Upgrade for KDE neon Security Issue

Last month we moved the neon archive to a new server so packages got built on our existing server then uploaded to the new server.  Checking the config it seemed I’d made the nasty error of leaving it open to the world rather than requiring an ssh gateway to access the apt repository, so anyone scanning around could have uploaded packages.  There’s no reason to think that happened but the default in security is to be paranoid for any possibility.  The security advisory is out, the archives have been wiped and all packages in User rebuilt so upgrade now to get the new package builds, or for extra security do a reinstall.  The new User Edition ISO is out and I’ll update the website once that gets mirrored enough.  Developer Editions packages are being rebuild now and go directly into the archives so you should start seeing those appear shortly as they are built. Sorry for the hassle folks, you wouldn’t want us to just hide it I’m sure.

 

Facebooktwittergoogle_pluslinkedinby feather

Appstream Generated

Appstream has had a long history of getting its very sensible features into the hands of users. It’s an XML format which describes applications so that projects such as KDE can ship files with their apps which give a name, description, translations of this and pretty screenshots.

The first step is getting the Appstream metainfo files into the applications. KDE has this in many places but not all, if you spot an application please add one. It’s been supported in Extra CMake Modules for a while but the install directly changed recently just to confuse matters.

Then your archive has to extract the appstream files, in Neon we use Appstream Generator written by the Appstream master Matthias Klumpp and Harald set up some time ago but it broke last month.  That meant we had to update to a new version so Scarlett had to add a load of new packages to Neon to get Appstream Generator to build and I had to work out how to debug D to convince it to work. Then we moved our archive to a new server for space and because it was fun so parts of the job which runs it had to been rewritten to work remotely.  Finally there’s a pesky bug which means it looks at the oldest package not the newest one so any problems with the Appstream files stay around forever.  So for now I deleted old packages.

So at least you can install Minuet from Discover, it gained an appstream file back in 16.04 but it was broken so we had to wait for 16.08 to get a working one.

discover-minuet

But wait, this infrastructure for package managers is fiddly. Discover is showing the most popular installed app as Dilbert cartoons, which makes no sense.  Turns out the popcon data for applications is made using fancy Docker scripts on an obscure server we’ve largely forgotten about but Cron doesn’t like Docker and doesn’t let it output anything when running even though the same command works fine when run manually.  So I regenerated the popcon data manually in the hope we can work out how to cron it later on.  And finally Discover is back showing popular apps and all the latest ones at that.  Sorry for the delay folks.

discover-popcon

Getting it to work in Neon developer editions is future work I fear.

 

Facebooktwittergoogle_pluslinkedinby feather

KDE 1 neon LTS Released: 20 Years of Supporting Freedom

To celebrate KDE’s 20th birthday today, the great KDE developer Helio Castro has launched KDE 1, the ultimate in long term support software with a 20 year support period.

KDE neon has now, using the latest containerised continuous integration technologies released KDE1 neon Docker images for your friendly local devop to deploy.

Give it a shot with:

apt install docker xserver-xephyr
adduser <username> docker
<log out and in again>
Xephyr :1 -screen 1024×768 &
docker pull jriddell/kde1neon
docker run -v /tmp/.X11-unix:/tmp/.X11-unix jriddell/kde1neon

(The Docker image isn’t optimised at all and probably needs to download 10GB, have fun!)

Facebooktwittergoogle_pluslinkedinby feather

Plasma 5.8 LTS now in KDE neon, Time to Look Again at Comprehensive Features; Gwenview Plugins Install

Plasma 5.8 LTS has been released, it’s time now to look again at Plasma’s comprehensive features.  Chris From the Linux Action Show voiced our Plasma 5.8 video so you can review the comprehensive features we’ve been polishing for the last couple of years and the shiny new ones in this release to make a desktop we’re proud to advocate to enthusiasts, home users, businesses and developers alike.


The KDE neon builders have been firing away this afternoon and Plasma 5.8 LTS is now available in the User Edition archive.  If you don’t already have KDE neon installed you can grab the latest User Edition ISO to install it on your hard disk.


A feature I’ve been wanting for ages in KDE is the ability to install plugins from within the application.  This was made more urgent when we added Gwenview in KDE neon and had to choose between either an empty Plugins menu or adding a dependency on Kipi Plugins which brought in Konqueror and several KDElibs 4 tools.

So I got round to coding the feature based on discussions I’d had previously and work on the Samba browser in Dolphin I’d done before.  Using Packagekit and Appstream libraries directly to find the package and install it.  But some reviewers convinced me to use an external app to care about the install.  So now all Gwenview does it launch the Appstream URL and wait until a plugin gets installed.  In Plasma’s case that means Discover starts up and uses Packagekit or whatever backend it’s set up with to install Kipi Plugins.  A nice bit of integration there. Future work would be to put this functionality in Kipi Plugins directly so all apps can use it without much effort.  Where else can KDE apps benefit from being able to install addons within the app?

Gwenview’s Kipi plugins installer now in master

 

Facebooktwittergoogle_pluslinkedinby feather

In Defence for Permissive Licences; KDE licence policy update

In free software there’s a disappointing number of licences which are compatible in some cases and not in others.  We have a licence policy in KDE which exists to try to keep consistency of licences to ensure maximum re-usability of our code while still ensuring it remains as free software and companies can’t claim additional restrictions which do not exist on code we have generously licenced to them.

Our hero and (occasional chauvinist god character) Richard Stallman invented copyleft and the GNU GPL to ensure people receiving Free code could not claim additional restrictions which do not exist, if they did they lose the right to copy the code under that licence.

An older class of licence is the Permissive Licences, these include the BSD licence, MIT licence and X11 licences, each of which have multiple variants all of which say essentially “do whatever you like but keep this copyright licence included”.  They aren’t maintained so variants are created and interpretations of how they are applied in practice vary without an authority to create consensus.  But they’re short and easy to apply and many many projects are happy to do so.  However there’s some curious misconceptions around them.  One is that it allows you to claim additional restrictions to the code and require anyone you pass it onto to get a different licence from you.  This is nonsense, but it’s a myth which is perpetrated by companies who want to abuse other people’s generosity in licences and even by groups such as the FSF or SFLC who want to encourage everyone to use the GNU GPL.

Here’s the important parts of the MIT licence (modern variant)

Permission is hereby granted...
to deal in the Software without restriction...
subject to the following conditions:
The above copyright notice and this permission notice shall be include

It’s very clear that this does not give you licence to remove the licence, anyone who you pass this software on to, as source or binary or other derived form, still needs to have the same licence.  You don’t need to pass on the source code if it’s a binary, in which case it’s not free software, but you still need to pass on this licence.  It’s unclear if the licence is for patents as well as copyright but chances are it is.  You can add your own works to it and distribute that under a more restricted licence if you like, but again you still need to pass on this licence for the code you received it as.  You can even sublicence it, make a additional licence with more restrictions, but that doesn’t mean you can remove the Free licence, it explicitly says you can not.  Unlike the GPL there’s no penalty for breaking the licence, you can still use the licence if you want and in theory the copyright holder could sue you but in practice it’s just a lie and nobody will call you out and many people will even believe your lie.

Techy lawyer Kyle E. Mitchell has written an interesting line by line examination of the MIT licence which it’s well worth reading.  It’s a shame there’s no authority to stand up for these licences and most people who use such licences do so because they don’t much are about people making claims over their code.  But it’s important that we realise it doesn’t allow any such claims and it remains Free software no matter who’s servers it happens to have touched on its way to you.


I’m currently proposing some updates to the KDE licencing policy.  I’d like to drop use of the unmaintained FDL in docs and wikis in favour of Creative Commons ShareAlike Attribution 4.0 which is created for international use, well maintained, and would allow sharing text into our code (it’s compatible with GPL 3) and from Wikipedia and other wikis (which are CC 3).  Plus some other changes like allowing AGPL for web services.

Discussion on kde-community mailing list.

Diff to current.

 

Facebooktwittergoogle_pluslinkedinby feather

Plasma Wayland ISO Now Working on VirtualBox/virt-manager

I read that Neon Dev Edition Unstable Branches is moving to Plasma Wayland by default instead of X.  So I thought it a good time to check out this week’s Plasma Wayland ISO. Joy of joys it has gained the ability to work in VirtualBox and virt-manager since last I tried.  It’s full of flickers and Spectacle doesn’t take screenshots but it’s otherwise perfectly functional.  Very exciting 🙂

 

Facebooktwittergoogle_pluslinkedinby feather

Andy Jackson Fund for Access 2015

There’s still no information on the web of the highly spoken about but little visible charity Andy Jackson Fund for Access.  My last request in 2014 showed a little active charity receiving money from the Whitewater and Touring guidebooks, receiving money from one grant that didn’t happen and giving a couple of grants out for projects.

I sent off for the current latest annual report and accounts which came promptly back.

The 2015 accounts show income from books, £358 in year ending 2014 and £1145 in year endings 2015.  They show zero outgoings.  There’s £13,000 in the bank account sitting doing nothing at all.

The trustees are the same as in my previous request.

There’s also a report from an independent examiner for the year ending 2014.  Maybe the one for year endings 2015 hadn’t been done yet (it’s required for all charities).  This says that no matter came to the attention of the examiner to suggest the requirements have not been met.

There’s also a note at the bottom of this page which says the fund has supported the building of a footpath on the Orchy for £5000 and is offering support for steps at Luncarty for £600.  The Orchy footpath was reported in places at the end of last year such as this Forestry Commission article. However there’s no indication of the £5000 in the accounts.  Was it not needed in the end?  There’s also no indication of the £600 for steps at Luncarty so I presume this hasn’t gone ahead yet.

I do wonder what could be done with £13,000 to help canoeing access in Scotland.  A staff member could be paid for a day or two a week to do something, but it would need some oversight on what.

Anyone who is interested in how canoeing is funded in Scotland should also look at the financial report which the SCA has on their Self Service website by my dearest dad, it gives a really good summary for the first time of how’s the SCA’s activities are funded.  I’m also pleased to see the SCA committees are being put on a more formal basis with terms of reference and people being asked to help which I haven’t seen happen before.  Maybe next year I’ll have the energy to help in some interesting way.

 

 

Facebooktwittergoogle_pluslinkedinby feather

KDevelop, Muon, Plasma 5.7.4

To celebrate the release of KDevelop 5 we’ve added KDevelop 5 to KDE neon User Edition.  Git Stable and Git Unstable builds are also in the relevant Developer Editions.

But wait.. that’s not all.. the package manager Muon seem to have a new maintainer so to celebrate we added builds in User Edition and Git Unstable Developer Edition.

Plasma 5.7.4 has been out for some time now so it’s well past time to get it into Neon, delayed by a move in infrastructure which caused the entire repository to rebuild.  All Plasma packages should be updated now in KDE neon User Edition.

Want to install it? The weekly User Edition ISO has been updated and looks lovely.

Facebooktwittergoogle_pluslinkedinby feather

Plasma Release Schedule Updated

I’ve made some changes to the Plasma 5.8 release schedule.  We had a request from our friends at openSUSE to bring the release sooner by a couple of weeks so they could sneak it into their release and everyone could enjoy the LTS goodness.  As openSUSE are long term supporters and contributors to KDE as well as patrons of KDE the Plasma team chatted and decided to slide the dates around to help out.  Release is now on the first Tuesday in October.

 

Facebooktwittergoogle_pluslinkedinby feather

Neon News: Frameworks 5.25, Kontact in Dev Editions, Maui bases on Neon

Things move fast in the land of Neon light.

Today KDE Frameworks 5.25 was added to Neon User edition.  KDE’s selection of Qt addon libraries gets released every month and this update comes with a bunch of fixes.

Finally Kontact has built in Developer Editions, apologies to those who had a half installed build for a while, you should now be able to install all of KDE PIM and get your e-mail/calendar/notes/feed reader/a load of other bits.  Suggestions now taken for what I should add next to Neon builds.

And in free software you are nobody until somebody bases their project off yours.  Yesterday Maui Linux released its new version based off KDE neon.  Maui was previously the distro used for Hawaii Qt Desktop but now it’s Plasma all the way and comes from the Netrunner team with a bunch of customisations for those who don’t appreciate Neon’s minimalist default install.

Maui Linux based off Neon
Facebooktwittergoogle_pluslinkedinby feather

Your New Monospace Font: Hack

A few cycles ago the VDG asked for the default Plasma font to be changed from Oxygen, a custom made but poorly maintained font for Plasma, to Noto.  Noto is a Google project which is intended to provide complete Unicode coverage.  It is based off Google’s Droid font for Latin and some other fonts for other scripts.  But it lacked a monospace font which is important to us hackers who likes to use a console and write code in it.

Annoyingly all fonts are poorly organised in interesting and mysterious ways.  In the case of Noto people think there’s a mono font because there does exist Noto Mono CJK but of course that’s only for oriental languages.  But search around a bit more and the Mono font is in the Git repository where it was committed at the start of the year only it’s not available in the download options on the website.  Some distros package it straight from Git because the website download is incomplete but then some don’t.  But trying it out a problem cropped up, there’s no Bold variant of the font which is used for highlighting in Kate and to some extent in consoles.

Looking around Adobe has Source Code Pro, a freely licenced font that contains all the goodness but many distros don’t package it.  The tools used to create it are non-free but for fonts I’ve never seen a package which actually compiles the font from source.  Even if the tools are free they’re as bad with their release management as you can imagine: for years Font Forge’s maintained website wasn’t findable with Google.  When I was doing the build system of Oxygen Font I had an option to use Font Forge but the default was just to copy the TTF files directly.  A TTF file can be opened and edited so it can be considered a “preferred modifiable form” which is what free software distros need to ship it.  Regardless if there’s no packages then it won’t get used so Source Code Pro isn’t an option.

Which is when a nice Debian spod pointed out Hack, an openly developed font using widely supported formats and tools based off Bitstream and DejaVu’s earlier work.  It supports lots of scripts, has bold and Italics and is widely packaged.  So I updated Plasma Integration, the Qt plugin to make Qt stuff look like Plasma stuff, to use Hack.  I also added kconf-update scripts to update old apps to Hack: Plasma’s new monospace font, coming in Plasma 5.8.

How Hack looks in Kate with source code

And for comparison, Oxygen Mono and Noto Mono without bold.

 

Facebooktwittergoogle_pluslinkedinby feather

Neon Updates – KDE Network, KDE Applications

Not a great week for Neon last week.  I server we used for building packages on filled up limiting the work we could do and then a patch from Plasma broke some people’s startup and they were faced with a dreaded black screen.  Apologies folks.

But then magically we got an upgrade to the server with lots of nice new disk space and the problem patch was reverted so hopefully any affected was able to upgrade again and recover.

So I added some KDE Network bits and rebuilt the live/installable ISO images so they’re all updated to Applications 16.04.3 in User Edition.  And Applications forked so now Dev Edition Stable Branches uses the 16.08 Beta branches and you can try out lots of updated apps.  And because the developer made a special release just for us and wears cute bunny ears I added in Konversation to our builds for good old fashioned IRC chit chat (none of your modern Slacky/Telegram/Web2.0 protocols here).

Facebooktwittergoogle_pluslinkedinby feather

Plasma 5.8 LTS Kickerd Off for Stability and Performance

Plasma 5.8 has its Kickoff meeting yesterday and we Kickered the plans into shape.  The big news is it’ll be an LTS release with bugfix releases coming out for 18 months after the .0.  This matches Qt 5.6 which is also on an LTS schedule and we’ll still to 5.6 as the minimum Qt version for Plasma 5.8 LTS.  Full schedule on wiki.

As an LTS cycle we will focus on stability and performance for the 5.8 release.

The exception is for work on Wayland which won’t get LTS support but we do hope to be feature complete in time for the 5.8 release in October.

We went over the Plasma To Do board and tidied it up and added some new items.

And you can look forward to talks at Akademy by David and other Plasma developers, plus BoF sessions through the week.

To help out with Plasma developing say hi in #plasma on Freenode.

 

Facebooktwittergoogle_pluslinkedinby feather

KDE neon Adds KDE Games

Are you feeling too productive in your day?  Then try the latest addition to KDE Neon!  I’ve added the KDE Games applications to our repositories.  16.04.2 for User Edition, or the relevant Git branch for Developer Editions.
apt install bomber bovo granatier kapman katomic kblackbox kblocks kbounce kbreakout kdiamond kfourinline killbots kiriki kjumpingcube klickety klines kmahjongg kmines knavalbattle knetwalk kollision kpat kshisen ksquares ktuberling picmi

Gaun try them aa.

Facebooktwittergoogle_pluslinkedinby feather