Doing HTTP operations with Qt is relatively straightforward, but there are also a few pitfalls, unexpected default settings and low-hanging performance improvements around it worth keeping in mind.

Delete replies

The most common and most easily to make mistake when working with QNetworkAccessManager is probably missing to delete finished replies, and thus leaking reply objects over time. Make sure to call deleteLater() on the QNetworkReply instances in response to their finished() signal.

QNetworkReply *reply = ...
connect(reply, &QNetworkReply::finished, this, [reply]()) {
    reply->deleteLater();
    ...
});

Use transport security

That is, use URLs starting with https: rather than http:. That might sound obvious, but the little s is easy to miss.

So, pay extra attention to hardcoded URLs and think about how to deal with URLs taken from user input. In the best case the https: scheme can just be enforced unconditionally, but that might not be viable everywhere.

Minimize QNetworkAccessManager instances

You don’t need a QNetworkAccessManager per request, in theory one is enough. In practice you might end up with one per thread (e.g. in case of QML), but more than that should have a good justification.

There’s two reasons for this:

• QNetworkAccessManager contains logic for request queuing and network connection reuse, which is bypassed by using multiple instances, so you are missing out on useful optimizations.
• More instances increase the risk of missing important setup and configuration on one of them (see below), centralizing instance creation in one location is therefore usually a good idea

This also implies that you generally want to prefer QNetworkReply signals over QNetworkAccessManager signals for handling results or errors. This avoids interference when a QNetworkAccessManager is used by other components as well. It’s also worth checking whether components which do HTTP requests internally can use an externally provided QNetworkAccessManager instance. The QML engine is a common example (see QQmlNetworkAccessManagerFactory).

Redirection

Looking at properly setting up a QNetworkAccessManager instance, the most common issue is probably the redirection behavior, something that has caused us quite some operational headaches in the past. Rather unintuitively, in Qt 5 redirection is disabled by default.

auto nam = new QNetworkAccessManager(this);
nam->setRedirectPolicy(QNetworkRequest::NoLessSafeRedirectPolicy);

Starting with Qt 6, the redirection behavior NoLessSafeRedirectPolicy is the default.

HTTP Strict Transport Security (HSTS)

Another thing you probably want to enable in practically all cases is HTTP Strict Transport Security (HSTS). This involves managing persistent state, so this not just needs to be enabled, but also needs a storage location.

auto nam = new QNetworkAccessManager(this);
nam->setStrictTransportSecurityEnabled(true);
nam->enableStrictTransportSecurityStore(true, QStandardPaths::writableLocation(QStandardPaths::CacheLocation) + QLatin1String("/hsts/"));

For applications QStandardPaths::CacheLocation is a good default, for shared components/libraries QStandardPaths::GenericCacheLocation might be more appropriate so the HSTS state is shared among all users.

SSL error handling

Transport security errors are fatal by default, and that is usually what you want. One exception from this are self-signed server certificates, but thanks to Let’s Encrypt that has become increasingly uncommon as well.

If self-signed certificated need to be supported, QNetworkAccessManager unfortunately makes it very easy to just ignore all possible SSL errors, rather than just accept the unknown server certificate signature. KIO::SslUI has methods to help with that, including asking for user-confirmation and persisting choices.

QNetworkReply *reply = ...
connect(reply, &QNetworkReply::sslErrors, this, [reply](const QList<QSslError> &errors) {
    KSslErrorUiData errorData(reply, errors);
    if (KIO::SslUi::askIgnoreSslErrors(errorData)) {
        reply->ignoreSslErrors();
    }
});

Disk cache

By default QNetworkAccessManager doesn’t do any caching, every reply comes from a full request to the server. It’s however possible to enable the use of HTTP caching and have a persistent on disk cache for this.

Whether or not that makes sense needs to be looked at on a case-by-case basis though. Using real-time data or API (e.g. KPublicTransport) or having higher-level caching (e.g. KWeatherCore, KOSMIndoorMap) might not benefit from that, read-only assets used over a longer period of time on the other hand are ideal (e.g. avatar images in Tokodon).

auto nam = new QNetworkAccessManager(this);
auto diskCache = new QNetworkDiskCache(nam);
diskCache->setCacheDirectory(QStandardPaths::writableLocation(QStandardPaths::CacheLocation) + QLatin1String("/http/"));
nam->setCache(diskCache);

The same considerations for the storage locations as for the HSTS state apply here as well.

Does this matter?

For the security-related aspects I hopefully don’t have to argue why we should care, so let’s just look at the impact of disk caches. Here are some numbers:

• Caching the conference list for Kongress cut down the transfer volume per application start by about 20%.
• Adding a disk cache to Tokodon reduced transfer volume on a “warm” start by up to 80%.

How much can be saved varies greatly depending on the specific application, but it’s clearly worth looking into.

This week I’d like to highlight a particular 15-minute bug that got fixed: When Discover shows you significant error messages, they now take the form of normal dialogs rather than tiny little overlays at the bottom of the screen that disappear after a few seconds. And it should now show you fewer un-actionable error messages in general too! These major improvements were contributed by Jakub Narolewski and Aleix Pol Gonzalez, and will show up in Plasma 5.27. Thanks guys!

But that’s not all! There was a lot of work on other significant bugs too, and we managed to knock out several, in addition to landing some welcome features and fixes:

New Features

System Monitor (and widgets of the same name) can now detect and monitor power usage for NVIDIA GPUs (Pedro Liberatti, Plasma 5.27. Link)

You can now show the current temperature in a badge overlay on the Weather widget’s icon–both outside of the System Tray and also for the System Tray version of it! (Ismael Asensio, Plasma 5.27. Link):

User Interface Improvements

Okular’s scroll speed when using a touchpad is now significantly faster, and should generally match the speed at which everything scrolls when using a touchpad (Eugene Popov, Okular 23.04. Link)

In Discover’s Task Progress sheet, the progress bars are now much more visible and not obscured by a pointless background highlight effect (me: Nate Graham, Plasma 5.26.4. Link):

When changing songs/tracks and the Plasma Media Player widget is visible, there’s no longer a brief flicker that reveals the icon of the app playing the media (Fushan Wen, Plasma 5.26.4. Link)

A better error message is now shown when the Bluetooth file transfer service fails to start (Fushan Wen, Plasma 5.27. Link)

Discover will no longer attempt to check for updates when using a metered internet connection Bernardo Gomes Negri, Plasma 6. Link)

Other Significant Bugfixes

(This is a curated list of e.g. HI and VHI priority bugs, Wayland showstoppers, major regressions, etc.)

When Konsole is launched after changing the display layout, its main window is no longer absurdly small (Vlad Zahorodnii, Konsole 22.12. Link)

Elisa should no longer stutter occasionally during playback (Roman Lebedev, Elisa 23.04. Link)

When using Latte Dock in the Plasma Wayland session, various windows and Plasma pop-ups are no longer mis-positioned (David Redondo, Latte Dock 0.10.9. Link)

In the Plasma Wayland session, Plasma should no longer sometimes randomly crash when you move the cursor over a Plasma panel (Arjen Hiemstra, Plasma 5.26.4. Link)

When Kickoff is configured to use the default list item size, apps that live in the categories sidebar such as Help Center no longer have an awkwardly large icon (me: Nate Graham, Plasma 5.26.4. Link)

KWin now honors the “Panel Orientation” property that the kernel can set for screens, which means that many different types of devices that need the screen to be rotated by default will now have that done automatically (Xaver Hugl, Plasma 5.27. Link)

Various Plasma UI elements once again have the correct size in the Plasma X11 session when not opting into using Qt scaling (Fushan Wen, Frameworks 5.100.1. Link)

Other bug-related information of interest:

• 10 Very high priority Plasma bugs (down from 11 last week). Current list of bugs
• 50 15-minute Plasma bugs (down from 51 last week). Current list of bugs
• 137 KDE bugs of all kinds fixed this week. Full list of bugs

Automation & Systematization

Wrote a new “Welcome to KDE” page which will also be linked to in our new Welcome Center app that will debut in Plasma 5.27 (me: Nate Graham)

…And everything else

This blog only covers the tip of the iceberg! If you’re hungry for more, check out https://planet.kde.org, where you can find more news from other KDE contributors.

How You Can Help

If you’re a developer, check out our 15-Minute Bug Initiative. Working on these issues makes a big difference quickly! Otherwise, have a look at https://community.kde.org/Get_Involved to discover ways to be part of a project that really matters. Each contributor makes a huge difference in KDE; you are not a number or a cog in a machine! You don’t have to already be a programmer, either. I wasn’t when I got started. Try it, you’ll like it! We don’t bite!

Finally, consider making a tax-deductible donation to the KDE e.V. foundation.

Ever since work on NeoChat has started in 2020, the most requested feature has been support for end-to-end (E2EE) encrypted rooms. Unfortunately, while libQuotient, the library NeoChat uses for dealing with the Matrix protocol, had some pre-existing support for E2EE, it was not in a functional state at that time and was thus not enabled by default.

History

Early in 2021, Carl and I were made aware of NLnet, a dutch foundation that sponsors many open source projects, and decided to apply for some funding there to expedite the development process. Fortunately, the application process at NLnet is very light-weight, so there isn’t a lot of risk involved in applying for funding. A while after sending our application, NLnet got back to us with the good news that they would indeed be funding E2EE work for NeoChat and libQuotient.

The actual development work started with creating Qt-Style bindings for libOlm, the library that provides implementations of the cryptographic functions required for implementing end-to-end encryption in matrix. Most of this work was done by Carl and is now merged into libQuotient.

Building on this foundation, we implemented support for reading and sending encrypted messages into libQuotient. This includes support for all of the different types like texts, images, files, audio and others. By integrating this into libQuotient, this is almost completely transparent to the actual application, meaning that for the most part, app developers building on top of libQuotient do not need to do extra work for supporting E2EE. There are some parts, like loading images and notifications, that will need slight adaptions from how they were implemented before supporting E2EE. If you, as an app developer, have questions about those, come talk to us in #quotient:matrix.org.

The last part of end-to-end encryption that has been implemented so far is device verification. Device verification allows users to verify that their devices are actually who they claim they are and are not subject to, for example, a man-in-the-middle attack.

What works right now

For this to work, you need to use a dev-branch build of libQuotient with the correct build flags and a build of NeoChat from the master branch. (You will not find the correct versions of libQuotient or NeoChat in your package manager yet; if you do, please tell the packagers not to ship them yet 😃).

NeoChat can show new messages in all of your encrypted rooms and send useful notifications for them. It can also send all types of messages in those rooms, including through the Quick-Reply feature KNotifications offers on some platforms.

You can also verify your other devices by comparing emojis. This can be started either from a different client or from NeoChat’s device settings page.

There is one known bug that sometimes causes the first message sent from a megolm session (this typically means the first message sent from a specific device) to not be decryptable. This is purely a UI bug and restarting NeoChat should fix it. This is actually a bug in Qt that will hopefully be fixed upstream soon.

Coming soon

The immediate next step is releasing version 0.7 of libQuotient, which will contain all of the previously mentioned features. We’re currently in a phase of several beta releases for this, which means that the final release will be coming very soon. At that point, distros will be able to start shipping E2EE-enabled versions of libQuotient and NeoChat. (At this point i should probably mention that this is still not the most mature work and will thus not be enabled by default 😃)

Next steps

The next features we will implement are:

• Cross-signing, which allows users to verify the identity of other users in a simple way.
• Recovery from undecryptable messages, building on the previous device verification work
• Secure Secret Storage and Sharing (SSSS), which is a method of securely storing encryption keys server-side, which allows us to load existing messages on a new device.
• By this time, the matrix community will have probably come up with more amazing things to implement 😃

Special Thanks

• NLnet, for funding this work (Sorry for taking so long!)
• Alexey Rusakov, maintainer of libQuotient, for spending a lot of his time reviewing my merge requests and a lot of the rest of his time working on libQuotient in general
• Carl Schwan, for reviewing all of my merge requests and working on NeoChat in general
• James & Jan, for reporting a lot of bugs, fixing a lot of bugs and adding many new features & improvements
• Everybody else who uses & tests NeoChat, reports bugs, fixes bugs, implements features, …

Lessons learned

• Implementing end-to-end encryption is hard
• It is also a lot of fun :)
• Applying for an NLnet grant is easy, you should do it

Getting involved

There’s always more things to do in NeoChat. Come talk to us in #neochat:kde.org and have a look at community.kde.org/Get_Involved.

Let’s go for my web review for the week 2022-46. With all the turmoil in the social media space, this looks a bit like a special edition on this topic (more links to articles related to that than usual).

Microsoft “irreparably damaging” EU’s cloud ecosystem, industry group claims | Ars Technica

Tags: tech, microsoft, cloud, vendor-lockin

More anti-trust pressure coming toward Microsoft. Let’s see how it goes.

https://arstechnica.com/tech-policy/2022/11/microsoft-irreparably-damaging-eus-cloud-ecosystem-industry-group-claims/

Infosys leaked FullAdminAccess AWS keys on PyPi for over a year | Tom Forbes

Tags: tech, security

Shady practices clearly… don’t commit secrets in repositories. There are even tools to check this doesn’t happen.

https://tomforb.es/infosys-leaked-fulladminaccess-aws-keys-on-pypi-for-over-a-year/

“When We All Have Pocket Telephones”: A 1920s Comic Accurately Predicts Our Cellphone-Dominated Lives | Open Culture

Tags: tech, smartphone, history, culture

Interesting look at the perception of cellphones before they even existed.

https://www.openculture.com/2022/08/when-we-all-have-pocket-telephones.html

The Age of Social Media Is Ending - The Atlantic

Tags: tech, social-media

Interesting point of view, also lays out nicely how social networks degenerated into social media. I appreciate this kind of perspective.

https://www.theatlantic.com/technology/archive/2022/11/twitter-facebook-social-media-decline/672074/

Fediverse

Tags: tech, fediverse, social-media, ecology

Good thinking about the recent Mastodon users increase. Highlights fairly well why it’s desirable, why it’s a better social media platform but also the challenges ahead… including resources consumption.

https://bastianallgeier.com/notes/fediverse

Home invasion - Mastodon’s Eternal September begins

Tags: tech, fediverse, social-media

Success is a two sided coin. Clearly this mass exodus of Twitter users will overwhelm existing Mastodon users and a few instance administrators. It’s understandable that is can be perceived as some kind of assault from people not used to the customs. How will the preexisting culture hold? The Pandora box is now opened we shall see.

https://www.hughrundle.net/home-invasion/

Is the fediverse about to get Fryed? (Or, “Why every toot is also a potential denial of service attack”) – Aral Balkan

Tags: tech, architecture, fediverse, performance, social-media

There are indeed a few architectural problems with the Fediverse as it is. Can this be solved? Hopefully yes.

https://ar.al/2022/11/09/is-the-fediverse-about-to-get-fryed-or-why-every-toot-is-also-a-potential-denial-of-service-attack/

How fast is ASP.NET Core?

Tags: tech, benchmarking, web, framework, microsoft, dotnet

Don’t believe too good to be true marketing claims by vendors. Clearly something went wrong there and the benchmark has been gamed.

https://dusted.codes/how-fast-is-really-aspnet-core

Refactoring with =delete

Tags: tech, programming, refactoring, c++

This is a clever and important use of =delete which I sometimes miss in other languages.

https://quuxplusone.github.io/blog/2022/11/11/refactoring-with-delete/

Immutable Collections should be Your Default

Tags: tech, programming, multithreading, java

Illustrated with Java, still this highlight fairly well the caveats of mutable collections in multithreaded code.

https://alexn.org/blog/2022/10/27/immutable-collections-your-default/

Performance Optimizations Can Have Unexpectedly Large Effects When Combined With Caches

Tags: tech, performance, optimization

Interesting take about how performance optimizations can sometimes leverage even more performance gains than you would expect.

https://justinblank.com/notebooks/performanceoptimizationscanhaveunexpectedlylargeeffectswhencombinedwithcaches.html

The hidden cost of complexity

Tags: tech, software, complexity

A simplified mental model of complexity in software projects. It’s not completely accurate but is valuable in the way it is easy to reason about it and probably use it for decision making.

https://medium.com/@dolevp/the-hidden-cost-of-complexity-d9d8eb91594c

Split Your Overwhelmed Teams - ACM Queue

Tags: tech, management, team, burnout

Interesting take of the cognitive overload in bigger teams which end up with more responsibilities. Indeed splitting the teams and the responsibilities can then be a way out.

https://queue.acm.org/detail.cfm?id=3570920

Why do we call it “boilerplate code?” • Buttondown

Tags: tech, programming, history, etymology

I love this kind of explorations. Where does the term boilerplate code come? Let’s find out.

https://buttondown.email/hillelwayne/archive/why-do-we-call-it-boilerplate-code/

Digital Books wear out faster than Physical Books - Internet Archive Blogs

Tags: book, low-tech

The limits of digital books, this won’t get me off the paper books addiction I got.

http://blog.archive.org/2022/11/15/digital-books-wear-out-faster-than-physical-books/

Bye for now!

First, I would like to send a big Thank you! to Canonical for sponsoring my trip to Prague for the Ubuntu Summit! It was a great success. I saw some great talks and valuable workshops. I now know how to snap our applications the have daemons and services thanks to the Snapping Daemons and Services workshop. Prague itself is an amazing city. Wow. Just wow. I got to see old friends and meet many new ones. I will take away some wonderful memories. Did I mention a river cruise? Yes! It was great fun.

I did a lightning talk with Jonathon and a Snapping Desktop Applications workshop with Olivier. The talk was “lightning” fast! But good practice for my speech giving skills ( a challenge for a shy person such as myself!) The workshop was great presentations of different ways snaps are done for different projects. The audience was smaller than I had hoped ( it was the end of the summit and many folks were wrapping up to leave.) I still left with a feeling of accomplishment.

This week I will apply my new found knowledge and push out some more snaps!

The post Kdenlive Café and Beta testing appeared first on Kdenlive.

One of the lovelyest things about open community development is you can do it from home but you also get to travel to fancy places to meet your fellow devs and share ideas. Lockdowns stopped that for two years but with Akademy last month it felt like open tech life could return to a more fun state. Then came the return of a meeting that had last happened a decade ago, the Ubuntu Summit. A bunch of KDE devs were invited, me (who does KDE neon), Ade (who does Calamares installer), Scarlett (who does Snap packages), Aleix (who does Discover app installers), Harald (KDE neon), Luca (OpenRazor and hangs around KDE).

Unlike the old Ubuntu Developer Summits this wasn’t aimed at planning the next Ubuntu release, they had already spent the last two weeks in the same hotel doing that. This was just a fun sharing of ideas conference where people gave talks and workshops on what they were working on.

Me and Scarlett gave a lightning talk on KDE Snaps and Scarlett gave a workshop on KDE Snaps. KDE has over 100 apps in the Snap store, a great way to get KDE software promptly.

Ade gave a talk about his Calamares distro installer and compared it to Ubuntu’s installer which is being rewritten in Flutter. Harald gave talks on KDE neon and on secrets of KDE Plasma. Aleix spoke about the KDE community and what we do. Ade also talked about KDE Frameworks.

There was plenty of talks on Snaps, it’s how Canonical makes money where it’s used in embedded devices, if you can call a 10 ton steel press an embedded device. Adam Szopa works for KDE and also Canonical and he gave a talk on Linux gaming, I hear Canonical has a whole team just to get gaming working well. Canonical also makes money from Microsoft’s Windows Services for Linux (WSL) and there were a bunch of talks showing this off. Using JuJu to set up servers is another large project Canonical works on which had some talks. Flutter seems very fashionable, a rival to Qt that is gaining attention, it uses the Dart programming language and is designed for mobile devices but Canonical has been working with Google to port it to Linux desktops (using GTK).

It was great to catch up with Erich Eickmeyer who makes Ubuntu Studio and works for Kubuntu Focus selling laptops with Plasma. Ubuntu Studio ships with Plasma of course. I spoke to him about Wayland and he says the next release (for Ubuntu plus Plasma) is looking great for Wayland.

It was also great to meet Simon Quigley (tsimonq2) who does Lubuntu and has worked on Kubuntu. LxQt is a lightweight Linux desktop and probably one of the largest users of KDE Frameworks outside KDE, they use KScreen, KIdleTime, Solid, KWindowSystem and probably other Frameworks.

Canonical is reported to be profitable and hiring (after some “brutal times”) and spirits seem to be good. They have a community team now and are keen to engage.

There were also inspiring talks from e.g. a Zimbabwean developer talking about the challenges of taking software development on donkeys here he lives. Geopolitics is an interesting subject but one aspect I’ve not thought about before is how countries with a coastline can connect their internet directly to the world while countries without such as Zimbabwe are dependent on neighbouring countries to pass it through.

Lorenzo’s Music is an open source band who create on Github using Ubuntu Studio and Kdenlive. They gave a great performance on the river boat cruise under the Charles bridge in Prague.

Thanks to Canonical for sponsoring travel and helping us re-engage.

Monday, 14 November 2022

KDE today announces the release of KDE Frameworks 5.100.0.

KDE Frameworks are 83 addon libraries to Qt which provide a wide variety of commonly needed functionality in mature, peer reviewed and well tested libraries with friendly licensing terms. For an introduction see the KDE Frameworks release announcement.

This release is part of a series of planned monthly releases making improvements available to developers in a quick and predictable manner.

New in this version

Baloo

• [TermGeneratorTest] Reduce code duplication
• Correct and simplify OrpostingIterator constructor
• Convert kded metadata to JSON

Breeze Icons

• Add accessories-dictionary-symbolic symlink to a book-looking icon (bug 461033)
• Add new icons for Fortran source code
• Add 64px audio-headset, fix issues with 64px audio-headphones (bug 447536)
• Add data-success icon
• Add icon for OpenOffice extensions

Extra CMake Modules

• Make the expiry of these artifacts more reasonable, 3 months is a bit excessive
• avoid lib64 directory on NixOS
• Add quotes, otherwise if is malformed when envvar not defined
• Allow KF_IGNORE_PLATFORM_CHECK to be set through an environment variable

KDE Doxygen Tools

• remove link to Other KDE Software

KArchive

• Make error messages translatable

KAuth

• Config.cmake.in: declare static dependencies

KBookmarks

• Don’t use KXmlGui when building without deprecated stuff

KCMUtils

• Remove space
• Kauth doesn’t build on windows
• KCModuleQML: Make sizeHint() check more robust

KCodecs

• Prepare for 5.15.7: adapt test

KConfig

• kconfig_compiler: switch away from bit mask for signal enum values
• kconfig_compiler: fix generation of bit masks enum items for signals
• kconfig_compiler: perform signals count check earlier
• Fix KConfigGui initialization in case of static builds (bug 459337)

KConfigWidgets

• avoid stating files during restore of recent files (bug 460868)
• Ensure icon is always set for recent files actions
• Add file icons to open recent menu
• Replace custom color preference code with KColorSchemeWatcher
• Intialize default decoration colors
• [KCommandBar] Fix shortcut background

KContacts

• Add setAddresses

KCoreAddons

• Add missing . in error string
• KPluginMetaData: Check applicationDirPath first when resolving plugin paths (bug 459830)
• Fix static build of downstream consumers
• KFileSystem: add Fuse Type; use libudev to probe underlying fuseblk type

KDeclarative

• Make QQmlContext’s contextObject outlive the QQmlContext
• Completely deprecate KDeclarative class
• Port manual test app away from deprecated KDeclarative API

KDELibs 4 Support

• Add CMake option to build WITH_X11

KDesignerPlugin

• add win ci, for kdelibs4support

KDESU

• Add missing deprecation wrapper for KDEsuClient::isServerSGID impl

KFileMetaData

• OdfExtractorTest: Add test cases for Flat XML documents
• OdfExtractor: Only go looking for textual content in office:body
• OdfExtractor: Support “Flat XML” variants
• PngExtractor: Only extract metadata when it was asked for

KDE GUI Addons

• Add misisng find_dependency’s for static builds
• systemclipboard: Don’t signals data source cancellation (bug 460248)
• Guard the global was actually intialised
• Implement destuctor for keystate protocol implementation
• kcolorschemewatcher: make changing colour schemes work as expected on macOS
• [kcolorschemewatcher] Default to light mode, where AppsUseLightTheme isn’t set (notably Windows 8.1)
• enable automatic dark-mode switching on macOS
• Add API for system color preference reading

KI18n

• Try fixing build on Windows mingw
• Add missing include

KImageFormats

• Don’t install desktop files for image formats when building against Qt6
• raw: Don’t seek back if we were asked to read too much
• jxl: indicate when all frames have been read
• avif: indicate when all frames have been read
• avif: always indicate endless loop (bug 460085)
• avif: return false in canRead() when imageIndex >= imageCount (bug 460085)
• Auto-rotate input images in readtest
• jxl: remove C-style casts
• avif: Use reinterpret_cast instead C cast
• heif: replace C cast with static_cast
• heif: use heif_init/heif_deinit with libheif 1.13.0+
• FindLibRaw: fix include dir, should not contain prefix libraw/ (bug 460105)
• Fix duplicated tests
• ANI partial test and PIC test added
• PSD: impreved support to sequential access device
• Fix messages
• CMakeLists: enable EXR test
• Added EXR test image
• Fixes for sequential devices

KIO

• Add new base class for thumbnail plugins
• Fix string formatting in “Do you really want to delete it?” message
• [kdiroperator] Don’t add actions to actioncollection when building without deprecated API
• Deprecate KDirOperator::actionCollection
• [kfilewidget] Don’t remove mkdir action from the action collection
• Fix deprecation of virtual functions
• Deprecate KDirOperator::setView(QAbstractItemView *)
• [kcoredirlister] Deprecate setMimeExcludeFilter
• [kcoredirlister] Rename showingDotFiles to showHiddenFiles
• [kdiroperator] Rename setView to setViewMode
• [kcoredirlister] Deprecate itemsFilteredByMime
• [kdiroperator] Remove usage of itemsFilteredByMime
• [knewfilemenu] Decouple from KActionCollection
• KPropertiesDialog: Add tooltip for magic mime type, too
• kurlnavigatortest: add test for absolute path in relative path handling
• KUrlNavigator: fix handling absolute paths
• kurlnavigatortest: add test case for relative hidden directory
• Remove KCrash dependency on Android
• KFilePlacesModel: Move open files error on teardown to KIO
• Add a CMake option, off by default, to control ftpd and wsgidav usage
• Conditionally chow hidden folders in the location bar’s dropdown menu
• fix dav overwrite
• don’t disable tests
• Warning dialogs: Change button text from “Delete” to “Delete Permanently”
• AskUserActionInterface: add DeleteInsteadOfTrash deletion type (bug 431351)
• WidgetsAskUserActionHandler: fix showing file name for single url
• Message box methods: add API using “action” terms instead of “Yes” & “No”
• Deprecate defaulting to “Yes” & “No” message box buttons
• Add messagebox: KIO worker for testing messageBox() calls from worker
• Remove service type definition for urifilter plugins
• DeleteOrTrashJob: it’s included in KF 5.100
• [ioslaves/remote] Convert kded metadata to JSON
• Fix missing details in message dialogs from worker
• UserNotificationHandler: fix messagebox type mismatches
• [kdiroperator] Allow accessing actions without KActionCollection
• KDirOperator: use KIO::DeleteOrTrashJob
• Add DeleteOrTrashJob
• [kopenwithdialog] Handle absence of a mime comment gracefully
• Port Windows-only code away from deprecated KIO API
• KFileItemListProperties: Better respect ioworker metadata
• KIO HTTP: Store error string for deferred result
• KFilePlacesView: Show busy indicator while (un)mounting a device
• KFilePlacesModel: Change teardown action to indicate teardown in progress
• KFilePlacesModel: Add DeviceAccessibilityRole
• KFilePlacesItem: Allow passing roles for dataChanged

Kirigami

• icon: itemSize should be size
• FormLayout: remove top margin for TextArea
• BannerImage: fix title background not aligning to vertical center
• TabletModeWatcher: reduce the amount of blocking calls we do
• SingletonCreation: Make sure singletons are reused with the engine
• ToolBarLayout: Do not crash when a null action is passed
• set a11y properties on swipelistitem actions buttons
• Set is so that if there is at least 1 action in the CategorizedSettings pagestack that the current index is set to it on open
• DefaultCardBackground: Use simple drop shadow and less shadow
• FormLayout: Use const instead of let where possible
• Examples + tests: Update usage of actions in Page components
• Improve appearance of ListSectionHeader and remove list item separators by default
• GlobalDrawerActionItem: Simplify spacing
• GlobalDrawerActionItem: Use consistent spacing between icon and label, and left margin
• GlobalDrawerActionItem: Make icon size readonly
• GlobalDrawerActionItem: Don’t increase icon size for mobile
• Fix verticalAlignment bindingloop in PlaceholderMessage
• WheelHandler: Fix memory leak
• ActionToolBar: let keyword not used
• ListSectionHeader: Elide when text overflows
• FormLayout: remove hack
• Remove cases where hoverEnabled is used in place of supportMouseEvents
• SearchField: Check for acceptableInput before firing an event
• GlobalToolBar: Expose the title padding property
• Check preventStealing earlier in ColumnView (bug 460345)
• Don’t load page header components asynchronously by default
• SwipeListItem: Make sure we only show the aggressive warning when it’s due (bug 455789)
• imagecolors: don’t early return when there is no window for QQuickItem
• Avatar: fix blurry avatar when using Qt scaling (bug 356446)
• Fix ginormous FABs
• PC3/TextField,SearchField: Fix mirroring detection
• SearchField: Align search icon vertically
• SearchField,ActionTextField: Use non-destructive clear() method
• Doc: ActionTextField: Use StandardKey instead of hardcoded Ctrl+F string
• SearchField: Bump QML imports and fix code style
• BasicListItem: Make text more readable when using fadeContent property
• FormLayout: Fix nullable items
• Remove renderType workaround that was fixed in Qt 5.14.0 RC1
• Replace sizeForLabels with Units.iconSizes.medium/large where relevant
• AboutItem: make license text selectable
• make example build on qt6
• Remove unnecessary break statement

KItemModels

• Also fix kconcatenaterows_qml test for static builds
• Fix ksortfilterproxymodel_qml test for static builds (bug 459321)

KItemViews

• KCategoryDrawer: Update design to match Kirigami list categories

KNewStuff

• KF5NewStuffCoreConfig.cmake: fix resolving QT_MAJOR_VERSION at generation
• [kmoretools] Replace QDesktopServices::openUrl with KIO::OpenUrlJob
• Add qtdesigner plugin for KNewStuffWidgets

KParts

• [partloader] Remove references to KPluginLoader from docs
• Don’t install service type definitions when building without deprecated stuff
• Add new functions to instantiate parts

KRunner

• runnermanager: only emit queryFinished when previous jobs are still running

KService

• Do not warn if KService("") is instantiated

KTextEditor

• Set default mark type only if control is pressed
• Don’t install desktop file for katepart when building against Qt6
• CamelCursor: Improve complex unicode handling (bug 461239)
• we want to shift unsigned ints
• auto completion got me
• remove file name for saveas only for remote files (bug 461161)
• Simplify and optimize KateScriptDocument::anchorInternal
• Indenter: Dart and Js fixes
• Fix js/dart indent in array
• Make Tab/Shift+Tab completion work
• Bring Shell-like tab completion back, and make it work
• Remove select all and deselect from context menu
• Remove double message about lack of access rights
• KateCompletionModel: Dont sort Group::prefilter
• KateCompletionModel: Simplify changeCompletions()
• Avoid detaching currentCompletion
• KateCompletionModel: Remove not needed setters
• Remove KateCompletionModel config from KateCompletionWidget
• Avoid excessive filtering and calls to modelContentChanged
• Completion: Avoid extra model reset
• Remove “Preview:” label in themes tab
• Fix fallback logic
• Fix tab order in search (bug 440888)
• fix clipboard selection update on shift mouse click (bug 443642)
• Ensure to set highlight on reload when file type was set by user (bug 454715)

KUnitConversion

• Add missing forms for mass units: tonnes, ct, lbs
• add singular abbreviation forms as match strings for teaspoon and tablespoon

KWallet Framework

• mark some binaries as non-gui
• Add support for plain transfer algorithm to Secret Service API (bug 458341)
• Change naming and order of FreedesktopSecret members to match the spec

KWayland

• [registry] Bump PlasmaWindowManagement version to 16

KWidgetsAddons

• avoid stating files during restore of recent files (bug 460868)
• Add a method to remove all actions in one go
• KTitleWidget: Constraint the frame size so it properly aligns (bug 460542)
• KPageDialog: Collapse margins also for flat list
• KToolBarPopupAction: Apply popupMode to existing widgets
• Deprecate KStandardGuiItem::yes() KStandardGuiItem::no()
• KMessageDialog: add API using “action” terms instead of “Yes” & “No”
• KMessageBox: add API using “action” terms instead of “Yes” & “No”
• Fix potential crash in fix for 458335

NetworkManagerQt

• DeviceStatistics: Replace setRefreshRateMs call with manual DBus call
• Remove dead CMakeLists code

Plasma Framework

• PC3/BusyIndicator: Disable hover, drop unused id, and shorten a comment
• Never time out tooltip while its control is still hovered (bug 397336)
• windowthumbnail ‘count > 0’ is always true
• Dialog: Avoid using plasmashell protocol when running in kwin
• Make KPackage an implementation detail of Plasma Applets
• Deprecate public includes for KPackage
• templates/cpp-plasmoid: Load icon as svg rather than svgz
• templates/cpp-plasmoid: Remove unneeded EnabledByDefault and X-Plasma-MainScript keys
• templates/cpp-plasmoid: Consistently require ECM, KF and Qt dependencies
• templates/cpp-plasmoid: Port to newer KPackageStructure key instead of ServiceTypes
• templates/cpp-plasmoid: Do not embed json file in plugin
• Create SVGZ files without embedded filename & timestamp -> reproducibility
• Oxygen: Drastically improve buttons
• Oxygen: Invert input box color and increase size
• Oxygen: Update Inkscape Metadata
• Oxygen: Fix tab bars not rendering, add N/E/S/W sides
• Oxygen: Fix active button size
• ExpandableListItem: Port to explicit signal handler parameter names
• Center the AppletPopup dialogs when possible
• framesvgitem: avoid unnecessary type conversion in resizeFrame
• framesvgitem: use QQuickItem::size() directly in resizeFrame
• framesvgitem: port two qMax to std::max
• framesvgitem: remove one unnecessary maxvalue comparison
• PC3/BusyIndicator: Revert RotationAnimator back to property interceptor syntax
• PC3/BusyIndicator: Fix hang & rapid jump on start
• PC3/BusyIndicator: Don’t do extra work when animation starts
• PC3/BusyIndicator: Port opacity animation to Easing.OutCubic
• PC3/BusyIndicator: Center the active/rotating part of the control
• PC3/BusyIndicator: Fix QML/JS code style, bump imports
• fix refcount of dialog instances
• Fix name of margin hints of task manager (bug 456076)
• PC3/TextField,SearchField: Fix mirroring detection
• SearchField: Align search icon vertically
• SearchField,ActionTextField: Use non-destructive clear() method
• PC3/Slider: Fix tick marks direction for vertical orientation
• Manage the case someone is asking for the attached of an applet
• Fix scrollbar visibility when contentWidth or contentHeight is 0
• Drop deprecated KDeclarative::setupEngine calls
• iconitem: add test for devicePixelRatio
• svgitem: fix blurry icon on HiDPI screens
• iconitem: fix blurry icon on HiDPI screens
• Revert “Install a plugin for org.kde.plasma.plasmoid”
• Add 5G network icons
• ExpandableListItem: Simplify Accessible.description expression
• ExpandableListItem: Use uniform standard margins for actions list
• Perform initialization in initialization list
• IconItem: Use standard Units.longDuration for cross-fade animation

Prison

• Convert code128 data table to binary literals
• Simplify QR reference PNG images

QQC2StyleBridge

• Never time out tooltip while its control is still hovered
• TextField: Use effectiveHorizontalAlignment without extra mirroring for placeholder

Syntax Highlighting

• Jira: improve highlighting
• Jira: fix Bold and Stroked Out highlight at start of line (bug 431268)
• CMake: fix nested parentheses highlinthing (bug 461151)
• systemd_unit: update to systemd v252
• Common List: optimize (~40% faster)
• Common Lisp: highlight numbers preceded by -
• Common Lisp: highlint ‘symbol and #‘symbol
• Common Lisp: add operators
• Common Lisp: add .el extension (emacs script)
• powershell.xml: Recognize variable substitutions in double quoted strings
• powershell.xml: Recognize single quoted strings
• debchangelog: add Forky
• debchangelog: add Lunar Lobster
• CMake: return() as Control Flow
• CMake: add Control Flow style for if, else, while, etc (bug 460596)
• Fix name (for consistency with CartoCSS MML)
• Better highlighting for some GIS-related file formats
• VHDL: support of VHDL-2008
• Nix: fix decimal numbers format and some performance changes
• Alerts: add NO-BREAK SPACE (nbsp) as keyword deliminator (bug 459972)
• Git Rebase: add missing commands
• Git Ignore: more highlight
• cmake.xml: New features for CMake 3.25
• Bash/Zsh: fix Parameter Expansion style for } in ${…}
• Zsh: add folding for group command
• Bash/Zsh: fix group command with coproc statement (bug 460301)
• use a constant container with range-based for loop to avoid copies
• Ansi/HtmlHighlighter: prefer QTextStream::readLineInto() to QTextStream::readLine() to avoid allocation
• fix AnsiHighlighter::highlightData() with valid definition, but without any context
• increment version number after keywords change
• cpp.xml: add missing QStringTokenizer class for highlighting
• Add folding for maps, structs and lists in elixir
• Add opendocument “flat XML” file types
• Add do: to tests
• Undo unintended line formating
• Remove any reference to fn being a definition
• Adapt tests to new output
• Add folding to elixir code

Security information

The released code has been GPG-signed using the following key: pub rsa2048/58D0EE648A48B3BB 2016-09-05 David Faure [email protected] Primary key fingerprint: 53E6 B47B 45CE A3E0 D5B7 4577 58D0 EE64 8A48 B3BB

I have found a new bugbear. Something to be creatively annoyed about. I’m going to call it 80/20 refactoring, to express the idea that a refactoring is started, but then not finished. Probably because doing all of the edge cases in a refactoring is hard.

Premise

Suppose we have a large-ish codebase, with a repeated pattern of code. Thanks to the magic of copy-and-paste, that pattern will be, say, a half dozen lines of code, repeated over and over, but also sometimes subtly changed. Something like this:

SerializingBuffer request;
request.start(ID_RESET);
request.add(0);
request.add("timed-out");
connection.send(&request);

You don’t have to understand what this is doing, just that there’s a pattern of code. Variations will include:

• having this in a function, with request passed in as a pointer,
• same, but as a reference,
• variables renamed rqst and conn because someone didn’t watch Kate Gregory’s Naming is Hard: Let’s Do Better talk,
• an extra 0 somewhere.

Refactoring

My gut feeling says there’s a refactoring to be done here: make a function ReportTimeout() that takes a connection reference and does all the things. It hides the buffer, it hides the exact details of what is being sent, and it has a nicer name.

This is the point where 80/20 refactoring comes in, and I am absolutely guilty of doing just this: the 80% of cases that are easy to deal with are done in no time, the refactoring lands, there’s a net reduction of lines-of-code, lovely. Interest turns elsewhere, and now in many ways the codebase is worse off once the here-and-now knowledge about the refactoring is lost.

There’s one case, one particular function, used a lot, and then there’s a handful (20%) of cases that sorta-kinda looks like they would fit that function, but they don’t. Chesterson’s fence? Is there something special going on? Removed from the here-and-now of the refactoring, re-discovering what those remaining 20% of copied chunks of code mean, and how they can be shimmed into the new function, is so much harder.

So what happens is the nice bits get nicer, and the ugly bits get uglier, until there’s nothing left to do with the nasty bits but throw them away and start over – hopefully this time, using the newer functions from the outset.

Takeaway

Don’t put away the refactoring tool until it’s really done. Cover all of the edge cases. Anything that you could refactor, and don’t, comment the heck out of it why it doesn’t fit the new stuff. Then you won’t end up asking the question “why have we got 15 flavors of shit?” (ObXKCD 927)