GNOME is a free and open-source software environment project supported by a non-profit foundation. Together, the community of contributors and the Foundation create a computing platform and software ecosystem, composed entirely of free software, that is designed to be elegant, efficient, and easy to use.
Welcome to GUADEC! This is the official opening of the event.
While the D-Bus "Secret Service" API is integrated well in the GNOME desktop through gnome-keyring and libsecret, the architecture is getting outdated as flatpak apps come to the fore. One of the biggest problems of the current architecture is that the secrets are not properly isolated per application and that allows one application to request another application's secrets.
To address this, there was an idea proposed at GUADEC 2013: provision applications with a session key through kernel keyring and let the applications locally encrypt their secrets. This approach, however, was still suboptimal, because it requires authentication and access control in kernel keyrings.
In this talk we discuss the threat models taking into account of flatpak based workflow and propose an approach to overcome those by combining the local encryption idea with public-key cryptography, TLS-PSK, and hardware-based security.
The Free and Open Source Software community has a tendency to bring about the best and the worst in us – the polarization due in no small amount to the voice that FOSS provides to both users and developers alike. Developers are not shielded behind a faceless organization, but rather have their identity posted front and center with each controversial change. Likewise, users have direct outlets to voice their frustrations, praise, and suggestions. The transparency in our community gives people a feeling of ownership over the open source projects they support and advocate. This can lead to a sense of betrayal when unpopular changes are made. Users who have been supporting our cause for years, feel like they are owed a democratic vote in the direction of the project, and when changes are made that betray their trust, they respond viscerally.
This paradigm can be detrimental to everyone involved with an open source project. Developers can become jaded and distant from the communities using their work, and in return the communities can become cold, distant, unempathetic, and cruel to the developers whose work they use. There is little to no buffer between either side, and the results are raw and unfiltered, and can cause both developers and users alike to give up on the project. The transparency and clarity that can be the shining light of Free and Open Source software can also become be the downfall of a project unless actions are taken to reverse this direction.
So the question is, how can we balance both the transparent, communal structure of an open source project like GNOME, while also keeping our community and contributor environment friendly, enjoyable, and non-toxic.
It's been over two years since we've made the initial transition and this talk will have a retrospective on the impact the move has on the project, but what also can we do to continue to make a better experience. This talk will be both a review of metrics and a brainstorming session on further projects that we can pursue.
Since the dawn of time, gnome-session has been the venerable session manager the GNOME desktop. It is responsible for starting the display manager, auto-starting applications, providing a session management API over D-Bus, and much more.
Nowadays we can do better. We've had systemd around and capable of managing user sessions as well as system services for some time now. It offers us the possibility of providing more advanced session management capabilities. With systemd it becomes possible to start things in response to events (such as other units starting up successfully), to handle crashing services gracefully, to provide better access to logs, and so on.
In this talk we'll describe our approach to starting and managing GNOME sessions with a systemd user instance, and discuss where we can go from here.
Browser technology over the past decade has taught us practical lessons about how to increase application security through the use of sandboxes. However, sandboxes seem to necessarily require using multiple processes to limit damage from various software components. You don't want a bug in your image decoder to exploit access your email and contact databases, potentially corrupting or siphoning data to an attacker.
This talk will discuss design strategies and implementation details for how to implement multi-process applications for the Linux desktop using GNOME technologies such as DBus, bubblewrap, and Flatpak.
Home-automation enthusiasts have a lot of free-software options — at least for controlling lights, appliances, thermostats, and other such embedded devices. Even FOSS media centers (like Kodi) and smartphones get in on the action. But, ironically, the one piece of computing equipment that remains woefully isolated from the rest of the connected house is the Linux desktop. This talk will describe my personal effort to change that, using a suite of home-spun integrations for the Home Assistant platform. The DIY approach uses the MQTT message system to exchange updates between a GNOME desktop and a Home Assistant server, so that events like session state, application notifications, and system status can be used in Home Assistant "scenes" and automation scenarios.The session will cover the set of events I included in my "desktop automation schema" and its rationale, plus how those events fit into common home-automation recipes like presence detection, daily timers, reminders, and event triggers. It will also cover the wishlist I developed along the way, for events I could not get functional on the GNOME side and for third-party projects that could be more accommodating.We will look at both the good and the bad, recommending areas where GNOME (or general Linux plumbing) could provide easier interfaces and offering starting points for others interested in taking the effort in new directions. We will end by discussing the privacy and security implications and defining an approach that safeguards users while still offering useful functionality.
Hack is a new GNOME-based learning project that teaches kids to code. In this talk we will give a high-level overview of Hack, and the different components which are integrated in a real operating system (Endless OS): the games, the toolbox to modify their source code, the quest system to guide the player, and the inter-process communication systems that we use to glue everything together.
This talk will provide an introduction to the portal architecture, including design principles for the user experience and the API design.
A year after Flatpak 1.0, we can also take a look back at lessons learned from using portals in a wide range of applications:
What works well, what doesn't?
What are the most sorely missing portals?
Which ones turned out to be unnecessary?
How can you write a portal yourself?
If you think your application needs a portal to interact with the system, please attend this talk - I plan to collect suggestions.
AR and VR did not only introduce a new class of output devices, but with tracked controllers and hands also the requirement for a new set of user interactions. This talk investigates solutions in existing implementations and points out how the classical UX model with keyboard and mouse translates to these new devices. The technical aspect of these requirements will also be highlighted. The audience will get an overview of the status of Open Source in VR and the opportunities for GNOME. We will propose an implementation that integrates VR in the GNOME desktop, featuring 3D window management and desktop input synthesis.
Another GUADEC, another Shell talk. This session will cover the highlights in mutter and gnome-shell development, as well as the ongoing plans.
Health must remain a non-negotiable human right. GNU Health is a social project that uses technology and the Libre Software philosophy to provide Freedom and Equity in healthcare.
In my talk I will address the importance of Free/Libre Software in the Public Health, data governance, privacy, and the need for a universal implementation of a person/patient unique ID. I will discuss contradiction and dangers of private corporations in the public health system, such as the “cloud” services, in the public health system.
I will summarize some key aspects of GNU Health that benefit the public health system: from the socioeconomic determinants of health to state-of-the-art technology in bioinformatics and clinical genetics. In addition, I will introduce the GNU Health Federation that integrates information coming from thousands of health facilities across a country public health system and personal health devices.
Finally, I will review some notable implementation cases done during these 10 years, the GNU Health community and how to be part of our project.
How environmentally friendly is GNOME, both the software and the project? What can we do to make it better, at a technical level and at a social level? This is going to be a talk of observations, and maybe some thoughts about solutions, but I don’t have all the answers. Graphs may be involved.
What is Imposter Syndrome and why we need to discuss it?
Impostor Syndrome is the feeling that you aren’t actually qualified for the work you are doing and will be discovered as a fraud. It is prevalent amongst a lot of members of open tech/culture, especially people from underrepresented backgrounds, many of whom have been socialised to value other’s opinion of their work above their own, and to do things “by the book.”
What to expect from attending the Imposter Syndrome workshop?
The workshop will enable attendees to understand, identify and talk about impostor syndrome and provide some guidelines on managing it during our day-to-day life.
Further notes:
The Imposter Syndrome Workshop and Unconscious Bias Training will be adapted from training resources and guidelines from Ada Initiative and Google.
Conducting this workshop and training at GUADEC will allow to have a wider and better impact on the community in the D&I directions.
Attendees are welcome to attend either of the sessions individually i.e. You can join/leave at the one hour mark when the second session begins. The first session will be Imposter Syndrome workshop. The second session will be Unconscious Bias training
Sandboxing is an important part of modern security and as of WebKitGTK 2.26 it is able to sandbox its web processes. This talk will cover how WebKitGTK using applications can enable it as well as go into the technical details of how the sandbox is implemented.
Africa, we believe, is a totally unique market/audience in terms of accessing and using technologies. We have run technology communities and organised technology events in Kenya for almost 5 years which we would share our experiences up to this point. We will also give proposals for what we think is a better approach into achieving better penetration and adoption of GNOME in terms of users and contributors to GNOME.
Boxes have been a mainstay of how user interfaces are built with GTK; all UIs are constructed by packing controls into boxes, grids, and bins, and controlling the alignment and expansion flags until they reach the desired layout.
This is going to change with the next major release of GTK, 4.0. With the introduction of layout managers, we don't need complex containers with a single layout policy; additionally, GTK is going to support constraint-based layouts, which describe the arrangement of UI elements not by their packing structure but by the relationships between their various attributes.
In this presentation we're going to outline how composite widgets are going to be assembled in the future of GTK applications, and we're going to look at various techniques to achieve complex UI layouts. Additionally, we'll have a look at how tooling can improve to ensure that GTK application maintainers have access to the best developer experience possible.
What to expect from Unconscious Bias training and why is it relevant?
People make, and sometimes act on, snap judgments based on the other person’s race, without any conscious intention. The training will begin with demonstrations of how the mind operates in such ways that are outside of conscious awareness or control. We will then move on to enable attendees to understand and identify such interactions in their daily life and will provide suggestions on how to be more inclusive in such collaborative environments. I feel that in a diverse and collaborative community like Fedora, it is important for us to be able to learn to identify our implicit biases in order to have effective and inclusive communication.
Further notes:
The Imposter Syndrome Workshop and Unconscious Bias Training will be adapted from training resources and guidelines from Ada Initiative and Google.
Conducting this workshop and training at GUADEC will allow to have a wider and better impact on the community in the D&I directions.
Attendees are welcome to attend either of the sessions individually i.e. You can join/leave at the one hour mark when the second session begins. The first session will be Imposter Syndrome workshop. The second session will be Unconscious Bias training
The flatpak base runtime provided by the freedesktop-sdk project is the runtime which GNOME and KDE runtimes are based on. It's also the base for any flatpak app that uses those runtimes or the freedesktop-sdk runtime directlyIn this talk we will discuss new improvements the community have made during the 18.08 release cycle, and we will also present what new updates and features we have been working on for the new 19.08 release!
Some of the topics we will touch include:
Improvements since 18.08
QA improvements (CVE, ABI)
Some adjustments on the release model
19.08 new features and updates
Short overview of the application icon style redesign and a demo of designing an application icon using Icon Preview and Inkscape.
This talk is about the GNOME user experience: the experience of those using GNOME software. In particular, it is about where that UX needs to go, and how we can get there. In the first half of the talk, I'll talk about strategy: what GNOME's goals and priorities need to be, if we want to succeed. I'll start by talking about where the desktop is positioned in 2019, and what the opportunities are for GNOME, as well as the risks that we face.
In the second half of the talk, I will talk about the approaches and methods that are needed to help us meet our strategic goals. In doing so, I'll talk about how design and development needs to be thought about and organised, and how the process of creating great UX needs to evolve if we are to succeed.
Over the past 4 years, GNOME has been creating the Builder IDE to radically reduce the difficulty in contributing to the Linux desktop. It has brought a number of new contributors to desktop Linux by simplifying common procedures such as setting up build environments and guiding newcomers; all while supporting a number of programming languages.
To make this possible, the Builder team helped push forward various container technologies such as Flatpak for use as SDKs so that developer teams can develop using identical toolchains and environments. In doing so, much heavy lifting on the platform was required to ensure that features such as debuggers, profilers, and terminals continue to work as expected. In the end, Builder has simplified the process for contributing to GNOME all while preserving the advanced developer features we require. Newcomers can get started contributing to an existing application in the matter of a single click.
We will discuss the engineering challenges and complexities that were involved to make all of these pieces of immature technology work together. Participants can expect to learn about the underlying technologies that make Builder work and increased understanding of the plugin architecture of Builder.
We go to great lengths to ensure a consistent and smooth experience to those who use GNOME, but do we do the same for those who make it?
This talk is about the multitude of challenges, joys, glooms, and routine of being a GNOME application maintainer. The idea came after writing about being a free software maintainer [1], and observing the massive repercussion it had. Turns out, we barely talk about how we maintainers feel, the challenges we face but are lost amidst bug trackers, merge requests, and IRC conversations.
The talk will be done in 3 parts:
Very brief overview about my trajectory from a user to a contributor to a maintainer;
The different situations that happen after becoming a maintainer
Potential strategies for dealing with the maintainership struggles
The tone of the talk, however, is less about giving answers, and more about exposing situations, sharing stories and struggles, and opening a safe space to talk about it. Non-maintainers will have the chance to look and appreciate what does it take to be a maintainer.
The easiest way to host a flatpak is to let someone else do it, like Flathub. However, one of the main strengths of flatpak is the distributed nature which allows anyone to host a repository, and sometimes you need it. Or maybe you are just interested in how it works?
This talk will explain how a flatpak repository works, and the various alternatives when it comes to hosting it. This will scale all the way up from a local test repository to how flathub is set up to deliver efficiently all around the world.
Every year, the GNOME Foundation's Board of Directors sets aside some time at GUADEC for the Annual General Meeting (AGM). Everyone is invited to attend the AGM and hear updates on what has been happening at GNOME for the last year, and also to get to know the new Board members and ask any questions that they may have. If there are any items requiring a vote by the Foundation membership to resolve, a vote is conducted at the AGM.
Why attend?
Besides getting an update on what has happened at GNOME over the last year, and getting to know some of the GNOME Foundation leaders, there will be other fun things planned too. Sometimes we do give-aways and prizes, and will take a break for the GUADEC group photo -- which you'll definitely want to be part of to prove you attended GUADEC 2019! At the end of the AGM, we'll do our annual Pants Award ceremony. Yes, we give away trousers. You'll see what we mean if you attend.
Agenda for this year's AGM (subject to change):
Introduction to new Board of Directors
Reports on the previous 12 months
Break for group photo for GUADEC 2019
Q&A
Vote on bylaw changes
Pants Award (https://wiki.gnome.org/Pants)
User research is a crucial point for following a user-centered design approach. However, smaller teams may not have the resources to prioritize it.
In this session, we will cover the value of doing research, choosing the right methods. Organizing and running research in just a few steps with minimal resources, to get user feedback that will help improve your product.
These methods can be applied by designers, engineers or any team member. We will go through the process step by step, using examples from research conducted for various open source projects like GNOME, Thunderbird, I2P, Briar, HTTPS Everywhere.
Most importantly, we will discuss how to effectively use the results to have an impact on the development decision-making process.
Cassidy has been observing and researching dark styles in consumer software for several months, and conducted a user study with over 1,500 participants. In this talk he shares his research, observations, prior art, and requirements for a dark style preference on FreeDesktop platforms.
The Linux desktop is dead. At least, this has been the claim of many people. But is it really? So many core platforms have moved to open source software over the past decade. Although Windows now includes a copy of Linux, the desktop has not moved. While mobile phones have taken the world's attention, the desktop is still the primary work and study platform, and average use has continued to grow since the launch of the smartphone. And yet, since Apple launched the iPhone and turned that into its primary profit machine, it has not invested in updating its desktop operating system. Isn't there potential to update the desktop into the 2020 version of itself? And isn't it possible for GNOME to be the organization that does that?
What if we dreamed big? What if it were possible for Linux to conquer a niche beyond its original niche of engineers in order to capture a meaningful slice of the consumer desktop market? It often seems that this dream has been lost. Certainly isn't that the reason for the claim of many that the Linux desktop is dead? But what if it weren't. This talk is about the case for why it isn't, for why it is so important that the future of the desktop be free software, and for a potential strategy for achieving that. Our strategy is about picking a niche that is winnable, then none of the other players are going after, and yet it needs real attention in order to be won. Our company is pursuing this strategy because the Linux desktop has incredible technology and potential, and with the right design and strategy, we can open a new market and transform our odds of success. Tesla comes to mind in an era of cars that have not been updated for decades and yet they had so much potential for innovation. And yet, this is only one company. What can we do as a community of individuals and companies to push GNOME into new markets and into a world in which it can capture tens of percentage points? Today that seems crazy, but is it really? This talk is a case for why it isn't, and what we need to do.
Hardening built into the operating system without compromising on usabilityThe attack surface of USB is quite large and while disabling USB altogether solves the problem, it creates many other. As do existing protection mechanisms. They suffer from poor usability and missing integration into the operating system. We present our approach to defending against rogue USB devices for a GNOME-based operating system.USB is arguably to most expose interface of a user's machine. It allows an attacker to interact with pretty much any driver many of which are of questionable quality. We try to be smart about when to allow new USB devices. First, we try to detect when the user is present, arguing that if the user is not then new USB devices should not work. But it is not that simple, because you might very well want to attach a new keyboard in case yours breaks. Keyboards, however, pose another risk as several attacks have shown. But not all keyboards are equally bad and we propose to promote a harmless keyboard to become dangerous after getting the user's consent. It is not entirely clear yet how to that best, so your feedback and a discussion is certainly welcome!
Historically, accessibility features in GNOME on X11 were handled by different components such as Xorg itself for keyboard accessibility, “mousetweaks” for mouse accessibility, GNOME settings daemon for locate pointer, AT-SPI registry daemon, etc.
All these features relied on the ability to query the input devices on behalf of other clients or generate fake input events, neither of which is possible with Wayland anymore.
The purpose of this talk is to present the current status and the technical solutions chosen in mutter/gnome-shell to make these features available on both X11 and Wayland.
The GNOME desktop is based on a Javascript engine, and there are some long-running and much-discussed problems around Javascript's garbage collection. This past year I've been working on a solution to the garbage collection problems in GJS, an initiative nicknamed "taking out the garbage". This talk will have a short technical portion about taking out the garbage, as well as some of the cool things I've learned by working more closely with Mozilla.
I will also talk about new features introduced in GJS, such as upgrading the Javascript engine to Firefox 68, and how they affect our four audiences: users, app developers, GNOME Shell developers, and shell extension developers.
Finally, there has never been a better time to get started contributing to GJS than right now, and I will talk about some projects that you can do to help make things fabulous for Javascript developers in GNOME.
GNOME Mobile has come a long way since last year's GUADEC. We now have all the main widgets needed to make GNOME apps adaptive, i.e. work well across all form factors from phone, to tablet, to desktop. A number of core and third-party apps have already been ported, and new apps are being built with to be adaptive from the start. In this talk I'll give an overview of the most important adaptive design patterns, how existing apps are using them, and how you can use them in your own apps.
While the EU's GDPR and ePrivacy (now undergoing reform) provide people with additional control over their personal data, they do expect organisations to perform significant adjustments to their processes and workflows and to implement particular measures. Most open-source projects, including GNOME, make no exception and are consequently expected to comply with the extensive legal and technical requirements; not to forget software developers, engineers and technologists who are additionally tasked with implementing privacy-enhancing mechanisms.The participants of this session will explore the fundamental requirements of the GDPR and the current ePrivacy Directive and will also discover the important connections between the GDPR and the upcoming ePrivacy Regulation. More importantly, they will be presented with the most frequent Do's and Don'ts of the post-GDPR era. Last but not least, we will highlight and showcase some of the best practices adopted by the GNOME project and the wider community and think about the next steps.
The GNOME Foundation has seen some generous donations recently, and we are now seeing the impact of these with new staff coming on board at the Foundation. This talk will look at the future of the Foundation and the project, and highlight key plans for the future growth of GNOME.
My presentation covers the work I developed during my internship with GNOME. From what is usability, what is usability testing, how important it is to do usability tests on in free/open source software to how to do usability testing on your own and how to report useful results. I'll give a brief explanation about what I learned from my internship with GNOME, especially with usability.
Free software will not win by "merely" replacing proprietary software. We need to lead with a vision of how the world could be. A voluntary community, one where people participate by choice, does not have to replicate the power structures, gate-keeping or casual cruelty of the systems it seeks to replace. We could make free software the most empowering place to build software. Free software tools could enable new ways of crafting user experiences that proprietary software providers seem unwilling to offer. Free software could tranform the relationship between users and developers, so that users feel like partners instead of sales metrics. Free software communities should be seeking to outdo proprietary software's methods and social norms in every possible way.
We've made a great start by empowering many technical and semi-technical users, but we can't stop there. (What kind of utopia only has coders in it?) Let's build a kinder and more practical free software movement to empower all kinds of people!
Another year, another GUADEC comes to a close. This session finishes off GUADEC 2019!