p>We didn&#8217;t have a Crosswords update talk this cycle. However we still had some appearances worth mentioning:</p><ul><li>Federico <a class="external" href="https://www.youtube.com/watch?v=18Ir6RXkIeA&amp;t=20285s&amp;pp=0gcJCTAAlc8ueATH">gave a talk about how to use unidirectional programming to add tests to your application</a>, and used Crosswords as his example. This probably the 5th time one of the two of us have talked about this topic. This was the best one to date, though we keep giving it because we don&#8217;t think we&#8217;ve gotten the explanation right. It&#8217;s a complex architectural change which has a lot of nuance, and is hard for us to explain succinctly. Nevertheless, we keep trying, as we see how this could lead to a big revolution in the quality of GNOME applications. Crosswords is pushing 80KLOC, and this architecture is the only thing allowing us to keep it at a reasonable quality.</li><li>People keep thinking this is &#8220;just&#8221; MVC, or a minor variation thereof, but it&#8217;s different enough that it requires a new mindset, a disciplined approach, and a good data model. As an added twist, Federico sent an <a class="external" href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/550">MR to GNOME Calendar</a> to add initial unidirectional support to that application. If crosswords are too obscure a subject for you, then maybe the calendar section of the talk will help you understand it.</li><li><a class="external" href="https://youtu.be/Z7F3fghCQB4?t=26213">I gave a lighting talk</a> about some of the awesome work that our GSoC (and prospective GSoC) students are doing.</li><li>I gave a BOF on Words. It was lightly attended, but led to a good conversation with the always-helpful Martin.</li><li>Finally, I sat down with Tobias to do a UX review of the crossword game, with an eye to getting it into GNOME Circle. This has been in the works for a long-time and I&#8217;m really grateful for the chance to do it in person. We identified many <a class="external" href="https://gitlab.gnome.org/jrb/crosswords/-/issues/?sort=created_date&amp;state=opened&amp;label_name%5B%5D=GNOME%20Circle%20Blocker">papercuts to fix</a> of course, but Tobias was also able to provide a suggestion to improve a long-standing problem with the interface. We sketched out a <a class="external" href="https://gitlab.gnome.org/jrb/crosswords/-/issues/304">potential redesign</a> that I&#8217;m really happy with. I hope the Circle team is able to continue to do reviews across the GNOME ecosystem as it provides so much value.</li></ul><h2>Personal</h2><p>A final comment: I&#8217;m reminded again of how much of a family the GNOME community is. For personal reasons, it was a very tough GUADEC for Zana and I. It was objectively a fabulous GUADEC and we really wanted to enjoy it, but couldn&#8217;t. We&#8217;re humbled at the support and love this community is capable of. Thank you.</p></description><author>Jonathan Blandford</author><dc:creator>Jonathan Blandford</dc:creator><pubDate>Sat, 02 Aug 2025 19:35:25 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/jrb/2025/08/02/guadec-2025-thoughts-and-reflections/</guid></item><item><title>Hubert FiguiΓ¨re: Dev Log July 2025</title><link>https://www.figuiere.net/hub/wlog/dev-log-july-2025/</link><description><h2 id="abiword">AbiWord</h2><p>Working on rebasing and finishing an &quot;old&quot; patch from Michael Gorsethat implement accessibility in AbiWord. While the patch is a fewyears old, it's perfectly rebasable.</p><p>Pushed a lot of code modernisation on master, as well as variousmemory leaks and crashes on stable.</p><p>Released 3.0.7 (tag, and flatpak build). 3.0.8 might come soon as I'mbackporting more crashers that are already fixed on master. Until Ihave a 3.1.90 version ready for testing.</p><h2 id="libopenraw">libopenraw</h2><p>Finally I have Fujifilm X-Trans demosaicking, which needs more work asit is still a crude port of the dcraw C code. A also apply the whitebalance. Added few new cameras and some benchmarks.</p><p>Finally I released 0.4.0-alpha.11.</p><p>Also I did update libopenraw-view which is my GUI for testinglibopenraw. It now renders asynchronously.</p><h2 id="supporting-cast">Supporting cast</h2><p>Some other various stuff.</p><h3 id="glycin">glycin</h3><p>The <a href="https://gitlab.gnome.org/GNOME/glycin/-/merge_requests/230">merge request to updatelibopenraw</a>was merged. Thanks to Sophie!</p><h3 id="gegl-rs">gegl-rs</h3><p>Updated gegl-rs to the new glib-rs.</p><h3 id="lrcat-extractor">lrcat-extractor</h3><p>Released a new version after updating rusqlite.</p><h2 id="niepce">Niepce</h2><p>Ported to the latest gtk4-rs, hence the update to gegl-rs. Some smallAPI changes in the object subclassing needed to be handled.</p></description><author>Hubert FiguiΓ¨re</author><dc:creator>Hubert FiguiΓ¨re</dc:creator><pubDate>Fri, 01 Aug 2025 00:00:00 GMT</pubDate><guid isPermaLink="true">https://www.figuiere.net/hub/wlog/dev-log-july-2025/</guid></item><item><title>Matthew Garrett: Secure boot certificate rollover is real but probably won't hurt you</title><link>https://mjg59.dreamwidth.org/72892.html</link><description>LWN wrote <a href="https://lwn.net/Articles/1029767/">an article</a> which opens with the assertion "Linux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a key from Microsoft that is set to expire in September". This is, depending on interpretation, either misleading or just plain wrong, but also there's not a good source of truth here, so.<br /><br />First, how does secure boot signing work? Every system that supports UEFI secure boot ships with a set of trusted certificates in a database called "db". Any binary signed with a chain of certificates that chains to a root in db is trusted, unless either the binary (via hash) or an intermediate certificate is added to "dbx", a separate database of things whose trust has been revoked[1]. But, in general, the firmware doesn't care about the intermediate or the number of intermediates or whatever - as long as there's a valid chain back to a certificate that's in db, it's going to be happy.<br /><br />That's the conceptual version. What about the real world one? Most x86 systems that implement UEFI secure boot have at least two root certificates in db - one called "Microsoft Windows Production PCA 2011", and one called "Microsoft Corporation UEFI CA 2011". The former is the root of a chain used to sign the Windows bootloader, and the latter is the root used to sign, well, everything else.<br /><br />What is "everything else"? For people in the Linux ecosystem, the most obvious thing is the Shim bootloader that's used to bridge between the Microsoft root of trust and a given Linux distribution's root of trust[2]. But that's not the only third party code executed in the UEFI environment. Graphics cards, network cards, RAID and iSCSI cards and so on all tend to have their own unique initialisation process, and need board-specific drivers. Even if you added support for everything on the market to your system firmware, a system built last year wouldn't know how to drive a graphics card released this year. Cards need to provide their own drivers, and these drivers are stored in flash on the card so they can be updated. But since UEFI doesn't have any sandboxing environment, those drivers could do pretty much anything they wanted to. Someone could compromise the UEFI secure boot chain by just plugging in a card with a malicious driver on it, and have that hotpatch the bootloader and introduce a backdoor into your kernel.<br /><br />This is avoided by enforcing secure boot for these drivers as well. Every plug-in card that carries its own driver has it signed by Microsoft, and up until now that's been a certificate chain going back to the same "Microsoft Corporation UEFI CA 2011" certificate used in signing Shim. This is important for reasons we'll get to.<br /><br />The "Microsoft Windows Production PCA 2011" certificate expires in October 2026, and the "Microsoft Corporation UEFI CA 2011" one in June 2026. These dates are not that far in the future! Most of you have probably at some point tried to visit a website and got an error message telling you that the site's certificate had expired and that it's no longer trusted, and so it's natural to assume that the outcome of time's arrow marching past those expiry dates would be that systems will stop booting. Thankfully, that's not what's going to happen.<br /><br />First up: if you grab a copy of the Shim currently shipped in Fedora and extract the certificates from it, you'll learn it's not directly signed with the "Microsoft Corporation UEFI CA 2011" certificate. Instead, it's signed with a "Microsoft Windows UEFI Driver Publisher" certificate that chains to the "Microsoft Corporation UEFI CA 2011" certificate. That's not unusual, intermediates are commonly used and rotated. But if we look more closely at that certificate, we learn that it was issued in 2023 and expired in 2024. Older versions of Shim were signed with older intermediates. A very large number of Linux systems are already booting certificates that have expired, and yet things keep working. Why?<br /><br />Let's talk about time. In the ways we care about in this discussion, time is a social construct rather than a meaningful reality. There's no way for a computer to observe the state of the universe and know what time it is - it needs to be told. It has no idea whether that time is accurate or an elaborate fiction, and so it can't with any degree of certainty declare that a certificate is valid from an external frame of reference. The failure modes of getting this wrong are also extremely bad! If a system has a GPU that relies on an option ROM, and if you stop trusting the option ROM because either its certificate has genuinely expired or because your clock is wrong, you can't display any graphical output[3] and the user can't fix the clock and, well, crap.<br /><br />The upshot is that nobody actually enforces these expiry dates - <a href="https://github.com/tianocore/edk2/blob/edk2-stable202505/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c#L893-L900">here's the reference code that disables it</a>. In a year's time we'll have gone past the expiration date for "Microsoft Windows UEFI Driver Publisher" and everything will still be working, and a few months later "Microsoft Windows Production PCA 2011" will also expire and systems will keep booting Windows despite being signed with a now-expired certificate. This isn't a Y2K scenario where everything keeps working because people have done a huge amount of work - it's a situation where everything keeps working even if nobody does any work.<br /><br />So, uh, what's the story here? Why is there any engineering effort going on at all? What's all this talk of new certificates? Why are there sensationalist pieces about how Linux is going to stop working on old computers or new computers or maybe all computers?<br /><br />Microsoft will shortly start signing things with a new certificate that chains to a new root, and most systems don't trust that new root. System vendors are supplying updates[4] to their systems to add the new root to the set of trusted keys, and Microsoft has supplied a fallback that can be applied to all systems even without vendor support[5]. If something is signed purely with the new certificate then it won't boot on something that only trusts the old certificate (which shouldn't be a realistic scenario due to the above), but if something is signed purely with the old certificate then it won't boot on something that only trusts the new certificate.<br /><br />How meaningful a risk is this? We don't have an explicit statement from Microsoft as yet as to what's going to happen here, but we expect that there'll be at least a period of time where Microsoft signs binaries with both the old and the new certificate, and in that case those objects should work just fine on both old and new computers. The problem arises if Microsoft stops signing things with the old certificate, at which point new releases will stop booting on systems that don't trust the new key (which, again, shouldn't happen). But even if that does turn out to be a problem, nothing is going to force Linux distributions to stop using existing Shims signed with the old certificate, and having a Shim signed with an old certificate does nothing to stop distributions signing new versions of grub and kernels. In an ideal world we have no reason to ever update Shim[6] and so we just keep on shipping one signed with two certs.<br /><br />If there's a point in the future where Microsoft <em>only</em> signs with the new key, and if we were to somehow end up in a world where systems only trust the old key and not the new key[7], then those systems wouldn't boot with new graphics cards, wouldn't be able to run new versions of Windows, wouldn't be able to run any Linux distros that ship with a Shim signed only with the new certificate. That would be bad, but we have a mechanism to avoid it. On the other hand, systems that only trust the new certificate and not the old one would refuse to boot older Linux, wouldn't support old graphics cards, and also wouldn't boot old versions of Windows. Nobody wants that, and for the foreseeable future we're going to see new systems continue trusting the old certificate and old systems have updates that add the new certificate, and everything will just continue working exactly as it does now.<br /><br />Conclusion: Outside some corner cases, the worst case is you might need to boot an old Linux to update your trusted keys to be able to install a new Linux, and no computer currently running Linux will break in any way whatsoever.<br /><br />[1] (there's also a separate revocation mechanism called SBAT which I wrote about <a href="https://mjg59.dreamwidth.org/70348.html">here</a>, but it's not relevant in this scenario)<br /><br />[2] Microsoft won't sign GPLed code for reasons I think are unreasonable, so having them sign grub was a non-starter, but also the point of Shim was to allow distributions to have something that doesn't change often and be able to sign their own bootloaders and kernels and so on without having to have Microsoft involved, which means grub and the kernel can be updated without having to ask Microsoft to sign anything and updates can be pushed without any additional delays<br /><br />[3] It's been a <em>long</em> time since graphics cards booted directly into a state that provided any well-defined programming interface. Even back in 90s, cards didn't present VGA-compatible registers until card-specific code had been executed (hence DEC Alphas having an x86 emulator in their firmware to run the driver on the card). No driver? No video output.<br /><br />[4] There's a UEFI-defined mechanism for updating the keys that doesn't require a full firmware update, and it'll work on all devices that use the same keys rather than being per-device<br /><br />[5] Using the generic update without a vendor-specific update means it wouldn't be possible to issue further updates for the next key rollover, or any additional revocation updates, but I'm hoping to be retired by then and I hope all these computers will also be retired by then<br /><br />[6] I said this in 2012 and it turned out to be wrong then so it's probably wrong now sorry, but at least SBAT means we can revoke vulnerable grubs without having to revoke Shim<br /><br />[7] Which shouldn't happen! There's an update to add the new key that should work on all PCs, but there's always the chance of firmware bugs<br /><br /><img alt="comment count unavailable" height="12" src="https://www.dreamwidth.org/tools/commentcount?user=mjg59&amp;ditemid=72892" style="vertical-align: middle;" width="30" /> comments</description><author>Matthew Garrett</author><dc:creator>Matthew Garrett</dc:creator><pubDate>Thu, 31 Jul 2025 16:12:59 GMT</pubDate><guid isPermaLink="true">https://mjg59.dreamwidth.org/72892.html</guid></item><item><title>Alley Chaggar: Challenges</title><link>https://alleych.github.io/gnome/challenges/</link><description><h1 id="debugging-and-my-challenges">Debugging and My Challenges</h1> <p>For the past two weeks, Iβve been debugging the <a href="https://gitlab.gnome.org/AlleyChaggar/vala/-/blob/098c51eb28c99d4d9fa4786d84109782fe8cf2c3/codegen/valajsonmodule.vala">json module</a>. I hooked up the JSON module into the codebase hierarchy by modifying <a href="https://gitlab.gnome.org/AlleyChaggar/vala/-/blob/main/codegen/valagsignalmodule.vala?ref_type=heads">valagsignalmodule.vala</a> to extend the JSON module, which, before extended the <a href="https://gitlab.gnome.org/GNOME/vala/-/blob/main/codegen/valagobjectmodule.vala?ref_type=heads">GObject module</a>. Running the test case called <a href="https://gitlab.gnome.org/AlleyChaggar/vala/-/blob/alley/json-glib-module/tests/annotations/json.vala?ref_type=heads">json.vala</a>, crashes the program.<br /></p> <p>In the beginning, I was having quite the difficulty trying to use <code class="language-vala highlighter-rouge"><span class="n">gdb</span></code> and <code class="language-vala highlighter-rouge"><span class="n">coredumpctl</span></code> to investigate the crash. I kept doing:</p> <div class="language-vala highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">./</span><span class="n">autogen</span><span class="p">.</span><span class="n">sh</span> <span class="p">--</span><span class="n">enable</span><span class="p">-</span><span class="n">debug</span><span class="n">make</span> </code></pre></div></div><p>/</p><div class="language-vala highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">./</span><span class="n">configure</span> <span class="p">--</span><span class="n">enable</span><span class="p">-</span><span class="n">debug</span><span class="n">make</span></code></pre></div></div><p>Then Iβd run commands like:</p> <div class="language-vala highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">coredumpctl</span> <span class="n">gdb</span><span class="n">coredumpctl</span> <span class="n">info</span></code></pre></div></div><p>It simply wasnβt working when I built it this way with the following coredumpctl commands. It wasnβt showing the debug symbols that I needed to be able to see the functions that were causing the program to crash. When I built Vala using GNOME Builderβs build button, it also didnβt work.<br /></p> <p>Lorenz, my mentor, helped me a lot on this issue. How we were able to fix this was first, I needed to build Vala by doing</p> <div class="language-vala highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">./</span><span class="n">configure</span> <span class="p">--</span><span class="n">enable</span><span class="p">-</span><span class="n">debug</span><span class="n">make</span></code></pre></div></div> <p>Then I needed to run the test in the βbuild terminalβ in GNOME Builder <code class="language-vala highlighter-rouge"><span class="n">compiler</span><span class="p">/</span><span class="n">valac</span> <span class="p">--</span><span class="n">pkg</span> <span class="n">json</span><span class="p">-</span><span class="n">glib</span><span class="p">-</span><span class="m">1.0</span> <span class="n">tests</span><span class="p">/</span><span class="n">annotations</span><span class="p">/</span><span class="n">json</span><span class="p">.</span><span class="n">vala</span></code><br /></p> <p>Then, in a regular terminal, I ran:</p> <div class="language-vala highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">gdb</span> <span class="n">compiler</span><span class="p">/.</span><span class="n">libs</span><span class="p">/</span><span class="n">lt</span><span class="p">-</span><span class="nf">valac</span><span class="p">(</span><span class="n">gdb</span><span class="p">)</span> <span class="n">run</span> <span class="p">--</span><span class="n">pkg</span> <span class="n">json</span><span class="p">-</span><span class="n">glib</span><span class="p">-</span><span class="m">1.0</span> <span class="n">tests</span><span class="p">/</span><span class="n">annotations</span><span class="p">/</span><span class="n">json</span><span class="p">.</span><span class="nf">vala</span><span class="p">(</span><span class="n">gdb</span><span class="p">)</span> <span class="n">bt</span></code></pre></div></div><p>Once I ran these commands, I was finally able to see the functions causing the crash to happen.</p> <div class="language-vala highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="m">123456</span><span class="cp">#6 0x00007ffff7a1ef37 in vala_ccode_constant_construct_string (object_type=Python Exception &lt;class 'gdb.error'&gt;: value has been optimized out</span><span class="p">,</span> <span class="n">_name</span><span class="p">=</span><span class="m">0x5555563ef1c0</span> <span class="s">"anything"</span><span class="p">)</span> <span class="n">at</span> <span class="p">/</span><span class="n">home</span><span class="p">/</span><span class="n">alley</span><span class="p">/</span><span class="n">Desktop</span><span class="p">/</span><span class="n">vala</span><span class="p">/</span><span class="n">ccode</span><span class="p">/</span><span class="n">valaccodeconstant</span><span class="p">.</span><span class="n">vala</span><span class="p">:</span><span class="m">41</span><span class="cp">#7 0x00007ffff7a1f9f7 in vala_ccode_constant_new_string (_name=0x5555563ef1c0 "anything") at /home/alley/Desktop/vala/ccode/valaccodeconstant.vala:40</span><span class="cp">#8 0x00007ffff7a10918 in vala_json_module_json_builder (self=0x55555558c810) at /home/alley/Desktop/vala/codegen/valajsonmodule.vala:292</span><span class="cp">#9 0x00007ffff7a0f07d in vala_json_module_generate_class_to_json (self=0x55555558c810, cl=0x555557199120) at /home/alley/Desktop/vala/codegen/valajsonmodule.vala:191</span><span class="cp">#10 0x00007ffff7a127f4 in vala_json_module_real_generate_class_init (base=0x55555558c810, cl=0x555557199120) at /home/alley/Desktop/vala/codegen/valajsonmodule.vala:410</span></code></pre></div></div> <p>This snippet of the backtrace shows that the function vala_json_module_json_builder () on line 292 was the actual crash culprit.<br /></p> <p>After I fixed the debug symbols, my git push decided not to work properly for a few days. So I was manually editing my changes on GitLab. My theory for git push not working is that Kwalletmanager had a problem, and so the credentials stopped working, which hanged the git push. Either way, I fixed it by switching my repo to SSH. Iβll investigate why the HTTP side of git stopped working, and Iβll fix it.</p> <h1 id="guadec">GUADEC</h1> <p>This was my first-ever GUADEC event that Iβve ever watched. I watched it online, and I particularly found the lightning talks to be my favourite parts. They were all short, sweet, and to the point. It was also kind of comedic how fast people talked to fit everything they wanted to say in a short time span.<br /></p> <p>Some talks I particularly found interesting are:<br /></p> <ol> <li> <p>The open source game called <a href="https://github.com/endlessm/threadbare">Threadbare</a> by Endless Access. As someone who is a game programming graduate, it instantly caught my eye and had my attention. Iβll definitely be checking it out and trying to contribute to it.</p> </li> <li> <p>Carlos Garnachoβs talk about GNOME on our TVs. The idea of GNOME expanding onto smart TVs opens up a whole new area of usability and user experience. It got me thinking about the specs of a regular TV set and how GNOME can adapt to and enhance that experience. The possibilities are exciting, and Iβm curious to see how far this concept goes.<br /></p> </li></ol> <p>Overall, GUADEC made me feel more connected to the GNOME community even though I joined remotely. Iβd love to have GAUDEC hosted in Toronto :)</p></description><author>Alley Chaggar</author><dc:creator>Alley Chaggar</dc:creator><pubDate>Thu, 31 Jul 2025 07:30:00 GMT</pubDate><guid isPermaLink="true">https://alleych.github.io/gnome/challenges/</guid></item><item><title>Christian Schaller: Artificial Intelligence and the Linux Community</title><link>https://blogs.gnome.org/uraeus/2025/07/29/artificial-intelligence-and-the-linux-community/</link><description><p>I have wanted to write this blog post for quite some time, but been unsure about the exact angle of it. I think I found that angle now where I will root the post in a very tangible concrete example. </p><p>So the reason I wanted to write this was because I do feel there is a palpable skepticism and negativity towards AI in the Linux community, and I understand that there are societal implications that worry us all, like how deep fakes have the potential to upend a lot of things from news disbursement to court proceedings. Or how malign forces can use AI to drive narratives in social media etc., is if social media wasn&#8217;t toxic enough as it is. But for open source developers like us in the Linux community there is also I think deep concerns about tooling that deeply incurs into something that close to the heart of our community, writing code and being skilled at writing code. I hear and share all those concerns, but at the same time having spent time the last weeks using <a class="external" href="https://claude.ai">Claude.ai</a> I do feel it is not something we can afford not to engage with. So I know people have probably used a lot of different AI tools in the last year, some being more cute than useful others being somewhat useful and others being interesting improvements to your Google search for instance. I think I shared a lot of those impressions, but using Claude this last week has opened my eyes to what AI enginers are going to be capable of going forward.</p><p>So my initial test was writing a python application for internal use at Red Hat, basically connecting to a variety of sources and pulling data and putting together reports, typical management fare. How simple it was impressed me though, I think most of us having to deal with pulling data from a new source know how painful it can be, with issues ranging from missing, outdated or hard to parse API documentation. I think a lot of us also then spend a lot of time experimenting to figure out the right API calls to make in order to pull the data we need. Well Claude was able to give me python scripts that pulled that data right away, I still had to spend some time with it to fine tune the data being pulled and ensuring we pulled the right data, but I did it in a fraction of the time I would have spent figuring that stuff out on my own. The one data source Claude struggled with Fedora&#8217;s Bohdi, well once I pointed it to the URL with the latest documentation for that it figured out that it would be better to use the bohdi client library to pull data and once it had that figured out it was clear sailing.</p><p>So coming of pretty impressed by that experience I wanted to understand if Claude would be able to put together something programmatically more complex, like a GTK+ application using Vulkan. [Note: should have checked the code better, but thanks to the people who pointed this out. I told the AI to use Vulkan, which it did, but not in the way I expected, I expected it to render the globe using Vulkan, but it instead decided to ensure GTK used its Vulkan backend, an important lesson in both prompt engineering and checking the code afterwards).]So I thought what would be a good example of such an application and I also figured it would be fun if I found something really old and asked Claude to help me bring it into the current age. So I suddenly remembered xtraceroute, which is an old application orginally written in GTK1 and OpenGL showing your traceroute on a 3d Globe.<div class="wp-caption alignright" id="attachment_11216" style="width: 221px;"><img alt="Screenshot of original xtraceroute" class="size-medium wp-image-11216" height="300" src="https://blogs.gnome.org/uraeus/files/2025/07/originalxtraceroute-211x300.jpg" width="211" /><p class="wp-caption-text" id="caption-attachment-11216">Screenshot of the original Xtraceroute application</p></div></p><p>I went looking for it and found that while it had been updated to GTK2 since last I looked at it, it had not been touched in 20 years. So I thought, this is a great testcase. So I grabbed the code and fed it into Claude, asking Claude to give me a modern GTK4 version of this application using Vulkan. Ok so how did it go? Well it ended up being an iterative effort, with a lot of back and forth between myself and Claude. One nice feature Claude has is that you can upload screenshots of your application and Claude will use it to help you debug. Thanks to that I got a long list of screenshots showing how this application evolved over the course of the day I spent on it.</p><div class="wp-caption alignnone" id="attachment_11226" style="width: 610px;"><img alt="First output of Claude" class="size-medium wp-image-11226" height="228" src="https://blogs.gnome.org/uraeus/files/2025/07/xtraceroutefirstattempt-300x228.png" width="300" /><p class="wp-caption-text" id="caption-attachment-11226">This screenshot shows Claudes first attempt of transforming the 20 year old xtraceroute application into a modern one using GTK4, Vulkan and also adding a Meson build system. My prompt to create this was feeding in the old code and asking Claude to come up with a GTK4 and Vulkan equivalent. As you can see the GTK4 UI is very simple, but ok as it is. The rendered globe leaves something to be desired though. I assume the old code had some 2d fall backcode, so Claude latched onto that and focused on trying to use the Cairo API to recreate this application, despite me telling it I wanted a Vulkan application. What what we ended up with was a 2d circle that I could spin around like a wheel of fortuen. The code did have some Vulkan stuff, but defaulted to the Cairo code.</p></div><div class="wp-caption alignnone" id="attachment_11227" style="width: 610px;"><img alt="Second attempt image" class="size-medium wp-image-11227" height="218" src="https://blogs.gnome.org/uraeus/files/2025/07/xtraceroutesecondattempt-300x218.png" width="300" /><p class="wp-caption-text" id="caption-attachment-11227">Second attempt at updating this application Anyway, I feed the screenshot of my first version back into Claude and said that the image was not a globe, it was missing the texture and the interaction model was more like a wheel of fortune. As you can see the second attempt did not fare any better, in fact we went from circle to square. This was also the point where I realized that I hadn&#8217;t uploaded the textures into Claude, so I had to tell it to load the earth.png from the local file repository.</p></div><div class="wp-caption alignnone" id="attachment_11228" style="width: 610px;"><img alt="Third attempt by Claude" class="size-medium wp-image-11228" height="228" src="https://blogs.gnome.org/uraeus/files/2025/07/xtraceroutethirdaattempt-300x228.png" width="300" /><p class="wp-caption-text" id="caption-attachment-11228">Third attempt from Claude.Ok, so I feed my second screenshot back into Claude and pointed out that it was no globe, in fact it wasn&#8217;t even a circle and the texture was still missing. With me pointing out it needed to load the earth.png file from disk it came back with the texture loading. Well, I really wanted it to be a globe, so I said thank you for loading the texture, now do it on a globe.</p></div><div class="wp-caption alignnone" id="attachment_11219" style="width: 610px;"><img alt="" class="size-medium wp-image-11219" height="228" src="https://blogs.gnome.org/uraeus/files/2025/07/xtraceroute4th-300x228.png" width="300" /><p class="wp-caption-text" id="caption-attachment-11219">This is the output of the 4th attempt. As you can see, it did bring back a circle, but the texture was gone again. At this point I also decided I didn&#8217;t want Claude to waste anymore time on the Cairo code, this was meant to be a proper 3d application. So I told Claude to drop all the Cairo code and instead focus on making a Vulkan application.</p></div><div class="wp-caption alignnone" id="attachment_11220" style="width: 610px;"><img alt="Fifth attempt" class="size-medium wp-image-11220" height="228" src="https://blogs.gnome.org/uraeus/files/2025/07/xtraceroute5th-300x228.png" width="300" /><p class="wp-caption-text" id="caption-attachment-11220">So now we finally had something that started looking like something, although it was still a circle, not a globe and it got that weird division of 4 thing on the globe. Anyway, I could see it using Vulkan now and it was loading the texture. So I was feeling like we where making some decent forward movement. So I wrote a longer prompt describing the globe I wanted and how I wanted to interact with it and this time Claude did come back with Vulkan code that rendered this as a globe, thus I didn&#8217;t end up screenshoting it unfortunately.</td><p></p></div><div class="wp-caption alignnone" id="attachment_11221" style="width: 610px;"><img alt="" class="size-medium wp-image-11221" height="228" src="https://blogs.gnome.org/uraeus/files/2025/07/xtraceroute6th-300x228.png" width="300" /><p class="wp-caption-text" id="caption-attachment-11221">So with the working globe now in place, I wanted to bring in the day/night cycle from the original application. So I asked Claude to load the night texture and use it as an overlay to get that day/night effect. I also asked it to calculate the position of the sun to earth at the current time, so that it could overlay the texture in the right location. As you can see Claude did a decent job of it, although the colors was broken.</p></div><div class="wp-caption alignnone" id="attachment_11222" style="width: 610px;"><img alt="7th attempt" class="size-medium wp-image-11222" height="228" src="https://blogs.gnome.org/uraeus/files/2025/07/xtraceroute7th-300x228.png" width="300" /><p class="wp-caption-text" id="caption-attachment-11222">So I kept fighting with the color for a bit, Claude could see it was rendering it brown, but could not initally figure out why. I could tell the code was doing things mostly right so I also asked it to look at some other things, like I realized that when I tried to spin the globe it just twisted the texture. We got that fixed and also I got Claude to create some tests scripts that helped us figure out that the color issue was a RGB vs BRG issue, so as soon as we understood that then Claude was able to fix the code to render colors correctly. I also had a few iterations trying to get the scaling and mouse interaction behaving correctly.<br /></p></div><div class="wp-caption alignnone" id="attachment_11217" style="width: 610px;"><img alt="10th attempt" class="size-medium wp-image-11217" height="228" src="https://blogs.gnome.org/uraeus/files/2025/07/xtraceroiute10th-300x228.png" width="300" /><p class="wp-caption-text" id="caption-attachment-11217">So at this point I had probably worked on this for 4-5 hours, the globe was rendering nicely and I could interact with it using the mouse. Next step was adding the traceroute lines back. By default Claude had just put in code to render some small dots on the hop points, not draw the lines. Also the old method for getting the geocoordinates, but I asked Claude to help me find some current services which it did and once I picked one it on first try gave me code that was able to request the geolocation of the ip addresses it got back. To polish it up I also asked Claude to make sure we drew the lines following the globes curvature instead of just drawing straight lines.</p></div><div class="wp-caption alignnone" id="attachment_11225" style="width: 610px;"><img alt="Final version" class="size-medium wp-image-11225" height="228" src="https://blogs.gnome.org/uraeus/files/2025/07/xtraceroute11th-300x228.png" width="300" /><p class="wp-caption-text" id="caption-attachment-11225">Final version of the updated Xtraceroute application. It mostly works now, but I did realize why I always thought this was a fun idea, but less interesting in practice, you often don&#8217;t get very good traceroutes back, probably due to websites being cached or hosted globally. But I felt that I had proven that with a days work Claude was able to help me bring this old GTK application into the modern world.<br /></p></div><h2>Conclusions</h2><p>So I am not going to argue that Xtraceroute is an important application that deserved to be saved, in fact while I feel the current version works and proves my point I also lost motivation to try to polish it up due to the limitations of tracerouting, but t<a class="external" href="https://gitlab.com/cschalle/xtraceroute-ai-revamped">he code is available for anyone who finds it worthwhile</a>. </p><p>But this wasn&#8217;t really about Xtraceroute, what I wanted to show here is how someone lacking C and Vulkan development skills can actually use a tool like Claude to put together a working application even one using more advanced stuff like Vulkan, which I know many more than me would feel daunting. I also found Claude really good at producing documentation and architecture documents for your application. It was also able to give me a working Meson build system and create all the desktop integration files for me, like the .desktop file, the metainfo file and so on. For the icons I ended up using Gemini as Claude do not do image generation at this point, although it was able to take a png file and create a SVG version of it (although not a perfect likeness to the original png).</p><p>Another thing I want to say is that the way I think about this, it is not that it makes coding skills less valuable, AIs can do amazing things, but you need to keep a close eye on them to ensure the code they create actually do what you want and that it does it in a sensible manner. For instance in my reporting application I wanted to embed a pdf file and Claude initial thought was to bring in webkit to do the rendering. That would have worked, but would have added a very big and complex dependency to my application, so I had to tell it that it could just use libpoppler to do it, something Claude agreed was a much better solution. The bigger the codebase the harder it also becomes for the AI to deal with it, but I think it hose circumstances what you can do is use the AI to give you sample code for the functionality you want in the programming language you want and then you can just work on incorporating that into your big application.</p><p>The other part here if course in terms of open source is how should contributors and projects deal with this? I know there are projects where AI generated CVEs or patches are drowning them and that helps nobody. But I think if we see AI as a developers tool and that the developer using the tool is responsible for the code generated, then I think that mindset can help us navigate this. So if you used an AI tool to create a patch for your favourite project, it is your responsibility to verify that patch before sending it in, and with that I don&#8217;t mean just verifying the functionality it provides, but that the code is clean and readable and following the coding standards of said upstream project. Maintainers on the other hand can use AI to help them review and evaluate patches quicker and thus this can be helpful on both sides of the equation. I also found Claude and other AI tools like Gemini pretty good at generating test cases for the code they make, so this is another area where open source patch contributions can improve, by improving test coverage for the code.</p><p>I do also believe there are many areas where projects can greatly benefit from AI, for instance in the GNOME project a constant challenge for extension developers have been keeping their extensions up-to-date, well I do believe a tool like Claude or Gemini should be able to update GNOME Shell extensions quite easily. So maybe having a service which tries to provide a patch each time there is a GNOME Shell update might be a great help there. At the same time having a AI take a look at updated extensions and giving an first review of the update might help reduce the load on people doing code reviews on extensions and help flag problematic extensions.</p><p>I know for a lot of cases and situations uploading your code to a webservice like Claude, Gemini or Copilot is not something you want or can do. I know privacy is a big concern for many people in the community. My team at Red Hat has been working on a code assistant tool using the <a class="external" href="https://www.ibm.com/granite?utm_content=SRCWW&amp;p1=Search&amp;p4=43700080962491259&amp;p5=e&amp;p9=58700008798105472&amp;gclsrc=aw.ds&amp;gad_source=1&amp;gad_campaignid=21836574700&amp;gclid=Cj0KCQjw4qHEBhCDARIsALYKFNMp43_IuT_sFQdnUMMuMFPaMM79ZMr6qI5ooNqic_R9eh8zIaZmYMAaAtbSEALw_wcB">IBM Granite model</a>, called <a class="external" href="https://granitecode.ai/">Granite.code</a>. What makes Granite different is that it relies on having the model run locally on your own system, so you don&#8217;t send your code or data of somewhere else. This of course have great advantages in terms of improving privacy and security, but it has challenges too. The top end AI models out there at the moment, of which Claude is probably the best at the time of writing this blog post, are running on hardware with vast resources in terms of computing power and memory available. Most of us do not have those kind of capabilities available at home, so the model size and performance will be significantly lower. So at the moment if you are looking for a great open source tool to use with VS Code to do things like code completion I recommend giving Granite.code a look. If you on the other hand want to do something like I have described here you need to use something like Claude, Gemini or ChatGPT. I do recommend Claude, not just because I believe them to be the best at it at the moment, but they also are a company trying to hold themselves to high ethical standards. Over time we hope to work with IBM and others in the community to improve local models, and I am also sure local hardware will keep improving, so over time the experience you can get with a local model on your laptop at least has less of a gap than what it does today compared to the big cloud hosted models. There is also the middle of the road option that will become increasingly viable, where you have a powerful server in your home or at your workplace that can at least host a midsize model, and then you connect to that on your LAN. I know IBM is looking at that model for the next iteration of Granite models where you can choose from a wide variety of sizes, some small enough to be run on a laptop, others of a size where a strong workstation or small server can run them or of course the biggest models for people able to invest in top of the line hardware to run their AI.</p><p>Also the AI space is moving blazingly fast, if you are reading this 6 Months from now I am sure the capabilities of online and local models will have changed drastically already.</p><p>So to all my friends in the Linux community I ask you to take a look at AI and what it can do and then lets work together on improving it, not just in terms of capabilities, but trying to figure out things like societal challenges around it and sustainability concerns I also know a lot of us got.</p><p><h2>Whats next for this code</h2><p>As I mentioned I while I felt I got it to a point where I proved to myself it worked, I am not planning on working anymore on it. But I did make a cute little application for internal use that shows a spinning globe with all global Red Hat offices showing up as little red lights and where it pulls Red Hat news at the bottom. Not super useful either, but I was able to use Claude to refactor the globe rendering code from xtraceroute into this in just a few hours.</p><div class="wp-caption alignright" id="attachment_11251" style="width: 610px;"><img alt="Red Hat Globe" class="size-medium wp-image-11251" height="562" src="https://blogs.gnome.org/uraeus/files/2025/07/Screenshot-From-2025-07-29-11-38-51-300x281.png" width="600" /><p class="wp-caption-text" id="caption-attachment-11251">Red Hat Offices Globe and news.</p></div></description><author>Christian Schaller</author><dc:creator>Christian Schaller</dc:creator><pubDate>Tue, 29 Jul 2025 16:24:22 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/uraeus/2025/07/29/artificial-intelligence-and-the-linux-community/</guid></item><item><title>Bastien Nocera: Digitising CDs (aka using your phone as an image scanner)</title><link>https://www.hadess.net/2025/07/digitising-cds-aka-using-your-phone-as.html</link><description><p style="text-align: justify;">I recently found, under the rain, next to a book swap box, a pile of 90's βsoftware magazinesβ which I spent my evening cleaning, drying, and sorting in the days afterwards.</p><p style="text-align: justify;"><b>Magazine cover CDs with nary a magazine</b>&nbsp;</p><p style="text-align: justify;">Those magazines are a peculiar thing in France, using the mechanism of β<a href="https://fr.wikipedia.org/wiki/Commission_paritaire_des_publications_et_des_agences_de_presse">Commission paritaire des publications et des agences de presse</a>β or βCommission paritaireβ for short. This structure exists to assess whether a magazine can benefit from state subsidies for the written press (whether on paper at the time, and also the internet nowadays), which include <a href="https://www.cppap.fr/publications/">a reduced VAT charge (2.1% instead of 20%), reduced postal rates, and tax exemptions</a>.</p><p style="text-align: justify;">In the 90s, this was used by Diamond Editions[1] (a publisher related to <a href="https://www.pearl.fr/">tech shop Pearl</a>, which French and German computer enthusiasts probably know) to publish magazines with just enough original text to qualify for those subsidies, bundled with the really interesting part, a piece of software on CD.</p><p style="text-align: justify;">If you were to visit a French newsagent nowadays, you would be able to find other examples of this: magazines bundled with music CDs, DVDs or Blu-rays, or even toys or collectibles. Some publishers (including the infamous and now shuttered&nbsp;<a href="https://fr.wikipedia.org/wiki/%C3%89ditions_Atlas">Γditions Atlas</a>) will even get you a cheap kickstart to a new collection, with the first few issues (and collectibles) available at very interesting prices of a couple of euros, before making that βmagazineβ subscription-only, with each issue being increasingly more expensive (<a href="https://www.quechoisir.org/actualite-collections-atlas-manque-de-transparence-n10529/">article from a consumer protection association</a>).</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHOW1KuPxZb5ceg-ujUuFHzvYJucKnjC6IXlhHLEM0R9bf6BMBfQq5sVTtWOaPaCAtkM5btpkOTh2FsIw5lVOngi0eY9S3ZaSSqJScKk9OGgnJg8dKw_VHd14CxgeI3h79okL-pMP2rJLzBFcnDLV6GGCWMErYzsKeq0iyH5ZjF5bY4HAMjQu0-RPVXnptysPHgMNfmg/s1024/KpOVBdFpM3zeY9XMM2zr7AhbJq4.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="149" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHOW1KuPxZb5ceg-ujUuFHzvYJucKnjC6IXlhHLEM0R9bf6BMBfQq5sVTtWOaPaCAtkM5btpkOTh2FsIw5lVOngi0eY9S3ZaSSqJScKk9OGgnJg8dKw_VHd14CxgeI3h79okL-pMP2rJLzBFcnDLV6GGCWMErYzsKeq0iyH5ZjF5bY4HAMjQu0-RPVXnptysPHgMNfmg/w200-h149/KpOVBdFpM3zeY9XMM2zr7AhbJq4.jpg" width="200" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbjvuIIXrGwv8Ix-_gxunaNf5tBTRcYMdGKfBLvDX-3qDkLrKFXTTNVjT_el2moPE-2D4Rp_pFP5kIFjgNtYiIBaadBN_7I_kOVtPlhiukFG2NqyKZGaaAqY6BzJprOqfyL7mzKuDd1dmPAQuuevbgLl_Vng1w7zX_OpLIS7UsDd4kq80NAXYdJfeL1vFUfuQKD0Sh1Q/s1200/HZA-XhjstxCdEjvEfmdkJ8lTSj0.jpg" style="margin-left: 1em; margin-right: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyUyEF12RKPy_AEXmxabARtDmsPuI0ekOzdbmb1QjhfLeQVsZ5hMALIzDWhdWimXQ9rcRDnkSigWY9N_yRdQ30oeO-ObrDEr5OP3_6OvwejMC1m8_MQ1no0JOAaMqhjYALI-C1awBg671OLbRdqI8FTEStdjw4li0qqmjhxJxsBdPUmXQRbsEr8PJp5ITw6GQBmdnmyA/s1200/P8pBxNYOR4B2C4zS9R0t3bKgN6E.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyUyEF12RKPy_AEXmxabARtDmsPuI0ekOzdbmb1QjhfLeQVsZ5hMALIzDWhdWimXQ9rcRDnkSigWY9N_yRdQ30oeO-ObrDEr5OP3_6OvwejMC1m8_MQ1no0JOAaMqhjYALI-C1awBg671OLbRdqI8FTEStdjw4li0qqmjhxJxsBdPUmXQRbsEr8PJp5ITw6GQBmdnmyA/w150-h200/P8pBxNYOR4B2C4zS9R0t3bKgN6E.jpg" width="150" /></a><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbjvuIIXrGwv8Ix-_gxunaNf5tBTRcYMdGKfBLvDX-3qDkLrKFXTTNVjT_el2moPE-2D4Rp_pFP5kIFjgNtYiIBaadBN_7I_kOVtPlhiukFG2NqyKZGaaAqY6BzJprOqfyL7mzKuDd1dmPAQuuevbgLl_Vng1w7zX_OpLIS7UsDd4kq80NAXYdJfeL1vFUfuQKD0Sh1Q/w150-h200/HZA-XhjstxCdEjvEfmdkJ8lTSj0.jpg" width="150" /></div><br /><p></p><p style="text-align: justify;">Other publishers have followed suite.</p><p style="text-align: center;"></p><div class="separator" style="clear: both; text-align: center;"><img border="0" height="203" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguVTmzd3RHemAsd1SaidJgUeJU2Df7s6FB_xFmN2J-8lBgoC2DWyK65CmvL6bgshOiEZjy06Kt1jneGkP6q9sC5MLvioQpB8fZBvBdCl830cUIGOaucor1VLEMO4TuGxdLJtXAUvGNrJar3r8_0OLfY87-twBn4OmSpKgigxpXDIGTqVd0oJ65sbpR-yFqzlylDXImEg/s320/image_0648575_20250723_ob_884720_fast-and-furious-toyota-suora-lancem.jpg" width="320" /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdCz1wJ9PXuzawq3UTDa22H4ChTJe62jvwQFNUCB9kSQXWKxBALrKQ1pEja7SNa1n7j_2ThqNaBtmZtfjnFkFYI2iR_wfwVCgiz-lhvkhp0o9O_apaFd2zK7QGQD9AMtRjsz_5SERKA_G8m841igIrS52ADVXKQI4AX1Ycsx1fTLLRIs3jD4bYS02FIyRe4RnHhMYWrA/s1600/image_0648575_20250723_ob_a45d7b_fast-and-furious-toyota-suora-lancem.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdCz1wJ9PXuzawq3UTDa22H4ChTJe62jvwQFNUCB9kSQXWKxBALrKQ1pEja7SNa1n7j_2ThqNaBtmZtfjnFkFYI2iR_wfwVCgiz-lhvkhp0o9O_apaFd2zK7QGQD9AMtRjsz_5SERKA_G8m841igIrS52ADVXKQI4AX1Ycsx1fTLLRIs3jD4bYS02FIyRe4RnHhMYWrA/s320/image_0648575_20250723_ob_a45d7b_fast-and-furious-toyota-suora-lancem.jpg" width="320" /></a></div><p></p><p style="text-align: justify;">I guess you can only imagine how much your scale model would end up costing with that business model (50 eurocent for the first part, 4.99β¬ for the second), although I would expect them to have given up the idea of being categorised as βwritten pressβ.</p><p style="text-align: justify;">To go back to Diamond Editions, this meant the eventual birth of 3 magazines:&nbsp;<a href="https://www.abandonware-magazines.org/affiche_mag.php?mag=178">Presqu'Offert</a>, <a href="https://www.abandonware-magazines.org/affiche_mag.php?mag=209">BestSellerGames</a> and <a href="https://www.abandonware-magazines.org/affiche_mag.php?mag=173">StratΓ©J</a>. I remember me or my dad buying a few of those, an older but legit and complete version of ClarisWorks, CorelDraw or a talkie version of a LucasArt point'n'click was certainly a more interesting proposition than a cut-down warez version full of viruses when budget was tight.</p><p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd1-cILqODqgG6a-xaVyw2IPgO8FcZg1-6VCLM52lTFg63BTlfVpUF88DJxxGJdd5m98bbkvWsm79oHh7R1hfMUogvq2wXbVXieyixOK2Ii5Dq4abvIq1FkOo3jBNtGtbt4rdEWf7ZRwYr2K8bvIeAMoQ0_4q2TJT5m4RXCAhEtVFjlKz8QjhYUvqVs2dq8YIsE-nH8g/s1547/IMG_4131.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="194" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd1-cILqODqgG6a-xaVyw2IPgO8FcZg1-6VCLM52lTFg63BTlfVpUF88DJxxGJdd5m98bbkvWsm79oHh7R1hfMUogvq2wXbVXieyixOK2Ii5Dq4abvIq1FkOo3jBNtGtbt4rdEWf7ZRwYr2K8bvIeAMoQ0_4q2TJT5m4RXCAhEtVFjlKz8QjhYUvqVs2dq8YIsE-nH8g/w400-h194/IMG_4131.JPG" width="400" /></a></div><p></p><p style="text-align: center;"><i>3 of the magazines I managed to rescue from the rain</i></p><p style="text-align: justify;">You might also be interested in the <a href="https://www.youtube.com/watch?v=MCpfjwcOVjs">UK βcovertape warsβ</a>.</p><p style="text-align: justify;"><b>Don't stress the technique</b>&nbsp;</p><p style="text-align: justify;">This brings us back to today and while the magazines are still waiting for scanning, I tried to get a wee bit organised and digitising the CDs.</p><p style="text-align: justify;">Some of them will have printing that covers the whole of the CD, a fair few use the foil/aluminium backing of the CD as a blank surface, which will give you pretty bad results when scanning them with a flatbed scanner: the light source keeps moving with the sensor, and what you'll be scanning is the sensor's reflection on the CD.</p><p style="text-align: justify;">My workaround for this is to use a digital camera (my phone's 24MP camera), with a white foam board behind it, so the blank parts appear more light grey. Of course, this means that you need to take the picture from an angle, and that the CD will appear as an oval instead of perfectly circular.</p><p>I tried for a while to use <a href="https://www.gimp.org/">GIMP</a> perspective tools, and βMultimediaβ Mike Melanson's <a href="https://github.com/multimediamike/MobyCAIRO">MobyCAIRO</a> rotation and cropping tool. In the end, I settled on Darktable, which allowed me to do 4-point perspective deskewing, I just had to have those reference points.</p><p>So I came up with a <a href="https://github.com/masible/cd-deskew-template">simple "deskew" template</a>, which you can print yourself, although you could probably achieve similar results with grid paper.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAiTM-nsPt4VwDPH6ZsfI5vTf-NRO6kJm6d6y2yqvjXc6AbRWZ4tS3Ysw6H__86Hutezd4F-GWXwT2UDGQagKV7S-R3j0GeRpnBl4lk4vzIEb-2_rXAGIjX_Je4ktaUirMIfYxrl1Olv8KhZ9B4kZAYV_ktqwhsrk6TO-AxW2NbjLE4GCzXrZ9vMgR-5NI5rasifc-Eg/s1333/backing-foam-board.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAiTM-nsPt4VwDPH6ZsfI5vTf-NRO6kJm6d6y2yqvjXc6AbRWZ4tS3Ysw6H__86Hutezd4F-GWXwT2UDGQagKV7S-R3j0GeRpnBl4lk4vzIEb-2_rXAGIjX_Je4ktaUirMIfYxrl1Olv8KhZ9B4kZAYV_ktqwhsrk6TO-AxW2NbjLE4GCzXrZ9vMgR-5NI5rasifc-Eg/s320/backing-foam-board.jpg" width="240" /></a></div><div style="text-align: center;"><i>My janky setup</i></div><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVZvnrSebOSuVLXRlMuRVjRKmmEPo0_U0M7U6vqhtms2kR9VLKN184AyYT5oOG52d5fPYMbbgcTNgrp98a35VW0uRucu3WAZS-AxYsEy2G_Yu_FZL6P6T58afe7SxBECIZO7QmaDPUNth1gNfgIzhOdjgvSPP5gar-WNMDTRqCEEscUF-hpwtMeY2vZyi1C0AX1fmDsA/s1000/example-photo.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVZvnrSebOSuVLXRlMuRVjRKmmEPo0_U0M7U6vqhtms2kR9VLKN184AyYT5oOG52d5fPYMbbgcTNgrp98a35VW0uRucu3WAZS-AxYsEy2G_Yu_FZL6P6T58afe7SxBECIZO7QmaDPUNth1gNfgIzhOdjgvSPP5gar-WNMDTRqCEEscUF-hpwtMeY2vZyi1C0AX1fmDsA/s320/example-photo.jpg" width="240" />&nbsp;</a></div><div class="separator" style="clear: both; text-align: center;"><i>The resulting picture</i>&nbsp;</div><p></p><p>After opening your photo with Darktable, and selecting the β<i>darkroom</i>β tab, go to the β<i>rotate and perspective tool</i>β, select the β<i>manually defined rectangle</i>β structure, and adjust the rectangle to match the centers of the 4 deskewing targets. Then click on β<i>horizontal/vertical fit</i>β. This will give you a squished CD, don't worry, and select the β<i>specific</i>β lens model and voilΓ .</p><p style="text-align: left;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDeH7kiK7f5G72NbJKFy6yoscyuU9SzFEregWWfSt3aU_dyMB76R7FsOd4t-9lgyIXAgxZZ2eQcfzSviTuYzFBujXUq8XO7Qz2zBQChYRjIZhL8VmYmpaambp-Ukw2niYgL8lqQdG9e9srdIXME0AhallSEieDxPS2Q-iktzA6QUSl5ArxUBQ474S3J1ZQ82SwywkiVg/s1533/rotate-and-perspective.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="231" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDeH7kiK7f5G72NbJKFy6yoscyuU9SzFEregWWfSt3aU_dyMB76R7FsOd4t-9lgyIXAgxZZ2eQcfzSviTuYzFBujXUq8XO7Qz2zBQChYRjIZhL8VmYmpaambp-Ukw2niYgL8lqQdG9e9srdIXME0AhallSEieDxPS2Q-iktzA6QUSl5ArxUBQ474S3J1ZQ82SwywkiVg/s320/rotate-and-perspective.png" width="320" /></a></div><p></p><p style="text-align: center;"><i>Tools at the ready</i><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisJTCVSh_jfFgr3wflmIPsRw1iWt3LmtptV_aUCypokIWO687i7slq62_weyrBpZgHEeUC7PN5YuOipI3g5XeVnVYoZvTy-kweNxpEgfIxzaGy8Edst1g6NZIAW3yUq5sEEWba-9ru9NiX0AnaMUwDcF5siUtsl4V_342zWGkgh5LIuU-kmtxYGVLMczs2FO7Q9zk1MA/s825/squared.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="279" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisJTCVSh_jfFgr3wflmIPsRw1iWt3LmtptV_aUCypokIWO687i7slq62_weyrBpZgHEeUC7PN5YuOipI3g5XeVnVYoZvTy-kweNxpEgfIxzaGy8Edst1g6NZIAW3yUq5sEEWba-9ru9NiX0AnaMUwDcF5siUtsl4V_342zWGkgh5LIuU-kmtxYGVLMczs2FO7Q9zk1MA/s320/squared.png" width="320" /></a></div><p></p><p style="text-align: center;"><i>Targets acquired</i></p><p style="text-align: center;"><i></i></p><div class="separator" style="clear: both; text-align: center;"><i><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDAKLiMWugK7L0BdH8_BIw8rEUVjeMjwPPGYQUc4z4J42KV3TC5x7s74S7ES3NIw9POXefT7Fh7Z4Cy_KGMZNyGZkzAvzRjaxTu2m3CSXQNiGJbyLPI8i6L-6mImxTXt50mqcWGlNBY_FDrQ-N3tMVCwrc0h6gZExa0wtDT6UFxy2SqiF05qckRG5ZJ6Ml8Qzl6kJ7eQ/s888/squished.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDAKLiMWugK7L0BdH8_BIw8rEUVjeMjwPPGYQUc4z4J42KV3TC5x7s74S7ES3NIw9POXefT7Fh7Z4Cy_KGMZNyGZkzAvzRjaxTu2m3CSXQNiGJbyLPI8i6L-6mImxTXt50mqcWGlNBY_FDrQ-N3tMVCwrc0h6gZExa0wtDT6UFxy2SqiF05qckRG5ZJ6Ml8Qzl6kJ7eQ/s320/squished.png" width="320" /></a></i></div><i><br /></i><div style="text-align: center;"><i>&nbsp;Straightened but squished</i></div><p></p><p>You can now export the processed image (I usually use PNG to avoid data loss at each step), open things up in GIMP and use the ellipse selection tool to remove the background (don't forget the center hole), the rotate tool to make the writing straight, and the crop tool to crop it to size.</p><p>And we're done!</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeb_MRj4vBP8v5fVb0TVJQU-rkT6ubBRZhU61jSOpMKJGkdzU7RQ0dds631c3Dgviq0q2wrQSK1EDI8uSjQEQiLWXDtT8TuwC4ARrCfiXBes4bgXTfEeRBuwhtdLDLegBCkT8yKfKuWkibPBL3eGET5UXRvEnrKa1hT-l67LQXOAaRBu8yUjftCx0GduLg2plBaXBY0g/s762/IMG_4111_01.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeb_MRj4vBP8v5fVb0TVJQU-rkT6ubBRZhU61jSOpMKJGkdzU7RQ0dds631c3Dgviq0q2wrQSK1EDI8uSjQEQiLWXDtT8TuwC4ARrCfiXBes4bgXTfEeRBuwhtdLDLegBCkT8yKfKuWkibPBL3eGET5UXRvEnrKa1hT-l67LQXOAaRBu8yUjftCx0GduLg2plBaXBY0g/s320/IMG_4111_01.png" width="315" /></a></div><br />&nbsp;The result of <a href="https://archive.org/details/apple-macintosh-power-book-1400-restore-cd-french">this example</a> is available on Archive.org, with the <a href="https://archive.org/details/@hadess">rest of my uploads</a> being made available on Archive.org and Abandonware-Magazines for those 90s magazines and their accompanying CDs.<p></p><p>[1]: Full disclosure, I wrote a couple of articles for Linux Pratique and Linux Magazine France in the early 2000s, that were edited by that same company.</p></description><author>Bastien Nocera</author><dc:creator>Bastien Nocera</dc:creator><pubDate>Sun, 27 Jul 2025 20:39:00 GMT</pubDate><guid isPermaLink="true">https://www.hadess.net/2025/07/digitising-cds-aka-using-your-phone-as.html</guid></item><item><title>Sam Thursfield: Thoughts during GUADEC 2025</title><link>https://samthursfield.wordpress.com/2025/07/26/thoughts-during-guadec-2025/</link><description><p>Greetings readers of the future from my favourite open technology event of the year. I am hanging out with the people who develop the <a href="https://www.gnome.org/">GNOME platform</a> talking about interesting stuff.</p> <p>Being realistic, I won&#8217;t have time to make a readable writeup of the event. So I&#8217;m going to set myself a challenge: how much can I write up of the event so far, in 15 minutes?</p> <p>Let&#8217;s go!</p> <h2 class="wp-block-heading">Conversations and knowledge</h2> <p>Conferences involve a series of talks, usually monologues on different topics, with slides and demos. A good talk leads to multi-way conversations.</p> <p>One thing I love about open source is: it encourages you to understand how things work. Big tech companies want you to understand nothing about your devices beyond how to put in your credit card details and send them money. Sharing knowledge is cool, though. If you know how things work then you can fix it yourself.</p> <h2 class="wp-block-heading">Structures</h2> <p>Last year, I also attended the conference and was left with a big question for the GNOME project: &#8220;What is our story?&#8221; (Inspired by an excellent keynote from Ryan Sipes about the Thunderbird email app, and how it&#8217;s supported by donations).</p> <p>We didn&#8217;t answer that directly, but I have some new thoughts.</p> <p>Open source desktops are more popular than ever. Apparently we have like 5% of the desktop market share now. Big tech firms are nowadays run as huge piles of cash, whose story is that they need to make more cash, in order to give it to shareholders, so that one day you can, allegedly, have a pension. Their main goal isn&#8217;t to make computers do interesting things. The modern for-profit corporation is a super complex institution, with great power, which is often abused.</p> <p>Open communities like GNOME are an antidote to that. With way fewer people, they nevertheless manage to produce better software in many cases, but in a way that&#8217;s demanding, fun, chaotic, mostly leaderless and which frequently burns out volunteers who contribute.</p> <p>Is the GNOME project&#8217;s goal to make computers do interesting things? For me, the most interesting part of the conference so far was the focus on <em>project structure</em>. I think we learned some things about how independent, non-profit communities can work, and how they can fail, and how we can make things better.</p> <p>In a world where political structures are being heavily tested and, in many cases, are crumbling, we would do well to talk more about structures, and to introspect a bit more on what works and what doesn&#8217;t. And to highlight the amazing work that the GNOME Foundation&#8217;s many volunteer directors have achieved over the last 30 years to create an institution that still functions today, and in many ways functions a lot better than organizations with significantly more resources.</p> <p>Relevant talks</p> <ul class="wp-block-list"><li>Stephen Deobold&#8217;s keynote</li> <li>Emmanuele&#8217;s talk on teams</li></ul> <p></p> <h2 class="wp-block-heading">Teams</h2> <p>Emmanuele Bassi tried, in a friendly way, to set fire to long-standing structures around how the GNOME community agrees and disagrees changes to the platform. Based on ideas from other successful projects that are driven by independent, non-profit communities such as the Rust and Python programming languages.</p> <p></p> <p>Part of this idea is to create well-defined teams of people who collaborate on different parts of the GNOME platform.</p> <p>I&#8217;ve been contributing to GNOME in different ways for a <em>loooong</em> time, partly due to my day job, where I sometimes work with the technology stack, and partly because its a great group of people, we get to meet around the world once a year, and make software that&#8217;s a little more independent from the excesses and the exploitation of modern capitalism, or technofuedalism. </p> <p>And I think it&#8217;s going to be really helpful to organize my contributions according to a team structure with a defined form.</p> <h2 class="wp-block-heading">Search</h2> <p>I really hope we&#8217;ll have a search team.</p> <p>I don&#8217;t have much news about search. GNOME&#8217;s indexer (localsearch) might start indexing the whole home directory soon. Carlos Garnacho continues to heroically make it work really well.</p> <h2 class="wp-block-heading">QA / Testing / Developer Experience</h2> <p>I did a talk at the conference (and half of another one with MartΓn Abente Lahaye) , about end-to-end testing using openQA.</p> <p>The talks were pretty successful, they lead to some interesting conversations with new people. I hope we&#8217;ll continue to grow the Linux QA call and try to keep these conversations going, and try to share knowledge and create better structures so that paid QA engineers who are testing products built with GNOME can collaborate on testing upstream.</p> <h2 class="wp-block-heading">Freeform notes</h2> <p>I&#8217;m 8 minutes over time already so the rest of this will be freeform notes from my notepad.</p> <p>Live-coding streams aren&#8217;t something I watch or create. It&#8217;s an interesting way to share knowledge with the new generation of people who have grown up with internet videos as a primary knowledge source. I don&#8217;t have age stats for this blog, but I&#8217;m curious how many readers under 30 have read this far down. (Leave a comment if you read this and prove me wrong! : -)</p> <p>systemd-sysexts for development are going to catch on.</p> <p>There should be karaoke every year.</p> <p>Fedora Silverblue isn&#8217;t actively developed at the moment. bootc is something to keep an eye on.</p> <p>GNOME Shell Extensions are really popular and are a good &#8220;gateway drug&#8221; to get newcomers involved. Nobody figured out a good automated testing story for these yet. I wonder if there&#8217;s a QA project there? I wonder if there&#8217;s a low-cost way to allow extension developers to test extensions?</p> <p>Legacy code is &#8220;code without tests&#8221;. I&#8217;m not sure I agree with that.</p> <p>&#8220;Toolkits are transient, apps are forever&#8221;. That&#8217;s spot-on.</p> <p>There is a spectrum between being a user and a developer. It&#8217;s not a black-and-white distinction.</p> <p>BuildStream is still difficult to learn and the documentation isn&#8217;t a helpful getting started guide for newcomers.</p> <p>We need more live demos of accessibility tools. I still don&#8217;t know how you use the screen reader. I&#8217;d like to have the computer read to me.</p> <p>That&#8217;s it for now. It took 34 minutes to empty my brain into my blog, more than planned, but a necessary step. Hope some of it was interesting. See you soon!</p> <p></p></description><author>Sam Thursfield</author><dc:creator>Sam Thursfield</dc:creator><pubDate>Sat, 26 Jul 2025 17:19:59 GMT</pubDate><guid isPermaLink="true">https://samthursfield.wordpress.com/2025/07/26/thoughts-during-guadec-2025/</guid></item><item><title>Nick Richards: Octopus Agile Prices For Linux</title><link>https://www.nedrichards.com/2025/07/octopus-agile-prices-for-linux/</link><description><p>I&rsquo;m on the <a href="https://octopus.energy/smart/agile/">Octopus Agile</a> electricity tariff, where the price changes every half hour based on wholesale costs. This is great for saving money and using less carbon intensive energy, provided you can shift your heavy usage to cheaper times. With a family that insists on eating at a normal hour, that mostly means scheduling the dishwasher and washing machine.</p><p>The snag was not having an easy way to see upcoming prices on my Linux laptop. To scratch that itch, I built a small GTK app: <a href="https://github.com/nedrichards/octopus-agile-energy/">Octopus Agile Energy</a>. You can use it yourself if you&rsquo;re in the UK and have this electricity tarriff. Either install it directly <a href="https://flathub.org/apps/com.nedrichards.octopusagile">from Flathub</a> or download the source code and &lsquo;press play&rsquo; in GNOME Builder. The app is heavily inspired by the excellent <a href="https://play.google.com/store/apps/details?id=com.m4consulting.octopus_comparison">Octopus Compare</a> for mobile but I stripped the concept back to a single job: what&rsquo;s the price now and for the next 24 hours? This felt right for a simple desktop utility and was achievable with a bit of JSON parsing and some hand waving.</p><p><img alt="Screenshot of the Octopus Agile Energy app showing the current electricity price and a graph of future prices" src="https://github.com/nedrichards/octopus-agile-energy/raw/main/data/octopus-agile-screenshot.png" /></p><p>I wrote a good chunk of the Python for it with the <a href="https://github.com/google-gemini/gemini-cli">gemini-cli</a>, which was a pleasant surprise. My workflow was running Gemini in a <a href="https://containertoolbx.org/">Toolbx</a> container, building on my <a href="https://fedoraproject.org/atomic-desktops/silverblue/">Silverblue</a> desktop with GNOME Builder, and manually feeding back any errors. I kept myself in the loop, taking my own screenshots of visual issues rather than letting the model run completely free and using integrations like <a href="https://github.com/bilelmoussaoui/gnome-mcp-server?tab=readme-ov-file">gnome-mcp-server</a> to inspect itself.</p><p>It&rsquo;s genuinely fun to make apps with GTK 4, libadwaita, and Python. The modern stack has a much lower barrier to entry than the GTK-based frameworks I&rsquo;ve worked on in the past. And while I have my reservations about cloud-hosted AI, using this kind of technology feels like a step towards giving users more control over their computing, not less. Of course, the 25 years of experience I have in software development helped bridge the gap between a semi-working prototype that only served one specific pricing configuration, didn&rsquo;t cache anything and was constantly re-rendering; and an actual app. The AI isn&rsquo;t quite there yet at all, but the potential is there and a locally hosted system by and for the free software ecosystem would be super handy.</p><p>I hope the app is useful. Whilst I may well make some tweaks or changes this does exactly what I want and I&rsquo;d encourage anyone interested to fork the code and build something that makes them happy.</p></description><author>Nick Richards</author><dc:creator>Nick Richards</dc:creator><pubDate>Sat, 26 Jul 2025 17:01:29 GMT</pubDate><guid isPermaLink="true">https://www.nedrichards.com/2025/07/octopus-agile-prices-for-linux/</guid></item><item><title>Nancy Nyambura: Outreachy Update:Understanding and Improving def-extractor.py</title><link>https://nanciedev.wordpress.com/2025/07/25/outreachy-updateunderstanding-and-improving-def-extractor-py/</link><description><h3 class="wp-block-heading"><strong>Introduction</strong></h3> <p>Over the past couple of weeks, I have been working on understanding and improving&nbsp;<strong>def-extractor.py</strong>, a Python script that processes dictionary data from Wiktionary to generate word lists and definitions in structured formats. My main task has been to refactor the script to use configuration files instead of hardcoded values, making it more flexible and maintainable.</p> <p>In this blog post, Iβll explain:</p> <ol class="wp-block-list" start="1"><li><strong>What the script does</strong></li> <li><strong>How it works under the hood</strong></li> <li><strong>The changes I made to improve it</strong></li> <li><strong>Why these changes matter</strong></li></ol> <h2 class="wp-block-heading"><strong>What Does the Script Do?</strong></h2> <p>At a high level, this script processes huge JSONL (JSON Lines) dictionary dumps, like the ones from <a class="" href="https://kaikki.org">Kaikki.org</a> , and filters them down into clean, usable formats.</p> <p>The&nbsp;<strong>def-extractor.py</strong>&nbsp;script takes raw dictionary data (from Wiktionary) and processes it into structured formats like:</p> <ul class="wp-block-list"><li><strong>Filtered word lists</strong>&nbsp;(JSONL)</li> <li><strong>GVariant binary files</strong>&nbsp;(for efficient storage)</li> <li><strong>Enum tables</strong>&nbsp;(for parts of speech &amp; word tags)</li></ul> <p>It was originally designed to work with specific word lists (Wordnik, Broda, and a test list), but my goal is to make it&nbsp;<strong>configurable</strong>&nbsp;so it could support any word list with a simple config file.</p> <h2 class="wp-block-heading"><strong>How It Works (Step by Step)</strong></h2> <h3 class="wp-block-heading"><strong>1. Loading the Word List</strong></h3> <p>The script starts by loading a word list (e.g., Wordnikβs list of common English words). It filters out invalid words (too short, contain numbers, etc.) and stores them in a hash table for quick lookup.</p> <h3 class="wp-block-heading"><strong>2. Filtering Raw Wiktionary Data</strong></h3> <p>Next, it processes a massive&nbsp;<strong>raw-wiktextract-data.jsonl</strong>&nbsp;file (theWiktionary dump) and keeps only entries that:</p> <ul class="wp-block-list"><li>Match words from the loaded word list</li> <li>Are in the correct language (e.g., English)</li></ul> <figure class="wp-block-image size-large"><img alt="" class="wp-image-29" height="620" src="https://nanciedev.wordpress.com/wp-content/uploads/2025/07/filter.png?w=608" width="608" /></figure> <h3 class="wp-block-heading"><strong>3. Generating Structured Outputs</strong></h3> <p>After filtering, the script creates:</p> <ul class="wp-block-list"><li><strong>Enum tables</strong>&nbsp;(JSON files listing parts of speech &amp; word tags)</li> <li><strong>GVariant files</strong>&nbsp;(binary files for efficient storage and fast lookup)</li></ul> <figure class="wp-block-image size-large"><img alt="" class="wp-image-31" height="418" src="https://nanciedev.wordpress.com/wp-content/uploads/2025/07/gvariant.png?w=751" width="751" /></figure> <hr class="wp-block-separator has-alpha-channel-opacity" /> <h2 class="wp-block-heading"><strong>What Changes have I Made?</strong></h2> <h3 class="wp-block-heading"><strong>1. Added Configuration Support</strong></h3> <p>Originally, the script uses hardcoded paths and settings. I modified it to read from&nbsp;<strong>.config files</strong>, allowing users to define:</p> <ul class="wp-block-list"><li><strong>Source word list file</strong></li> <li><strong>Output directory</strong></li> <li><strong>Word validation rules</strong>&nbsp;(min/max length, allowed characters)</li></ul> <p><strong>Before (Hardcoded):</strong></p> <pre class="wp-block-preformatted"><code>WORDNIK_LIST = "wordlist-20210729.txt"<br />ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"</code></pre> <p><strong>After (Configurable):</strong></p> <p><code>ini</code></p> <pre class="wp-block-preformatted"><code>[Word List]<br />Source = my-wordlist.txt<br />MinLength = 2<br />MaxLength = 20</code></pre> <h3 class="wp-block-heading"><strong>2. Improved File Path Handling</strong></h3> <p>Instead of hardcoding paths, the script now constructs them dynamically:</p> <pre class="wp-block-preformatted">output_path = os.path.join(config.word_lists_dir, f"{config.id}-filtered.jsonl")<br /><br /></pre> <h2 class="wp-block-heading"><strong>Why Do These Changes Matter?</strong></h2> <p><strong>Flexibility</strong>&nbsp;-Now supports any word list via config files.<br /><strong>Maintainability</strong>&#8211; No more editing code to change paths or rules.<br /><strong>Scalability</strong>&nbsp;-Easier to add new word lists or languages.<br /><strong>Consistency</strong>&nbsp;-All settings are in configs.</p> <p>Next Steps?</p> <h3 class="wp-block-heading"><strong>1. Better Error Handling</strong></h3> <p>I am working on adding checks for:</p> <ul class="wp-block-list"><li>Missing config fields</li> <li>Invalid word list files</li> <li>Incorrectly formatted data</li> <li></li></ul> <h3 class="wp-block-heading"><strong>2. Unified Word Loading Logic</strong></h3> <p>There are separate functions (<code>load_wordnik()</code>,&nbsp;<code>load_broda()</code>). </p> <p>I want to merged them into one&nbsp;<strong><code>load_words(config)</code></strong>&nbsp;that would works for any word list.</p> <p>&nbsp;3. Refactor legacy code&nbsp;for better structure</p> <h3 class="wp-block-heading"><strong>Try It Yourself</strong></h3> <ol class="wp-block-list" start="1"><li>Download the script: [<a href="https://gitlab.gnome.org/jrb/word-list-tools">wordlist-Gitlab</a>]</li> <li>Create a&nbsp;<code>.</code>conf&nbsp;config file</li> <li> Run:<code> python3 def-extractor.py --config my-wordlist.conf filtered-list</code></li></ol> <p>Happy coding! </p></description><author>Nancy Nyambura</author><dc:creator>Nancy Nyambura</dc:creator><pubDate>Fri, 25 Jul 2025 14:05:26 GMT</pubDate><guid isPermaLink="true">https://nanciedev.wordpress.com/2025/07/25/outreachy-updateunderstanding-and-improving-def-extractor-py/</guid></item><item><title>Nancy Wairimu Nyambura: Outreachy Update:Understanding and Improving def-extractor.py</title><link>https://nanciedev.wordpress.com/2025/07/25/outreachy-updateunderstanding-and-improving-def-extractor-py/</link><description><h3 class="wp-block-heading"><strong>Introduction</strong></h3> <p>Over the past couple of weeks, I have been working on understanding and improving&nbsp;<strong>def-extractor.py</strong>, a Python script that processes dictionary data from Wiktionary to generate word lists and definitions in structured formats. My main task has been to refactor the script to use configuration files instead of hardcoded values, making it more flexible and maintainable.</p> <p>In this blog post, Iβll explain:</p> <ol class="wp-block-list" start="1"><li><strong>What the script does</strong></li> <li><strong>How it works under the hood</strong></li> <li><strong>The changes I made to improve it</strong></li> <li><strong>Why these changes matter</strong></li></ol> <h2 class="wp-block-heading"><strong>What Does the Script Do?</strong></h2> <p>At a high level, this script processes huge JSONL (JSON Lines) dictionary dumps, like the ones from <a class="" href="https://kaikki.org">Kaikki.org</a> , and filters them down into clean, usable formats.</p> <p>The&nbsp;<strong>def-extractor.py</strong>&nbsp;script takes raw dictionary data (from Wiktionary) and processes it into structured formats like:</p> <ul class="wp-block-list"><li><strong>Filtered word lists</strong>&nbsp;(JSONL)</li> <li><strong>GVariant binary files</strong>&nbsp;(for efficient storage)</li> <li><strong>Enum tables</strong>&nbsp;(for parts of speech &amp; word tags)</li></ul> <p>It was originally designed to work with specific word lists (Wordnik, Broda, and a test list), but my goal is to make it&nbsp;<strong>configurable</strong>&nbsp;so it could support any word list with a simple config file.</p> <h2 class="wp-block-heading"><strong>How It Works (Step by Step)</strong></h2> <h3 class="wp-block-heading"><strong>1. Loading the Word List</strong></h3> <p>The script starts by loading a word list (e.g., Wordnikβs list of common English words). It filters out invalid words (too short, contain numbers, etc.) and stores them in a hash table for quick lookup.</p> <h3 class="wp-block-heading"><strong>2. Filtering Raw Wiktionary Data</strong></h3> <p>Next, it processes a massive&nbsp;<strong>raw-wiktextract-data.jsonl</strong>&nbsp;file (theWiktionary dump) and keeps only entries that:</p> <ul class="wp-block-list"><li>Match words from the loaded word list</li> <li>Are in the correct language (e.g., English)</li></ul> <figure class="wp-block-image size-large"><img alt="" class="wp-image-29" height="620" src="https://nanciedev.wordpress.com/wp-content/uploads/2025/07/filter.png?w=608" width="608" /></figure> <h3 class="wp-block-heading"><strong>3. Generating Structured Outputs</strong></h3> <p>After filtering, the script creates:</p> <ul class="wp-block-list"><li><strong>Enum tables</strong>&nbsp;(JSON files listing parts of speech &amp; word tags)</li> <li><strong>GVariant files</strong>&nbsp;(binary files for efficient storage and fast lookup)</li></ul> <figure class="wp-block-image size-large"><img alt="" class="wp-image-31" height="418" src="https://nanciedev.wordpress.com/wp-content/uploads/2025/07/gvariant.png?w=751" width="751" /></figure> <hr class="wp-block-separator has-alpha-channel-opacity" /> <h2 class="wp-block-heading"><strong>What Changes have I Made?</strong></h2> <h3 class="wp-block-heading"><strong>1. Added Configuration Support</strong></h3> <p>Originally, the script uses hardcoded paths and settings. I modified it to read from&nbsp;<strong>.config files</strong>, allowing users to define:</p> <ul class="wp-block-list"><li><strong>Source word list file</strong></li> <li><strong>Output directory</strong></li> <li><strong>Word validation rules</strong>&nbsp;(min/max length, allowed characters)</li></ul> <p><strong>Before (Hardcoded):</strong></p> <pre class="wp-block-preformatted"><code>WORDNIK_LIST = "wordlist-20210729.txt"<br />ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"</code></pre> <p><strong>After (Configurable):</strong></p> <p><code>ini</code></p> <pre class="wp-block-preformatted"><code>[Word List]<br />Source = my-wordlist.txt<br />MinLength = 2<br />MaxLength = 20</code></pre> <h3 class="wp-block-heading"><strong>2. Improved File Path Handling</strong></h3> <p>Instead of hardcoding paths, the script now constructs them dynamically:</p> <pre class="wp-block-preformatted">output_path = os.path.join(config.word_lists_dir, f"{config.id}-filtered.jsonl")<br /><br /></pre> <h2 class="wp-block-heading"><strong>Why Do These Changes Matter?</strong></h2> <p><strong>Flexibility</strong>&nbsp;-Now supports any word list via config files.<br /><strong>Maintainability</strong>&#8211; No more editing code to change paths or rules.<br /><strong>Scalability</strong>&nbsp;-Easier to add new word lists or languages.<br /><strong>Consistency</strong>&nbsp;-All settings are in configs.</p> <p>Next Steps?</p> <h3 class="wp-block-heading"><strong>1. Better Error Handling</strong></h3> <p>I am working on adding checks for:</p> <ul class="wp-block-list"><li>Missing config fields</li> <li>Invalid word list files</li> <li>Incorrectly formatted data</li> <li></li></ul> <h3 class="wp-block-heading"><strong>2. Unified Word Loading Logic</strong></h3> <p>There are separate functions (<code>load_wordnik()</code>,&nbsp;<code>load_broda()</code>). </p> <p>I want to merged them into one&nbsp;<strong><code>load_words(config)</code></strong>&nbsp;that would works for any word list.</p> <p>&nbsp;3. Refactor legacy code&nbsp;for better structure</p> <h3 class="wp-block-heading"><strong>Try It Yourself</strong></h3> <ol class="wp-block-list" start="1"><li>Download the script: [<a href="https://gitlab.gnome.org/jrb/word-list-tools">wordlist-Gitlab</a>]</li> <li>Create a&nbsp;<code>.</code>conf&nbsp;config file</li> <li> Run:<code> python3 def-extractor.py --config my-wordlist.conf filtered-list</code></li></ol> <p>Happy coding! </p></description><author>Nancy Wairimu Nyambura</author><dc:creator>Nancy Wairimu Nyambura</dc:creator><pubDate>Fri, 25 Jul 2025 14:05:26 GMT</pubDate><guid isPermaLink="true">https://nanciedev.wordpress.com/2025/07/25/outreachy-updateunderstanding-and-improving-def-extractor-py/</guid></item><item><title>Hari Rana: GNOME Calendar: A New Era of Accessibility Achieved in 90 Days</title><link>https://tesk.page/2025/07/25/gnome-calendar-a-new-era-of-accessibility-achieved-in-90-days/</link><description><div class="statements"> <section class="card note"> <strong class="big">Note</strong> <p> <p>Please consider supporting my effort in making GNOME apps accessible for everybody. Thanks!</p> <ul> <li><a href="https://liberapay.com/TheEvilSkeleton">Liberapay</a></li> <li><a href="https://ko-fi.com/theevilskeleton">Ko-fi</a></li> <li><a href="https://github.com/sponsors/TheEvilSkeleton">GitHub Sponsors</a></li> </ul> </p> </section> </div> <h2 id="introduction">Introduction</h2> <p>There is no calendaring app that I love more than GNOME Calendar. The design is slick, it works extremely well, it is touchpad friendly, and best of all, the community around it is just full of wonderful developers, designers, and contributors worth collaborating with, especially with the recent community growth and engagement over the past few years. <a href="https://feaneron.com/">Georges Stavracas</a> and <a href="https://fortintam.com/en/">Jeff Fortin Tam</a> are some of the best maintainers I have ever worked with. I cannot express how thankful I am of Jeffβs underappreciated superhuman capabilities to voluntarily coordinate huge initiatives and issue trackers.</p> <p>One of Jeffβs many initiatives is <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/issues/1036">gnome-calendar#1036</a>: <em>the accessibility initiative</em>, which is a big and detailed list of issues related to accessibility. In my opinion, GNOME Calendarβs biggest problem was the lack of accessibility support, which made the app completely unusable for people exclusively using a keyboard, or people relying on assistive technologies.</p> <p>This article will explain in details about the fundamental issues that held back accessibility in GNOME Calendar since the very beginning of its existence (12 years at a minimum), the progress we have made with accessibility as well as our thought process in achieving it, and the now and future of accessibility in GNOME Calendar.</p> <h2 id="calendaring-complications">Calendaring Complications</h2> <div class="statements"> <section class="card note"> <strong class="big">Note</strong> <p> <p>On a desktop or tablet form factor, GNOME Calendar has a month view and a week view, both of which are a grid comprising of cells representing a time frame.</p> <p>In the month view, each row is a week, and each cell is a day.</p> <figure> <source media="(prefers-color-scheme: light)" /> <img alt="" height="936" src="https://tesk.page/assets/Articles/making-gnome-calendar-accessible-in-six-months/month-view.webp" width="1682" /> <figcaption></figcaption> </figure> <p>In the week view, the time frame within cells varies on the zooming level.</p> <figure> <source media="(prefers-color-scheme: light)" /> <img alt="" height="936" src="https://tesk.page/assets/Articles/making-gnome-calendar-accessible-in-six-months/week-view.webp" width="1682" /> <figcaption></figcaption> </figure> </p> </section> </div> <p>There are mainly two reasons that made GNOME Calendar inaccessible: firstly, GTKβs accessibility tree does not cover the logically and structurally complicated workflow and design that is a typical calendaring app; and secondly, the significant negative implications of accessibility due to reducing as much overhead as possible.</p> <h3 id="accessibility-trees-are-insufficient-for-calendaring-apps">Accessibility Trees Are Insufficient for Calendaring Apps</h3> <p>GTKβs accessibility tree, or rather <em>any</em> <a href="https://developer.mozilla.org/en-US/docs/Glossary/Accessibility_tree">accessibility tree</a>, is rendered insufficient for calendaring apps, mainly because events are extremely versatile. Tailoring the entire interface and experience around that versatility pushes us to explore alternate and custom structures.</p> <p>Events are highly flexible, because they are time-based. An event can last a couple of minutes, but it can as well last for hours, days, weeks, or even months. It can start in the middle of a day and end on the upcoming day; it can start by the end of a week and end at the beginning of the upcoming week. Essentially, events are limitless, just like time itself.</p> <figure> <source media="(prefers-color-scheme: light)" /> <img alt="" height="936" src="https://tesk.page/assets/Articles/making-gnome-calendar-accessible-in-six-months/events-in-month-view.webp" width="1682" /> <figcaption></figcaption> </figure> <p>Since events can last more than a day, cell widgets cannot hold a meaningful link with event widgets, because otherwise event widgets would not be capable of spanning across cells. As such, event widgets are overlaid on top of cell widgets and positioned based on the coordinates, width, and height of each widget.</p> <p>As a consequence, the visual representation of GNOME Calendar is fundamentally incompatible with accessibility trees. GNOME Calendarβs month and week views are <em>visually</em> <span class="no-wrap"><a href="https://en.wikipedia.org/wiki/2.5D_(visual_perception)">2.5 dimensional</a>: A grid</span> layout by itself is structurally <span class="no-wrap">two-dimensional</span>, but overlaying event widgets that is capable of spanning across cells adds an additional layer. Conversely, accessibility trees are fundamentally <span class="no-wrap">two-dimensional</span>, so GNOME Calendarβs visual representation cannot be sufficiently adapted into a <span class="no-wrap">two-dimensional</span> logical tree.</p> <p>In summary, accessibility trees are insufficient for calendaring apps, because the versatility and high requirements of events prevents us from linking cell widgets with event widgets, so event widgets are instead overlaid on top, consequently making the visual representation <span class="no-wrap">2.5 dimensional; however,</span> the additional layer makes it fundamentally impossible to adapt to a <span class="no-wrap">two-dimensional</span> accessibility tree.</p> <h3 id="negative-implications-of-accessibility-due-to-maximizing-performance">Negative Implications of Accessibility due to Maximizing Performance</h3> <p>Unlike the majority of apps, GNOME Calendarβs layout and widgetry consist of custom widgets and complex calculations according to several factors, such as: </p> <ul> <li>the size of the window;</li> <li>the height and width of each cell widget to figure out if one or more event widgets can perceptibly fit inside a cell;</li> <li>the position of each event widget to figure out where to position the event widget, and where to reposition all the event widgets around it if necessary;</li> <li><del>what went wrong in my life to work on a calendaring app written in C.</del></li> </ul> <p>Due to these complex calculations, along with the fact that it is also possible to have tens, hundreds, or even thousands of events, nearly every calendar app relies on maximizing performance as much as possible, while being at the mercy of the framework or toolkit. Furthermore, GNOME Calendar supports smooth scrolling and <a href="https://alvarotrigo.com/blog/kinetic-scrolling/">kinetic scrolling</a>, so each event and cell widgetβs position needs to be recalculated for every pixel when the user scrolls or swipes with a mouse or touchpad.</p> <p>One way to minimize that problem is by creating custom widgets that are minimal and only fulfill the purpose we absolutely need. However, this comes at the cost of needing to reimplement most functionality, including most, if not all accessibility features and semantics, such as keyboard focus, which severely impacted accessibility in GNOME Calendar.</p> <p>While GTKβs widgets are great for general purpose use-cases and do not have any performance impact with limited instances of them, performance starts to deteriorate on weaker systems when there are hundreds, if not thousands of instances in the view, because they contain a lot of functionality that event widgets may not need.</p> <p>In the case of the <a href="https://docs.gtk.org/gtk4/class.Button.html">GtkButton</a> widget, it has a custom <a href="https://en.wikipedia.org/wiki/Multiplexer">multiplexer</a>, it applies different styles for different <a href="https://docs.gtk.org/gtk4/property.Button.child.html">child types</a>, it implements the <a href="https://docs.gtk.org/gtk4/iface.Actionable.html">GtkActionable</a> interface for custom actions, and more technical characteristics. Other functionality-based widgets will have more capabilities that might impact performance with hundreds of instances.</p> <p>To summarize, GNOME Calendar reduces overhead by creating minimal custom widgets that fulfill a specific purpose. This unfortunately severely impacted accessibility throughout the app and made it unusable with a keyboard, as some core functionalities, accessibility features and semantics were never (re)implemented.</p> <h2 id="improving-the-existing-experience">Improving the Existing Experience</h2> <p>Despite being inaccessible as an app altogether, not every aspect was inaccessible in GNOME Calendar. Most areas throughout the app worked with a keyboard and/or assistive technologies, but they needed some changes to improve the experience. For this reason, this section is reserved specifically for mentioning the aspects that underwent a lot of improvements.</p> <h3 id="improving-focus-rings">Improving Focus Rings</h3> <p>The first major step was to improve the focus ring situation throughout GNOME Calendar. Since the majority of widgets are custom widgets, many of them require to manually apply focus rings. <a class="no-wrap" href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/563">!563</a> addresses that by <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/563/diffs?commit_id=336ecd9ec30603cc8a37c7ba13de66cc3c61a5c0">declaring custom CSS properties</a>, to use as a base for focus rings. <a class="no-wrap" href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/399">!399</a> tweaks the style of the reminders popover in the event editor dialog, with the <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/399/diffs?commit_id=4ec25d877577b0b0bc9a33b1335133b57edc3092">addition of a focus ring</a>.</p> <p>We changed the behavior of the event notes box under the βNotesβ section in the event editor dialog. Every time the user focuses on the event notes box, the focus ring appears and outlines the entire box until the user leaves focus. This was accomplished by <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/563/diffs?commit_id=140dd3b145f98e7198fca140939b1f5e09bbfb4f">subclassing AdwPreferencesRow</a> to inherit its style, then <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/563/diffs?commit_id=140dd3b145f98e7198fca140939b1f5e09bbfb4f">applying the <code class="language-plaintext no-wrap highlighter-rouge">.focused</code> class</a> whenever the user focuses on the notes.</p> <h3 id="improving-the-calendar-grid">Improving the Calendar Grid</h3> <div class="statements"> <section class="card note"> <strong class="big">Note</strong> <p> <p>The calendar grid is a 7Γ6 grid of buttons representing each day. The horizontal axis represents the day of the week, and the vertical axis represents the week number.</p> <figure> <source media="(prefers-color-scheme: light)" /> <img alt="" class="drop-shadow" height="276" src="https://tesk.page/assets/Articles/making-gnome-calendar-accessible-in-six-months/date-grid.webp" width="314" /> <figcaption></figcaption> </figure> </p> </section> </div> <p>The calendar grid on the sidebar suffered from several issues when it came to keyboard navigation, namely:</p> <ul> <li>pressing <kbd>βΉ</kbd> would focus the next cell in the grid up until the last cell;</li> <li>when out of bounds, there would be no auditory feedback;</li> <li>on the last row, pressing <kbd>β</kbd> would focus a blank element; and</li> <li>pressing <kbd>β</kbd> in left-to-right languages, or <kbd>β</kbd> in right-to-left languages, on the last column would move focus to a completely different widget.</li> </ul> <p>While the calendar grid can be interacted with a keyboard, the keyboard experience was far from desired. <a class="no-wrap" href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/608">!608</a> addresses these issues by overriding the <a href="https://docs.gtk.org/gtk4/vfunc.Widget.focus.html"><code class="language-plaintext highlighter-rouge">Gtk.Widget.focus ()</code></a> virtual method. Pressing <kbd>βΉ</kbd> or <kbd><kbd>Shift</kbd>+<kbd>βΉ</kbd></kbd> <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/608/diffs?commit_id=032a71dde6b476111848bb0bdd5000a111d5ac6d">skips the entire grid</a>, and the grid is <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/608/diffs?commit_id=ba716102b916257362feeab40dce48528d39ac19">wrapped</a> to allow focusing between the first and last columns with <kbd>β</kbd> and <kbd>β</kbd>, while notifying the user when out of bounds.</p> <h3 id="improving-the-calendar-list-box">Improving the Calendar List Box</h3> <div class="statements"> <section class="card note"> <strong class="big">Note</strong> <p> <p>The calendar list box holds a list of available calendars, all of which can be displayed or hidden from the week view and month view. Each row is a <a href="https://docs.gtk.org/gtk4/class.ListBoxRow.html">GtkListBoxRow</a> that holds a <a href="https://docs.gtk.org/gtk4/class.CheckButton.html">GtkCheckButton</a>.</p> </p> </section> </div> <p>The calendar list box had several problems in regards to keyboard navigation and the information each row provided to assistive technologies.</p> <p>The user was required to press <kbd>βΉ</kbd> a second time to get to the next row in the list. To elaborate: pressing <kbd>βΉ</kbd> once focused the row; pressing it another time moved focus to the check button within the row (bad); and finally pressing the third time focused the next row.</p> <p>Row widgets had no actual purpose besides toggling the check button upon activation. Similarly, the only use for a check button widget inside each row was to display the βcheck markβ icon if the calendar was displayed. This meant that the check button widget held all the desired semantics, such as the β<em><a href="https://docs.gtk.org/gtk4/enum.AccessibleRole.html#checkbox">checkbox</a></em>β role and the β<em><a href="https://docs.gtk.org/gtk4/enum.AccessibleState.html#checked">checked</a></em>β state; but worst of all, it was getting focus. Essentially, the check button widget was handling responsibilities that should have been handled by the row.</p> <p>Both inconveniences were addressed by <a class="no-wrap" href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/588">!588</a>. The check button widget was replaced with a check mark icon using <a href="https://docs.gtk.org/gtk4/class.Image.html">GtkImage</a>, a widget that does not grab focus. The accessible role of the row widget was changed to β<em><a href="https://docs.gtk.org/gtk4/enum.AccessibleRole.html#checkbox">checkbox</a></em>β, and the code was adapted to handle the β<em><a href="https://docs.gtk.org/gtk4/enum.AccessibleState.html#checked">checked</a></em>β state.</p> <h2 id="implementing-accessibility-functionality">Implementing Accessibility Functionality</h2> <p>Accessibility is often absolute: there is no βin-betweenβ state; either the user <em>can</em> access functionality, or they cannot, which can potentially make the app completely unusable. This section goes in depth with the widgets that were not only entirely inaccessible but also rendered GNOME Calendar completely unusable with a keyboard and assistive technology.</p> <h3 id="making-the-event-widget-accessible">Making the Event Widget Accessible</h3> <div class="statements"> <section class="card note"> <strong class="big">Note</strong> <p> <p><a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/blob/main/src/gui/gcal-event-widget.c"><em>GcalEventWidget</em></a>, the name of the event widget within GNOME Calendar, is a colored rectangular toggle button containing the summary of an event.</p> <figure> <img alt="" class="drop-shadow" height="62" src="https://tesk.page/assets/Articles/making-gnome-calendar-accessible-in-six-months/event-widget-preview.webp" width="650" /> <figcaption></figcaption> </figure> <p>Activating it displays a popover that displays additional detail for that event.</p> <p>GcalEventWidget subclasses <a href="https://docs.gtk.org/gtk4/class.Widget.html">GtkWidget</a>.</p> </p> </section> </div> <p>The biggest problem in GNOME Calendar, which also made it completely impossible to use the app with a keyboard, was the lack of a way to focus and activate event widgets with a keyboard. Essentially, one would be able to create events, but there would be no way to access them in GNOME Calendar.</p> <p>Quite literally, this entire saga began all thanks to a dream I had, which was to make GcalEventWidget subclass <a href="https://docs.gtk.org/gtk4/class.Button.html">GtkButton</a> instead of <a href="https://docs.gtk.org/gtk4/class.Widget.html">GtkWidget</a> directly. The thought process was: <em>GtkButton already implements focus and activation with a keyboard, so inheriting it should therefore inherit focus and activation behavior</em>.</p> <p>In merge request <a class="no-wrap" href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/559">!559</a>, the initial <a href="https://gitlab.gnome.org/TheEvilSkeleton/gnome-calendar/-/commit/fcd7347ecb469e026e603f7f9c4d3cc9f4422d43">implementation</a> indeed subclassed GtkButton. However, that implementation did not go through, due to the reason outlined in <a href="https://tesk.page/2025/07/25/gnome-calendar-a-new-era-of-accessibility-achieved-in-90-days/#negative-implications-of-accessibility-due-to-maximizing-performance"><em><span class="no-wrap">Β§ Negative</span> Implications of Accessibility due to Maximizing Performance</em></a>.</p> <p>Despite that, the initial implementation instead significantly helped us figure out <em>exactly</em> what were missing with GcalEventWidget: specifically, setting <a class="no-wrap" href="https://docs.gtk.org/gtk4/property.Widget.receives-default.html"><code class="language-plaintext highlighter-rouge">Gtk.Widget:receives-default</code></a> and <a class="no-wrap" href="https://docs.gtk.org/gtk4/property.Widget.focusable.html"><code class="language-plaintext highlighter-rouge">Gtk.Widget:focusable</code></a> properties to β<em>True</em>β. <code class="language-plaintext no-wrap highlighter-rouge">Gtk.Widget:receives-default</code> makes it so the widget can be activated how ever desired, and <code class="language-plaintext no-wrap highlighter-rouge">Gtk.Widget:focusable</code> allows it to become focusable with a keyboard. So, instead of subclassing GtkButton, we instead <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/559/diffs?commit_id=a3fb57939a307f5b661cc2f205e562f43a0a31fa">reimplemented GtkButtonβs functionality</a> in order to maintain performance.</p> <p>While preliminary support for keyboard navigation was added into GcalEventWidget, accessible semantics for assistive technologies like screen readers were severely lacking. This was addressed by <a class="no-wrap" href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/587">!587</a>, which sets the <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/587/diffs?commit_id=73e1baad04b4737cfd2133404a04819c118f2d3e">role to β<em>toggle-button</em>β</a>, to convey that GcalEventWidget is a toggle button. The merge request also <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/587/diffs?commit_id=96fef80ca2786d80ecd1a3b69a1bfb3f9bf15c59">indicates that the widget has a popup</a> for the event popover, and has the means to <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/587/diffs?commit_id=e8249e9e431928096fd84416e6856440dac314b8">update the β<em>pressed</em>β state</a> of the widget.</p> <p>In summary, we first made GcalEventWidget accessible with a keyboard by reimplementing some of GtkButtonβs functionality. Then, we later added the means to appropriately convey information to assistive technologies. This was the worst offender, and was the primary reason why GNOME Calendar was unusable with a keyboard, but we finally managed to solve it!</p> <h3 id="making-the-month-and-year-spin-buttons-accessible">Making the Month and Year Spin Buttons Accessible</h3> <div class="statements"> <section class="card note"> <strong class="big">Note</strong> <p> <p><a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/blob/main/src/gui/event-editor/gcal-multi-choice.c"><em>GcalMultiChoice</em></a> is the name of the custom <a href="https://en.wiktionary.org/wiki/spin_button">spin button</a> widget used for displaying and cycling through months and/or years.</p> <p>It comprises of a βdecrementβ button to the start, a flat toggle button in the middle that contains a label that displays the value, and an βincrementβ button to the end. Only the button in the middle can gain keyboard focus throughout GcalMultiChoice.</p> <figure> <source media="(prefers-color-scheme: light)" /> <img alt="" class="drop-shadow" height="46" src="https://tesk.page/assets/Articles/making-gnome-calendar-accessible-in-six-months/multi-choice.webp" width="310" /> <figcaption></figcaption> </figure> <p>In some circumstances, GcalMultiChoice can display a popover for increased granularity.</p> </p> </section> </div> <p>GcalMultiChoice was not interactable with a keyboard, because:</p> <ol> <li>it did not react to <kbd>β</kbd> and <kbd>β</kbd> keys; and</li> <li>the βdecrementβ and βincrementβ buttons were not focusable.</li> </ol> <p>For a spin button widget, the βdecrementβ and βincrementβ buttons should generally remain unfocusable, because <kbd>β</kbd> and <kbd>β</kbd> keys already accomplish that behavior. Furthermore, <a href="https://docs.gtk.org/gtk4/class.SpinButton.html">GtkSpinButton</a>βs βincrementβ (+) and βdecrementβ (-) buttons are not focusable either, and the <a href="https://www.w3.org/WAI/ARIA/apg/patterns/spinbutton/examples/datepicker-spinbuttons/">Date Picker Spin Button Example</a> by the ARIA Authoring Practices Guide (APG) avoids that functionality as well.</p> <p>However, since GcalMultiChoice did not react to <kbd>β</kbd> and <kbd>β</kbd> keys, having the βdecrementβ and βincrementβ buttons be focusable would have been a somewhat acceptable workaround. Unfortunately, since those buttons were not focusable, and <kbd>β</kbd> and <kbd>β</kbd> keys were not supported, it was impossible to increment or decrement values in GcalMultiChoice with a keyboard without resorting to workarounds.</p> <p>Additionally, GcalMultiChoice lacked the semantics to communicate with assistive technologies. So, for example, a screen reader would never say anything meaningful.</p> <p>All of the above problems remained problems until merge request <a class="no-wrap" href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/603">!603</a>. For starters, it implements <a href="https://docs.gtk.org/gtk4/iface.Accessible.html">GtkAccessible</a> and <a href="https://docs.gtk.org/gtk4/iface.AccessibleRange.html">GtkAccessibleRange</a>, and then <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/603/diffs?commit_id=b4853da2496efb62d1b9f891dc0ce9d0679caf1c">implements keyboard navigation</a>.</p> <h4 id="implementing-gtkaccessible-and-gtkaccessiblerange">Implementing GtkAccessible and GtkAccessibleRange</h4> <p>The merge request implements the GtkAccessible interface to <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/603/diffs?commit_id=70b9fde16239f855f985071bb3c60c16f05e59c0">retrieve information from the flat toggle button</a>.</p> <p>Fundamentally, since the toggle button was the only widget capable of gaining keyboard focus throughout GcalMultiChoice, this caused two distinct problems.</p> <p>The first issue was that assistive technologies only retrieved semantic information from the flat toggle button, such as the type of widget (accessible role), its label, and its description. However, the toggle button was semantically <em>just</em> a toggle button; since it contained semantics and provided information to assistive technologies, the information it provided was actually misleading, because it only provided information as a toggle button, not a spin button!</p> <p>So, the solution to this is to strip the semantics from the flat toggle button. Setting its accessible role to β<em><a href="https://docs.gtk.org/gtk4/enum.AccessibleRole.html#none">none</a></em>β makes assistive technologies ignore its information. Then, setting the accessible role of the <span class="no-wrap">top-level (GcalMultiChoice)</span> to β<em><a href="https://docs.gtk.org/gtk4/enum.AccessibleRole.html#spin_button">spin-button</a></em>β gives semantic meaning to assistive technologies, which allows the widget to appropriately convey these information, when focused.</p> <p>This led to the second issue: Assistive technologies only retrieved information from the flat toggle button, not from the top-level. Generally, assistive technologies retrieve information from the focused widget. Since the toggle button was the only widget capable of gaining focus, it was also the only widget providing information to them; however, since its semantics were stripped, it had no information to share, and thus assistive technologies would retrieve absolutely nothing.</p> <p>The solution to this is to override the <a class="no-wrap" href="https://docs.gtk.org/gtk4/vfunc.Accessible.get_platform_state.html"><code class="language-plaintext highlighter-rouge">Gtk.Accessible.get_platform_state ()</code></a> virtual method, which allows us to bridge communication between the <a href="https://docs.gtk.org/gtk4/enum.AccessiblePlatformState.html">states</a> of child widgets and the top-level widget. In this case, both GcalMultiChoice and the flat toggle button share the stateβif the flat toggle button is focused, then GcalMultiChoice is considered focused; and since GcalMultiChoice is focused, assistive technologies can then retrieve its information and state.</p> <p>The last issue that needed to be addressed was that GcalMultiChoice was still not providing any of the values to assistive technologies. The solution to this is straightforward: <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/603/diffs?commit_id=2a7a4e3b30815e27501d7c8ae6a3c68c84defb20">implementing the GtkAccessibleRange interface</a>, which makes it necessary to set values for the following accessible properties: β<em><a href="https://docs.gtk.org/gtk4/enum.AccessibleProperty.html#value_max">value-max</a></em>β, β<em><a href="https://docs.gtk.org/gtk4/enum.AccessibleProperty.html#value_min">value-min</a></em>β, β<em><a href="https://docs.gtk.org/gtk4/enum.AccessibleProperty.html#value_now">value-now</a></em>β, and β<em><a href="https://docs.gtk.org/gtk4/enum.AccessibleProperty.html#value_text">value-text</a></em>β.</p> <p>After all this effort, GcalMultiChoice now provides correct semantics to assistive technologies. It appropriately reports its role, the current textual value, and whether it contains a popover.</p> <p>To summarize:</p> <ul> <li>The flat toggle button was the only widget conveying information to assistive technologies, as it was the only widget capable of gaining focus and providing semantic information. To solve this, its semantics were stripped away.</li> <li>The top-level, being GcalMultiChoice, was assigned the βspin-buttonβ role to provide semantics; however, it was still incapable of providing information to assistive technologies, because it was never getting focused. To solve this, the state of the toggle button, including the focused state, carried over to the top-level to allow assistive technologies to retrieve information from the top-level.</li> <li>GcalMultiChoice still did not provide its values to assistive technologies. This is solved by implementing the GtkAccessibleRange interface.</li> </ul> <h4 id="providing-top-level-semantics-to-a-child-widget-as-opposed-to-the-top-level-widget-is-discouraged">Providing <span class="no-wrap">Top-Level</span> Semantics to a Child Widget As Opposed to the <span class="no-wrap">Top-Level</span> Widget Is Discouraged</h4> <p>As you read through the previous section, you may have asked yourself: β<em>Why go through all of those obstacles and complications when you could have just <span class="no-wrap">re-assigned</span> the flat toggle button as β<a href="https://docs.gtk.org/gtk4/enum.AccessibleRole.html#spin_button">spin-button</a>β and not worry about the top-levelβs role and focus state?</em>β</p> <p>Semantics should be provided by the top-level, because they are represented by the top-level. What makes GcalMultiChoice a spin button is not <em>just</em> the flat toggle button, but it is the combination of all the child widgets/objects, event handlers (touch, key presses, and other inputs), accessibility attributes (role, states, relationships), widget properties, signals, and other characteristics. As such, we want to maintain that consistency for practically everything, including the state. The only exception to this is widgets whose sole purpose is to contain one or more elements, such as <a href="https://docs.gtk.org/gtk4/class.Box.html">GtkBox</a>.</p> <p>This is especially important for when we want it to communicate with other widgets and APIs, such as the <a href="https://docs.gtk.org/gtk4/signal.Widget.state-flags-changed.html"><code class="language-plaintext highlighter-rouge">Gtk.Widget::state-flags-changed</code></a> signal, the <a href="https://docs.gtk.org/gtk4/method.Widget.is_focus.html"><code class="language-plaintext highlighter-rouge">Gtk.Widget.is_focus ()</code></a> method, and other APIs where it is necessary to have the top-level represent data accurately and behave predictably. In the case of GcalMultiChoice, we <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/603/diffs?commit_id=7a40a3be6a3c08ad417eb865bd0a2e55df6103fa">set accessible labels</a> at the top-level. If we were to <span class="no-wrap">re-assign</span> the flat toggle buttonβs role as βspin-buttonβ, and set the accessible label to the top-level, assistive technologies would only retrieve information from the toggle button while ignoring the labels defined at the top-level.</p> <p>For the record, GtkSpinButton also <a href="https://gitlab.gnome.org/GNOME/gtk/-/blob/c4c27e6193e6bacda8936ff7d26d19c6923032be/gtk/gtkspinbutton.c#L670-684">overrides</a> <code class="language-plaintext no-wrap highlighter-rouge">Gtk.Accessible.get_platform_state ()</code>:</p> <div class="language-c highlighter-rouge"><div class="highlight"><pre class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1234567891011121314</pre></td><td class="rouge-code"><pre><span class="k">static</span> <span class="n">gboolean</span><span class="nf">gtk_spin_button_accessible_get_platform_state</span> <span class="p">(</span><span class="n">GtkAccessible</span> <span class="o">*</span><span class="n">self</span><span class="p">,</span> <span class="n">GtkAccessiblePlatformState</span> <span class="n">state</span><span class="p">)</span><span class="p">{</span> <span class="k">return</span> <span class="n">gtk_editable_delegate_get_accessible_platform_state</span> <span class="p">(</span><span class="n">GTK_EDITABLE</span> <span class="p">(</span><span class="n">self</span><span class="p">),</span> <span class="n">state</span><span class="p">);</span><span class="p">}</span> <span class="k">static</span> <span class="kt">void</span><span class="nf">gtk_spin_button_accessible_init</span> <span class="p">(</span><span class="n">GtkAccessibleInterface</span> <span class="o">*</span><span class="n">iface</span><span class="p">)</span><span class="p">{</span> <span class="err">β¦</span> <span class="n">iface</span><span class="o">-&gt;</span><span class="n">get_platform_state</span> <span class="o">=</span> <span class="n">gtk_spin_button_accessible_get_platform_state</span><span class="p">;</span><span class="p">}</span></pre></td></tr></tbody></table></code></pre></div></div> <p>To be fair, assigning the βspin-buttonβ role to the flat toggle button is unlikely to cause major issues, especially for an app. <span class="no-wrap">Re-assigning</span> the flat toggle button was my first instinct. The <a href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/603/diffs?commit_id=3c383a8d92ea7a8c6d04f300bdbb59c2fd078827">initial implementation</a> did just that as well. I was completely unaware of the <code class="language-plaintext no-wrap highlighter-rouge">Gtk.Accessible.get_platform_state ()</code> virtual method before finalizing the merge request, so I initially thought that was the correct way to do. Even if the toggle button had the β<em><a href="https://docs.gtk.org/gtk4/enum.AccessibleRole.html#spin_button">spin-button</a></em>β role instead of the top-level, it would not have stopped us from implementing workarounds, such as a getter method that retrieves the flat toggle button that we can then use to manipulate it.</p> <p>In summary, we want to provide semantics at the top-level, because they are structurally part of it. This comes with the benefit of making the widget easier to work with, because APIs can directly communicate with it, instead of resorting to workarounds.</p> <h2 id="the-now-and-future-of-accessibility-in-gnome-calendar">The Now and Future of Accessibility in GNOME Calendar</h2> <p>All these accessibility improvements will be available on GNOME 49, but you can download and install the pre-release on the βNightly GNOME Appsβ <del>DLC</del> Flatpak remote on <a href="https://nightly.gnome.org/">nightly.gnome.org</a>.</p> <p>In the foreseeable future, I want to continue working on <a class="no-wrap" href="https://gitlab.gnome.org/GNOME/gnome-calendar/-/merge_requests/564">!564</a>, to make the month view itself accessible with a keyboard, as seen in the following:</p> <figure> <video alt="" class="drop-shadow" controls="" src="https://tesk.page/assets/Articles/making-gnome-calendar-accessible-in-six-months/month-view-keyboard-navigation.webm"></video> <figcaption><p>A screen recording demoing keyboard navigation within the month view. Focus rings appear and disappear as the user moves focus between cells. Going out of bounds in the vertical axis scrolls the view to the direction, and going out of bounds in the horizontal axis moves focus to the logical sibling.</p></figcaption> </figure> <p>However, it is already adding 640 lines of code, and I can only see it increasing overtime. We also want to make cells in the week view accessible, but this will also be a monstrous merge request, just like the above merge request.</p> <p>Most importantly, we want (and need) to collaborate and connect with people who rely on assistive technologies to use their computer, especially when everybody working on GNOME Calendar does not rely on assistive technologies themselves.</p> <h2 id="conclusion">Conclusion</h2> <p>I am overwhelmingly satisfied of the progress we have made with accessibility on GNOME Calendar in six months. Just a year ago, if I was asked about what needs to be done to incorporate accessibility features in GNOME Calendar, I would have shamefully said βdude, I donβt know where to even <em>begin</em>β; but as of today, we somehow managed to turn GNOME Calendar into an actual, usable calendaring app for people who rely on assistive technologies and/or a keyboard.</p> <p>Since this is still Disability Pride Month, and GNOME 49 is not out yet, I encourage you to get the alpha release of GNOME Calendar on the βNightly GNOME Appsβ Flatpak remote at <a href="https://nightly.gnome.org/">nightly.gnome.org</a>. The alpha release is in a state where <a href="https://en.wikipedia.org/wiki/Queer_anarchism#%22Be_Gay,_Do_Crime%22">the gays with disabilities can organize and do crimes</a> using GNOME Calendar π /j</p></description><author>Hari Rana</author><dc:creator>Hari Rana</dc:creator><pubDate>Fri, 25 Jul 2025 00:00:00 GMT</pubDate><guid isPermaLink="true">https://tesk.page/2025/07/25/gnome-calendar-a-new-era-of-accessibility-achieved-in-90-days/</guid></item><item><title>Philip Withnall: A brief parental controls update</title><link>https://tecnocode.co.uk/2025/07/24/a-brief-parental-controls-update/</link><description><p>Over the past few weeks, <a href="https://blogs.gnome.org/ignapk/2025/07/11/digital-wellbeing-contract/">Ignacy</a> and I have made good progress on the next phase of features for parental controls in GNOME: a refresh of the parental controls UI, support for screen time limits for child accounts, and basic web filtering support are all in progress. Iβve been working on the backend stuff, while Ignacy has been speedily implementing everything needed in the frontend.</p> <p>Ignacy is at GUADEC, so please say hi to him! The next phase of parental controls work will involve changes to gnome-control-center and gnome-shell, so heβll be popping up all over the stack.</p> <p>Iβll try and blog more soon about the upcoming features and how theyβre implemented, because there are necessarily quite a few moving parts to them.</p></description><author>Philip Withnall</author><dc:creator>Philip Withnall</dc:creator><pubDate>Thu, 24 Jul 2025 22:13:28 GMT</pubDate><guid isPermaLink="true">https://tecnocode.co.uk/2025/07/24/a-brief-parental-controls-update/</guid></item><item><title>Sjoerd Stendahl: A Brief History of Graphs; My Journey Into Application Development</title><link>https://blogs.gnome.org/sstendahl/2025/07/24/a-brief-history-of-graphs-my-journey-into-application-development/</link><description><p>It&#8217;s been a while since I originally created this page. I&#8217;ve been planning for a while (over a year) to write an article like this, but have been putting this off for one reason or another. With GUADEC going on while writing this, listening to some interesting talks on YouTube, I thought this is a good time as ever to actually to submit my first post on this page. In this article, I&#8217;ll simply lie down the history of Graphs, how it came to be, how it evolved to an actually useful program for some, and what is on the horizon. Be aware that any opinions expressed are my own, and do not necessarily reflect those of my employer, any contributors or the GNOME Foundation itself.</p><p>I would also like to acknowledge that while I founded Graphs, the application I&#8217;m mainly talking about, I&#8217;m not the only one working on the project. We&#8217;ve got a lot of input from the community. And I maintain the project with Christoph, the co-maintainer of the project. Any credit towards this particular program, is shared credit.</p><h2>Motivations</h2><p>As many open source projects, I originally developed Graphs because I had a personal itch to scratch. At the time I was working on my PhD, and I regularly had to plot data to prepare for presentations. As well as to do some simple manipulations. Things like cutting away the first few degrees from a X-ray reflectivity measurement, normalizing data, or shifting data to show multiple measurements on the same graph.</p><p>At the time, I had a license for OriginLabs. Which was an issue for multiple reasons. Pragmatically, it only works on Windows and even if it had a Linux client, we had a single license coupled to my work PC in my office which I didn&#8217;t tend to use a lot. Furthermore, the software itself is an interface nightmare and doing simple operations like cutting data or normalization is not exactly intuitive.</p><p>My final issue was more philosophical, which is that I have fundamental problems with using proprietary software in scientific work. It is bluntly absurd how we have rigorous and harsh rules about showing your work and making your research replicable in scientific articles (which is fair), but as soon as software is involved it&#8217;s suddenly good enough when a private entity tells us &#8220;<em>just trust me bro</em>&#8220;. Let it be clear that I have no doubt that a proprietary application actually implements the algorithms that it says it does according to their manual. But you are still replacing a good chunk of your article with a black box, which in my view is fundamentally unscientific. There could be bugs, and subtlety could be missed. Let alone the fact that replicability is just completely thrown out of the window if you delegate all your data processing to a magic black box. This is an issue where a lot of people I talk to tend to agree with me on principle, yet very few people actually care enough to move away from proprietary solutions. Whenever people use open-source software for their research, I found it&#8217;s typically a coincidence based on the merits that it was free, rather than a philosophical or ideological choice.</p><p>Either way, philosophically, I wanted to do my data-reduction using complete transparency. And pragmatically I simply needed something that just plots my data, and allows me to do basic transformations. For years I had asked myself questions like &#8220;why can&#8217;t I just visually select part of the data, and then press a &#8220;cut&#8221; button?&#8221; and &#8220;Why do all these applications insist on over-complicating this?&#8221; Whilst I still haven&#8217;t found an answer to the second question, I had picked up programming as a hobby at that stage, so I decided to answer my first question with a &#8220;fine, I&#8217;ll do it myself&#8221;. But first, let&#8217;s start at what drove me to start working on applications such as these.</p><h2>Getting into application development</h2><p>Whilst I had developed a lot in MatLab during my master&#8217;s (as well as TI-Basic at high-school), my endeavor in application-development started mostly during my PhD. Starting with some very simple applications, like a calculator tool for growth rate in magnetron sputtering based on calibration measurements. Another application that I wrote during that time was a tool that simply plotted logs that we got from our magnetron sputtering machine. Fun fact here is that my logging software also kept track of how the software running our magnetron sputtering chambers slowed down over time. Basically, our machine was steered using LabView, and after about 1000 instructions or so it started to slow down a bit. So if we tell it to do something for 24 seconds, it started to take 24.1 seconds for instance. At one point we had a reviewer comment that didn&#8217;t believe that we could get such a delay with modern computers, so it was nice to have the receipts to back this up. Still the conclusion here should be that LabView is not exactly great to steer hardware directly, but it&#8217;s not me that&#8217;s calling the shots.</p><p>My first &#8220;bigger&#8221; project was something in between a database (all stored in a csv file), as well as a plotting program. Basically for every sample I created in the lab, I added an item where I stored all relevant information, including links to the measurements I did on the sample (like sane people would do in an excel sheet). Then using a simple list of all samples, I could quickly just plot my data for the measurements I wanted. I also had some functionality like cutting away the start of the data, normalizing the data, or the ability to calculate sample thickness based on the measurement. In a sense, this was Graphs 0.1. <a class="external" href="https://github.com/sstendahl/KARIN">The code is still online</a>, if someone wants to laugh at a physicists code without any real developer experience.</p><p>The second &#8220;big&#8221; tool that I created during that time was GIScan. This lied the foundation of <a class="external" href="https://pubs.acs.org/doi/pdf/10.1021/acsami.4c01457?ref=article_openPDF">my very favourite article</a> that I wrote during my PhD. Essentially, we got 24 hours to measure as many samples as we can at a Synchrotron facility. So that&#8217;s exactly what we did, almost blindly. Then we came home with thousands of measurements on a few hundred samples, and it was time to analyze. At the very first stage, I did some basic analysis using Python. Basically all filenames were tagged somewhat strategically, so I could use regex to isolate the measurement series, and then I could quite quickly find the needle in the haystack. Basically, I found which 20 measurements or so where interesting for us and where to look further. The only problem, the work we were doing was extremely niche and the data reduction software available, which would do things like background subtraction and coordinate conversion for us (from pixels to actually physical coordinates), was barely functional and not made for our type of measurements. So here I wrote my own data reduction software, GIScan. Explaining what makes it actually incredibly useful would require an article series about the physics behind this, but my entire analysis hinged on this data analysis software. <a class="external" href="https://github.com/sstendahl/GIScan">GIScan is also available</a> as GPLv3 licensed software, but also here I will use my right to remain silent on any questions about the crimes committed in the code quality itself. Fun fact, all graphs in the mentioned article were made using Graphs and Inkscape. Most of the figures themselves are available <a class="external" href="https://github.com/sstendahl/PhdThesis">under a CC-BY license as part of my PhD</a>. I asked about using a CC-BY-SA license, but the university strongly recommended against as they felt it could make it more difficult to use for others in publishing if I care about sharing my work, basically journals are the biggest parasites in academia.</p><p>Then we get to Graphs. This was the last, and biggest program that I wrote during that time in my career. At the very beginning, I actually started in Qt. Not because I preferred it as a toolkit (I didn&#8217;t, and still don&#8217;t), but because it&#8217;s easier to port to Windows and spread to my peers. Quite quickly I got to the state where I could easily import two-column data, and do simple manipulations on this data like normalizing the data. It was barebones, but really useful for my workflow. However, as this quickly turned into a passion project, I decided to do the selfish thing and actually rewrite the entire thing in the toolkit that I personally preferred, GTK with libadwaita. It looked beautiful (well, in the same way a newborn baby is beautiful to their parents), and it integrated very nicely into my own desktop. In fact, I was so pleased with it, that I felt like I wanted to share this online, the original Reddit post can still be found <a class="external" href="https://old.reddit.com/r/linux/comments/zqh8oj/introducing_graphs/">here</a>. This marked the very first release of Graphs 1.0, which can be seen in its full glory below, and this is essentially where the fun began</p><figure class="wp-caption alignnone" id="attachment_76" style="width: 641px;"><img alt="The very first version of Graphs" class="wp-image-76" height="361" src="https://blogs.gnome.org/sstendahl/files/2025/07/graphs1.0-300x169.png" width="641" /><figcaption class="wp-caption-text" id="caption-attachment-76">Graphs 1.0</figcaption></figure><h2>The power of community</h2><p>When I originally developed this for my personal use, I simply called it &#8220;Data Manipulator&#8221;, which I had shortened to DatMan. Quite early in the process, even before I shared the project to Reddit, Hari Rana (aka TheEvilSkeleton) filed an issue asking me to consider naming the project in accordance with the GNOME HIG. After some small discussions there, we settled on Graphs. This was my first experience with feedback or contributions from the community, and something I am still grateful for. It&#8217;s a much nicer name that fits in with GNOME applications. They also helped me with a few other design patterns like modal windows and capitalization. Shoutout to Skelly here, for the early help to a brand new project. It did push me to look more into the HIG, and thus helped a lot in getting that ball rolling. I don&#8217;t take any donations, but feel free to help them out with the work on several projects that are significantly more high-stress than Graphs. There&#8217;s a donation page on <a class="external" href="https://tesk.page/">their webpage.</a></p><p>After sharing the initial release to Reddit, I continued development and slowly started tweaking things and polishing existing features. I added support for multiple axes, added some more transformations and added basic options like import settings. It was also around this time that Tobias Bernard from the GNOME Design team dropped by with some help. At first with the generous offer to design a logo for the project, which is still the logo of Graphs today. The old logo, followed by the newly designed logo can be found here:</p><figure class="wp-caption alignnone" id="attachment_77" style="width: 128px;"><img alt="The original graphs logo, a simpy red cruve on a graph roughly looking like x*sin(x)" class="wp-image-77 size-full" height="128" src="https://blogs.gnome.org/sstendahl/files/2025/07/og_logo.png" width="128" /><figcaption class="wp-caption-text" id="caption-attachment-77">The original Graphs logo</figcaption></figure><figure class="wp-caption alignnone" id="attachment_78" style="width: 128px;"><img alt="The redesigned Graphs logo. Showing a curve on a plot, on a notebook" class="wp-image-78 size-full" height="128" src="https://blogs.gnome.org/sstendahl/files/2025/07/se.sjoerd.Graphs.png" width="128" /><figcaption class="wp-caption-text" id="caption-attachment-78">The redesigned Graphs logo</figcaption></figure><p>Yet again, I was very pleasantly surprised by complete strangers just dropping by and offering help. Of course, they&#8217;re not just helping me personally, but rather helping out the community and ecosystem as a whole. But this collaborative feeling that we&#8217;re all working on a system that we collectively own together is something that really attracted me to GNOME and FOSS in general.</p><p>It was also around these early days that Christoph, who now maintains Graphs with me came by with some pull requests. This went on to the point that he pretty naturally ended up in the role of maintainer. I can confidently say that him joining this endeavor is the best thing that ever happened to Graphs. Both in terms of a general elevation of the code quality, but also in terms of motivation and decision making. Not only did the introduction of a second maintainer mean that new code actually got reviewed, but someone else contributing is a really strong motivator and super contagious for me. In these somewhat early days things were moving fast, and we really saw strong improvement both in terms of the quality of the code, but also in the general user experience of the app.</p><p>In terms of UX, I&#8217;d really like to thank Tobias again. Even before we even had GNOME Circle on our radar as goal, he helped us a lot with general feedback about the UX. Highlighting papercuts, and coming up with design patterns that made more sense. Here we really saw a lot of improvements, and I really learned a lot at the time about having design at the core of the development process. The way the application works is not just a means to get something done, the design <em>is</em> the program. Not to say that I&#8217;d classify myself as an expert UI-designer these days, but a lot of lessons have been learned thanks to the involvement of people that have more expertise than me. The GNOME Design team in general has been very helpful with suggestions and feedback during the development. Whenever I got in touch with the GNOME Developer community, it&#8217;s been nothing but helpfulness and honest advice. The internet stereotype about GNOME Developers being difficult to work with simply does not hold up. Not in my experience. It&#8217;s been a fantastic journey. Note that nobody is obliged to fix your problems for you, but you will find that if you ask nicely and listen to feedback from others, people are more than willing to help you out!</p><p>I couldn&#8217;t talk about the history of Graphs, without at least mentioning the process of getting to GNOME Circle. It&#8217;s there for me, that Graphs really went from a neat hobbyist tool to a proper useful application. When we initially applied there, I was pretty happy about the state we were at, but we&#8217;ve actually undergone quite a bit of a transformation since Graphs got accepted. If someone feels inclined following the process, the entire process is still available on <a class="external" href="https://gitlab.gnome.org/Teams/Circle/-/issues/185">the GitLab page.</a> I won&#8217;t go <em>too</em> much about joining GNOME Circle here, there&#8217;s a nice talk scheduled at GUADEC2025 from the developer of Drum Machine about that. But here&#8217;s what Graphs looked like before, and after the GNOME Circle Application:</p><figure class="wp-caption alignnone" id="attachment_80" style="width: 556px;"><img alt="A screenshot showing Graphs before the GNOME Circle application. In general with a more cluttered interface" class="wp-image-80" height="341" src="https://blogs.gnome.org/sstendahl/files/2025/07/XoruMwkfLbNBIGLkUjCfUVZL.CrNPbJlE_i3Kwq-300x184.png" width="556" /><figcaption class="wp-caption-text" id="caption-attachment-80">The state of Graphs when we just applied to GNOME Circle</figcaption></figure><figure class="wp-caption alignnone" id="attachment_79" style="width: 557px;"><img alt="A screenshot showing Graphs just after the GNOME Circle application. " class="wp-image-79" height="347" src="https://blogs.gnome.org/sstendahl/files/2025/07/RpXTZsGAaiHyaTmpBakgWKHi.DMBq_Ap1_EU2V4-300x187.png" width="557" /><figcaption class="wp-caption-text" id="caption-attachment-79">Graphs just after the GNOME Circle application. This also coincided with the new sidebar in libadwaita.</figcaption></figure><p>Two particular changes that stuck to me where the introduction of touchpad gesture support, and the change in the way we handle settings. Starting with touchpad gestures, I had always considered this to be out of our control. We use Matplotlib to render the plots themselves, which by itself doesn&#8217;t support touch gestures. It&#8217;s mostly thanks to Tobias naming it as part of the GNOME Cirle Review that I actually went ahead and try to implement it myself. After a week or so digging into documentations and testing some different calculations for the different axes, I actually got this working. It&#8217;s a moment that stuck with me, partly because of the dopamine hit when things finally worked, but also because it again showed the value of starting with intended the user experience first and then working backwards to fit the technology with that. Rather than starting with the technology, and then creating a user experience from that.</p><p>The change in settings is something I wanted to highlight, because this is such a common theme in discussions about GNOME in general. Over time, I&#8217;ve been leaning more and more towards the idea that preferences in many cases are simply just an excuse to avoid making difficult choices. Before submitting, we had settings for basically everything. We had a setting for the default plotting style in dark mode and light mode, we had a setting for the clipboard size. We had a setting for the default equation when creating a new equation, and I could on for a bit. Most of these settings could simply be replaced by making the last alternative persistent between sessions. The default equation now is simply the last used equation, same for import settings where we just added a button to reset these settings to default. For the styling we don&#8217;t have a separate dark and light style that can be set, instead you just set one style total and one of the options is just &#8220;System&#8221;, which essentially resembles Adwaita and Adwaita-dark in light and dark mode respectively. This really, really streamlined the entire user experience. Things got much easier to use, and options got much easier to find. I would strongly recommend anyone that develops applications (within the GNOME ecosystem or elsewhere), to read the <a class="external" href="https://ometer.com/preferences.html">&#8220;Choosing our preferences&#8221; </a>article, it&#8217;s a real eye-opener.</p><h2>Where we are now, and where we&#8217;re going</h2><p>These days Graphs is relatively mature and works pretty well. Since being accepted to the GNOME Circle, we haven&#8217;t had such a major overhaul as presented here. We&#8217;ve had some performance upgrades under the hood, fixed quite a bit of bugs and made some improvements with the layout system. We&#8217;ve since also added full support for touchscreen devices (thanks to me getting a Steam Deck, allowing me to test on touch), improved the rubberband on the canvas, and improved equation parsing a bit.</p><p>Despite the somewhat slower pace, there is a major release in the brewing with some exiting features already in the main branch. Some of the features that you can expect in the next stable release:</p><p><strong>Full equation support on an infinite canvas</strong></p><p>At the moment, you cannot really add an &#8220;equation&#8221; to Graphs. Instead, what you do is that you generate data based on an equation. In the next release, we actually support &#8220;equations&#8221;. These span the entire canvas, and can be changed afterwards as well. Operations you do on the equation (such as derivatives), actually affect the equation accordingly, and you can actually change the equation also now after adding it.</p><figure class="wp-caption alignnone" id="attachment_82" style="width: 539px;"><img alt="Screenshot of Graphs showing support for equations" class="wp-image-82" height="336" src="https://blogs.gnome.org/sstendahl/files/2025/07/Screenshot-From-2025-07-24-14-18-16-300x187.png" width="539" /><figcaption class="wp-caption-text" id="caption-attachment-82">We now fully support equations on an infinite canvas</figcaption></figure><p><strong>Generated data can now be changed afterwards</strong></p><p>You can still generate data from an equation like you could previously (so it doesn&#8217;t have to be an infinite equation). But generated data can now also be changed afterwards by changing the input equation.</p><figure class="wp-caption alignnone" id="attachment_83" style="width: 534px;"><img alt="A screenshot showing how generated data can be regenerated afterwards" class="wp-image-83" height="333" src="https://blogs.gnome.org/sstendahl/files/2025/07/Screenshot-From-2025-07-24-14-18-57-300x187.png" width="534" /><figcaption class="wp-caption-text" id="caption-attachment-83">Generated data can now be regenerated afterwards</figcaption></figure><p><strong>A fully revamped style editor</strong></p><p>In the upcoming release, you can actually open .mplstyle files using Graphs, which opens the style editor itself instead of the main application. Furthermore, you can now import styles from the GUI, and open Graphs styles in another application (like your text editor) to do some advanced changes in the style that are not supported by our GUI. Likewise, you can now export your Graphs style-file so you can share it with others. (Maybe even with us, as a merge request, if it&#8217;s really nice <img alt="π" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f609.png" style="height: 1em;" /> )</p><p>Another <em>reallyΒ </em>nice touch is that you now get a live preview of the actual style you&#8217;re working on, so you don&#8217;t need to go back and forth every time when you make incremental changes.</p><figure class="wp-caption alignnone" id="attachment_81" style="width: 539px;"><img alt="A screenshot showing Graph's new style editor" class="wp-image-81" height="336" src="https://blogs.gnome.org/sstendahl/files/2025/07/Screenshot-From-2025-07-24-14-01-08-300x187.png" width="539" /><figcaption class="wp-caption-text" id="caption-attachment-81">Graph&#8217;s new style editor</figcaption></figure><p><strong>Drag and drop support</strong></p><p>You can now import data by simply drag and dropping data into the As usual, thereβs more features that I probably forgot. But the next release is bound to be a banger. I wonβt dare to pin a release date here. But all the mentioned changes are already working (sqlite support is still in MR) and can be tested from the main branch. Thereβs still work to do though with regard to a planned rework on the way we import data, and the way we access the style editor which is currenlty a bit buried in the stable release. main application</p><figure class="wp-caption alignnone" id="attachment_85" style="width: 580px;"><img alt="A screenshot showing drag and drop support" class="wp-image-85" height="375" src="https://blogs.gnome.org/sstendahl/files/2025/07/Screenshot-From-2025-07-24-14-22-37-300x194.png" width="580" /><figcaption class="wp-caption-text" id="caption-attachment-85">You can now drag and drop data in Graphs</figcaption></figure><p><strong>Multiple sessions</strong></p><p>You can now finally have multiple sessions of Graphs open at the same time. Allowing you to view and work on data side-by-side.</p><figure class="wp-caption alignnone" id="attachment_84" style="width: 608px;"><img alt="You can now have multiple sessions open in Graphs" class="wp-image-84" height="381" src="https://blogs.gnome.org/sstendahl/files/2025/07/Screenshot-From-2025-07-24-14-20-40-300x188.png" width="608" /><figcaption class="wp-caption-text" id="caption-attachment-84">You can now have multiple sessions open in Graphs</figcaption></figure><p><strong>Support for sqlite databases</strong></p><p>We now added support for sqlite databases. So you can import data from your .db file</p><figure class="wp-caption alignnone" id="attachment_86" style="width: 664px;"><img alt="Graphs now supports databases as input, on import you can choose your database table, and your columns based on that." class="wp-image-86" height="414" src="https://blogs.gnome.org/sstendahl/files/2025/07/Screenshot-From-2025-07-24-14-23-35-300x187.png" width="664" /><figcaption class="wp-caption-text" id="caption-attachment-86">Graphs now supports databases as input, on import you can choose your database table, and your columns based on that.</figcaption></figure><p><strong>And more</strong></p><p>As usual, there&#8217;s more features that I probably forgot. But the next release is bound to be a banger. I won&#8217;t dare to pin a release date here. But all the mentioned changes are already working (sqlite support is still in MR) and can be tested from the main branch. There&#8217;s still work to do though with regard to a planned rework on the way we import data, and the way we access the style editor which is currently a bit buried in the stable release.</p><h2>Conclusion</h2><p>This post got a bit longer than I anticipated. But I hope in general this could give people some insight on how it is for a newcomer to get into application development. I really encourage people to test the waters. It really shows that you really can get involved, even if it involves learning along the way. These days I no longer work in academia, and I am willing to bet that I&#8217;d probably wouldn&#8217;t have my current position working with software if it wasn&#8217;t for these adventures.</p><p>Again, I would really like to thank the GNOME Community as a whole. The adventure so far has been great, and I promise that it&#8217;s far from over <img alt="π" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f642.png" style="height: 1em;" /></p></description><author>Sjoerd Stendahl</author><dc:creator>Sjoerd Stendahl</dc:creator><pubDate>Thu, 24 Jul 2025 12:27:40 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/sstendahl/2025/07/24/a-brief-history-of-graphs-my-journey-into-application-development/</guid></item><item><title>Jussi Pakkanen: Comparing a red-black tree to a B-tree</title><link>https://nibblestew.blogspot.com/2025/07/comparing-red-black-tree-to-b-tree.html</link><description><p>&nbsp;In an earlier blog post we found that <a href="https://nibblestew.blogspot.com/2025/07/deoptimizing-red-black-tree.html">optimizing the memory layout of a red-black tree does not seem to work</a>. A different way of implementing an ordered container is to use a B-tree. It was originally designed to be used for on-disk data. The design principle was that memory access is "instant" while disk access is slow. Nowadays this applies to memory access as well, as cache hits are "instant" and uncached memory is slow.</p><p>I implemented a <a href="https://github.com/jpakkane/pystd/blob/master/include/pystd2025_btree.hpp">B-tree in Pystd</a>. Here is how all the various containers compare. For test data we used numbers from zero to one million in a random order.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjbw0_EPbh851ZmLYZdMNa7-TOw0Z3JqtBq3Vwbeu3DY-oF0UOr5kZwjugRfCnehNv_Jm2g_RWRbzuE8eGarFL_FCd8_RnMk-_vlqcq-_j3znphEup4vy85AmHoYhSZ9LoPUGKaSi7iJspYGawK-C84h23O75qoJDzuZthinDf172SnZJfkAdfxUVFtkY/s605/btree-perf1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjbw0_EPbh851ZmLYZdMNa7-TOw0Z3JqtBq3Vwbeu3DY-oF0UOr5kZwjugRfCnehNv_Jm2g_RWRbzuE8eGarFL_FCd8_RnMk-_vlqcq-_j3znphEup4vy85AmHoYhSZ9LoPUGKaSi7iJspYGawK-C84h23O75qoJDzuZthinDf172SnZJfkAdfxUVFtkY/s320/btree-perf1.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFuTZgL-5By4_-Cq2mlauwebegQbKuqASmHYAgSrRRLcRmpXibgQnj9NV5Xe89r257BuX1hirIG33uYXYB8k8oxAh7rHIJ8Q_r6AqvvfmtK1rqLXtNrZp-dGbJv5VmavziiqDRBo_lnnY6KZceBXSMvl7cjiOMZcCZZYysFR4kmtjldw4ivrxepTfKAfc/s605/btree-perf2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFuTZgL-5By4_-Cq2mlauwebegQbKuqASmHYAgSrRRLcRmpXibgQnj9NV5Xe89r257BuX1hirIG33uYXYB8k8oxAh7rHIJ8Q_r6AqvvfmtK1rqLXtNrZp-dGbJv5VmavziiqDRBo_lnnY6KZceBXSMvl7cjiOMZcCZZYysFR4kmtjldw4ivrxepTfKAfc/s320/btree-perf2.png" width="320" /></a></div><p>As we can see, an unordered map is massively faster than any ordered container. If your data does not need to be ordered, that is the one you should use. For ordered data, the B-tree is clearly faster than either red-black tree implementation.</p><h1 style="text-align: left;">Tuning the B-tree</h1><p>B-trees have one main tunable parameter, namely the spread factor of the nodes. In the test above it was five, but for on disk purposes the recommended value is "in the thousands". Here's how altering the value affects performance.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv4NE-NuMsITsblokCvFr8tcnnfmgNfpIJBi9sZaxf1PYEAk9YeFSUClS5BS7PnYHXcXQDc2IqYQo_mf412X0b-51w63mFVRobuSKQLqA0eE8gluP3uo4Yr1VuDZIrf8UAyQlKNknw7s6qxEGMkYhwRGvH2uIHSS7-mxXLZeX-d_g7ofKbHDZLxA_1HVQ/s605/btree-perf3.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv4NE-NuMsITsblokCvFr8tcnnfmgNfpIJBi9sZaxf1PYEAk9YeFSUClS5BS7PnYHXcXQDc2IqYQo_mf412X0b-51w63mFVRobuSKQLqA0eE8gluP3uo4Yr1VuDZIrf8UAyQlKNknw7s6qxEGMkYhwRGvH2uIHSS7-mxXLZeX-d_g7ofKbHDZLxA_1HVQ/s320/btree-perf3.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyRvyeu50L1jrcNvKWTHhyphenhyphen_bi3exXR3y8AFx5MLq2T-8i1LuWiRSYmvRdCh8InzkU1hBnquiT2ZKHStESJsP_JoKuyPxPM8Wx7YbHYcdhNlLBEHXWIxmngWK6mk7iwpN-d87gs1LNYarph28yxlZhkYUE421Q09qoJK2AYDcn7n9Iej85HftILR0gZ9s0/s605/btree-perf4.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyRvyeu50L1jrcNvKWTHhyphenhyphen_bi3exXR3y8AFx5MLq2T-8i1LuWiRSYmvRdCh8InzkU1hBnquiT2ZKHStESJsP_JoKuyPxPM8Wx7YbHYcdhNlLBEHXWIxmngWK6mk7iwpN-d87gs1LNYarph28yxlZhkYUE421Q09qoJK2AYDcn7n9Iej85HftILR0gZ9s0/s320/btree-perf4.png" width="320" /></a></div><p>The sweet spot seems to be in the 256-512 range, where the operations are 60% faster than standard <span style="font-family: courier;">set</span>. As the spread factor grows towards infinity, the B-tree reduces to just storing all data in a single sorted array. Insertion into that is an <i>O(N^2)</i> algorithm as can be seen here.</p><h1 style="text-align: left;">Getting weird</h1><p>The B-tree implementation has many <span style="font-family: courier;">assert</span> calls to verify the internal structures. We can compile the code with <span style="font-family: courier;">-DNDEBUG</span> to make all those asserts disappear. Removing redundant code should make things faster, so let's try it.</p><p>There are 13 measurements in total and disabling asserts (i.e. enabling <span style="font-family: courier;">NDEBUG</span>) makes the code run <i>slower</i> in 8 of those cases. Let's state that again, since it is very unexpected: in this particular measurement code with assertions enabled runs <i>faster</i> than the same code without them. This should not be happening. What could be causing it?</p><p>I don't know for sure, so here is some speculation instead.</p><p>First of all a result of 8/13 is probably not statistically significant to say that enabling assertions makes things faster. OTOH it does mean that enabling them does not make the code run noticeably slower. So I guess we can say that both ways of building the code are approximately as fast.</p><p>As to why that is, things get trickier. Maybe GCC's optimizer is just really good at removing unnecessary checks. It might even be that the assertions give the compiler more information so it can skip generating code for things that can never happen. I'm not a compiler engineer, so I'll refrain from speculating further, it would probably be wrong in any case.</p></description><author>Jussi Pakkanen</author><dc:creator>Jussi Pakkanen</dc:creator><pubDate>Wed, 23 Jul 2025 14:05:00 GMT</pubDate><guid isPermaLink="true">https://nibblestew.blogspot.com/2025/07/comparing-red-black-tree-to-b-tree.html</guid></item><item><title>Michael Catanzaro: Fedora Must (Carefully) Embrace Flathub</title><link>https://blogs.gnome.org/mcatanzaro/2025/07/21/fedora-must-carefully-embrace-flathub/</link><description><h2 class="wp-block-heading">Motivation</h2> <p>Opportunity is upon us! For the past few years, the desktop Linux user base has been growing at a historically high rate. <a class="external" href="https://gs.statcounter.com/os-market-share/desktop/worldwide/#quarterly-202502-202502-bar">StatCounter currently has us at 4.14% desktop OS market share for Q2 2025.</a> For comparison, when Fedora Workstation was first released in Q4 2014, desktop Linux was at 1.38%. Now, StatCounter measures HTTP requests, not computers, but it&#8217;s safe to say the trend is highly encouraging. Don&#8217;t trust StatCounter? <a class="external" href="https://radar.cloudflare.com/explorer?dataSet=http&amp;groupBy=os&amp;filters=deviceType%253DDesktop%252CbotClass%253DLikely_Human&amp;dt=2025-04-01_2025-06-30">Cloudflare reports 2.9% for Q2 2025</a>. <a class="external" href="https://www.reddit.com/r/linux/comments/1m4jlbp/comment/n44wfnc/">One of the world&#8217;s most popular websites reports 5.1%.</a> And although I was unable to figure out how to make a permanent link to the results, <a class="external" href="https://analytics.usa.gov/">analytics.usa.gov</a> is currently reporting a robust 6.2% for the past 90 days, and increasing. The Linux user base is already much larger than I previously suspected would ever be possible, and it seems to be increasing quickly. I wonder if we are perhaps nearing an inflection point where our user base may soon increase even more considerably. The <a class="external" href="https://endof10.org/">End of 10</a> and <a class="external" href="https://www.xda-developers.com/pewdiepie-install-linux-tortured-by-windows/">enthusiastic YouTubers</a> are certainly not hurting.</p> <p>Compared to its peers, Fedora is doing particularly well. It&#8217;s pretty safe to say that Fedora is now one of the 2 or 3 most popular and successful desktop Linux operating systems, a far cry from its status 10 years ago, when Fedora suffered from an unfortunate longstanding reputation that it was an unstable &#8220;test bed&#8221; OS only suitable for experienced technical users. Those days are long gone; nowadays, Fedora has an army of social media users eager to promote it as a reliable, newcomer-friendly choice.</p> <p>But we cannot stop here. If we become complacent and content ourselves with the status quo, then we will fail to take maximum advantage of the current opportunity.</p> <p>Although Fedora Workstation works well for most users, and although quality and reliability has improved considerably over the past decade, it is still far too easy for inexperienced users to break the operating system. Today&#8217;s Fedora Workstation is fundamentally just a nicer version of the same thing we already had 10 years ago. The <a class="external" href="https://fedoraproject.org/wiki/Workstation/Workstation_PRD">original plan</a> called for major changes that we have thus far failed to deliver, like &#8220;Robust Upgrades,&#8221; &#8220;Better upgrade/rollback control,&#8221; and &#8220;Container based application install.&#8221; These critical goals are notably all already achieved by Fedora Silverblue, the experimental image-based alternative to Fedora Workstation, but few Fedora users benefit because only the most experienced and adventurous users are willing to install Silverblue. I had long assumed that Silverblue would eventually become the next Fedora Workstation, and that the Silverblue code name would eventually be retired. This is now an explicit project goal of <a class="external" href="https://communityblog.fedoraproject.org/strategy-2028-update/">Fedora&#8217;s Strategy 2028</a>, and it is critical for Fedora&#8217;s success. The Fedora Workstation of the future must be:</p> <ul class="wp-block-list"><li>Safe and image-based by default: an atomic operating system composed of RPMs built on bootc. Most users should stick with image-based mode because it&#8217;s much harder to break the OS, and easier to troubleshoot when something does go wrong.</li> <li>Flexible if you so choose: converting the image-based OS into the traditional package-based OS managed by RPM and dnf must be allowed, for users who prefer or require it. Or alternatively, if converting is not possible, then installing a traditional non-atomic Fedora must remain possible. Either way, we must not <em>force</em> users to use image-based desktops if they do not want to, so no need to panic. But image-based must eventually become the new default.</li></ul> <p>Silverblue is not ready yet, but Fedora has a large community of developers and should be able to eventually resolve the remaining problems.</p> <p>But wait, wasn&#8217;t this supposed to be a blog post about Flathub? Well, consider that with an image-based OS, you cannot easily install traditional RPM packages. Instead, in Fedora Silverblue, desktop applications are installed only via Flatpak. (This is also true of Fedora Kinoite and Fedora&#8217;s other atomic desktop variants.) So Fedora must have a source of Flatpaks, and that source must be enabled by default, or there won&#8217;t be any apps available.</p> <p>(Don&#8217;t like Flatpak? This blog post is long enough already, so I&#8217;ll ask you to just make a leap of faith and accept that Flatpak is cool. Notably, Flatpak applications that keep their bundled dependencies updated and do not subvert the sandbox are <em>much</em> safer to use than traditional distro-packaged applications.)</p> <p>In practice, there are currently only two interesting sources of Flatpaks to choose from: Fedora Flatpaks and Flathub. Flathub is the much better choice, and enabling it by default should be our end goal. <a class="external" href="https://discussion.fedoraproject.org/t/proposal-enable-flathub-by-default/157011">Fedora is already discussing whether to do this.</a> But Flathub also has several disadvantages, some of which ought to be blockers.</p> <h2 class="wp-block-heading">Why Flathub?</h2> <p>There are important technical differences between Fedora&#8217;s Flatpaks, built from Fedora RPMs, vs. Flathub&#8217;s Flatpaks, which are usually built on top of <a class="external" href="https://freedesktop-sdk.gitlab.io/">freedesktop-sdk</a>. But I will not discuss those, because the social differences are more important than the technical differences.</p> <h3 class="wp-block-heading">Users Like Flathub</h3> <p>Feedback from Fedora&#8217;s user base has been clear: among users who like Flatpaks, Flathub is extremely popular. When installing a Flatpak application, users generally expect it to come from Flathub. In contrast, many users of Fedora Flatpaks do not install them intentionally, but rather by accident, only because they are the preferred software source in GNOME Software. Users are often frustrated to discover that Fedora Flatpaks are not supported by upstream software developers and have a different set of bugs than upstream Flatpaks do. It is also common for users and even Fedora developers to entirely remove the Fedora Flatpak application source.</p> <p>Not so many users prefer to use Fedora Flatpaks. Generally, these users cite some of Flathub&#8217;s questionable packaging practices as justification for avoiding use of Flathub. These concerns are valid; Flathub has some serious problems, which I will discuss in more detail below. But improving Flathub and fixing these problems would surely be much easier than creating thousands of Fedora Flatpak packages and attempting to compete with Flathub, a competition that Fedora would be quite unlikely to win.</p> <p>Flathub is drastically more popular than Fedora Flatpaks even among the most hardcore Fedora community members who participate in change proposal debate on Fedora Discussion. (At time of writing, <a class="external" href="https://discussion.fedoraproject.org/t/f43-change-proposal-filter-fedora-flatpaks-for-atomic-desktops-self-contained/157262/2">nearly 80% of discussion participants favor filtering out Fedora Flatpaks</a>.)</p> <p>This is the most important point. Flathub has <em>already</em> won.</p> <h3 class="wp-block-heading">Cut Out the Middleman</h3> <p>In general, upstream software developers understand their software much better than downstream packagers. Bugs reported to downstream issue trackers are much less likely to be satisfactorily resolved. There are a variety of ways that downstream packagers could accidentally mess up a package, whether by failing to enable a feature flag, or upgrading a dependency before the application is compatible with the new version. Downstream support is almost never as good as upstream support.</p> <p>Adding a middleman between upstream and users really only makes sense if the middleman is adding significant value. Traditional distro-packaged applications used to provide considerable value by making it easy to install the software. Nowadays, since upstreams can distribute software directly to users via Flathub, that value is far more limited.</p> <h3 class="wp-block-heading">Bus Factor is Critical</h3> <p>Most Flatpak application developers prefer to contribute to Flathub. Accordingly, there are very few developers working on Fedora Flatpaks. Almost all of the Fedora Flatpaks are actually owned by one single developer who has packaged many hundreds of applications. This is surely not a healthy situation.</p> <p>Bugs in Fedora Flatpaks are reported on the <a class="external" href="https://gitlab.com/fedora/sigs/flatpak/fedora-flatpaks/-/issues">Fedora Flatpak SIG issue tracker</a>. This SIG notably does not have a list of active members, but rather a <a class="external" href="https://fedoraproject.org/w/index.php?title=SIGs/Flatpak&amp;oldid=699796#Join_the_Flatpak_SIG">years-old list of people who are interested in joining the SIG</a>, who are encouraged to attend the first meeting. Needless to say the SIG does not seem to be in a very good state.</p> <p>I suspect this situation is permanent, reflecting a general lack of interest in Fedora Flatpak development, not just a temporary shortfall of contributors. Quality is naturally going to be higher where there are more contributors. The quality of Fedora Flatpak applications is often lower than Flathub applications, sometimes significantly so. Fedora Flatpaks also receive significantly less testing than Flathub Flatpaks. Upstream developers do not test the Fedora Flatpaks, and downstream developers are spread too thin to have plausible hope of testing them adequately.</p> <h3 class="wp-block-heading">Focus on What Really Matters</h3> <p>Fedora&#8217;s main competency and primary value is the core operating system, not miscellaneous applications that ship on top of it for historical reasons.</p> <p>When people complain that &#8220;distros are obsolete,&#8221; they don&#8217;t mean that Linux operating systems are not needed anymore. Of course you need an OS on which to run applications. The anti-distro people notably all use distros.</p> <p>But it&#8217;s no longer necessary for a Linux distribution to attempt to package every open source desktop application. That used to be a requirement for a Linux operating system to be successful, but nowadays it is an optional activity that we perform primarily for historical reasons, because it is what we have always done rather than because it is still truly strategic or essential. It is a time-consuming, resource-intensive side quest that no longer makes sense and does not add meaningful value.</p> <h2 class="wp-block-heading">The Status Quo</h2> <p>Let&#8217;s review how things work currently:</p> <ul class="wp-block-list"><li>By default, Fedora Workstation allows users to install open source software from the following sources: Fedora Flatpaks, Fedora RPMs, and Cisco&#8217;s OpenH264 RPM.</li> <li>The post-install initial setup workflow, gnome-initial-setup, suggests enabling third-party repositories. If the user does not click the Enable button, then GNOME Software will make the same suggestion the first time it is run. Clicking this button enables all of Flathub, plus <a class="external" href="https://docs.fedoraproject.org/en-US/workstation-working-group/third-party-repos/#_included_software">a few other RPM repositories</a>.</li></ul> <figure class="wp-block-image size-large"><a href="https://blogs.gnome.org/mcatanzaro/files/2025/07/Screenshot-From-2025-07-11-20-06-43.png"><img alt="Image displaying the Third-Party Repositories page in Fedora's gnome-initial-setup." class="wp-image-11043" height="795" src="https://blogs.gnome.org/mcatanzaro/files/2025/07/Screenshot-From-2025-07-11-20-06-43-1024x795.png" width="1024" /></a></figure> <p>Fedora will probably never enable software sources that contain proprietary software by default, but it&#8217;s easy to enable searching for proprietary software if desired.</p> <p>(Technically, Fedora actually has a filter in place to allow hiding any Flathub applications we don&#8217;t want users to see. But since Fedora 38, this filter is empty, so no apps are hidden in practice. The downstream filter was quite unpopular with users, and the mechanism still exists only as a safety hatch in case there is some unanticipated future emergency.)</p> <h2 class="wp-block-heading">The Future</h2> <p>Here are my proposed requirements for Fedora Workstation to become a successful image-based OS.</p> <p>This proposal applies only to Fedora Workstation (Fedora&#8217;s GNOME edition). These proposals <em>could</em> just as well apply to other Fedora editions and spins, like Fedora KDE Plasma Desktop, but different Fedora variants have different needs, so each should be handled separately.</p> <h3 class="wp-block-heading">Flathub is Enabled by Default</h3> <p>Since Flathub includes proprietary software, we cannot include <em>all</em> of Flathub by default. But Flathub already supports <a class="external" href="https://docs.flathub.org/docs/for-users/installation#subsets">subsets</a>. Fedora can safely enable the floss subset by default, and replace the &#8220;Enable Third-Party Repositories&#8221; button with an &#8220;Enable Proprietary Software Sources&#8221; button that would allow users to switch from the floss subset to the full Flathub if they so choose.</p> <p>This goal <em>can</em> be implemented today, but we should wait because Flathub has some problems that we ought to fix first. More on that below.</p> <h3 class="wp-block-heading">All Default Applications are Fedora Flatpak Applications</h3> <p>All applications installed by default in Fedora Workstation should be Fedora Flatpaks. (Or almost all. Certain exceptions, like gnome-control-center, would make more sense as part of the OS image rather than as a Flatpak.)</p> <p>Notice that I said <em>Fedora</em> Flatpaks, not Flathub. Fedora surely does need to control the handful of applications that are shipped by default. We don&#8217;t want to be at the mercy of Flathub to provide the core user experience.</p> <p><a class="external" href="https://pagure.io/fedora-workstation/issue/269#comment-954053">There has been recent progress towards this goal</a>, although it&#8217;s not ready yet.</p> <h3 class="wp-block-heading">All Other Applications are Flathub Flatpaks</h3> <p>With the exception of the default Fedora Flatpak applications, Flathub should be the only source of applications in GNOME Software.</p> <p>It will soon be time to turn off GNOME Software&#8217;s support for installing RPM applications, making it a Flatpak-only software center by default. (Because GNOME Software uses a plugin architecture, users of traditional package-based Fedora who want to use GNOME Software to install RPM applications would still be able to do so by installing a subpackage providing a plugin, if desired.)</p> <p>This requirement is an end goal. It can be done today, but it doesn&#8217;t necessarily need to be an immediate<em> </em>next step.</p> <h3 class="wp-block-heading" id="flathub-improvements">Flathub Must Improve</h3> <p>Flathub has a few serious problems, and needs to make some policy changes <em>before</em> Fedora enables it by default. I&#8217;ll discuss this in more detail next.</p> <h3 class="wp-block-heading">Fedora Must Help</h3> <p>We should not make demands of Flathub without helping to implement them. Fedora has a large developer community and significant resources. We must not barge in and attempt to take over the Flathub project; instead, let&#8217;s increase our activity in the Flathub community somewhat, and lend a hand where requested.</p> <h2 class="wp-block-heading">The Case for Fedora Flatpaks</h2> <p>Earlier this year, Yaakov presented <a class="external" href="https://yselkowitz.github.io/blog/2025/02/25/the-case-for-fedora-flatpaks.html">The Case for Fedora Flatpaks</a>. This is the strongest argument I&#8217;ve seen in favor of Fedora Flatpaks. It complains about five problems with Flathub:</p> <ul class="wp-block-list"><li>Lack of source and build system provenance: on this point, Yaakov is completely right. This is a serious problem, and it would be unacceptable for Fedora to embrace Flathub before it is fixed. More on this below.</li> <li>Lack of separation between FOSS, legally encumbered, and proprietary software: this is not a real problem. Flathub already has a floss subset to separate open source vs. proprietary software; it may not be a separate repository, but that hardly matters because subsets allow us to achieve an equivalent user experience. Then there is indeed no separate subset for legally-encumbered software, but this also does not matter. Desktop users invariably wish to install encumbered software; I have yet to meet a user who does not want multimedia playback to work, after all. Fedora cannot offer encumbered multimedia codecs, but Flathub can, and that&#8217;s a major advantage for Flathub. Users and operating systems can block the multimedia extensions if truly desired. Lastly, some of the plainly-unlicensed proprietary software currently available on Flathub does admittedly seem pretty clearly outrageous, but if this is a concern for you, simply stick to the floss subset.</li> <li>Lack of systemic upgrading of applications to the latest runtime: again, Yaakov is correct. This is a serious problem, and it would be unacceptable for Fedora to embrace Flathub before it is fixed. More on this below.</li> <li>Lack of coordination of changes to non-runtime dependencies: this is a <em>difference</em> from Fedora, but it&#8217;s not necessarily a problem. In fact, allowing applications to have different versions of dependencies can be quite convenient, since upgrading dependencies can sometimes break applications. It does become a problem when bundled dependencies become significantly outdated, though, as this creates security risk. More on this below.</li> <li>Lack of systemic community engagement: it&#8217;s silly to claim that Flathub has no community. Unresponsive Flathub maintainers are a real problem, but Fedora has an unresponsive maintainer problem too, so this can hardly count as a point against Flathub. That said, yes, Flathub needs a better way to flag unresponsive maintainers.</li></ul> <p>So now we have some good reasons to create Fedora Flatpaks. But maintaining Flatpaks is a tremendous effort. Is it really worth doing if we can improve Flathub instead?</p> <h2 class="wp-block-heading">Flathub Must Improve</h2> <p>I propose the following improvements:</p> <ul class="wp-block-list"><li>Open source software must be built from source on trusted infrastructure.</li> <li>Applications must not depend on end-of-life runtimes.</li> <li>Applications must use flatpak-external-data-checker to monitor bundled dependencies wherever possible.</li> <li>Sandbox holes must be phased out, except where this is fundamentally technically infeasible.</li></ul> <p>Let&#8217;s discuss each point in more detail.</p> <h3 class="wp-block-heading">Build Open Source from Source</h3> <p>Open source software can contain all manner of vulnerabilities. Although unlikely, it might even contain malicious backdoors. Building from source does nothing to guarantee that the software is in any way safe to use (and if it&#8217;s written in C or C++, then <a class="external" href="http://wingolog.org/archives/2011/10/13/whats-your-c-migration-plan">it&#8217;s definitely not safe</a>). But it sets an essential baseline: you can at least be confident that the binary you install on your computer actually corresponds to the provided source code, assuming the build infrastructure is trusted and not compromised. And if the package supports <a class="external" href="https://lwn.net/Articles/1014979/">reproducible builds</a>, then you can reliably detect malicious infrastructure, too!</p> <p>In contrast, when shipping a prebuilt binary, whoever built the binary can easily insert an undetectable backdoor; there is no need to resort to <a class="external" href="https://en.wikipedia.org/wiki/XZ_Utils_backdoor">stealthy obfuscation tactics</a>. With proprietary software, this risk is inherent and unavoidable: users just have to accept the risk and trust that whoever built the software is not malicious. Fine. But users generally do not expect this risk to extend to open source software, because all Linux operating systems fortunately require open source software to be built from source. Open source software not built from source is unusual and is invariably treated as a <a class="external" href="https://bugs.webkit.org/show_bug.cgi?id=273435">serious bug</a>.</p> <p>Flathub is different. On Flathub, shipping prebuilt binaries of open source software is, sadly, a common accepted practice. <a class="external" href="https://pagure.io/fedora-workstation/issue/463#comment-964849">Here are several examples.</a> <s>Flathub itself admits that <a class="external" href="https://docs.flathub.org/blog/app-safety-layered-approach-source-to-user#special-cases">around 6% of its software is not built from source</a>, so this problem is pervasive, not an isolated issue. (Although that percentage unfortunately considers proprietary software in addition to open source software, overstating the badness of the problem, because building proprietary software from source is impossible and not doing so is not a problem.)</s> <strong>Update:</strong> I&#8217;ve been advised that I misunderstood the purpose of extra-data. Most apps that ship prebuilt binaries do not use extra-data. I&#8217;m not sure how many apps are shipping prebuilt binaries, but the problem is pervasive.</p> <p>Security is not the only problem. In practice, Flathub applications that do not build from source sometimes package binaries only for x86_64, leaving aarch64 users entirely out of luck, even though Flathub normally supports aarch64, an architecture that is important for Fedora. This is frequently cited by Flathub&#8217;s opponents as major disadvantage relative to Fedora Flatpaks.</p> <p>A plan to fix this should exist before Fedora enables Flathub by default. I can think of a few possible solutions:</p> <ul class="wp-block-list"><li>Create a new subset for open source software not built from source, so Fedora can filter out this subset. Users can enable the subset at their own risk. This is hardly ideal, but it would allow Fedora to enable Flathub without exposing users to prebuilt open source software.</li> <li>Declare that any software not built from source should be treated equivalent to proprietary software, and moved out of the floss subset. This is not quite right, because it <em>is</em> open source, but it has the same security and trust characteristics of proprietary software, so it&#8217;s not unreasonable either.</li> <li>Set a flag date by which any open source software not built from source must be delisted from Flathub. I&#8217;ll arbitrarily propose July 1, 2027, which should be a generous amount of time to fix apps. This is my preferred solution. It can also be combined with either of the above.</li></ul> <p>Some of the apps not currently built from source are Electron packages. Electron takes a long time to build, and I wonder if building every Electron app from source might overwhelm Flathub&#8217;s existing build infrastructure. We will need some sort of solution to this. I wonder if it would be possible to build Electron runtimes to provide a few common versions of Electron. Alternatively, Flathub might just need more infrastructure funding.</p> <p>Tangent time: a few applications on Flathub are built on non-Flathub infrastructure, notably Firefox and OBS Studio. It would be <em>better</em> to build everything on Flathub&#8217;s infrastructure to reduce risk of infrastructure compromise, but as long as this practice is limited to only a few well-known applications using trusted infrastructure, then the risk is lower and it&#8217;s not necessarily a serious problem. The third-party infrastructure should be designed thoughtfully, and only the infrastructure should be able to upload binaries; it should not be possible for a human to manually upload a build. It&#8217;s unfortunately not always easy to assess whether an application complies with these guidelines or not. <a class="external" href="https://github.com/obsproject/obs-studio/pull/10934">Let&#8217;s consider OBS Studio.</a> I appreciate that it <em>almost</em> follows my guidelines, because the binaries are normally built by GitHub Actions and will therefore correspond with the project&#8217;s source code, but I think a malicious maintainer <em>could</em> bypass that by uploading a malicious GitHub binary release? This is not ideal, but fortunately custom infrastructure is an unusual edge case, rather than a pervasive problem.</p> <h3 class="wp-block-heading">Penalize End-of-life Runtimes</h3> <p>When a Flatpak runtime reaches end-of-life (EOL), it stops receiving all updates, including security updates. How pervasive are EOL runtimes on Flathub? Using the Runtime Distribution section of <a class="external" href="https://flathub.org/statistics">Flathub Statistics</a> and <a class="external" href="https://discussion.fedoraproject.org/t/proposal-enable-flathub-by-default/157011/86">some knowledge of which runtimes are still supported</a>, I determined that 994 out of 3,438 apps are currently using an EOL runtime. Ouch. (Note that the statistics page says there are 3,063 total desktop apps, but for whatever reason, the number of apps presented in the Runtime Distribution graph is higher. Could there really be 375 command line apps on Flathub?)</p> <p>Using an EOL runtime is dangerous and irresponsible, and developers who claim otherwise are not good at risk assessment. Some developers will say that security does not matter because their app is not security-critical. It&#8217;s true that most security vulnerabilities are not actually terribly important or worth panicking over, but this does not mean it&#8217;s acceptable to stop fixing vulnerabilities altogether. In fact, security matters for <em>most</em> apps. A few exceptions would be apps that do not open files and also do not use the network, but thatβs really probably not many apps.</p> <p>I recently saw a developer use the example of a music player application to argue that EOL runtimes are not actually a serious problem. This developer picked a terrible example. Our hypothetical music player application can notably open audio files. Applications that parse files are inherently high risk because users love to open untrusted files. If you give me a file, the first thing Iβm going to do is open it to see what it is. Who wouldn&#8217;t? Curiosity is human nature. And a music player probably uses GStreamer, which puts it at the <a class="external" href="https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html">very</a> <a class="external" href="https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html">highest</a> <a class="external" href="https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/">tier</a> of security risk (alongside your PDF reader, email client, and web browser). I know of exactly one case of a GNOME user being exploited in the wild: it happened when the user <a class="external" href="https://www.vice.com/en/article/facebook-helped-fbi-hack-child-predator-buster-hernandez/">opened a booby-trapped video</a> using Totem, GNOME&#8217;s GStreamer-based video player. At least your web browser is guaranteed to be heavily sandboxed; your music player <a class="external" href="https://gitlab.gnome.org/neithern/g4music/-/issues/153">might very well not be</a>.</p> <p>The Flatpak sandbox certainly helps to mitigate the impact of vulnerabilities, but sandboxes are intended to be a defense in depth measure. They should not be treated as a primary security mechanism or as an excuse to not fix security bugs. Also, too Flatpak many apps subvert the sandbox entirely.</p> <p>Of course, each app has a different risk level. The risk of you being attacked via GNOME Calculator is pretty low. It does not open files, and the only untrusted input it parses is currency conversion data provided by the International Monetary Fund. Life goes on if your calculator is unmaintained. Any number of other applications are <em>probably</em> generally safe. But it would be entirely impractical to assess 3000 different apps individually to determine whether they are a significant security risk or not. And independent of security considerations, use of an EOL runtime is a good baseline to determine whether the application is adequately maintained, so that abandoned apps can be eventually delisted. It would not be useful to make exceptions.</p> <p>The solution here is simple enough:</p> <ul class="wp-block-list"><li>It should not be possible to build an application that depends on an EOL runtime, to motivate active maintainers to update to a newer runtime. Flathub already implemented this rule in the past, but it got dropped at some point.</li> <li>An application that depends on an EOL runtime for too long should eventually be delisted. Perhaps 6 months or 1 year would be good deadlines.</li> <li>A monitoring dashboard would make it easier to see which apps are using maintained runtimes and which need to be fixed.</li></ul> <h3 class="wp-block-heading">Monitor Bundled Dependencies</h3> <p>Flatpak apps have to bundle any dependencies not present in their runtime. This creates considerable security risk if the maintainer of the Flathub packaging does not regularly update the dependencies. The negative consequences are identical to using an EOL runtime.</p> <p>Fortunately, Flathub already has a tool to deal with this problem: <a class="external" href="https://github.com/flathub-infra/flatpak-external-data-checker">flatpak-external-data-checker</a>. This tool automatically opens pull requests to update bundled dependencies when a new version is available. However, not all applications use flatpak-external-data-checker, and not all applications that <em>do</em> use it do so for all dependencies, and none of this matters if the app&#8217;s packaging is no longer maintained.</p> <p>I don&#8217;t know of any easy ways to monitor Flathub for outdated bundled dependencies, but given the number of apps using EOL runtimes, I assume the status quo is pretty bad. The next step here is to build better monitoring tools so we can better understand the scope of this problem.</p> <h3 class="wp-block-heading">Phase Out Most Sandbox Holes (Eventually)</h3> <p>Applications that parse data are full of security vulnerabilities, like buffer overflows and use-after-frees. Skilled attackers can turn these vulnerabilities into exploits, using carefully-crafted malicious data to gain total control of your user account on your computer. They can then install malware, read all the files in your home directory, use your computer in a botnet, and do whatever else they want with it. But if the application is sandboxed, then a second type of exploit, called a sandbox escape, is needed before the app can harm your host operating system and access your personal data, so the attacker now has to exploit two vulnerabilities instead of just one. And while app vulnerabilities are extremely common, sandbox escapes are, <a class="external" href="https://github.com/flatpak/flatpak/security">in theory</a>, rare.</p> <p>In theory, Flatpak apps are drastically safer than distro-packaged apps because Flatpak provides a strong sandbox by default. The security benefit of the sandbox cannot be understated: it is amazing technology and greatly improves security relative to distro-packaged apps. But in practice, Flathub applications routinely subvert the sandbox by using expansive static permissions to open sandbox holes. Flathub <a class="external" href="https://docs.flathub.org/blog/app-safety-layered-approach-source-to-user#submission--human-review">claims</a> that it carefully reviews apps&#8217; use of static permissions and allows only the most narrow permissions that are possible for the app to function properly. This claim is dubious because, in practice, the permissions of actual apps on Flathub are <a class="external" href="https://flatkill.org/2020/">extremely broad</a>, as often as not making a total mockery of the sandbox.</p> <figure class="wp-block-image aligncenter size-full"><a href="https://blogs.gnome.org/mcatanzaro/files/2025/07/Screenshot-From-2025-07-22-10-01-01.png"><img alt="" class="wp-image-11072" height="574" src="https://blogs.gnome.org/mcatanzaro/files/2025/07/Screenshot-From-2025-07-22-10-01-01.png" width="639" /></a></figure> <p>While some applications use sandbox holes out of laziness, in many cases it&#8217;s currently outright impossible to sandbox the application without breaking key functionality. For example, Sophie has documented <a class="external" href="https://gitlab.gnome.org/GNOME/loupe/-/issues/61">many problems</a> that necessitate sandbox holes in GNOME&#8217;s image viewer, Loupe. These problems are fixable, but they require significant development work that has not happened yet. Should we punish the application by requiring it to break itself to conform to the requirements of the sandbox? The Flathub community has decided that the answer is no: application developers can, in practice, use whatever permissions they need to make the app work, even if this entirely subverts the sandbox.</p> <p>This was originally a good idea. By allowing flexibility with sandbox permissions, Flathub made it very easy to package apps, became extremely popular, and allowed Flatpak itself to become successful. But the original understanding of the Flatpak community was that this laxity would be temporary: eventually, the rules would be tightened and apps would be held to progressively higher standards, until sandbox holes would eventually become rare. Unfortunately, this is taking too long. Flatpak has been around for a decade now, but this goal is not within reach.</p> <p>Tightening sandbox holes does <em>not</em> need to be a blocker for adopting Flathub in Fedora because it&#8217;s not a problem relative to the status quo in Fedora. Fedora Flatpaks have the exact same problem, and Fedora&#8217;s distro-packaged apps are not sandboxed at all (with only a few exceptions, like your web browser). But it&#8217;s long past time to at least make a plan for how to eventually phase out sandbox holes wherever possible. (In some cases, it won&#8217;t ever be possible; e.g. sandboxing a file manager or disk usage analyzer does not make any sense.) It&#8217;s currently too soon to use sticks to punish applications for having too many sandbox holes, but sticks will be necessary eventually, hopefully within the next 5 years. In the meantime, we <em>can</em> immediately begin to use carrots to reward app developers for eliminating holes. We will need to discuss specifics.</p> <p>We also need more developers to help improve xdg-desktop-portal, the component that allows sandboxed apps to safely access resources on the host system without using sandbox holes. This is too much work for any individual; it will require many developers working together.</p> <h2 class="wp-block-heading">Software Source Prioritization</h2> <p>So, let&#8217;s say we successfully engage with the Flathub project and make some good progress on solving the above problems. What should happen next?</p> <p>Fedora is a community of doers. We cannot tell Fedora contributors to stop doing work they wish to do. Accordingly, it&#8217;s unlikely that anybody will propose to shut down the Fedora Flatpak project so long as developers are still working on it. Don&#8217;t expect that to happen.</p> <p>However, this doesn&#8217;t mean Fedora contributors have a divine right for their packaged applications to be presented to users by default. Each Fedora edition (or spin) should be allowed to decide for itself what should be presented to the user in its software center. It&#8217;s time for the Fedora Engineering Steering Committee (FESCo) to allow Fedora editions to prefer third-party content over content from Fedora itself.</p> <p>We have a few options as to how exactly this should work:</p> <ul class="wp-block-list"><li>We could choose to unconditionally prioritize all Flathub Flatpaks over Fedora Flatpaks, as I proposed earlier this year (<a class="external" href="https://pagure.io/fedora-workstation/issue/463">Workstation ticket</a>, <a class="external" href="https://lwn.net/Articles/1011511">LWN coverage</a>). The precedence in GNOME Software would be <strong>Flathub &gt; Fedora Flatpaks</strong>.</li> <li>Alternatively, we could leave Fedora Flatpaks with highest priority, and instead apply a filter such that only Fedora Flatpaks that are installed by default are visible in GNOME Software. This is my preferred solution; there is already an active change proposal for Fedora 43 (<a class="external" href="https://fedoraproject.org/wiki/Changes/FilterFedoraFlatpaksAtomicDesktops">proposal</a>, <a class="external" href="https://discussion.fedoraproject.org/t/f43-change-proposal-filter-fedora-flatpaks-for-atomic-desktops-self-contained/157262">discussion</a>), and it has received considerable support from the Fedora community. Although the proposal only targets atomic editions like Silverblue and Kinoite for now, it makes sense to extend it to Fedora Workstation as well. The precedence would be <strong>Filtered Fedora Flatpaks &gt; Flathub</strong>.</li></ul> <p>When considering our desired end state, we can stop there; those are the only two options because of my &#8220;All Other Applications are Flathub Flatpaks&#8221; requirement: in an atomic OS, it&#8217;s no longer possible to install RPM-packaged applications, after all. But in the meantime, as a transitional measure, we still need to consider where RPMs fit in until such time that Fedora Workstation is ready to remove RPM applications from GNOME Software.</p> <p>We have several possible precedence options. The most obvious option, consistent with my proposals above, is: <strong>Flathub &gt; Fedora RPMs &gt; Fedora Flatpaks</strong>. And that would be fine, certainly a huge improvement over the status quo, which is Fedora Flatpaks &gt; Fedora RPMs &gt; Flathub.</p> <p>But we could also <em>conditionally</em> prioritize Flathub Flatpaks over Fedora Flatpaks or Fedora RPMs, such that the Flathub Flatpak is preferred only if it meets certain criteria. This makes sense if we want to nudge Flathub maintainers towards adopting certain best practices we might wish to encourage. Several Fedora users have proposed that we prefer Flathub only if the app has Verified status, indicating that the Flathub maintainer is the same as the upstream maintainer. But I do not care very much whether the app is verified or not; it&#8217;s perfectly acceptable for a third-party developer to maintain the Flathub packaging if the upstream developers do not wish to do so, and I don&#8217;t see any need to discourage this. Instead, I would rather consider whether the app receives a Probably Safe safety rating in GNOME Software. This would be a nice carrot to encourage app developers to tighten sandbox permissions. (Of course, this would be a transitional measure only, because eventually the goal is for Flathub to be the only software source.)</p> <p>There are many possible outcomes here, but here are my three favorites, in order:</p> <ol class="wp-block-list"><li>My favorite option: <strong>Filtered Fedora Flatpaks &gt; Probably Safe Flathub &gt; Fedora RPMs &gt; Potentially Unsafe Flathub</strong>. Fedora Flatpaks take priority, but this won&#8217;t hurt anything because only applications shipped by default will be available, and those will be the ones that receive the most testing. This is not a desirable end state because it is complicated and it will be confusing to explain to users why a certain software source was preferred. But in the long run, when Fedora RPMs are eventually removed, it will simplify to Filtered Fedora Flatpaks &gt; Flathub, which is elegant.</li> <li>A simple option, the same thing but without the conditional prioritization: <strong>Filtered Fedora Flatpaks &gt; Flathub &gt; Fedora RPMs</strong>.</li> <li>Alternative option: <strong>Probably Safe Flathub &gt; Fedora RPMs &gt; Potentially Unsafe Flathub &gt; Unfiltered Fedora Flatpaks</strong>. When Fedora RPMs are eventually removed, this will simplify to Flathub &gt; Unfiltered Fedora Flatpaks. This alternative option behaves almost the same as the above, except allows users to manually select the Fedora Flatpak if they wish to do so, rather than filtering them out. But there is a significant disadvantage: if you uninstall an application that is installed by default, then reinstall the application, it would come from Flathub rather than Fedora Flatpaks, which is unexpected. So we&#8217;ll probably want to hardcode exceptions for default apps to prefer Fedora Flatpaks.</li> <li>The corresponding simple option without conditional prioritization: <strong>Flathub &gt; Fedora RPMs &gt; Unfiltered Fedora Flatpaks</strong>.</li></ol> <p>Any of these options would be fine.</p> <h2 class="wp-block-heading">Conclusion</h2> <p>Flathub is, frankly, not safe enough to be enabled by default in Fedora Workstation today. But these problems are fixable. Helping Flathub become more trustworthy will be far easier than competing against it by maintaining thousands of Fedora Flatpaks. Enabling Flathub by default should be a strategic priority for Fedora Workstation.</p> <p>I anticipate a lively debate on social media, on Matrix, and in the comments. And I am especially eager to see whether the Fedora and Flathub communities accept my arguments as persuasive. FESCo will be considering the <a class="external" href="https://fedoraproject.org/wiki/Changes/FilterFedoraFlatpaksAtomicDesktops">Filter Fedora Flatpaks for Atomic Desktops proposal</a> imminently, so the first test is soon.</p></description><author>Michael Catanzaro</author><dc:creator>Michael Catanzaro</dc:creator><pubDate>Tue, 22 Jul 2025 04:10:53 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/mcatanzaro/2025/07/21/fedora-must-carefully-embrace-flathub/</guid></item><item><title>Alley Chaggar: YAML Research</title><link>https://alleych.github.io/gnome/yaml-research-init/</link><description><h1 id="intro">Intro</h1> <p>Hi everyone, sorry for the late post. Midterms are this week for GSoC, which means Iβm halfway through GSoC. Itβs been an incredible experience so far, and I know itβs going to continue to be great.</p> <h1 id="api-vs-abi">API vs. ABI</h1> <p>What is the difference between an application programming interface versus an application binary interface? In the beginning, this question tripped me out and confused me, because I wasnβt familiar with ABIs. Understanding what an ABI is has helped me decide which libraries I should consider using in the codegen phase. When talking about Vala, Vala is designed to use a C ABI. First, letβs understand what an API and ABI are separately and then compare them.</p> <h2 id="api">API</h2> <p>Personally, I think the understanding of APIs is more popular and well-known than ABIs. An API is usually, at a high level, defined by two software components or computers communicating with each other using a set of definitions and protocols. This definition I always thought was pretty vague and expansive. When dealing with code-level APIs, I like to understand it as APIs are existing entities in the user code (source code) that have functions, constants, structures, etc. You can think of it as when you write code, you access libraries through an API. For example, when you write <code class="language-vala highlighter-rouge"><span class="nf">print</span><span class="p">(</span><span class="err">'</span><span class="n">hello</span> <span class="n">world</span><span class="err">'</span><span class="p">)</span></code> in Python, <code class="language-vala highlighter-rouge"><span class="nf">print</span><span class="p">()</span></code> is a part of Pythonβs standard library API.</p> <h2 id="abi">ABI</h2> <p>ABI, on the other hand, is very similar, but instead of the compiler time, they are executed during runtime. Runtime means when your program is done compiling (going through the lexical, syntax, semantic analysis, etc) and the machine is actually running your executable. Its goals are very low-level and entails how compiled code should interact, particularly in the context of operating systems and libraries. It has protocols and standards for how the OS handles your program, such as storage, memory, hardware, and about how your compiled binary works with other compiled components.</p> <h1 id="yaml-libraries">YAML Libraries</h1> <p>Iβve started to look into YAML and XML (mainly YAML). Iβve looked into many different libraries dealing with YAML, some such as <a href="https://github.com/pluie-org/lib-yaml">pluie-yaml</a>, <a href="https://github.com/rainwoodman/libyaml-glib">libyaml-glib</a>, <a href="https://github.com/jimmuhk/glib-yaml">glib-yaml</a>, and <a href="https://github.com/yaml/libyaml/tree/master">libyaml</a>. To my understanding and research, there are no well-maintained YAML libraries that integrate GObject or GLib. The goal is to find a well-maintained library that I can use in the codegen.</p> <h2 id="pluie-yaml">Pluie yaml</h2> <p>I mentioned <a href="https://github.com/pluie-org/lib-yaml">pluie-yaml</a>, but this library isnβt a C library like <a href="https://gitlab.gnome.org/GNOME/json-glib/-/tree/main?ref_type=heads">json-glib</a>, itβs a shared Vala library. The good thing is that the codegen can use pure Vala libraries because Vala libraries have a C ABI, however, the bad part is that this library is not well-maintained. The last activity was 7 years ago.</p> <h2 id="libyaml-glib">Libyaml glib</h2> <p><a href="https://github.com/rainwoodman/libyaml-glib">Libyaml-glib</a> is a GLib binding of libyaml, plus a GObject builder that understands YAML. Just like pluie, itβs not a C library. Itβs written in Vala. And just like pluie, itβs not well-maintained, with the last activity even stretching to longer, 9 years ago.</p> <h2 id="glib-yaml">Glib yaml</h2> <p><a href="https://github.com/jimmuhk/glib-yaml">Glib-yaml</a> is a GLib-based YAML parser written in C. It again, just like the other libraries, doesnβt pass the maintenance check since itβs been years of no updates or commits in the repo. Going all the way back to 13 years ago. Itβs also only a parser, and it doesnβt serialize or emit YAML, so even if it were well-maintained, Iβd still need to emit YAML either manually or find another library that does so.</p> <h2 id="libyaml">Libyaml</h2> <p>In conclusion, <a href="https://github.com/yaml/libyaml/tree/master">libyaml</a> is the C library that I will be using for parsing and emitting YAML. It has a C ABI, and itβs the most well-maintained out of all of the other libraries. Vala already has a VAPI file binding it, <a href="https://gitlab.gnome.org/GNOME/vala-extra-vapis/-/blob/master/yaml-0.1.vapi?ref_type=heads">yaml-0.1.vapi</a>. However, there is no GObject or GLib integration, unlike json-glib, but that should be fine.</p></description><author>Alley Chaggar</author><dc:creator>Alley Chaggar</dc:creator><pubDate>Fri, 18 Jul 2025 05:00:00 GMT</pubDate><guid isPermaLink="true">https://alleych.github.io/gnome/yaml-research-init/</guid></item><item><title>Victor Ma: My first design doc</title><link>https://victorma.ca/posts/gsoc-5/</link><description><p>In the last two weeks, I investigated some bugs, tested some fonts, and started working on a design doc.</p><h2 id="bugs">Bugs</h2><p>I found two more UI-related bugs (<a href="https://gitlab.gnome.org/jrb/crosswords/-/issues/280">1</a>, <a href="https://gitlab.gnome.org/jrb/crosswords/-/issues/282">2</a>). These are in addition to the ones I mentioned in my last blog post&mdash;and they&rsquo;re all related. They have to do with GTK and sidebars and resizing.</p><p>I looked into them briefly, but in the end, my mentor decided that the bugs are complicated enough that he should <a href="https://gitlab.gnome.org/jrb/crosswords/-/merge_requests/258">handle them himself</a>. His fix was to replace all the <code>.ui</code> files with <a href="https://gitlab.gnome.org/GNOME/blueprint-compiler">Blueprint</a> files, and then make changes from there to squash all the bugs. The port to Blueprint also makes it much easier to edit the UI in the future.</p><h2 id="font-testing">Font testing</h2><p>Currently, GNOME Crosswords uses the default GNOME font, Cantarell. But we&rsquo;ve never really explored the possibility of using other fonts. For example, what would Crosswords look like with a monospace font? Or with a handwriting font? This is what I set out to discover.</p><p>To change the font, I used GTK Inspector, combined with this CSS selector, which targets the grid and word suggestions list:</p><pre tabindex="0"><code>edit-grid, wordlist { font-family: FONT;}</code></pre><p>This let me dynamically change the font, without having to recompile each time. I created a document with all the <a href="https://pad.gnome.org/s/6mTne5Ehs">fonts that I tried</a>.</p><p>Here&rsquo;s what <em>Source Code Pro</em>, a monospace font, looks like. It gives a more rigid look&mdash;especially for the word suggestion list, where all the letters line up vertically. <figure> <img alt="Monospace font" src="https://victorma.ca/posts/gsoc-5/monospace.png" /></figure> </p><p>And here&rsquo;s what <em>Annie Use Your Telescope</em>, a handwriting font, looks like. It gives a fun, charming look to the crossword grid&mdash;like it&rsquo;s been filled out by hand. It&rsquo;s a bit too unconventional to use as the default font, but it would definitely be cool to add as an option that the user can enable. <figure> <img alt="Handwriting font" src="https://victorma.ca/posts/gsoc-5/handwriting.png" /></figure> </p><h2 id="design-doc">Design doc</h2><p>My current task is to improve the word suggestion algorithm for the Crosswords Editor. Last week, I starting working on a <a href="https://pad.gnome.org/s/OAL239g-o">design doc</a> that explains my intended change. Here&rsquo;s a short snippet from the doc, which highlights the problem with our current word suggestion algorithm:</p><blockquote><p>Consider the following grid:</p><pre tabindex="0"><code>+---+---+---+---+| | | | Z |+---+---+---+---+| | | | E |+---+---+---+---+| | | | R |+---+---+---+---+| W | O | R | | &lt; current slot+---+---+---+---+</code></pre><p>The 4-Down slot begins with <em>ZER</em>, so the only word it can be is <em>ZERO</em>. This means that the cell in the bottom-right corner must be the letter <em>O</em>.</p><p>But 4-Across starts with <em>WOR</em>. And <em>WORO</em> is not a word. So the bottom-right corner cannot actually be the letter <em>O</em>. This means that the slot is unfillable.</p><p>If the cursor is on the bottom right cell, then our word suggestion algorithm correctly recognizes that the slot is unfillable and returns an empty list.</p><p>But suppose the cursor is on one of the other cells in 4-Across. Then, the algorithm has no idea about 4-Down and the constraint it imposes. So, the algorithm returns all words that match the filter <em>WOR?</em>, like <em>WORD</em> and <em>WORM</em>&mdash;even though they do not actually fit the slot.</p></blockquote><h3 id="csps">CSPs</h3><p>In the process of writing the doc, I came across the concept of a <a href="https://cs.uwaterloo.ca/~jhoey/teaching/cs486/lecture4-nup.pdf">constraint satisfaction problem (CSP)</a>, and the related AC-3 algorithm. A CSP is a formalization of a problem that&hellip;well&hellip;involves satisfying a constraint. And the AC-3 algorithm is an algorithm that&rsquo;s sometimes used when solving CSPs.</p><p>The problem of filling a crossword grid can be formulated as a CSP. And we can use the AC-3 algorithm to generate perfect word suggestion lists for every cell.</p><p>This isn&rsquo;t the approach I will be taking. However, we may decide to implement it in the future. So, I documented the <a href="https://pad.gnome.org/s/OAL239g-o#Grid-Level-algorithm">AC-3 approach</a> in my design doc.</p></description><author>Victor Ma</author><dc:creator>Victor Ma</dc:creator><pubDate>Tue, 15 Jul 2025 00:00:00 GMT</pubDate><guid isPermaLink="true">https://victorma.ca/posts/gsoc-5/</guid></item><item><title>Toluwaleke Ogundipe: Profiling Crosswordsβ Rendering Pipeline</title><link>https://blogs.gnome.org/anonymoux47/2025/07/14/profiling-crosswords-rendering-pipeline/</link><description><p>For the sake of formality, if you&#8217;re yet to read the [brief] introduction of my GSoC project, <a href="https://blogs.gnome.org/anonymoux47/2025/06/14/hello-gnome-and-gsoc/">here</a> you go.</p> <h2 class="wp-block-heading" id="rendering-puzzles-in-gnome-crosswords">Rendering Puzzles in GNOME Crosswords</h2> <p><a class="external" href="https://gitlab.gnome.org/jrb/crosswords">GNOME Crosswords</a> currently renders puzzles in two layers. The first is a grid of what we call the <strong>layout items:</strong> the grid cells, borders between cells and around the grid, and the intersections between borders. This is as illustrated below:</p> <div class="wp-block-image is-style-default"><figure class="aligncenter size-large"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/layout-items.png"><img alt="" class="wp-image-102" height="1024" src="https://blogs.gnome.org/anonymoux47/files/2025/07/layout-items-930x1024.png" width="930" /></a><figcaption class="wp-element-caption">Layout items</figcaption></figure></div> <p>The game and editor implement this item grid using a set of custom Gtk widgets: <code>PlayCell</code> for the cells and <code>PlayBorder</code> for the borders and intersections, all contained and aligned in a grid layout within a <code>PlayGrid</code> widget. For instance, the <a class="external" href="https://gitlab.gnome.org/jrb/crosswords/-/blob/9cf9bab35c79e7f42f4eca4f7609414df0ffa946/puzzle-sets/devel-puzzles/simple.ipuz">simple.ipuz</a> puzzle, with just its item grid, looks like this:</p> <div class="wp-block-image"><figure class="aligncenter size-full"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/layout-items-only.png"><img alt="" class="wp-image-86" height="512" src="https://blogs.gnome.org/anonymoux47/files/2025/07/layout-items-only.png" width="512" /></a><figcaption class="wp-element-caption">Rendered puzzle with layout item grid only</figcaption></figure></div> <p>Then it renders another layer, of what we call the <a class="external" href="https://jrb.pages.gitlab.gnome.org/crosswords/devel-docs/overlays.html"><strong>layout overlays</strong></a><strong>,</strong> above the grid. Overlays are elements of a puzzle which do not exactly fit into the grid, such as barred borders, enumerations (for word breaks, hyphens, etc), cell dividers and arrows (for arrowword puzzles), amongst others. The fact that overlays do not fit into the grid layout makes it practically impossible to render them using widgets. Hence, the need for another layer, and the term βoverlayβ.</p> <p>Overlays are currently implemented in the game and editor by generating an SVG and rendering it onto a <code>GtkSnapshot</code> of the <code>PlayGrid</code> using librsvg. The overlays for the same puzzle, the item grid of which is shown above, look like this:</p> <div class="wp-block-image"><figure class="aligncenter size-full"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/layout-overlays-only.png"><img alt="" class="wp-image-87" height="512" src="https://blogs.gnome.org/anonymoux47/files/2025/07/layout-overlays-only.png" width="512" /></a><figcaption class="wp-element-caption">Rendered layout overlays</figcaption></figure></div> <p>When laid over the item grid, they together look like this:</p> <div class="wp-block-image"><figure class="aligncenter size-full"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/layout-itemsoverlays.png"><img alt="" class="wp-image-88" height="512" src="https://blogs.gnome.org/anonymoux47/files/2025/07/layout-itemsoverlays.png" width="512" /></a><figcaption class="wp-element-caption">Rendered puzzle with layout item grid and overlays</figcaption></figure></div> <p>All these <strong>elements</strong> (items and overlays) and their various properties and styles are stored in a <a class="external" href="https://jrb.pages.gitlab.gnome.org/crosswords/devel-docs/grid-layout.html"><code>GridLayout</code></a> instance, which encapsulates the appearance of a puzzle in a given state. Instances of this class can then be rendered into widgets, SVG, or any other kind of output.</p> <p>The projectβs main source includes <a class="external" href="https://gitlab.gnome.org/jrb/crosswords/-/blob/9cf9bab35c79e7f42f4eca4f7609414df0ffa946/src/svg.c"><em>svg.c</em></a>, a source file containing code to generate an SVG string from a <code>GridLayout</code>. It provides a function to render overlays only, another for the entire layout, and a function to create an <code>RsvgHandle</code> from the generated SVG string.</p> <p>Crosswords, the game, uses the SVG code to display thumbnails of puzzles (though currently only for the <strong>Cats and Dogs</strong> puzzle set), and Crossword Editor displays thumbnails of puzzle templates in its greeter for users to create new puzzles from.</p> <div class="wp-block-image"><figure class="aligncenter size-large"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/crosswords_puzzle_picker_grid.png"><img alt="" class="wp-image-89" height="910" src="https://blogs.gnome.org/anonymoux47/files/2025/07/crosswords_puzzle_picker_grid-1024x910.png" width="1024" /></a><figcaption class="wp-element-caption">Crosswords&#8217; puzzle picker grid</figcaption></figure></div> <div class="wp-block-image"><figure class="aligncenter size-large"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/crossword_editor_greeter.png"><img alt="" class="wp-image-90" height="913" src="https://blogs.gnome.org/anonymoux47/files/2025/07/crossword_editor_greeter-1024x913.png" width="1024" /></a><figcaption class="wp-element-caption">Crossword Editorβs greeter</figcaption></figure></div> <p>Other than the game and editor, puzzles are also rendered by the <code>crosswords-thumbnailer</code> utility. This renders an entire puzzle layout by generating an SVG string containing both the layout items and overlays, and rendering/writing it to a PNG or SVG file. There is also my GSoC project, which ultimately aims to add support for printing puzzles in the game and editor.</p> <h2 class="wp-block-heading" id="the-problem">The Problem</h2> <p>Whenever a sizeable, yet practical number of puzzles are to be displayed at the same time, or in quick succession, there is a noticeable lag in the user interface resulting from the rendering of thumbnails. In other words, <strong>thumbnails take too long to render!</strong></p> <p>There are also <a class="external" href="https://gitlab.gnome.org/jrb/crosswords/-/merge_requests/223">ongoing efforts</a> to add thumbnails to the list view in the game, for every puzzle, but the current rendering facility just canβt cut it. As for printing, this doesnβt really affect it since itβs not particularly a performance-critical operation.</p> <h2 class="wp-block-heading" id="the-task">The Task</h2> <p>My task was to profile the puzzle rendering pipeline to determine what the bottleneck(s) was/were. We would later use this information to determine the way forward, whether it be optimising the slow stages of the pipeline, replacing them or eliminating them altogether.</p> <h2 class="wp-block-heading" id="the-rendering-pipeline">The Rendering Pipeline</h2> <p>The following is an outline of the main/top-level stages involved in rendering a puzzle from an IPUZ file to an image (say, an in-memory image buffer):</p> <ol class="wp-block-list"><li><strong>ipuz_puzzle_from_file():</strong> parses a file in the IPUZ format and returns an <code>IpuzPuzzle</code> object representing the puzzle.</li> <li><strong>grid_state_new():</strong> creates a <code>GridState</code> instance which represents the state of a puzzle grid at a particular instant, and contains a reference to the <code>IpuzPuzzle</code> object. This class is at the core of Crosswords and is pretty quick to instantiate.</li> <li><strong>grid_layout_new():</strong> creates a <code>GridLayout</code> instance (as earlier described) from the <code>GridState</code>.</li> <li><strong>svg_from_layout():</strong> generates an <strong>SVG string</strong> from the <code>GridLayout</code>.</li> <li><strong>svg_handle_from_string():</strong> creates an <code>RsvgHandle</code> (from <a class="external" href="https://gitlab.gnome.org/GNOME/librsvg">librsvg</a>) from the generated <strong>SVG string</strong> and sets a stylesheet on the handle, defining the colours of layout items and overlays.</li> <li><strong>rsvg_handle_render_document():</strong> renders the generated SVG onto a <a class="external" href="https://www.cairographics.org/">Cairo</a> surface (say, an image surface, which is essentially an image buffer), via a Cairo context.</li></ol> <h2 class="wp-block-heading" id="profiling">Profiling</h2> <p>To profile the rendering pipeline specifically, I wrote up a little program to fit my purposes, which can be found <a class="external" href="https://gitlab.gnome.org/-/snippets/7089">here</a> (<em>puzzle-render-profiler.c</em>).</p> <h3 class="wp-block-heading" id="the-attempt-with-sysprof">The Attempt with Sysprof</h3> <p>Initially, I used <a class="external" href="https://wiki.gnome.org/Apps/Sysprof">Sysprof</a>, executing the profiler program under it. Unfortunately, because Sysprof is a sampling profiler and probably also due to its system-wide nature, the results werenβt satisfactory. Also, the functions of interest arenβt long-running functions and each run only once per execution. So the results werenβt accurate enough and somewhat incomplete (missed many nested calls).</p> <p>Donβt get me wrong, Sysprof has its strengths and stands strong amongst profilers of its kind. I tried a couple of others, and Sysprof is the only one even worthy of mention here. Most importantly, Iβm glad I got to use and explore Sysprof. The next time I use it wonβt be my first!</p> <h3 class="wp-block-heading" id="using-callgrind">Using Callgrind</h3> <p><a class="external" href="https://valgrind.org/docs/manual/cl-manual.html">Callgrind</a> + QCachegrind is sincerely such a godsend!</p> <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"><p>Callgrind is a profiling tool that records the call history among functions in a program&#8217;s run as a call-graph. By default, the collected data consists of the number of instructions executed, their relationship to source lines, the caller/callee relationship between functions, and the numbers of such calls.</p></blockquote> <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"><p>QCachegrind is a GUI to visualise profiling data. It&#8217;s mainly used as a visualisation frontend for data measured by Cachegrind/Callgrind tools from the Valgrind package.</p></blockquote> <p>After a short while of reading through Callgrindβs manual, I pieced together the combination of options (not much at all) that I needed for the task, and the rest is a story of exploration, learning and excitement. With the following command line, I was all set.</p> <pre class="wp-block-code"><code>valgrind --tool=callgrind --toggle-collect=render_puzzle ./profiler puzzles/puzzle-sets/cats-and-dogs/doghouse.ipuz</code></pre> <p>where:</p> <ul class="wp-block-list"><li><code>valgrind</code> is the <a class="external" href="https://valgrind.org">Valgrind</a>.</li> <li><code>--tool=callgrind</code> selects the Callgrind tool to be run.</li> <li><code>--toggle-collect=render_puzzle</code> sets <code>render_puzzle</code>, the core function in the profiler program, as the target for Callgrindβs data collection.</li> <li><code>./profiler</code> is a symlink to the executable of the profiler program.</li> <li><code>puzzles/puzzle-sets/cats-and-dogs/doghouse.ipuz</code> is a considerably large puzzle.</li></ul> <p>I visualised Callgrindβs output in QCachegrind, which is pretty intuitive to use. My focus is the Call Graph feature, which helps to graphically and interactively analyse the profile data. The graph can also be exported as an image or DOT (a graph description format in the Graphviz language) file. The following is a top-level view of the result of the profile run.</p> <div class="wp-block-image"><figure class="aligncenter size-large"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/profile-top_level.png"><img alt="" class="wp-image-85" height="338" src="https://blogs.gnome.org/anonymoux47/files/2025/07/profile-top_level-1024x338.png" width="1024" /></a><figcaption class="wp-element-caption">Top-level profile of the rendering pipeline</figcaption></figure></div> <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"><p>Note that Callgrind measures the number of instructions executed, not exactly execution time, but typically, the former translates proportionally to the latter. The percentages shown in the graph are instruction ratios, i.e the ratio of instructions executed within each function (and its callees) to the total number of instructions executed (within the portions of the program where data was collected).</p></blockquote> <p>This graph shows that loading the generated SVG (<code>svg_handle_from_string</code>) takes up the highest percentage of time, followed by rendering the SVG (<code>rsvg_handle_render_document</code>). Note that the SVG is simply being rendered to an image buffer, so no encoding, compression, or IO is taking place. The call with the HEX number, instead of a name, simply calls <code>g_object_unref</code><strong>,</strong> under which dropping the <code>rsvg::document::Document</code> (owned by the <code>RsvgHandle</code>) takes the highest percentage. Probing further into <code>svg_handle_from_string</code> and <code>rsvg_handle_render_document</code>:</p> <div class="wp-block-image"><figure class="aligncenter size-large"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/profile-svg_handle_from_string.png"><img alt="" class="wp-image-82" height="856" src="https://blogs.gnome.org/anonymoux47/files/2025/07/profile-svg_handle_from_string-1024x856.png" width="1024" /></a><figcaption class="wp-element-caption">Profile of <code>svg_handle_from_string</code></figcaption></figure></div> <div class="wp-block-image"><figure class="aligncenter size-large"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/profile-rsvg_handle_render_document.png"><img alt="" class="wp-image-83" height="1024" src="https://blogs.gnome.org/anonymoux47/files/2025/07/profile-rsvg_handle_render_document-718x1024.png" width="718" /></a><figcaption class="wp-element-caption">Profile of <code>rsvg_handle_render_document</code></figcaption></figure></div> <p>The performance of <code>rsvg_handle_render_document</code> improves very slightly after its first call within a program due to some one-time initialisation that occurs in the first call, but it is almost insignificant.<strong> </strong>From these results, it can be seen that the root of the problem is beyond the scope of Crosswords, as it is something to fix in librsvg. My mentors and I thought it would be quicker and easier to replace or eliminate these stages, but before making a final decision, we needed to see real timings first. For anyone who cares to see a colourful, humongous call graph, be my guest:</p> <div class="wp-block-image"><figure class="aligncenter size-large"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/profile-fuller.png"><img alt="" class="wp-image-84" height="1024" src="https://blogs.gnome.org/anonymoux47/files/2025/07/profile-fuller-982x1024.png" width="982" /></a><figcaption class="wp-element-caption">Full (sort of) profile of the rendering pipeline</figcaption></figure></div> <h3 class="wp-block-heading" id="getting-real-timings">Getting Real Timings</h3> <p>The next step was to get real timings for puzzles of various kinds and sizes to make sense of Callgrindβs percentages, determine the relationship between puzzle sizes and render times, and know the maximum amount of time we can save by replacing or eliminating the SVG stages of the pipeline.</p> <p>To achieve this, I ran the profiler program over a considerably large collection of puzzles available to the GNOME Crosswords project and piped the output (it&#8217;s in CSV format) to a file, the sorted version of which can be found <a class="external" href="https://gitlab.gnome.org/-/snippets/7089">here</a> (<em>puzzle_render_profile-sorted_by_path.csv</em>). Then, I wrote a Python script (<em>visualize_results.py</em>), which can also be found at the same URL, to plot a couple of graphs from the results.</p> <div class="wp-block-image"><figure class="aligncenter size-large"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/time_vs_size.png"><img alt="" class="wp-image-81" height="576" src="https://blogs.gnome.org/anonymoux47/files/2025/07/time_vs_size-1024x576.png" width="1024" /></a><figcaption class="wp-element-caption">Time vs Puzzle size (width * height) <em>(lesser is better)</em></figcaption></figure></div> <div class="wp-block-image"><figure class="aligncenter size-large"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/time_vs_n_elements.png"><img alt="" class="wp-image-80" height="576" src="https://blogs.gnome.org/anonymoux47/files/2025/07/time_vs_n_elements-1024x576.png" width="1024" /></a><figcaption class="wp-element-caption">Time vs Number of layout elements (items + overlays) <em>(lesser is better)</em></figcaption></figure></div> <p>Both show a very similar profile from which I made the following deductions:</p> <ul class="wp-block-list"><li>Total render times increase almost linearly with puzzle size, and so do the component stages of the rendering pipeline. The exceptions (those steep valleys in the graphs) are puzzles with significant amounts of NULL cells, the corresponding layout items of which are omitted during SVG generation since NULL cells are not to be rendered.</li> <li>The stages of loading the generated SVG and rendering it take most of the time, significantly more than the other stages, just as the Callgrind graphs above show.</li></ul> <p>Below is a stacked bar chart showing the cumulative render times for all puzzles. Note that these timings are only valid relative to one another; comparison with timings from another machine or even the same machine under different conditions would be invalid.</p> <div class="wp-block-image"><figure class="aligncenter size-large"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/cumulative_render_times.png"><img alt="" class="wp-image-91" height="1024" src="https://blogs.gnome.org/anonymoux47/files/2025/07/cumulative_render_times-354x1024.png" width="354" /></a><figcaption class="wp-element-caption">Cumulative render times for all puzzles <em>(lesser is better)</em></figcaption></figure></div> <h2 class="wp-block-heading" id="the-way-forward">The Way Forward</h2> <p>Thankfully, the maintainer of librsvg, <a class="external" href="https://gitlab.gnome.org/federico">Federico Mena Quintero</a>, happens to be one of my mentors. He looked into the profiling results and ultimately recommended that we cut out the SVG stages (<code>svg_from_layout</code>, <code>svg_handle_from_string</code> and <code>rsvg_handle_render_document</code>) entirely and render using Cairo directly. For context, librsvg renders SVGs using Cairo. He also pointed out some specific sources of the librsvg bottlenecks and intends to fix them. The initial work in librsvg is in <a class="external" href="https://gitlab.gnome.org/GNOME/librsvg/-/issues/1178">!1178</a> and the MR linked from there.</p> <p>This is actually no small feat, but is already in the works (actually more complete than the SVG rendering pipeline is, at the point of writing this) and is showing great promise! I&#8217;ll be writing about this soon, but here&#8217;s a little sneak peek to keep your taste buds wet.</p> <div class="wp-block-image"><figure class="aligncenter size-large"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/timings_comparison.png"><img alt="" class="wp-image-92" height="508" src="https://blogs.gnome.org/anonymoux47/files/2025/07/timings_comparison-1024x508.png" width="1024" /></a><figcaption class="wp-element-caption">Comparison of the new and old render pipeline timings with puzzles of varying sizes <em>(lesser is better)</em></figcaption></figure></div> <figure class="wp-block-gallery aligncenter has-nested-images columns-default is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex"><figure class="wp-block-image size-full"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/doghouse-before.png"><img alt="" class="wp-image-94" height="512" src="https://blogs.gnome.org/anonymoux47/files/2025/07/doghouse-before.png" width="512" /></a><figcaption class="wp-element-caption">before</figcaption></figure> <figure class="wp-block-image size-full"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/doghouse-after.png"><img alt="" class="wp-image-96" height="512" src="https://blogs.gnome.org/anonymoux47/files/2025/07/doghouse-after.png" width="512" /></a><figcaption class="wp-element-caption">after</figcaption></figure><figcaption class="blocks-gallery-caption wp-element-caption">Render of <a class="external" href="https://gitlab.gnome.org/jrb/crosswords/-/blob/192cccb8d048d7403ee2d042fcddcce19fde17f8/puzzle-sets/cats-and-dogs/doghouse.ipuz">doghouse.ipuz</a></figcaption></figure> <figure class="wp-block-gallery aligncenter has-nested-images columns-default is-cropped wp-block-gallery-2 is-layout-flex wp-block-gallery-is-layout-flex"><figure class="wp-block-image size-full"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/catatonic-before.png"><img alt="" class="wp-image-93" height="512" src="https://blogs.gnome.org/anonymoux47/files/2025/07/catatonic-before.png" width="512" /></a><figcaption class="wp-element-caption">before</figcaption></figure> <figure class="wp-block-image size-full"><a href="https://blogs.gnome.org/anonymoux47/files/2025/07/catatonic-after.png"><img alt="" class="wp-image-95" height="512" src="https://blogs.gnome.org/anonymoux47/files/2025/07/catatonic-after.png" width="512" /></a><figcaption class="wp-element-caption">after</figcaption></figure><figcaption class="blocks-gallery-caption wp-element-caption">Render of <a class="external" href="https://gitlab.gnome.org/jrb/crosswords/-/blob/192cccb8d048d7403ee2d042fcddcce19fde17f8/puzzle-sets/cats-and-dogs/catatonic.ipuz">catatonic.ipuz</a></figcaption></figure> <p>I&#8217;ll leave you to figure it out in the meantime.</p> <h2 class="wp-block-heading" id="conclusion">Conclusion</h2> <p>Every aspect of the task was such a great learning experience. This happened to be my first time profiling C code and using tools like Valgrind and Sysprof; the majority of C code I had written in the past was for bare-metal embedded systems. Now, Iβve got these under my belt, and nothing is taking them away.</p> <p>That said, I will greatly appreciate your comments, tips, questions, and what have you; be it about profiling, or anything else discussed herein, or even blog writing (this is only my second time ever, so I need all the help I can get).</p> <p>Finally, but by far not the least important, a wise man once told me:</p> <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"><p>The good thing about profiling is that it can overturn your expectations :-)</p> <p>&#8212; <a class="external" href="http://hpjansson.org">H.P. Jansson</a></p></blockquote> <h2 class="wp-block-heading" id="thanks">Thanks</h2> <p>Very big thank yous to my mentors, <a class="external" href="https://gitlab.gnome.org/jrb">Jonathan Blandford</a> and <a class="external" href="https://gitlab.gnome.org/federico">Federico Mena Quintero</a>, for their guidance all through the accomplishment of this task and my internship in general. Iβve learnt a great deal from them so far.</p> <p>Also, thank you (yes, you reading) so much for your time. Till next timeβ¦ Anticipate!!!</p> <p></p></description><author>Toluwaleke Ogundipe</author><dc:creator>Toluwaleke Ogundipe</dc:creator><pubDate>Mon, 14 Jul 2025 19:10:10 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/anonymoux47/2025/07/14/profiling-crosswords-rendering-pipeline/</guid></item><item><title>Gedit Technology blog: Mid-July News</title><link>https://gedit-text-editor.org/blog/2025-07-14-mid-july-news.html</link><description><p> Misc news about the <a href="https://gedit-text-editor.org/">gedit</a> text editor, mid-July edition! (Some sections are a bit technical).</p> <h3>gedit 49 in preparation</h3><p> About version numbers: if all goes well, gedit 49 will match GNOME 49 and are expected for September! So gedit will be back on track to follow the GNOME version numbers. This is after some trials to <em>not</em> follow them, to release gedit versions when ready and more often, but at the end of the day this doesn't change much.</p> <h3>Gedit Development Guidelines</h3><p> I've written the <a href="https://gitlab.gnome.org/World/gedit/gedit/-/tree/master/docs/guidelines">Gedit Development Guidelines</a>, a series of small Markdown documents. It regroups the information in one place. It also documents stuff that needed to be written in commit messages, so to avoid repetition and to have more complete explanations, commit messages can now refer to the guideline documents.</p><p> Be warned that some of the gedit guidelines don't follow the more modern GNOME development practices. The rationales are clearly explained. In my humble opinion, what is deemed "modern" doesn't automatically make something better. (If you read this and <em>are</em> a developer of one of the modern things not used by gedit, take it as a user feedback, and remember that what truly matters is that the GTK development platform is still appreciated!).</p> <h3>Improved preferences</h3><p> <a href="https://gedit-text-editor.org/blog/images/2025-07-14/prefs-reset.png" target="_blank"><img alt="gedit screenshot - reset all preferences" src="https://gedit-text-editor.org/blog/images/2025-07-14/prefs-reset.png" width="250" /></a></p><p> <a href="https://gedit-text-editor.org/blog/images/2025-07-14/prefs-spell-checker.png" target="_blank"><img alt="gedit screenshot - spell-checker preferences" src="https://gedit-text-editor.org/blog/images/2025-07-14/prefs-spell-checker.png" width="250" /></a></p><p> There is now a "Reset All..." button in the Preferences dialog. And it is now possible to configure the default language used by the spell-checker.</p> <h3>Python plugins</h3><p> Most Linux distributions ship some older versions of some GNOME modules to make Python plugins in gedit (and other apps) still work. There has been some disturbances in the air, but my hope is that everything will be back to normal for GNOME 49.</p> <h3>File loading and saving</h3><p> There are some known issues with the file loading implementation, and I'm working on it.</p><p> About the old <code>iconv()</code> function, I've created a utility class called <a href="https://gitlab.gnome.org/World/gedit/libgedit-gtksourceview/-/blob/main/gtksourceview/file-loading-and-saving/gtksourceiconv.c" target="_blank">GtkSourceIconv</a> to (try to) tame the beast, except that the beast <em>cannot be fully tamed</em>, by design! Some aspects of its API are broken, and what I recommend for new code is to look at the libICU to see if it's better. (gtksourceiconv.c has a comment at the top with more details).</p><p> But instead of doing ground-breaking changes in the file loading and saving code (to switch to the libICU), I prefer a more incremental approach, and this means to still use <code>iconv()</code> (for the time being at least). The advantage is that incremental changes are directly useful and used; progress is made on gedit!</p><p> I attempted a while back a new implementation in libgedit-tepl (TeplEncoding, TeplFile, etc). The problem is that I created a different API, so switching the whole of gedit to it was more difficult. And the new implementation lacked several important features used by gedit.</p><p> Now I'm moving some of my experiments done in libgedit-tepl back to libgedit-gtksourceview, because it's the latter (GtkSourceEncoding, GtkSourceFile, etc) that is used by gedit's file loading and saving machinery. libgedit-gtksourceview doesn't guarantee a stable API, and I consider it part of gedit, so it's more <em>malleable code</em> :-)</p></description><author>Gedit Technology blog</author><dc:creator>Gedit Technology blog</dc:creator><pubDate>Mon, 14 Jul 2025 10:00:00 GMT</pubDate><guid isPermaLink="true">https://gedit-text-editor.org/blog/2025-07-14-mid-july-news.html</guid></item><item><title>Philip Withnall: GUADEC handbook</title><link>https://tecnocode.co.uk/2025/07/12/guadec-handbook/</link><description><p>I was reminded today that I <a href="https://gitlab.gnome.org/pwithnall/guadec-handbook">put together some notes last year</a> with peopleβs feedback about what worked well at the last GUADEC. The idea was that this could be built on, and eventually become another part of the GNOME handbook, so that we have a good checklist to organise events from each year.</p> <p>Iβm not organising GUADEC, so this is about as far as I can push this proto-handbook, but if anyone wants to fork it and build on it then please feel free.</p> <p>Most of the notes so far relate to A/V things, remote participation, and some climate considerations. Obviously a lot more about on-the-ground organisation would have to be added to make it a full handbook, but itβs a start.</p></description><author>Philip Withnall</author><dc:creator>Philip Withnall</dc:creator><pubDate>Sat, 12 Jul 2025 16:25:38 GMT</pubDate><guid isPermaLink="true">https://tecnocode.co.uk/2025/07/12/guadec-handbook/</guid></item><item><title>Ignacy KuchciΕski: Digital Wellbeing Contract</title><link>https://blogs.gnome.org/ignapk/2025/07/11/digital-wellbeing-contract/</link><description><p>This month I have been accepted as a contractor to work on the Parental Controls frontent and integration as part of the Digital Wellbeing project. I&#8217;m very happy to take part in this cool endeavour, and very grateful to the GNOME Foundation for giving me this opportunity &#8211; special thanks to Steven Deobald and Allan Day for interviewing me and helping me connect with the team, despite our timezone compatibility <img alt="π" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f609.png" style="height: 1em;" /></p><p>The idea is to redesign the Parental Controls app UI to bring it on par with modern GNOME apps, and integrate the parental controls in the GNOME Shell lock screen with collaboration with gnome-control-center. There also new features to be added, such as Screen Time monitoring and setting limits, Bedtime Schedule and Web Filtering support. The project has been going for quite some time, and there has been a lot of great work put into both designs by Sam Hewitt and the backend by Philip Withnall, who&#8217;s been really helpful teaching me about the project code practices and reviewing my MR. See the designs in the <a class="external" href="https://gitlab.gnome.org/Teams/Design/app-mockups/-/issues/118#note_2449797">app-mockups ticket</a> and the <a class="external" href="https://gitlab.gnome.org/Teams/Design/os-mockups/-/issues/271#note_2445908">os-mockups ticket</a>.</p><p>We started implementing the design mockup MVP for Parental Controls, which you can find in the app-mockup ticket. We&#8217;re trying to meet the GNOME 49 release deadlines, but as always it&#8217;s a goal rather than certain milestone. So far we have finished the redesign of the current Parent Controls app without adding any new features, which is to refresh the UI for unlock page, rework the user selector to be a list rather than a carousel, and changed navigation to use pages. This will be followed by adding pages for Screen Time and Web Filtering.</p><figure class="wp-caption aligncenter" id="attachment_82" style="width: 590px;"><img alt="" class="wp-image-82 size-full" height="630" src="https://blogs.gnome.org/ignapk/files/2025/07/Screenshot-From-2025-07-11-16-11-56.png" width="590" /><figcaption class="wp-caption-text" id="caption-attachment-82">Refreshed unlock page</figcaption></figure><figure class="wp-caption aligncenter" id="attachment_83" style="width: 590px;"><img alt="" class="size-full wp-image-83" height="630" src="https://blogs.gnome.org/ignapk/files/2025/07/Screenshot-From-2025-07-11-16-12-23.png" width="590" /><figcaption class="wp-caption-text" id="caption-attachment-83">Reworked user selector</figcaption></figure><figure class="wp-caption aligncenter" id="attachment_84" style="width: 590px;"><img alt="" class="size-full wp-image-84" height="630" src="https://blogs.gnome.org/ignapk/files/2025/07/Screenshot-From-2025-07-11-16-13-13.png" width="590" /><figcaption class="wp-caption-text" id="caption-attachment-84">Navigation using pages, Screen Time and Web Filtering to be added</figcaption></figure><p>I want to thank the team for helping me get on board and being generally just awesome to work with <img alt="π" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f600.png" style="height: 1em;" /> Until next update!</p></description><author>Ignacy KuchciΕski</author><dc:creator>Ignacy KuchciΕski</dc:creator><pubDate>Fri, 11 Jul 2025 16:53:06 GMT</pubDate><guid isPermaLink="true">https://blogs.gnome.org/ignapk/2025/07/11/digital-wellbeing-contract/</guid></item></channel></rss>
