GNOME 3.7.1 sightings

After spending some time mostly focused on polishing and delivering GNOME 3.6, we’re already at the point again where the new development cycle is starting to take off.

GNOME 3.7.1 will be out later today. It is the first early development snapshot in the 3.7 cycle, so don’t expect too much yet. Our plans for this cycle are beginning to take shape here. While smoke testing 3.7.1, I managed to capture a few small glimpses of new things.

Nautilus is searching recursively again. Search is still being under active development, with more improvements to come. Since search doesn’t screen-shoot very well, here is the new file system capacity pie chart:


GNOME online accounts has a new provider for OwnCloud. This is not practically useful in 3.7.1, because the OwnCloud support in various applications is not there yet. Expect that to fall into place soon.

In another corner of the GNOME control-center, the network panel has grown support for the ‘Ignore Hosts’ field. I’m sure people who have to deal with manual proxy configuration will appreciate that.

As you can see in the device list, the network panel is now showing ‘exotic’ (from a laptop user perspective) network connections, such as vlans and bonds.

Boston GNOME Summit – Monday

I could only be at the MIT for a few hours today, so this summary only covers the morning part.

Networking

We started the ‘Enterprise’ track almost on time, with a session on Enterprise Networking features. The NetworkManager team had been assembled at the Red Hat offices in the week before, so things were fresh in the memory of both Dans.

Dan Winship began this session with a demonstration of a network panel and shell network menu that showed VLANs, bonded connections and multiple network devices. Dan couldn’t carry the required HW to the summit to show off Infiniband connections showing up as well 🙂

There was some discussion of how bonds and other virtual devices should appear in the network menu. Should we show all the slave devices ? Would it be confusing if eth0 just ‘disappears’ when it is part of a bond ? The general consensus was: no, we don’t want to see details in the menu, administrators who want to see the details can go to Network Settings.

The discussion also touched on other topics such as overlap between virtualization and networking. NetworkManager currently doesn’t show anything about the tun/tap devices that libvirt sets up for connecting VMs to the network. If it does, would we want those to show up in the network panel ? I don’t think there was a clear consensus, but everybody agreed that it would be great for gnome-boxes to have ‘one-click network access’ and a very easy way to say ‘give this box internet access’ or ‘I want to ssh into this box’. See bug 677688.

Another question that came up in the discussion was how to deal with multiple connections for devices. One idea would be to have a list of connections, similar to how we now present wifi aps/saved connections. For wired, it is probably rare to have more than a 2 or 3 connections that you switch between, so maybe a full-page list is overkill. For 3g, the connections will often be location-specific, e.g. when you choose a different provider while travelling.

Dan’s patches will land in 3.7 soon.

Authentication and Smartcards

After a short break, we moved on to talk about authentication, and smartcards in particular. The discussion went into many corner cases and complications; I’ll try to sum up what conclusions I took away from it, maybe others can chime in and provide theirs.

There’s two basic scenarios where we want to support smartcards:

  • Use smartcards when logging into your desktop, probably authenticating against a central server
  • Use a smartcard to obtain a Kerberos ticket after you’ve logged in to your desktop

We had a long discussion over which of these use cases is more important and gets to be the 80 in the 80/20 split. At the end of the day, we need to support them both.

In the first case, when the machine is configured for using smartcards to login, we probably want to bypass the user list entirely and display a ‘please insert your smartcard’ prompt. When the machine is not exclusively used with smartcards, swiping the card while the user list is displayed should get you to the prompt for the pin to unlock the card. When a user is selected from the user list, we should be able to get a list of supported authentication method from SSSD, so that we can display a list of buttons similar to what can be seen in this mockup.

Querying the supported authentication methods will also be important for the second case, when creating an ‘Enterprise Login’ in gnome-online-accounts. Currently, we just ask for username and password in that dialog. When smartcards support is added, we should optionally allow the user to use a smartcard instead, and then also ask for the smartcard to be reinserted when the ticket expires and we need to reauthenticate.

One question that was brought up at some point in the discussion is: Should we include UI in GNOME to set up a machine for smartcards, or to enroll smartcards in a central server. The answer was an unanimous: no, we don’t need that. These are administrative tasks; we expect users in such scenarios to receive a properly configured machine and smartcard.

There are a number of expected behaviours in the session, when a smartcard is used to log in. The most prominent one is to lock or end the session when the smartcard is pulled. gnome-settings-daemon actually has a plugin that implements this, but it is fairly simple-minded: we either lock your screen, or force-quit your session right away. We should probably combine this into a single action, which locks your screen right away, but gives you some grace period where you can stick your smartcard back in before ending your session. There was also some discussion about what else should be ‘locked’ in this case. The keyring is an obvious example, but there may be others, such as an encrypted home directory.

The lock screen + force-quit after a grace period may overlap with support for time-limited session, which is something that we have wanted in gnome-session for a while.

Another question that was raised is: what about remote or virtual sessions, such as in gnome-boxes ? It can get access to a smartcard via USB redirection. If the card is removed, should the session just be disconnected?

At the end of this session, we took a little detour into discussion UX problems with our current system-modal dialogs. Too often, these pop up ‘out of the blue’, and interrupt the user who was typing in some window. Many cases were mentioned, all of which seem to come down to ‘the app shouldn’t do that’. We need to figure out use canses write guidelines for proper use of system-modal dialogs.

Privacy / Sharing

Jon gave a 30 minute presentation of the current thoughts of the design team in the areas of notifications, search, privacy and sharing. I don’t have URLs for his wireframes atm, so I’ll just give a brief description.

Jon described four new control-center panels.

The first one is about finer-grained control of notifications, on a per-application basis. It will allow you to say things like: I never want to see a ‘new mail notification from evolution again’, or ‘please show me chat notifications, but leave out the embarrassing details when the screen is locked’. This is a logical continuation of the current all-or-nothing switches we have for notifications (in the user menu) and for notifications on the lock screen (in the screen & brightness panel). The great thing about this is that it can be implemented entirely in gnome-shell, it doesn’t need any cooperation from the application side.

The search panel lets you configure what applications provide search results for display in the shell overview, and in what order they appear – this seems to be a frequent user request (‘I want to see recent chats before the contacts’). Only applications that install a shell searchprovider will appear in this list. More detailed configuration of where applications search (‘include $HOME/my-important-documents’ in gnome-documents search) and what results they provide will be left to application-specific preferences. One aspect of this that came out in the discussion is that we probably need some tracker extensions to let applications request a narrow view of only the files they are interested in. That is better than relying on apps to do the filtering themselves, both in terms of performance and in terms of privacy (as a small step towards being able to have ‘untrusted’ apps on your system).

The last two wireframes that Jon had are for Sharing and Privacy panels, but I’m out of space to describe them here, so I’ll just wait for somebody to post links to them.

GNOME Summit – Sunday

Sunday was dominated by informal discussions in the hallway. Among other things, I got to see a demonstration of bonds, vlans and other ‘exotic’ network configurations in the network panel and the shell network indicator.

But we also had number of breakout sessions on individual topics: GTK+, epiphany, multi-monitor, sandboxing, and maybe one or two more that I can’t remember now. I’ve participated in the GTK+ and multi-monitor sessions.

GTK+

This session was focused on discussing features that people would like to see in GLib and GTK+, with sometimes extensive discussion about the pros and cons and implementation details.

For GLib, Ryan presented a long list of things that he would like to see

  • ‘Native’ thread operations: This is about reimplementing GMutex and GCond on Linux with futexes and atomic operations instead of relying pthreads. The hope is to end up with a faster and more performant implementation.  Targeted for 2.36
  • epoll support: Using epoll in the GLib mainloop is a long-term goal. As a step towards that goal, we may introduce api in 2.36 that lets  sources forego the prepare() and check() stages and instead use a precomputed timestamp.
  • Remove dynamic types: Unloading types when a module is unloaded is a nice idea in theory, but has never worked well enough to justify the complication it forces on GType. In practice, everybody makes their modules resident. Not clear if we will do something about this for 2.36.
  • Remove dynamic interfaces: It is generally considered a mis-feature of GType that one can add interfaces to a class after class_init. Removing this feature would again allow us to simplify gtype.c, and it is not something that is actually used. The plan we’ve agreed on is to add an assertion in this code path for this development cycle (it will be reduced to a warning in the stable 2.36 release), and remove the feature in 2.38.
  • Fix g_signal_connect_object(): We will finally fix this 10 year old bug this cycle.
  • Reversible: Ryan explained this idea that he already outlined on the mailing list. The discussion was inconclusive; both Dan and Stef pointed out the problems with such implicit, context-based APIs, and cited default thread contexts as an example that has caused problems in practice.
  • Implicit g_type_init: We are already doing an implicit g_thread_init(), using constructors. Ryan wants to extend this to also call g_type_init() automatically when a program is linked against libgobject. Not much discussion around this; nobody could come up with an example where you would need to delay g_type_init() to do something else first.
  • Cleanup at exit: Freeing all memory allocated by GLib would benefit people who are using valgrind to find memory leaks in their applications. Stef pointed out that a common desire is to run test suites under valgrind. The reason that we’ve not done this so far is that it is a hard problem. This became clear as wediscussed the possible approaches. It will be easy to get this done for libglib; libgobject is much harder. One thing Owen mentioned is that in the meantime, we could just improve our documentation about memory management and write up some best practices for dealing with memory leaks.
  • GTask: This is #661767. Dan will land it this weekend.
  •  GProperty: This is currently stuck; somebody to pick it up again since Emmanuele doesn’t seem to have the time to finish it.
  • GDateTimeSource: Ryan explained this as a special-purpose GSource that gets dispatched at fixed intervals (e.g. every full minute), and also takes discontinuities (such as clock changes, timezone changes, DST) into account. This functionality is currently provided by GWallclock in libgnome-desktop. It be too specialized for GLib, we didn’t reach a conclusion about it.
  • GSettings list: We have a branch that has the necessary API, and would really like to get this in 3.8. It needs to be landed in sync with dconf, since it requires changes of the GSettingsBackend API. This currently holds up the merge, since we also need to update the OS X and Win32 backends. It would be fantastic if we could find volunteers to do this work (and maybe maintain these backends, going forward). As Ryan said, having native backends for all major platforms is a selling point for GSettings, and we should not regress here.
  • GSubprocess: This is in the final stages of review between Ryan and Colin, and will land soon.
  • Unicode 6.2 support: Ready to land.

For GTK+, the list of discussed features wasn’t quite as impressive (we were over the 2 hour mark at this point).

  • Paint clock: Owen is fairly confident that we can sort out api questions; we need at least some proof-of-concept implementations for Windows and OS X, Wayland should be easier. Owen mentioned ‘a month’ as an estimate for merging this.
  • Actors: Benjamin explained his plans for this:
    • add a lookalike of ClutterActor to GTK+
    • keep it private for now
    • start converting widgets one-by-one. The progressbar is good starting point, since it has no event handling, and its drawing is complicated enough to make it interesting
  • Accessibility: API brought up that people have been asking for a way to subclass gtks accessible implementations. We had kept these private because we wanted to make more changes such as porting the iconview accessible to use cell accessibles, and moving away from atk and instead implement D-Bus interfaces directly in widgets. The outcome of the discussion was that these changes are likely never going to happen (the current a11y seems to work well enough that nobody is willing to invest into these larger-scale refactorings). Therefore, we should clean up the gtk a11y headers, and expose them. Before running out for lunch, the discussion moved on to one other cleanup task in the a11y area that hasn’t happened: getting rid of key snooping. Joanie explained why orca needs to filter key events (to add useful extra navigation, such as ‘h’ to go to the next heading in a browser). We discussed possible ways to implement this outside the client, using passive grabs – but of course you don’t want to grab the ‘h’ key, that would make it hard to write text… I pointed out that input methods currently also use key snoopers, because they want to get at all key events. This is bug 90082.

Multi-monitor

The multi-monitor session was quite different. I brought an external monitor, and we huddled around my laptop, taking lots of notes about issues we saw. All those notes are with Allan, who can hopefully put them on the wiki soon. Until then, here’s what stuck in my memory:

 

  • The transition from plymouth to the login screen is really bad. This is not specific to multiple monitors, it is always bad 🙁 The progress in plymouth is not really useful nowadays, since the part of the boot that is covered by it has gotten so fast that it is dominated by the wait for the login screen – and we have no progress there, except for the ugly wait cursor. The pointer should be hidden until it is moved.
  • On the lock screen, monitors should have independent shields, so that lifting it on one monitor does not cause activity on the other one.
  • The on-screen keyboard needs to appear on the monitor where the focus is. Currently, it just always appears on the primary monitor.
  • Windows should be centered if there is not enough free space to place them.
  •  Side-tiling should work differently at the shared edge between two monitors.
  • The difference between maximized and fullscreen is not very clear on non-primary monitor. We should have more uniform behaviour and controls for fullscreen windows.
  • In the overview, starting a drag on one monitor makes windows jump on the other monitor, which is unexpected.
  • The display panel needs lots of love:
    • we should drop the confirmation dialog; nowadays, we can find out if a configuration changed worked or not, and can revert without asking the user.
    • dragging monitors needs to be keyboard navigatable
    • there should be a non-DND way to change where your top bar appears
    • no need to show monitor labels when cloned
    • monitor labels did not update when un-cloning
    • ‘Laptop’ is not a good name to use here

We also briefly talked about how multiple regular monitors are different from laptop+projector.

Today we’re going to talk about authentication, CIFS and other enterprisey stuff.