1
00:00:01,957 --> 00:00:05,557
I'm sorry, I'll hide behind here and then I can.

2
00:00:07,317 --> 00:00:12,837
Allow me to introduce Mr. David Edmondson, who will be talking to us about Adapt or Die.

3
00:00:15,097 --> 00:00:20,177
Yes, I want to talk about what packaging format changes mean for the wider KDE.

4
00:00:20,517 --> 00:00:25,657
And by packaging formats, I mean Flatpak, Snaps, Ling Long.

5
00:00:25,977 --> 00:00:30,977
And I don't know enough about them to say which one's better or have that discussion.

6
00:00:31,257 --> 00:00:36,697
I might have a favourite, I'll point to it. But the point is they are all better

7
00:00:36,697 --> 00:00:42,017
than the current state and for the purpose of this sort of talk they're all

8
00:00:42,017 --> 00:00:45,617
the same and they're all similar.

9
00:00:46,377 --> 00:00:50,837
Where you have a runtime provided by KDE which has a bunch of libraries,

10
00:00:51,677 --> 00:00:57,457
and then the application takes a version of our runtime and it's all put in

11
00:00:57,457 --> 00:01:01,917
a nice little sandbox sandbox, where there's a few ways to talk to your host environment,

12
00:01:02,417 --> 00:01:05,017
but not a lot of ways to destroy your system.

13
00:01:05,957 --> 00:01:10,377
And it's amazing. They're all amazing.

14
00:01:10,577 --> 00:01:15,337
And I've not been doing a lot of this work on the Flatpaks and the Snaps.

15
00:01:15,937 --> 00:01:22,157
But I wanted to share my moment of enlightenment of when I realized it's not

16
00:01:22,157 --> 00:01:24,297
just another way to get apps,

17
00:01:24,417 --> 00:01:29,937
but how we should be approaching things as the default state that we should

18
00:01:29,937 --> 00:01:31,717
be aiming for, the future.

19
00:01:32,837 --> 00:01:35,977
And talk about how this affects some things we do in frameworks,

20
00:01:36,257 --> 00:01:43,957
how it affects some things we do in Plasma, and really focus on where we go from there.

21
00:01:46,157 --> 00:01:53,057
So, my moment as a Wayland developer, I have to pick up random projects and

22
00:01:53,057 --> 00:01:56,797
see why I don't work under Quinn, which is normally the application's fault.

23
00:01:57,177 --> 00:02:02,797
So I had to build some random GTK application, and I tried building it,

24
00:02:02,937 --> 00:02:06,997
and it requires a newer version of this thing, an older version of that other

25
00:02:06,997 --> 00:02:12,117
thing, and trying to find this Goldilocks situation which compiles was a nightmare.

26
00:02:12,257 --> 00:02:15,397
And I wasted a day on whatever project it was.

27
00:02:16,537 --> 00:02:23,257
And then, I double clicked on the Flatpak file and knownbuilder opened up and

28
00:02:23,257 --> 00:02:25,097
it had all of the source code for your project,

29
00:02:25,377 --> 00:02:28,737
it had all of the source code for your dependency that I was actually wanting

30
00:02:28,737 --> 00:02:34,217
to change in library tree, and all of the other dependencies got magically brought

31
00:02:34,217 --> 00:02:37,237
in and it was an amazing developer experience.

32
00:02:38,277 --> 00:02:43,577
And my takeaway from this was, that was nice, but I don't need it in KDE because

33
00:02:43,577 --> 00:02:44,957
I already have a dev setup.

34
00:02:46,857 --> 00:02:50,437
And I think everyone in this room probably goes, we don't need any of that nice

35
00:02:50,437 --> 00:02:54,817
stuff for getting all your dependencies, because I already have all your dependencies.

36
00:02:55,617 --> 00:02:59,617
And when you say it out loud, you realize that's not a good way to think.

37
00:03:02,097 --> 00:03:07,197
So using this as a way to get people on and have other people quickly build

38
00:03:07,197 --> 00:03:08,377
your app is really important.

39
00:03:08,777 --> 00:03:13,477
If you go to most GNOME apps now, like a new GNOME terminal that's just landed,

40
00:03:13,617 --> 00:03:19,577
the readme me doesn't say clonus repo and get these dependencies and store these headers it says,

41
00:03:20,237 --> 00:03:24,557
clonus repo open a flatpak file and

42
00:03:24,557 --> 00:03:29,217
i think we want that experience in kde but if you look at any of our readmes

43
00:03:29,217 --> 00:03:34,617
our readme for ocula just says clonus repo and hope your distribution's got

44
00:03:34,617 --> 00:03:38,397
the right version of these things and do your weird things you need to do under

45
00:03:38,397 --> 00:03:40,437
debian to get your headers, which are missing,

46
00:03:40,557 --> 00:03:43,137
and go through a painful process.

47
00:03:43,937 --> 00:03:48,537
So that really changed my mind and thinking, this is what we need to be doing.

48
00:03:51,127 --> 00:03:55,867
The other thing that happened around the same time as the call for papers was

49
00:03:55,867 --> 00:04:01,187
we had an issue in Plasma where somebody randomly grabbed something off our

50
00:04:01,187 --> 00:04:05,067
store and it sort of wiped all of their files.

51
00:04:07,187 --> 00:04:12,767
Yeah, a little bit wiped all their files. And we've got a simultaneous extreme

52
00:04:12,767 --> 00:04:17,987
situation where we have our applications where we have to fight all your sandboxing

53
00:04:17,987 --> 00:04:20,427
and we're telling users is, you've installed this app,

54
00:04:20,567 --> 00:04:23,447
it might be unsafe because it's doing this tiny little thing.

55
00:04:23,867 --> 00:04:30,107
And at the same time, Plasma is just letting you download scripts and run them

56
00:04:30,107 --> 00:04:31,707
without that same level of warnings.

57
00:04:32,447 --> 00:04:38,607
And as a user, the expectations of what an app system needs to provide are increasing

58
00:04:38,607 --> 00:04:40,467
because this tech exists.

59
00:04:41,187 --> 00:04:45,507
I mean, I have sandboxing tech on my phone and I'm comfortable possible downloading

60
00:04:45,507 --> 00:04:52,907
and running a Ryanair app next to my banking apps, but I don't feel the same

61
00:04:52,907 --> 00:04:55,147
about downloading some random thing off GitHub.

62
00:04:55,327 --> 00:05:00,267
Even if I can see a source, I'd rather trust a sandbox than trust me reading

63
00:05:00,267 --> 00:05:03,007
a source because I can't be bothered to read a source.

64
00:05:04,227 --> 00:05:06,107
So sandboxing is important.

65
00:05:08,690 --> 00:05:12,130
And that got me thinking about what else can we gain from this sort of technology.

66
00:05:14,430 --> 00:05:18,110
Moving forward, we don't have to care about ABI too much.

67
00:05:18,570 --> 00:05:23,430
Every time we make a new runtime, a new SDK of saying this is what you run your

68
00:05:23,430 --> 00:05:26,990
application against, it doesn't have to be ABI compatible with the last one.

69
00:05:27,350 --> 00:05:32,710
And that will give us a lot more flexibility when we approach moving through

70
00:05:32,710 --> 00:05:37,450
KS6 to get to KS7. We can start deprecating things early and stopping after

71
00:05:37,450 --> 00:05:39,250
using them and making sure they change.

72
00:05:39,770 --> 00:05:44,990
Or we can just be more eager to include new libraries into our SDK,

73
00:05:45,090 --> 00:05:48,550
knowing it's safe to just make a change later if we want to.

74
00:05:50,650 --> 00:05:54,150
And also, bugs should be reproducible.

75
00:05:54,890 --> 00:06:00,530
My work is filled with Nate telling me he's got a weird bug that only he has.

76
00:06:01,670 --> 00:06:06,050
And in theory, in a world where we run the same software, we're in the same

77
00:06:06,050 --> 00:06:12,690
sub stack with the same dependencies, should behave the same and I'll have fewer of them.

78
00:06:13,230 --> 00:06:16,290
They won't all go away. I'm sure you'll still find a way to out QA me.

79
00:06:19,770 --> 00:06:24,370
Worth debatable. Another thing that's going to be super cool,

80
00:06:24,510 --> 00:06:30,030
and I've not seen this really exposed or talked about yet, is I compile something

81
00:06:30,030 --> 00:06:32,410
on my laptop, it takes forever.

82
00:06:32,670 --> 00:06:37,430
I compile something on my desktop, it takes forever, even though I've just compiled the same thing.

83
00:06:37,910 --> 00:06:42,670
And it takes forever because my caches on my laptop are not usable,

84
00:06:42,870 --> 00:06:46,550
it's a different compiler I'm using, things have a slightly different path or

85
00:06:46,550 --> 00:06:47,750
a slightly different timestamp.

86
00:06:48,830 --> 00:06:53,190
If you're building everything in containers, that problem goes away.

87
00:06:53,550 --> 00:06:58,550
So I'm hoping we're going to see sccache used or just copying your ccache folder

88
00:06:58,550 --> 00:07:04,610
and moving between machines or even having somebody write a new merge request

89
00:07:04,610 --> 00:07:09,250
and then me not having to recompile any of those files on the other side of

90
00:07:09,250 --> 00:07:12,970
the world is actually doable. And that could be game changing.

91
00:07:17,405 --> 00:07:20,885
And the other important part is even if you don't like the flat plaques and

92
00:07:20,885 --> 00:07:26,285
snaps, you don't have a choice because they're coming and there are distributions

93
00:07:26,285 --> 00:07:28,665
where it's the only way to get applications.

94
00:07:29,965 --> 00:07:36,185
So always immutable atomic distributions are coming up everywhere and by immutable

95
00:07:36,185 --> 00:07:40,605
distributions I mean ones where you download a distribution and you can't add

96
00:07:40,605 --> 00:07:44,545
or change any of these files and every week there's a new one of these.

97
00:07:44,925 --> 00:07:51,345
There's another one. And Fedora Silverblue spin-offs, Micro S from Sousa,

98
00:07:51,805 --> 00:07:55,885
Ubuntu's got a slightly different vibe and if you want to learn more about Ubuntu

99
00:07:55,885 --> 00:07:59,145
Core, Kevin has a whole talk about tomorrow going into,

100
00:07:59,665 --> 00:08:06,245
nitty-gritty detail of that and I've got a certain experience with one of these

101
00:08:06,245 --> 00:08:08,025
other products on screen.

102
00:08:09,925 --> 00:08:10,705
So what's this?

103
00:08:13,065 --> 00:08:16,725
So in these systems, the only way to get applications is through your stores

104
00:08:16,725 --> 00:08:18,105
with a Flutterpack and Snaps.

105
00:08:18,225 --> 00:08:22,745
And if they're not available in the Flutterpacks or Snaps, they may as well not exist.

106
00:08:23,465 --> 00:08:26,425
So there's pressure coming in that we can't avoid.

107
00:08:28,625 --> 00:08:34,485
And fact, most users will be using one of these distributions in the next few

108
00:08:34,485 --> 00:08:38,105
years. You might think it's a prediction, but it says facts on the screen.

109
00:08:39,825 --> 00:08:41,425
And I'm on stage, so I'm right.

110
00:08:44,765 --> 00:08:50,645
So what do we need to deliver for those distributions? We need our apps to be available, obviously.

111
00:08:51,205 --> 00:08:54,345
But I'm not going to blab one of our apps because that's hopefully been talked

112
00:08:54,345 --> 00:08:56,365
about over the last few years again and again.

113
00:08:57,825 --> 00:09:01,765
But we also need our base system outside that to be really small.

114
00:09:01,765 --> 00:09:04,945
Because it's often stored in duplicates.

115
00:09:05,585 --> 00:09:09,625
It's something that other companies promising as here is the product.

116
00:09:09,685 --> 00:09:12,665
So they want to have some control over what they're offering.

117
00:09:14,405 --> 00:09:17,265
And as I talked about before, it needs to be robust.

118
00:09:17,545 --> 00:09:23,065
There's no point saying your apps are sandboxed if everything outside it is not.

119
00:09:23,245 --> 00:09:25,625
So we really need to focus on hardening that.

120
00:09:27,525 --> 00:09:32,645
And on the framework side, we need to come up with an SDK that works,

121
00:09:32,705 --> 00:09:33,685
something that's predictable.

122
00:09:33,905 --> 00:09:37,125
You look at a library documentation and see, here's a library documentation.

123
00:09:37,245 --> 00:09:41,345
I expect it to work the way Linux apps are being deployed now,

124
00:09:42,005 --> 00:09:43,985
which is in these Flatpaks and Snaps.

125
00:09:44,905 --> 00:09:48,685
And we need to have that integration work and be clear when it won't.

126
00:09:52,181 --> 00:09:56,821
So what's the state in KDE right now? Things are good enough.

127
00:09:57,081 --> 00:10:00,821
I mean, if you see my rest of the devices out there, Silverblue's out there,

128
00:10:01,001 --> 00:10:04,661
and people can get a lot of our apps, and they're available.

129
00:10:06,281 --> 00:10:10,041
But the experience could definitely be better. Like our frameworks,

130
00:10:10,141 --> 00:10:13,761
what we're thinking about where we're going to be in five years is not designed

131
00:10:13,761 --> 00:10:16,241
with this flat pack first approach.

132
00:10:16,581 --> 00:10:21,001
We've designed from that 15 years of, 20 years of history, 25 years of history

133
00:10:21,001 --> 00:10:24,301
of traditional packaging, and that sort of flows through now.

134
00:10:25,201 --> 00:10:27,721
And that makes sense, because that's how things used to work.

135
00:10:27,781 --> 00:10:32,321
Had distribution packaging, where we ship, give stuff to distributions,

136
00:10:32,701 --> 00:10:36,921
they give a random version to consumers, we don't know what it is,

137
00:10:37,001 --> 00:10:39,441
and clients have to work around guessing,

138
00:10:40,561 --> 00:10:43,701
working against maybe building against this version of Qt with this version

139
00:10:43,701 --> 00:10:45,241
of frameworks, and that mismatch.

140
00:10:46,161 --> 00:10:49,661
So we need to move towards this container-first approach, where we think about

141
00:10:49,661 --> 00:10:53,541
sandboxing existing already and working.

142
00:10:55,761 --> 00:10:59,741
So before I talk about what we need to do next in frameworks,

143
00:11:00,041 --> 00:11:05,421
I need to give a quick summary of how all of the security stuff works in these containers.

144
00:11:07,541 --> 00:11:13,341
So by default, you can't access any of the files in home, well,

145
00:11:13,441 --> 00:11:15,401
with some exceptions, or your root file system.

146
00:11:16,921 --> 00:11:20,501
You can't just grab a random library that's installed and use a lib somewhere.

147
00:11:21,121 --> 00:11:24,441
No access to devices, which is generally a good thing.

148
00:11:25,541 --> 00:11:28,761
And when you want to talk to one of these other apps on the host,

149
00:11:28,821 --> 00:11:32,381
other posters on the host, it goes through a filter.

150
00:11:33,861 --> 00:11:41,041
And the host goes through a filter and these messages get filtered.

151
00:11:41,641 --> 00:11:46,421
Some messages can go into our application in the container, but the messages

152
00:11:46,421 --> 00:11:51,141
out from our application to a host get filtered, and very few are allowed.

153
00:11:53,201 --> 00:12:00,401
Also, the host system, Plasma, only gets to see a handful of files from the application.

154
00:12:01,001 --> 00:12:07,981
It gets to see a desktop file which says how to launch it, and the command that

155
00:12:07,981 --> 00:12:11,101
says how to launch it gets modified by its install process.

156
00:12:11,401 --> 00:12:18,661
So where you say exec equals dolphin, the host sees exec equals Flatpak run dolphin.

157
00:12:20,841 --> 00:12:24,261
Same for DbusServiceFiles. So things can be DbusActivated.

158
00:12:24,441 --> 00:12:29,561
And again, that's a modification of the entry point gets modified as far as

159
00:12:29,561 --> 00:12:31,521
the host DbusDemon sees it.

160
00:12:33,161 --> 00:12:34,661
And obviously we get a nice little icon.

161
00:12:38,390 --> 00:12:44,390
So there's your static permissions, and you can do other tasks without needing those.

162
00:12:44,590 --> 00:12:48,970
So if you want to open a URL, you send a message to your portal,

163
00:12:49,130 --> 00:12:53,430
rather than actively you saying, launch Firefox, you ask the portal,

164
00:12:53,590 --> 00:12:57,610
please open this URL, and then magic things happen.

165
00:12:59,110 --> 00:13:02,690
If you want to open a specific file, you talk to your portal and say,

166
00:13:02,890 --> 00:13:05,150
can I show you a file dialogue, please?

167
00:13:05,150 --> 00:13:09,890
And then the host shows a file dialogue with all of your files and hands back

168
00:13:09,890 --> 00:13:13,710
a magic way that you can open just that one file,

169
00:13:15,590 --> 00:13:20,370
And we've got things like notifications go through this portal things that maybe

170
00:13:20,370 --> 00:13:24,850
don't need a security any Additional security things but also something that

171
00:13:24,850 --> 00:13:30,050
we want to be restricted Go see this portal and then we can show you use a prompt saying,

172
00:13:30,610 --> 00:13:33,450
Do you really want to let K write start recording your screen?

173
00:13:33,450 --> 00:13:37,150
Sounds suspicious and the user can say yes or no.

174
00:13:39,410 --> 00:13:42,470
And the static permissions are somewhat of a fallback.

175
00:13:43,490 --> 00:13:48,210
If you go to Flathub right now and you request to access all of the files in

176
00:13:48,210 --> 00:13:50,670
the home directory, you get a scary warning.

177
00:13:51,210 --> 00:13:54,570
Full system read-write access. This is bad.

178
00:13:55,530 --> 00:13:59,990
And it starts to look like the back of a cigarette packets where you've got

179
00:13:59,990 --> 00:14:01,890
a picture of a lung disintegrating.

180
00:14:02,730 --> 00:14:05,390
And that's what's going to happen if you open .config.

181
00:14:07,870 --> 00:14:14,070
And another fact, over time, FlatHub's going to start making that warning more and more severe.

182
00:14:15,510 --> 00:14:19,970
And users are going to see a scary looking warning and go, well,

183
00:14:20,110 --> 00:14:23,370
I can choose between this application without a warning or this application

184
00:14:23,370 --> 00:14:25,930
from KDE with this giant scary notice.

185
00:14:26,370 --> 00:14:29,310
It's a no brainer what you're going to choose. issues.

186
00:14:30,950 --> 00:14:37,570
So we need to design our framework around this flat pack first approach where

187
00:14:37,570 --> 00:14:41,450
things by default go through not having big scary warnings.

188
00:14:42,750 --> 00:14:47,350
So I'll go through a few case studies not going through everything we need to

189
00:14:47,350 --> 00:14:50,930
change in frameworks because that's your job over the next five days and next

190
00:14:50,930 --> 00:14:53,690
five years of working out where we want to take frameworks.

191
00:14:54,930 --> 00:15:00,310
So, system tray icons. This is the icon in the little bottom right corner of

192
00:15:00,310 --> 00:15:04,190
the screen where you can see you're running KALARM and you've left KALARM open

193
00:15:04,190 --> 00:15:06,450
and you might want to do some quick access with it.

194
00:15:07,970 --> 00:15:15,570
So if you use KSTATUS NOTIFIER item or QSYSTEMTRAY right now and try and use it, it just won't work.

195
00:15:18,045 --> 00:15:23,425
And that's a bad thing. But it can be avoided with one of these static permissions.

196
00:15:23,825 --> 00:15:26,525
If you add to your JSON file dash

197
00:15:26,525 --> 00:15:30,965
dash talk name org dot kd dot status notifier item, it can go through.

198
00:15:31,185 --> 00:15:35,285
But you have to know as a packager, which you should be doing yourself as an

199
00:15:35,285 --> 00:15:37,525
application developer, that you need to add this.

200
00:15:38,405 --> 00:15:43,785
And no documentation in case status notifier item or QSYSTEM tray icon mentioned

201
00:15:43,785 --> 00:15:45,905
this, you find out, pardon?

202
00:15:48,585 --> 00:15:52,165
Well, yes. Or outsourcing.

203
00:15:54,325 --> 00:15:58,965
No, no, on a serious note, we can change this one thing, but we need to approach

204
00:15:58,965 --> 00:16:01,285
this of everything, right?

205
00:16:01,405 --> 00:16:04,785
And I'm happy to make a merge request for this one thing, but what I'm hoping

206
00:16:04,785 --> 00:16:07,745
for is people go, oh, but this also applies to here.

207
00:16:07,905 --> 00:16:11,145
This also applies to K auto start. that, this also applies to whatever,

208
00:16:11,365 --> 00:16:14,045
and open up that discussion.

209
00:16:15,645 --> 00:16:20,465
And it's worth noting there are other ways to fix this at a Plasma and Frameworks level.

210
00:16:22,085 --> 00:16:27,565
If we rename that Dbus interface to org3desktop.portal.whatever,

211
00:16:27,765 --> 00:16:29,825
it gets allowed through without any prompts.

212
00:16:31,805 --> 00:16:36,985
It's a good thing, but it might annoy some people.

213
00:16:38,245 --> 00:16:43,045
So your alternative is we start talking to some people at the portals and say,

214
00:16:43,125 --> 00:16:47,525
well, we have these requirements, we have this API, let's make it work.

215
00:16:48,065 --> 00:16:53,225
And that means talking to people making an XDD desktop portal and say, let's do this.

216
00:17:03,644 --> 00:17:10,024
Wait, and Neil will take care of this, okay? It's been a re-signing task during this talk apparently.

217
00:17:12,164 --> 00:17:22,104
Kconfig is like a core of all of our apps to load configuration files, and it works okay-ish,

218
00:17:24,004 --> 00:17:28,024
But on a base system, you install a version of Dolphin, and then you upgrade

219
00:17:28,024 --> 00:17:29,984
to your next version of Dolphin, and it's newer.

220
00:17:30,884 --> 00:17:35,484
And every distro has some way to do some meddling about, but it's complicated

221
00:17:35,484 --> 00:17:37,384
and nobody does it and it's unsupported.

222
00:17:38,664 --> 00:17:42,804
With a lot of these other operating systems, upgrading, downgrading,

223
00:17:42,844 --> 00:17:47,624
it's really surfaced as this user-facing API that you can do with a button,

224
00:17:47,784 --> 00:17:49,304
where you don't need to log into to root,

225
00:17:49,564 --> 00:17:52,404
you can go on a Steam Deck, I want the beta channel, I want the main channel,

226
00:17:52,524 --> 00:17:55,684
I want the beta channel, I want the main channel. And people do this.

227
00:17:56,764 --> 00:17:59,064
And our code does not handle it as well.

228
00:18:00,204 --> 00:18:04,784
So this is an open discussion of we need to fix this and come up with some mechanism

229
00:18:04,784 --> 00:18:06,524
to handle upgrades and downgrades.

230
00:18:07,144 --> 00:18:11,364
And the way we currently solve it is finding when people report a bug and then

231
00:18:11,364 --> 00:18:14,444
monkey patching it away and hoping that's the last one.

232
00:18:15,584 --> 00:18:17,944
Which isn't a very long-term solution.

233
00:18:20,884 --> 00:18:25,204
The other problem we have with kconfig is that it has this very neat mechanism

234
00:18:25,204 --> 00:18:29,824
that you can have your global files in kdglobals and your application specific

235
00:18:29,824 --> 00:18:38,784
files in your applicationrc and it will transparently merge them into one single unified looking file.

236
00:18:38,924 --> 00:18:42,544
So you just query something once and it comes from this file and it doesn't

237
00:18:42,544 --> 00:18:44,724
matter if it's a global file or application file.

238
00:18:45,964 --> 00:18:51,364
If we're in a container, we can't see that global file, so we cascade with nothing.

239
00:18:52,484 --> 00:18:56,344
On top of that, if we do want to get global configuration values,

240
00:18:56,644 --> 00:19:00,084
which we can do through your portal, we can say, I want to grab this global

241
00:19:00,084 --> 00:19:03,364
config option from the host, we need to handle it explicitly.

242
00:19:03,984 --> 00:19:09,024
So we have a mechanism that makes it really difficult to see whether we want

243
00:19:09,024 --> 00:19:11,244
to do something from the global file or not.

244
00:19:11,444 --> 00:19:15,664
So over time, I think our concept up to KD Globals, it's just getting in the

245
00:19:15,664 --> 00:19:19,584
way and we should port away from that into development files.

246
00:19:24,905 --> 00:19:28,025
Yes, things are complicated and software is hard.

247
00:19:30,705 --> 00:19:36,345
Let's go shopping. Okay, wallet. Yes. I'll explain how the wallet systems are

248
00:19:36,345 --> 00:19:39,885
meant to work in containers, and nobody really does this yet.

249
00:19:41,005 --> 00:19:45,625
The way it's meant to work, if you talk to your portal and you get one password

250
00:19:45,625 --> 00:19:49,425
back, you don't know what your password's for, it's just one password back,

251
00:19:49,625 --> 00:19:55,445
and then you use this password you've got back from the host keychain to unlock your keychain.

252
00:19:55,925 --> 00:20:01,705
So it's this two-part system and that way it doesn't matter what's being used

253
00:20:01,705 --> 00:20:06,565
inside a Flatpak, it could be any library to store all of the keys.

254
00:20:07,685 --> 00:20:11,925
That's not how KWallet works. KWallet talks to your host and expects you to

255
00:20:11,925 --> 00:20:14,785
query key value pairs of your keys.

256
00:20:15,565 --> 00:20:20,945
And we're moving to another library which also doesn't handle this very well.

257
00:20:21,265 --> 00:20:25,905
So we need to think this is where things are heading, let's try and target that

258
00:20:25,905 --> 00:20:30,045
now rather than trying to do something now and importing again in a year.

259
00:20:33,505 --> 00:20:37,485
It's a very negative talk so far, there's a positive aspect.

260
00:20:40,265 --> 00:20:45,305
KIO, super core part of KDE, it's one of the big shining things of this is something

261
00:20:45,305 --> 00:20:53,105
we have in KDE is a KIO, which allows you as an application to grab something over FTP or Samba or NFS,

262
00:20:54,185 --> 00:20:57,225
without going through a horrible kernel stuff that doesn't work.

263
00:20:58,765 --> 00:21:03,285
So, does it work in a Flatpak? Sort of, ish.

264
00:21:03,425 --> 00:21:08,725
If you open KWrites, we also bundle our plugin to be able to talk over Samba,

265
00:21:09,705 --> 00:21:13,385
and it can load that plugin internally and load a file.

266
00:21:13,385 --> 00:21:19,545
But your password sharing isn't shared and doesn't work very well and we also

267
00:21:19,545 --> 00:21:23,765
don't have file change notifications because that's on the host with the KDEAD

268
00:21:23,765 --> 00:21:28,965
modules and if you allow the application to access KDEAD lots of bad things

269
00:21:28,965 --> 00:21:32,905
happen because it can do a lot of things like unload KDEAD.

270
00:21:35,276 --> 00:21:39,076
So copying what GNOME does is always a good idea.

271
00:21:40,556 --> 00:21:46,676
There their file system abstraction runs as daemons and applications can talk

272
00:21:46,676 --> 00:21:52,716
to these daemons in a somewhat safe way and say I've got this url can you open it for me.

273
00:21:54,336 --> 00:21:59,436
And even if you don't support that their equivalent fallback where we have KeoFuse,

274
00:21:59,436 --> 00:22:07,456
they have DVFS hues, where you can use your normal POSIX API to open a file, they have that working.

275
00:22:07,996 --> 00:22:12,376
Our situation, a little bit ropey. Nico, did you want to say something?

276
00:22:12,996 --> 00:22:14,596
Okay, just chill down for a second.

277
00:22:17,136 --> 00:22:20,996
The other thing we need to think about with frameworks, moving forward,

278
00:22:21,096 --> 00:22:25,216
not necessarily over the next 20 minutes, but over the next five years,

279
00:22:25,436 --> 00:22:26,876
is how we structure things.

280
00:22:27,496 --> 00:22:32,496
In In KF5, we layered things based on their dependencies for external usage.

281
00:22:34,496 --> 00:22:38,256
And that's all we thought about, really. We need to approach this from the point

282
00:22:38,256 --> 00:22:42,016
of view of how is it going to be used and will it work in an SDK?

283
00:22:42,996 --> 00:22:46,416
If it doesn't work in an SDK, maybe it should be a framework,

284
00:22:46,596 --> 00:22:52,496
but maybe it shouldn't be in the SDK that we present to people when they first go to api.kde.org.

285
00:22:52,556 --> 00:22:53,896
And we need to split these concepts.

286
00:22:55,796 --> 00:23:00,396
So I'll go through an example. KDVS add-ons, very nice framework.

287
00:23:02,036 --> 00:23:06,736
Does it belong in Flatpak? Yes or no, hands up for yes.

288
00:23:09,304 --> 00:23:13,784
Yes, sort of. Answer is complicated, because some things yes, some things no.

289
00:23:14,084 --> 00:23:17,484
So people who are ambivalent, which is all of you, were right.

290
00:23:19,504 --> 00:23:25,864
So KDBusService is a really important class for having a unified Dbus interface

291
00:23:25,864 --> 00:23:28,724
that all three desktop applications are meant to implement.

292
00:23:29,164 --> 00:23:32,124
That's part of this framework. Yes, we want everyone to have that.

293
00:23:34,224 --> 00:23:38,044
KDEVModule is a thing for running things in the host in the same binary.

294
00:23:38,044 --> 00:23:39,764
That doesn't make sense.

295
00:23:41,164 --> 00:23:46,604
K update launch and job, a very specific class for updating environment variables

296
00:23:46,604 --> 00:23:51,224
used by a demon demon, Dbus demon, next time it launches something.

297
00:23:52,104 --> 00:23:55,784
No, it clearly was all nah, but well done for that.

298
00:23:57,644 --> 00:24:01,244
So we've got a mix. And as we approach KS7, we need to look at saying,

299
00:24:01,484 --> 00:24:05,544
well, let's try and split this based on that. Will it actually work?

300
00:24:07,344 --> 00:24:10,704
And more generally, does kof belong in the SDK?

301
00:24:12,984 --> 00:24:19,044
No? Open questions. And does Baloo work in SDK?

302
00:24:20,264 --> 00:24:25,764
It requires the database to be of the same version that your application is

303
00:24:25,764 --> 00:24:27,884
running. We can't really guarantee that.

304
00:24:28,304 --> 00:24:32,264
So maybe there's other ways to expose the contents of the database to applications,

305
00:24:32,524 --> 00:24:37,324
either through a virtual file system API, which we have all the code to do.

306
00:24:37,404 --> 00:24:40,304
There's a lot of options, but we should start exploring them.

307
00:24:41,744 --> 00:24:47,164
K-purpose, also plug-ins, doesn't really work. So we need to start approaching this.

308
00:24:52,353 --> 00:24:55,853
Can somebody bring me more water please? Oh, it's done now. Nate,

309
00:24:55,913 --> 00:24:57,533
can you grab me a water? Thank you.

310
00:25:00,333 --> 00:25:03,613
Flat pack integration within Plasma. It's the other topic of this.

311
00:25:04,473 --> 00:25:08,453
We've got, we've got Plasma. It doesn't work very well. It works,

312
00:25:08,453 --> 00:25:09,853
sorry, Plasma works very well.

313
00:25:10,113 --> 00:25:14,633
But the integration with applications and Plasma is very challenging because

314
00:25:14,633 --> 00:25:18,513
the whole point of a sandbox is to separate these two things and historically

315
00:25:18,513 --> 00:25:22,953
we've had this tie-in where we're saying we've got this application in Qt,

316
00:25:23,013 --> 00:25:29,013
we're going to inject these plugins and try and manipulate it to work well in our desktop.

317
00:25:29,833 --> 00:25:32,133
And that part doesn't work so well.

318
00:25:33,053 --> 00:25:39,493
So styles, your Qstyle, we allow people to choose it and that's a plugin.

319
00:25:40,313 --> 00:25:44,813
Does this work in Flatpak? Kinda. Oh a trick you all.

320
00:25:45,013 --> 00:25:48,413
Yeah it kind of does work, but also no.

321
00:25:48,573 --> 00:25:56,613
So As a user, you have to go and manually install, if we don't ship it,

322
00:25:56,773 --> 00:26:00,173
your Qstyle on your host, so this KCM sees it.

323
00:26:00,373 --> 00:26:06,593
And then there is a mechanism to add plugins into your SDK that we provide.

324
00:26:08,473 --> 00:26:13,633
But it's not hooked in from this KCM, and that sort of falls apart.

325
00:26:14,553 --> 00:26:19,493
And even if it did work, it sort of undermines the sandboxing if you're grabbing

326
00:26:19,493 --> 00:26:21,733
these external plugins and trying to mess them around.

327
00:26:22,873 --> 00:26:27,233
So we need to move away from this concept of us injecting things into other

328
00:26:27,233 --> 00:26:28,813
processes dynamically.

329
00:26:31,153 --> 00:26:36,073
So there's a talk tomorrow from Ian about a new way to approach styles,

330
00:26:36,373 --> 00:26:42,993
where we say, let's try and just use one style and then have other ways to theme

331
00:26:42,993 --> 00:26:44,913
this, which is based on configuration values,

332
00:26:45,453 --> 00:26:47,793
rather than injecting binary things.

333
00:26:51,213 --> 00:26:56,053
The other plugin we inject into the application is a QPlatform theme.

334
00:26:56,633 --> 00:27:01,633
For most other applications, it's hosted in Qt, Plasma, we host it in Plasma

335
00:27:01,633 --> 00:27:04,073
and release it in LockSync with Plasma releases.

336
00:27:06,013 --> 00:27:12,013
But that doesn't get loaded, so on the Flatpak side, they grab this repository

337
00:27:12,013 --> 00:27:16,493
and also bundle it in whichever Flatpak SDK release we have.

338
00:27:19,333 --> 00:27:23,493
So that also somewhat falls apart because you might be running an old version

339
00:27:23,493 --> 00:27:25,193
of plasma integration on a new plasma.

340
00:27:28,174 --> 00:27:32,874
Which requires us to keep all of these things in sync so it actually keeps working.

341
00:27:35,394 --> 00:27:38,334
So can we use container tech to improve Plasma?

342
00:27:40,514 --> 00:27:46,974
Yes, this is a positive bit of a talk. So I'm going to go for a case study of,

343
00:27:48,074 --> 00:27:52,674
how other people can extend parts of Plasma, which is the opposite way around

344
00:27:52,674 --> 00:27:55,534
rather than apps, Plasma extending applications.

345
00:27:57,054 --> 00:28:02,574
So K-Runner, it used to be a plugin systems where we had K-Runner,

346
00:28:02,694 --> 00:28:07,414
it was a framework and people could write binary plugins that Plasma then loaded.

347
00:28:08,794 --> 00:28:13,334
And that gets you so far, but only stuff that distribution is then packaged.

348
00:28:13,634 --> 00:28:18,094
It's very difficult for third parties to do anything that any user can actually use.

349
00:28:18,834 --> 00:28:24,754
So we try to move away from that And we move to a process where KRunner talks

350
00:28:24,754 --> 00:28:30,994
Dbus, FPC, to another binary in any language that gets launched with Dbus activation.

351
00:28:31,474 --> 00:28:36,094
We say, the user searched the word foo. Do you have any results that match the

352
00:28:36,094 --> 00:28:39,034
search? And then we display them and maybe invoke the action.

353
00:28:39,954 --> 00:28:41,834
And we landed that in 5.27.

354
00:28:43,194 --> 00:28:48,094
And users started shipping this stuff. And on get hot new store stuff,

355
00:28:48,294 --> 00:28:53,454
a KDE website, we have 50 plugins of people, not plugins, sorry,

356
00:28:53,554 --> 00:28:58,014
50 ways of people, 50 runners. Thank you.

357
00:28:59,234 --> 00:29:04,974
And then those scripts were just bits of Python, things that you can just randomly

358
00:29:04,974 --> 00:29:07,994
run because they're scripting language. You can just download and run them.

359
00:29:08,714 --> 00:29:12,694
Except that's not even how scripting languages work. They still have dependencies.

360
00:29:12,694 --> 00:29:19,234
So those scripts started calling apt-get and RPM and Pacman and doing horrible

361
00:29:19,234 --> 00:29:22,994
things that scripts should not be doing. And we started supporting that.

362
00:29:25,797 --> 00:29:31,177
And the result's a mess. So we want to use that same amazing infrastructure

363
00:29:31,177 --> 00:29:33,457
that Flatpaks and Snap should provide.

364
00:29:34,937 --> 00:29:38,817
And there's nothing fundamentally stopping us from making that work,

365
00:29:40,357 --> 00:29:42,257
except for some tiny details.

366
00:29:43,257 --> 00:29:47,697
We've acquired a desktop file, this config file that says, I'm a runner,

367
00:29:47,777 --> 00:29:54,057
please run me, to be installed into user share K-Runner Dbus plugins, which Plasma can't see.

368
00:29:54,797 --> 00:29:59,177
Because the Flatpak environment doesn't copy a file to any way the host can see.

369
00:30:00,717 --> 00:30:06,297
So fixing is easy. Just move where that file is to a file that we can see.

370
00:30:07,117 --> 00:30:12,257
And I've ported one of these runners to be in a Flatpak. It was a two-line change

371
00:30:12,257 --> 00:30:15,097
and now we can start getting runners in Flatpaks.

372
00:30:17,157 --> 00:30:21,277
But it's also interesting that GNOME had the same problem with their identical

373
00:30:21,277 --> 00:30:22,557
framework GNOME search,

374
00:30:22,817 --> 00:30:29,597
and they patch Flatpak to just also copy a file, which is the approach we should

375
00:30:29,597 --> 00:30:34,637
be looking at in terms of how can we fix these, just modify a software that

376
00:30:34,637 --> 00:30:36,537
gets used, is a valid approach.

377
00:30:39,017 --> 00:30:41,837
And we have the same problem in a few other places in Plasma.

378
00:30:42,677 --> 00:30:46,057
Solid device actions when you plug in a USB pen.

379
00:30:49,237 --> 00:30:54,657
Or your SD card, you might want to automatically open it in Gwenview,

380
00:30:54,797 --> 00:30:58,317
and you can write these rules that say, if it's an SD card and there's a folder

381
00:30:58,317 --> 00:31:00,257
called DSIM, open Gwenview.

382
00:31:02,137 --> 00:31:08,477
And that absolutely can work in a Flatpak world, but the host needs to better see these files.

383
00:31:09,557 --> 00:31:14,157
And we have this really nice feature that we all love, where we can configure

384
00:31:14,157 --> 00:31:19,097
application notifications in Plasma and I like it,

385
00:31:19,217 --> 00:31:22,957
but it's not going to work for any Flatpak app because it requires reading a

386
00:31:22,957 --> 00:31:26,837
notify RC file that Plasma can't see.

387
00:31:27,377 --> 00:31:31,177
And that needs a solution or it's going to just end up in the bin.

388
00:31:35,133 --> 00:31:38,593
Another case study. File thumbnails.

389
00:31:40,073 --> 00:31:43,993
File thumbnails are really important because tricking a user into plugging in

390
00:31:43,993 --> 00:31:47,113
a USB drive or downloading a file is relatively simple.

391
00:31:47,373 --> 00:31:50,373
You don't require social engineering to make somebody download a file.

392
00:31:51,013 --> 00:31:55,093
Making them open it, sure, but then hopefully it's in that sandbox environment.

393
00:31:55,893 --> 00:32:01,693
But to show a little preview of it, someone needs to open a file and look at

394
00:32:01,693 --> 00:32:03,253
the content and make that little preview. you.

395
00:32:04,213 --> 00:32:09,393
So it's currently shipped as plugins that have to match the same version of

396
00:32:09,393 --> 00:32:12,193
Plasma that we are running right now, or the same version of Dolphin.

397
00:32:13,713 --> 00:32:18,213
If you've got an app like Blender that wants to install its own from-lailing

398
00:32:18,213 --> 00:32:22,193
tool, it can't because it can't export a file to do so.

399
00:32:23,173 --> 00:32:26,293
And they're currently running on our host completely un-isolated.

400
00:32:27,173 --> 00:32:31,893
And I'm pleased to say it's in work merging to Kira right now that should allow

401
00:32:31,893 --> 00:32:37,533
Flutterpack apps to make your own thumbnails and start sandboxing the stuff

402
00:32:37,533 --> 00:32:39,533
we have, which is going to be awesome.

403
00:32:41,393 --> 00:32:47,233
And long term, we need to be thinking about using this container tech for all

404
00:32:47,233 --> 00:32:52,773
of our applets, all of our extra KCM modules, so you don't have to be inside our base.

405
00:32:53,553 --> 00:32:57,113
And that requires some new infrastructure that doesn't exist yet.

406
00:32:57,933 --> 00:33:00,813
But hopefully, that's something we can work on over the next few years.

407
00:33:01,733 --> 00:33:03,653
And I intend to work on over the next few years.

408
00:33:06,533 --> 00:33:10,153
Questions? Or lunch? Snack?

409
00:33:14,973 --> 00:33:19,673
Nate, do you want to just shout? Oh, the microphone here. Okay.

410
00:33:27,473 --> 00:33:33,113
Does it work? Maybe? Yes, it works. Okay, so I'll be brief with my question.

411
00:33:33,313 --> 00:33:38,273
What do you think is the ideal balance of changing our apps to work with Flatpak

412
00:33:38,273 --> 00:33:41,873
versus changing Flatpak to work with our apps? About a five.

413
00:33:45,893 --> 00:33:50,953
I think it's a compromise. It depends on the situation. We should try.

414
00:33:51,553 --> 00:33:56,133
And we can say we've got... is if it's no work for us to change,

415
00:33:56,213 --> 00:33:57,313
then we should just change.

416
00:33:57,513 --> 00:34:00,573
If there's a benefit to changing Flatpak, we should change Flatpak.

417
00:34:00,813 --> 00:34:04,153
And we can at least try our approach and see what works.

418
00:34:05,833 --> 00:34:09,973
So there's no right or wrong answer to any of this. It's a see which is the

419
00:34:09,973 --> 00:34:10,813
path of least resistance.

420
00:34:14,923 --> 00:34:15,543
The question in front.

421
00:34:18,303 --> 00:34:24,263
So I have seen complaints about the free desktop secret service,

422
00:34:24,483 --> 00:34:32,483
as in it gives you a false sense of security because actually everyone can see everything.

423
00:34:32,863 --> 00:34:39,843
So how is your work going to make this better or address this issue?

424
00:34:40,383 --> 00:34:44,583
I think there's a difference between where we want to go and where we are now.

425
00:34:44,923 --> 00:34:50,563
And we're approaching this in a very transitional way of let's actually get

426
00:34:50,563 --> 00:34:53,963
apps using this framework and then tighten and tighten and tighten and tighten.

427
00:34:54,463 --> 00:34:58,263
Rather than what we've seen in some other transitions of saying,

428
00:34:58,363 --> 00:35:00,783
this is a perfect world we want to jump to.

429
00:35:01,383 --> 00:35:05,763
And then everyone's struggling to actually make anything work. And that's a balance.

430
00:35:06,423 --> 00:35:10,323
And I think it was just something that we're just going to transition to over time.

431
00:35:10,463 --> 00:35:13,923
And you're right. Right now, maybe there's a false sense of security.

432
00:35:13,923 --> 00:35:17,543
But the alternative is also not safe at all.

433
00:35:18,083 --> 00:35:23,143
So, as long as we're transparent to the user, that should be okay.

434
00:35:23,263 --> 00:35:24,883
And I think transparency is really important.

435
00:35:26,163 --> 00:35:30,343
And that's something we can definitely make sure is right. And that's something on us to fix.

436
00:35:31,703 --> 00:35:35,463
But the technical side is just about time and putting in the effort.

437
00:35:40,994 --> 00:35:45,674
Portal actually owns the portal. Yes, sorry. I missed your question. Secret Service.

438
00:35:46,674 --> 00:35:52,034
Yes. Yeah, yeah, sorry. Yes. Secret Service basically has the security model

439
00:35:52,034 --> 00:35:54,654
of KWallet, which is anything can access anything.

440
00:35:54,874 --> 00:35:58,334
But the portal is the thing where you only get that one key.

441
00:35:58,554 --> 00:36:02,654
So that should be secure against that. It should.

442
00:36:04,774 --> 00:36:09,714
But we need to actually make use of that. I should mention on the KWallet side,

443
00:36:09,714 --> 00:36:15,074
Carl has a talk, a buff on Tuesday about wallets so if you're interested in

444
00:36:15,074 --> 00:36:18,434
wallets and Secret Service and the other Secrets Portal,

445
00:36:18,734 --> 00:36:23,654
go to that and we can make sure we come up with something that works and is amazing,

446
00:36:25,094 --> 00:36:28,274
That would be good because secrets are a mess right now everywhere,

447
00:36:30,154 --> 00:36:36,114
But I've been following what Gnome have been doing on the project that got the

448
00:36:36,114 --> 00:36:40,794
Sovereign Fund money and they were open to collaboration operation on the daemon side.

449
00:36:45,654 --> 00:36:49,254
What about running more Plasma core resources as flatpaks?

450
00:36:49,374 --> 00:36:55,574
Like for example, running kScreenLocker in a container or Quinn, or maybe even KRunner?

451
00:36:56,854 --> 00:37:01,434
I think definitely over time, it's one of those, let's keep adding and adding and adding and adding.

452
00:37:01,834 --> 00:37:05,554
Um, I mean, the things with Plasma are always a little bit difficult because

453
00:37:05,554 --> 00:37:09,794
we need to launch applications and do all of the things that we need to do.

454
00:37:10,274 --> 00:37:14,234
So I would like to see more because I want to see that core reduce.

455
00:37:14,554 --> 00:37:18,994
So I think the important part is to get things like print manager out so that

456
00:37:18,994 --> 00:37:25,274
can have a different release cycle and those sorts of things out first and then

457
00:37:25,274 --> 00:37:26,834
a core stuff comes later.

458
00:37:26,994 --> 00:37:29,854
So really focusing on a cost to benefit ratio.

459
00:37:30,294 --> 00:37:36,034
If there's a huge benefit with little cost that's what we do first and then work our way way down.

460
00:37:40,292 --> 00:37:44,752
So I know it's going to be bad, right? Is it working? Okay.

461
00:37:45,212 --> 00:37:49,412
All right. There we go. So you talked all about how this, you know,

462
00:37:49,892 --> 00:37:54,292
sandboxing and permissioning and all this fun stuff that you want to have in

463
00:37:54,292 --> 00:37:57,812
applications, SDK, Plasma.

464
00:37:58,312 --> 00:38:00,152
Yeah, some sort of KD goal, if you will.

465
00:38:02,392 --> 00:38:11,092
I'm not going there. uh but uh i i kind of think that the actual thing you want

466
00:38:11,092 --> 00:38:15,132
is to see the plasma stack as a whole,

467
00:38:16,032 --> 00:38:21,152
operate with the assumption that there's a sandbox and that we have a sandbox

468
00:38:21,152 --> 00:38:27,932
delivered with a manifest that executes on that yeah i don't think that necessarily

469
00:38:27,932 --> 00:38:31,112
means we're coupling it with Flatpak.

470
00:38:32,612 --> 00:38:37,952
There's a tool out there that I saw some months ago called BubbleJail,

471
00:38:38,052 --> 00:38:44,672
and it basically takes the same security confinement manifest that you use in Flatpak,

472
00:38:44,812 --> 00:38:49,092
and it takes it out and you can use it for arbitrary application processes and

473
00:38:49,092 --> 00:38:51,712
services regardless of delivery system.

474
00:38:51,992 --> 00:38:57,012
This is something that could make a ton of sense for us to use now to start

475
00:38:57,012 --> 00:39:01,092
moving towards a sandboxed model for sensitive processes?

476
00:39:01,772 --> 00:39:06,552
100%. I mean, it's about using the right tool for your job. And if stuff is

477
00:39:06,552 --> 00:39:09,712
coming from a third party, you need to think about a distribution as well.

478
00:39:10,152 --> 00:39:13,932
If something like the thumbnails we talked about, if they're coming from KDE,

479
00:39:14,532 --> 00:39:17,812
yes, I still want to sandbox them, but I don't need to worry about your distribution.

480
00:39:18,012 --> 00:39:23,272
At which point, you're right, we need to find a tool that only covers that one part of your job.

481
00:39:24,052 --> 00:39:25,632
I think we've got time for one more question.

482
00:39:35,472 --> 00:39:42,332
Is there, so from what I understand, your focus is top level,

483
00:39:42,512 --> 00:39:45,412
so to speak, applications and not the base system.

484
00:39:45,592 --> 00:39:54,252
Do you know if there is any work on KDE working to make it more easy to work

485
00:39:54,252 --> 00:40:04,392
with immutable usable OSs like Micro OS that uses read-only stuff like read-only user.

486
00:40:05,052 --> 00:40:08,672
I think maybe hang around today, go to Howard's talk.

487
00:40:08,992 --> 00:40:13,672
Is that? Yep. Hang around today, go to Howard's talk and have a look what he's doing.

488
00:40:17,552 --> 00:40:21,972
What's the name of the cool talk? An operating system of our own.

489
00:40:21,972 --> 00:40:25,592
An operating system of our own, and that might have some similar concepts.

490
00:40:26,812 --> 00:40:30,292
I've been told to stop, so I will leave. Thank you.