15 Jul 2026

feedPlanet GNOME

Maximiliano Sandoval: SSH into GNOME OS running in a sandboxed Boxes VM

We take advantage of loading systemd system credentials based on smbios type 11 strings and QEMU's vsock feature. Here is the list of recognized system credentials.

The important bit passing down the following argument to qemu

$ qemu-system-x86_64
  # ...
  -device vhost-vsock-pci,guest-cid=$cid \
  -smbios type=11,value=io.systemd.credential.binary:ssh.ephemeral-authorized_keys-all=$base64_ssh_key 

libvirt allows setting smbios11 as <oemStrings> and defining virtual sockets.

Under GNOME boxes, go to the VM configuration. The important bit is setting a smbios under os, adding a vsock device and the sysinfo domain. E.g.

<domain type="kvm">
  <!-- ... other domains -->
  <os firmware="efi">
     <!-- ... other os info -->
     <smbios mode="sysinfo"/>
  </os>
  <sysinfo type='smbios'>
    <oemStrings>
      <entry>io.systemd.credential.binary:ssh.ephemeral-authorized_keys-all=$base64_ssh_key</entry>
    </oemStrings>
  </sysinfo>
  <devices>
    <!-- ... other devices -->
    <vsock model="virtio">
      <cid auto="no" address="$cid"/>
    </vsock>
  </devices>
</domain>

Here $cid needs to be replaced by a numerical value bigger than 2 and

$base64_ssh_key is the base64-encoded public SSH key, we use $cid=3 here. One can encode a public SSH key via

<~/.ssh/id_ed25519.pub base64 -w0

Ensure you can decode it back before proceeding!!

echo -n "output from above" | base64 -d

Then inside of the VM, verify the smbios 11 key is visible,

$ run0 systemd-analyze smbios11
io.systemd.credential.binary:ssh.ephemeral-authorized_keys-all=$base64_ssh_key…
1 SMBIOS Type #11 strings passed.

on the guest's journal one should see:

$ run0 journalctl -b -g 'ssh.ephemeral-authorized_keys-all'
Jun 18 00:11:06 gnomeos-11e6-75db systemd[1]: Received regular credentials: ssh.ephemeral-authorized_keys-all

and one can verify it via:

$ run0 systemd-creds --system list
NAME SECURE SIZE PATH
ssh.ephemeral-authorized_keys-all secure 97B /run/credentials/@system/ssh.ephemeral-authorized_keys-all
$ systemd-creds --system cat ssh.ephemeral-authorized_keys-all

Now that everything is set, and the sshd service is running inside the VM:

systemctl enable --now sshd.service

one can ssh into the VM via:

ssh $user@vsock/$cid

where $user is the username inside of the VM and $cid as above, in my example:

ssh msandova@vsock/3

This requires systemd-ssh-proxy on the host, should be included in v257 or newer.

Note that scp has a slightly different syntax, e.g.

scp $FILES msandova@vsock%3:$PATH

15 Jul 2026 9:04pm GMT

Jonathan Blandford: Crosswords 0.3.18: Style and Substance

Greetings!

Time for a new Crosswords release. This is a massive one with over 1,000 changes from 18 different contributors, and is the biggest release I've done to date! This features major improvement to the appearance of the Player, and to the usefulness of the grid filling code in the Editor.

Download on FLATHUB

Player: Artwork and Appearance

I made a real push this cycle to improve the appearance for GNOME Circle inclusion (tracking bug). We made almost too many usability and appearance improvements to mention! The artwork also got a major improvement with a great intro screen, new icons, and a fabulous looking "How to Play" screen. Take a look:

The artwork also is responsive to the libadwaita accent colors. Thanks a ton to Tobias, Hylke, and Gnoman for their fantastic work on this. It makes the game look so much more professional.

Update: Also, I have to plug Hylke's fantastic work on improving icon's across the whole ecosystem. I'd encourage people to sponsor him if you have the means!

Mobile mode

As part of all the work for Circle we adopted more of the recent libadwaita widgets. This basically gave us "mobile mode" for free. It's not perfect: we're missing some gesture support and the behavior has some quirks. I could also use more support in GTK as well - we're missing a chunk of the expected mobile API. But for something that wasn't worked on intentionally it's really impressive at how well the adaptive widgetry works in libadwaita.

In addition, sp1rit did a GTK Android build of Crosswords as a proof of concept. It's missing some crucial elements - namely python for the import pipeline - so you can't play many games with it. But it's amazing that it works at all.

Android version of Crosswords

Magnifier

I've been jealous of a feature that exists in the fabulous Typesetter app, namely right clicking on the output it will bring up a magnifier. I mentioned this to Toluwaleke (of Mutter GPU Reset fame), and he quickly wrote the same for Crosswords. It looks great, and cleverly reuses the ::snapshot() method to do the zoom. It will work with the mouse, or can be toggled by the keyboard. Take a look:

Editor: Layers and the AC3 Solver

For this release, we closed one of the biggest gaps the Editor had by adding information layers to the grid. This is a little hard to explain, so a demo might help. The layers are used to indicate different challenges in building a grid, and are required for any serious crossword editor. We support the following layers:

The spell check and unchecked cells jobs were straightforward to implement, but the heatmap/unfillable cell jobs are not. Fortunately, GSoC student Victor wrote a Design Doc last summer to propose a way to calculate these. He ran out of summer to implement it, so I picked it up this past Spring. It took some time, but I'm really happy with the results. It's not fast enough to be synchronous, but does run in ~200msec, which means we can run it every change. Given that some other apps we surveyed took seconds or even minutes to complete, I'm really pleased with the performance.

Additional Editor Features

EditDateRow
EditDateRow Widget
Histogram

What's next?

I have a number of planned features for next time:

Thanks for reading!

15 Jul 2026 1:00pm GMT

14 Jul 2026

feedPlanet GNOME

Laureen Caliman: Update on Crosswords Backtracking Algorithm

I am implementing a new type of crossword puzzle in GNOME Crosswords this summer. The current options are static crosswords of 'known' location. My project does the opposite, where it takes the words and places them wherever we can get the maximum amount of connections between the words. The pinnacle of this is a DFS backtracking algorithm because we want the words on the grid to be malleable in their placements in order to include the next word going down the list.

Previously, what I had done was attempt to erase the word letter-by-letter recursively writing NULL to each cell. However, this removed every element in the string, including the letter shared at a node between two words, leaving a gap in the word left in place.

My most current version instead focuses on state preservation. Before we even write a new word to the grid, we read the existing state of cells with focus on those connections. Now when the recursive function attempts to place a word that ends up being impossible to connect with the current setup, we look for those '?' characters, erase the string, and rewrite the cushioned letter to leave the other word fully intact.

Imagine a board with CAT written across the center, and we want to place MACAW on the grid vertically. Before the algorithm writes MACAW, it inspects the board at the calculated intersection point(s) and reviews the cells of the string length.

Cell 1: Empty, Cell 2: Empty, Cell 3: C, Cell 4: Empty, Cell 5: Empty.

The board saves this state in memory using a '?' in place of the empty cells as '? ? C ? ?'. Hypothetically this makes our board look temporarily like this in memory:

?

?

C A T

?

?

MACAW is written to the grid and then checked in the next recursive function call to ensure if it can be kept or not in that hypothetical place. If it runs successfully, we leave it as is:

M

A

C A T

A

W

If it returns false, we need to backtrack and erase MACAW. Rather than totally erasing the word like before, we send the ? ? C ? ? state back to our overlay function - which is responsible for writing to the grid. If it sees a '?', it empties the cell. If it sees a letter, it rewrites it. That way we are only backtracking and erasing the word creating an obstacle in our program. MACAW is erased, CAT remains there for the next word to be attempted.

14 Jul 2026 1:04pm GMT

13 Jul 2026

feedPlanet GNOME

Michael Meeks: 2026-07-13 Monday

13 Jul 2026 9:00pm GMT

Hylke Bons: July Sponsors Update

It's been 4 months since I was officially laid off. It's been good and I can honestly say I'm doing my best work.


Icons for Demostage, Gitte, ChiPass, and Wardrobe

What I've been up to

Happy to announce that with your help I've reached the first milestone of 64 monthly sponsors.

Thank you! More good stuff is coming. :)

13 Jul 2026 12:00am GMT

10 Jul 2026

feedPlanet GNOME

This Week in GNOME: #257 Pixel Density

Update on what happened across the GNOME project in the week from July 3 to July 10.

GNOME Core Apps and Libraries

Glycin

Sandboxed and extendable image loading and editing.

Sophie (she/her) announces

Version 2.2.alpha.6 of glycin is now available. The version brings support for reading and writing the pixel density in JPG, PNG, and TIFF images. The data is now also accessible via the "Image Properties" in Loupe. A prominent application of this feature is to store the DPI used when scanning an image, which then allows users to print the scanned image in the same physical size as the original document. This has been one of the last features that was missing to achieve feature parity with gdk-pixbuf, which we plan to replace with glycin. Support via gdk-pixbuf glycin loaders will be added soon.

Glycin now also reads OpenEXR images that use half precision floats into the same memory format, saving half of the memory compared to the previously used single precision floats. Support for the Radiance HDR format has been added as well.

The lcms2 library has been dropped in favor of moxcms, which is written in safe Rust and improves the performance for images with ICC profiles noticeably. Internally, there is now a mechanism for a loader to report if ICC profiles or CICP (HDR instructions) should be preferred, since this differs between image formats.

Sophie's work is funded by the GNOME Fellowship program. You can support the fellowship program via a donation.

GLib

The low-level core library that forms the basis for projects such as GTK and GNOME.

Philip Withnall says

The default network monitor in GLib, a netlink implementation of GNetworkMonitor, has been significantly updated by Sorah Fukumori to improve its performance. This will particularly help on systems with large routing tables (like servers), but should benefit all users. More details in https://gitlab.gnome.org/GNOME/glib/-/merge_requests/5222.

Emmanuele Bassi says

GLib now requires a C11 toolchain to build itself, and to build projects that depend on GLib. All supported compilers-GCC, Clang, MSVC-are compliant enough already, so nothing should change for GLib users. More details, and future plans, in https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3574. Also, you can always check the toolchain requirements in the GLib repository.

Miscellaneous

Sophie (she/her) announces

July is Disability Pride Month! I used the occasion to write a blog post share my thoughts on accessibility in GNOME and the current state and potential ways forward, like establishing a Accessibility Team.

GNOME OS

The GNOME operating system, development and testing platform

verdre reports

We published a blog post announcing a new project as part of this year's Prototypefund to improve testing and development workflows on image-based OSes like GNOME OS.

As part of this we'll build a new app (tentatively called Test Center), to install and manage experimental versions of apps and system components (think Apple TestFlight, or the old Mozilla Labs), along with a number of other improvements to the system component developer story.

If you're a developer using GNOME OS we'd love to hear your input on this! What is currently most annoying when developing and testing your software, which workflows are awkward in a fully image-based world, what are tools you're missing, etc.

https://modal.cx/blog/image-based-for-developers

Third Party Projects

Sjoerd Stendahl announces

This week I released on update to Lockpicker, a new application to recover passwords from their hash. On top of some minor UI tweaks, Lockpicker now allows you to import multiple rule files simultaneously. Also, a nice new quality of life update is that you can now undo your action when you removed a module, rule or wordlist.

Note that you are going to have to provide your own hashcat rule files to Lockpicker, these are widely available at different Github repos. A future update in Lockpicker will focus on creating rules yourself straight from the UI.

Get lockpicker from Flathub!

Phosh

A pure wayland shell for mobile devices.

Guido reports

Phosh 0.56 is out:

Phosh now supports hiding and disabling applications. This is useful on immutable systems where software from the base images can't be uninstalled. We also added a load meter status bar plugin that can be enabled to show the current system load as a small graph. The Wayland compositor phoc now uses wlroots 0.20.1 and the on-screen keyboard now allows to set keyboard layouts per application. This can be used to e.g. force a terminal layout for the text editor you're using for programming on your phone 🤓. We also added key-repeat for keys in the shortcuts bar like ⬅️⬆️⬇️➡️.

There's more - see the full details here.

Flare

Chat with your friends on Signal.

schmiddi announces

Flare version 0.21.0 was released this week. Besides fixing linking (which broke on the latest version of Signal), this release contains a new backend-library for the Signal integration, flare-backend. This should make maintenance as well as developing new features for Flare a lot easier in the future. As an example, this release fixes some weird behavior with edit messages, and adds support for group labels. I have written a short blog-post introducing flare-backend if you are interested in reading more about it.

Shell Extensions

amritashan says

Automatic Theme Switcher

Automatic Theme Switcher is a GNOME Shell extension that switches between light and dark themes based on the sun at your location - sunrise/sunset, dawn/dusk, golden hour, or your own custom times. Set your location manually or detect it approximately with one click.

This week version 11 landed on extensions.gnome.org, adding support for GNOME 50 (the extension now covers GNOME 45 through 50). It follows a major update that brought per-monitor brightness control, including external monitors via DDC/CI, gradual brightness transitions that ramp your screens gently down for the night and back up for the day, a manual override that respects your Quick Settings toggle instead of fighting it, Night Light synchronization, and a live countdown to the next switch in the preferences window.

Source, issues and feedback: https://github.com/amritashan/gnome-shell-extension-auto-theme-switcher

Christian W reports

OmniPanel is an extension that provides advanced Multi-Monitor window management to improve productivity.

It features smart-autoplacement of windows in configurable zones. It also renders the Gnome top bar on every screen (something that is not yet native to Gnome today)

Features:

  • Top bar on every active screen, including active Extensions
  • Window tiling with Zone designing and auto-placement
  • Stack specific windows in Zones
  • Auto-tiling capability without needing to draw zones
  • Use either the mouse or hotkeys for switching/moving

To install, find it via "OmniPanel" in Extension Manager natively.

Source: https://github.com/cwittenberg/omnipanel

Install via Gnome extensions page here: https://extensions.gnome.org/extension/10049/omnipanel/

Youtube demo (with audio): https://www.youtube.com/watch?v=c7JNV20OV8k

That's all for this week!

See you next week, and be sure to stop by #thisweek:gnome.org with updates on your own projects!

10 Jul 2026 7:49pm GMT

09 Jul 2026

feedPlanet GNOME

GIMP: Interview with Nara Oliveira, Free Software Artist

GIMP is Free and Libre Open Source Software, but none of it is possible without the people who create with and contribute to it. Our project maintainer Jehan wanted to interview the volunteers who make GIMP what it is, and share their stories so you can learn more about the awesome people behind GIMP!

Early interviews from co-maintainer Michael Natterer and Michael Schumacher were published shortly after the first Wilber Week. The remaining interviews from this event, about Simon Budig and Øyvind Kolås were published years later as a revival of the series. While these interviews are a bit old and reference outdated versions and features of GIMP, we believe they still have value and show the evolution of our community.

This next interview is the first one recorded at the 2017 Libre Graphics Meeting in Rio de Janeiro, Brazil. The subject is Nara Oliveira, co-founder of Estudio Gunga. She is a Brazilian artist and advocate who uses free software exclusively to develop professional works in many fields, including design, illustration, and animation.

This interview took place over April 21 - 23, 2017. In addition to Jehan and Nara, Simon Budig, and Aryeom Han were also involved and asked questions.

Nara Oliveira, CC-BY-SA
Nara Oliveira, CC-BY-SA

Jehan: Hello Nara. Can you introduce yourself to the people?

Nara: My name is Nara Oliveira. I am a Brazilian designer. I am from Brasília, the capital. The city name is Taguatinga. I study design and today I work with free software. I have my own company with some partners and we work in audio, video, design, and animation.

Jehan: What is the name of your company?

Nara: Gunga. Gunga is an instrument from Capoeira. We have the berimbau with the "calabash", I think - it's an instrument from Capoeira.

Jehan: Okay. From what we understood, you mainly use free software

Nara: Yes.

Jehan: Mainly, or only?

Nara: Only.

Jehan: And which ones in particular?

Nara: I use GIMP, Inkscape, MyPaint, sometimes Krita - I've tried it - Scribus, FontForge, FontMatrix, and others like everybody uses.

Jehan: Do you use Linux?

Nara: Yes, Arch Linux.

Jehan: So full free software from start to end! Okay, and why do you do this?

Nara: When I heard about free software and Linux, I was working in a cultural space. I was working with theater and with drawing, and we already have that culture of sharing things and sharing knowledge. So when I met these guys in free software, they told me about what GNU and Linux were and the philosophy - and when I heard about it I fell in love with it. Because I already think that way, and so free software is applying what I think is right onto software and onto technology. So for me it just makes sense.

So I started to use this software. In the beginning it was difficult to make the transition, but with some time I got into it.

Jehan: So you made a transition from proprietary software?

Nara: Yes, from proprietary software to Linux.

Farid: When was this?

Nara: When? Ah, let me count…

[group laughter]

I was not finished studying then, so like around 2006 or 2007 I started. I really started to use Linux and everything for working in 2008, for everything.

Jehan: So you studied design in university?

Nara: Yes, in university.

Jehan: With proprietary software?

Nara: Yes, with proprietary software only. But my university was not so focused on software. In five years of studying, we only had one class about software. And as the class went on, everyone already knows how to use it! So it's like a class that has to be on the curriculum, but it's not like you have to use - it's more like conceptual.

Estudio Gunga Presentations and Workshops, by Nara Oliveira, CC-BY-SA - 2025
Estudio Gunga Presentations and Workshops, by Nara Oliveira, CC-BY-SA - 2025

Simon: Something I do a lot is that - I'm a software developer mainly, so I do a lot of my own tool development. Like I have a specific problem and I know there is an algorithm in my mind that I know would solve the problem (or might solve the problem), so I start implementing my own tools for very specific, very weird tasks, because I can't do it with GIMP.

Nara: I would like to do that!

Simon: So this is what I wanted to ask - do you have programming experience? Do you have an idea of what it means to develop software?

Nara: No, but I think I have an idea - but I do not develop programs. I've studied a little, but it's not like I can do something. I can see the code lines and know more or less what's happening, but I can't write lines by myself.

Jehan: You've told me that sometimes you will see some scripts and guess what it can be, and change the numbers…

Nara: Yeah, but more in insights and not in the programming itself.

Jehan: Since we're doing this interview for gimp.org, what can you tell us about GIMP? How do you like it? How do you hate it? Tell us everything!

Nara: [Laughing] The first thing is, I like GIMP. I use it a lot. My work and style is more vector, but I use GIMP a lot and I like it.

When I made the transition to free software, until today one thing I didn't like is that you don't see the effects. You have do something, turn back, "Oh no!" - I have to change two, three points here, then I have to undo and do it again and come back. For me, it's one of the things that makes the work not fluid.

I'm so happy to see GEGL on-canvas effects.

[Editor's note: This feature was already implemented in the development version of GIMP 2.10, officially released about a year after this interview.]

Jehan: So, some other comments on GIMP?

Nara: Yeah, I really like it but, for example, I have some problems with my tablet. When I bought my first tablet, it simply didn't work on GIMP. And I think it's because of that, I use MyPaint. Because I have to work, and I have to work right now and the pressure doesn't work, so what can I do with my tablet - so I found MyPaint, and I started to work with MyPaint, and it's because of that I use it. Not because I think it's more powerful than GIMP - it's just because of that. At the time I liked it, and today I still use it.

[Editor's note: GIMP 3.0 improved many issues with tablet support that were mentioned here.]

Jehan: So MyPaint is your main software?

Nara: For drawing, yeah. Because I am a designer, but I'm an illustrator too. So for illustration I use MyPaint, just for that. For small drawings, I use vectors in Inkscape, and so on.

I use GIMP more for photos, for editing, composing, correcting photos.

Estudio Gunga Projects and Film Fests, by Nara Oliveira, CC-BY-SA - 2025
Estudio Gunga Projects and Film Fests, by Nara Oliveira, CC-BY-SA - 2025

Jehan: Yesterday when we spoke, you had this nice example of a job you did with Scribus. Like your first job with free software, I think?

Nara: No, my first book.

Jehan: Ah, your first book, not your first job with free software. Could you tell it again, now that we're recording?

Nara: I was called on to make a big book, like three hundred pages. There was little time to do it, like three, two weeks. I am from Brasília, and they said you have to do it here with us to get it quicker. I traveled to Bahia to do it, and when I arrived there, there were two other designers. It was funny because I worked in Scribus, one worked in Corel Draw, and the other one in InDesign. So you had three designers, three different software.

Jehan: And three different operating systems.

Nara: Yeah, and three different operating systems, and we had to do one book, the same book!

So we met each other and said "Okay, let's do it!". We separated the book into pages, so I would do the first one to 100, the other designer would do 101 to 200, and so on. And we together figured out how the design of the book would be, and the rules to make each part feel like the same book.

So we started, and just like that, I finished first! I was worried, because I had not used Linux for too long, and if there was something wrong in the software or in the distribution, I would not know how to fix it. One of the designers had Mac and the other had Windows and I was so worried.

But it went well and I finished first - and it was very encouraging for me. It's just a tool you know? I can do it, he can do it, she can do it - everyone can make it, so I was very happy. Because in the beginning I was worried about everything going wrong, and that there would be problems when I saved the PDF and printed it, but it was all okay.

The book was about experiences with, we call it here "apprentice to Griô". It's from the French language, because it came from Africa but a country that speaks French.

It's like an old master who teaches the people around them, the community, something - knowledge about herbs, which can be medicinal herbs, or teaches about techniques about how to construct instruments, or make music, or dancing - like masters of Brazil, of all Brazil. So it's because of that it's a big book!

Years later, in the north of Brazil, when the waters came and filled the houses in the city - a flood. I was seeing that on the TV there was an old lady with her flooded house beside her, everything destroyed. And she had that book in her hand. She was crying because her house was destroyed, but she had the book, and she was happy she still had the book even though she didn't have her house anymore.

So it was a meaningful project, and it was the beginning of my using Scribus.

Jehan: Are there things sometimes you feel you are not able to do with free software? You already answered this yesterday, so I'm just asking again to hear you saying it.

Nara: When I see art - art is everything, design is everywhere - I can't see something and think about "I can't it do with free software". I can do it - maybe I can't do it because of my creativity or because I don't think about it, but technically I can do it, you know. We have the tools to do it. We have other ways, but we have the tools I think - in my area of design.

Simon: What would interest me is, you mention that you use quite a lot of different tools, like GIMP, Inkscape, Blender, Scribus -

Nara: Blender not yet, though I started animating in the timeline. In the movie that we showed, the first one that was in 2D, I animated parts of that.

Simon: But there are a lot of different tools that you and your colleagues use. When you start a project, do you pick one of the tools and stick to it, or is more like you start using one tool then transfer the result to a different tool?

Nara: Yes, it was like each tool was like a room of a house. I live in the house, there's a lot of rooms, and sometimes I'm in the living room, other times I'm in the bed room, other times I go to the kitchen. It's like I have a bottle, and I take the bottle here and there.

I don't choose the software. I plan the project, I think about it, and think "How am I going to make this?" So I will start drawing in MyPaint. But I need it to be a vector, so I save it, open in Inkscape and add a vector. But ah, I need an image in the background. So I open the image in GIMP, I work with the image there, then import into Inkscape, okay. But oh, now I have to print it. So I save what I can save in vector I save in vector, and what I can't save, I export. And I go to GIMP, transform it and edit it, and I take everything, go to Scribus, put them together, and make a PDF. More or less like this. I'm always going back and forth between the programs.

Estudio Gunga Projects and Film Fests, by Nara Oliveira, CC-BY-SA - 2025
Estudio Gunga Projects and Film Fests, by Nara Oliveira, CC-BY-SA - 2025

I think it's very complicated, but for me it's very simple. But when I teach things like that it sounds very complicated.

Jehan: Do you have any questions, Aryeom?

Aryeom: I feel like I am in her head. I totally understand - I work the same way. Maybe later if I have any questions I'll ask.

Nara: I learned everything by myself. So I don't like tutorials, you know?

Aryeom: You don't like tutorials?

Nara: Yeah, I don't have the mind to read or watch them. I learn all by myself. I think my way of working is just my way, because I learn by myself. And sometimes I get in touch with people who use the software too, I like to watch them because people do things very different that I do, and things more easily. And sometimes I teach the software to someone, and in two weeks or three, I go to see what the people are doing. "Oh my God, I'd never think of that way!". It's very fun because of this.

I don't like to do workshops because of that. I think my style of work is very crazy. But we can talk about it!

Jehan: So right now you have a big animation project. So maybe can you speak about it?

Nara: Well, Farid is the director. He writes the script. I am the art director, but I also help him with the script and doing all the storyboards. I do it in MyPaint. I was a little worried because I've never done a storyboard before. So I study a little, see other's storyboards, and make it for the animation. And we are talking with people who want to work with us on the animation - and I was happy because people always say "You have a beautiful storyboard!". I was worried about that.

I think we are, I don't know, opening ways. Because we are not a 3D studio but we want to do 3D animation, so we have to contact on a lot of other people in Brazil and Latin America, and even in Europe. It's been like a dream to make it. And we want to make it very fine, very good, because today if you are seeing bad 3D, then you don't watch it. Because you have Pixar, you have Disney, you have a lot of others. I don't think that we'll be like Pixar, but we have to do something very good and great to be seen, you know? I think this is our goal. We want to make something very nice, very good that everyone wants to see.

We're telling Brazilian history of Quilombo, when there was slavery. Some slaves ran away and made a tribe, a community of their own and lived there. And these communities survive until today. And some of them have a lot of different cultures. It's like they're isolated. And the story is about one of these communities. In Brazil the agriculture is taking the lands of these people, because they have a paper that says "We own these lands", but actually these peoples have been there for 300, 400 years.

So we are telling the story of a girl who lived in a community like this. And they're being pressured to go out and leave their lands. The story is a fiction, but it's based on real facts. This is the history. It's going to be like 10 minutes, it's a short one, but it's a real movie and after it's finished, we want to continue it. Make like episodes or a long movie - it's just like a pilot. But we need the pilot to get a bigger step.

Aryeom: I feel so moved, because our ZeMarmot project is also like this.

Nara: Here in Brazil there's a law, I'm not quite sure, that for free television and private television, 50% of programs have to be Brazilian programs. Because it's all foreign programs, so the government says that 50% have to be produced here in Brazil. So I have a lot of opportunities in that way for animated series.

Jehan: So you plan to distribute on TV.

Nara: Yeah.

Aryeom: Why did you choose 3D? Why not 2D?

Nara: Because we love it! We really love 3D, we're really passionate. We started using Blender, even for 2D, but we want to go to 3D you know. We have some experiences, and we like the visuals of the movie - we actually don't work with 3D, but we want to. A lot of people do that - I think 2D is less expensive and -

Jehan & Aryeom [in unison and laughing]: I don't think it's less expensive!

Nara: No? We like 3D. We want to make it - it's so popular for the kids, for everyone. We want this movie not to go to the festivals and stay there. A lot of good films here are made this way. The very good films go to the festivals, earn their prizes, and no one's ever seen the movie. "Oh you've seen that movie? No!". It will never go to the cinemas.

We want it to have the chance to become popular, you know, a lot of people really watching it. And 3D has this affection, people really like these.

Estudio Gunga Projects and Film Fests, by Nara Oliveira, CC-BY-SA - 2025
Estudio Gunga Projects and Film Fests, by Nara Oliveira, CC-BY-SA - 2025

Jehan: I know you said you also appreciate Creative Common licenses and stuff like that, so is this movie going to be under such a license?

Nara: Yes, it's going to be an open movie! You can take the characters and make another animation by yourself. If you want to take everything, the characters, the background, everything, and animate another story, you can do this.

Jehan: Which license?

Nara: We haven't thought about it yet, but the kind of license where you can make anything.

Simon: You said 3D. I sometimes have the impression that 3D in some way is more limited in what you can do artistically compared to 2D.

Nara: Yes, it is.

Simon: So this is not a factor for you?

Nara: No. Because in 3D, it's like you said. If you're doing a 2D animation, I don't know, you can do a lot of types of techniques. Like it can be black & white, it can be color, or so many types - it's like art in stop motion. 3D is different - you have a character, and you have the scenery, and the scenery is just the scenary. You can make some tricks with lighting and shading and colors, but it stops there. It's an artistic limitation, I agree with that.

Aryeom: In your team, no one had any experience making 3D animations?

Nara: I animate, but I know how to take the characters and make them move. But I'm not an expert. Farid knows that too and know how to make a 2D animation in Blender. But 3D is a new challenge for us.

Jehan: I think also the question was, you are a designer so you usually work in 2D. So we would expect something who draws would want this drawing to come to life, than just doing the drawing and give it to someone else to make the actual final thing.

Nara: I have difficulties with this. I get tired of drawing very quickly. I can't imagine myself drawing the same character more than, I don't know, 10 times. I think I would die if I did that.

Aryeom: Haha, I'm dying!

Nara: It's like my style. This book was difficult to me, because I had to draw the characters the same. They have to look the same every time I draw it. I don't like that. I like to do one drawing and it's over. They have to repeat and be the same. I like the work, but the process of doing the same thing is difficult for me.

Jehan: So you prefer to just draw something and let someone else repeat it again and again.

Nara: Yes, like the computer!

Aryeom: To make a series, an episodic drama, it's easier to make in 3D. For long form, it's good I think.

Jehan: Yes, for long form, but for short movies it takes longer due to preparations.

Nara: So it's not my kind of thing.

[Nara hands out a book]

Nara: It's by a friend of mine who wrote the story and he asked me to make the drawings. I don't do a lot of kid stuff, but I like it. And it invites kids to draw at the end of it. It talks about what city do kids want to live in, and what city we want for ourselves. We have a lot of problems in the cities here, and I like the idea of book, to let kids dream about the city because we want that dream to come true.

Aryeom: What about Gunga's future?

Nara: Ehh, I expect in the future that we have more people working with us. And we have more companies work with us with free software, you know. I'd like to get larger but not too larger. Because I want my life too!

Aryeom: Wise!

Nara: But I'm happy now because last year two new people joined the studio, and it's a lot more fun to work with more people. We exchange experiences, and I think I want to grow in that way, to get a little bigger and get more partners. And work with more cinemas! It's more difficult because it's expensive to work with cinemas, working with animations. We like to do more for ourselves. We make a lot of productions, videos for other companies, for the government, so we'd like to do more for ourselves - like our stories, less for them, more for us.

Estudio Gunga Projects and Film Fests, by Nara Oliveira, CC-BY-SA - 2025
Estudio Gunga Projects and Film Fests, by Nara Oliveira, CC-BY-SA - 2025

Jehan: Okay, maybe the last question unless someone has something. Do you have any requests for GIMP developers? Other than on-canvas preview because we already have it!

Nara: I will see the new version you talked about after this.

No, I'm okay. I think I've used it for such a long time that I'm so adjusted to it. In the beginning I had a lot of issues - if you gave me a paper then I would fill it with "I want this, I want that! Why do I have this? I can't believe it!"

But today it is so natural to me that I had to think about it before coming here, because I'll be meeting people that I want to talk about it with. And I think well, there are little things I want to change in the software. But I think that I have this because I've been using it for so long. People are always comparing it with propriety software, and I don't compare it anymore because it's been such a long time since I've opened something like Photoshop.

So, I'll think about it.

Jehan: But in the end it just works!_

Nara: Yeah. I've written some*, but not for GIMP, for Inkscape, Scribus…

[Editor's note: Jehan misheard the word "some" here as "song"]

Jehan: Ah! A song for everyone but us?

Nara: I used an earlier version of Inkscape which had a lot of bugs. They just changed it and so I have just bugs for Inkscape. Bugs are bugs.

Jehan: Ah, it's bugs, not a song!

Nara: Yes, for Inkscape. For Scribus, I have some issues with development.

Aryeom: So you have bugs for them, but you have requests for us. So it's good!

Jehan: Ah, okay. I thought you'd wrote a song.

Nara: No no - I know my letters are beautiful but it's not a song.

And I'm happy to meet you! Very happy. I don't go to a lot of events like here in Brazil. I don't have a lot of time to do that. And it's like an investment to travel here because it's very expensive and the country is too big, haha. So my involvement with free software is like in my community. On our street where we work, a lot of people use Linux because of us. It's like a center, you know? Time to time, someone goes there, "Oh, I bought a new notebook, I want to install Linux, let's do it together".

I think my part in this is more local than global - in the community. I feel better like this. Real connection, offline. I'm not so close to the development here and the other artists. And most of them, they're just show artists. They don't really work with design, they don't really live from this, you know? I tend to know people who live from free software. Most of them are professionals, who are really good at one software, but they don't put food on the table with it. It's a little different. I learn from them, but I want to know people who have real issues.

Because when you don't work with it, you just experiment, you make your own goals. Like "I'm going to make this girl have make-up on her face", and then you do that. When you work, another person puts a goal on you. Like, "Make this girl have a guitar", and you have to find a way to do that. And the process when you make a goal versus when another person makes a goal you have to achieve, it's very different when you're working with the software. Because you have to go somewhere you've never went before. And it makes you use the software in a different way.

You understand what I'm saying? Because when I see the workshops, people are very good at doing something they always do. I want to see people doing very good things they've never done before. These things show the real potential of the software.

Jehan: And the potential of the artist.

Nara: Yes, and the potential of the artist. Because you can show me, Inkscape or GIMP is doing this new thing. But maybe I'm not going to use it just because it's in the software. I'm only will use it if I need it. So, there are a lot of people who are experts in the tools and what the tools can do - to make it, you have to use all the tools combined. It's different, it's another level.

Jehan: Well, I think that's a good interview. Thank you Nara!

Nara: Thank you!


Estudio Gunga

09 Jul 2026 10:00pm GMT

Sebastian Wick: Display Next Hackfest 2026

This year was the fourth year in a row that a bunch of display driver and compositor developers met for the Display Next Hackfest, to discuss, present, and tackle issues related to displays, GPUs, and compositors. Thanks to Collabora (Robert Mader and Mark Fillion specifically) for continuing this tradition!

(Check out the 2025 edition)

This time we met in Nice, France, after Embedded Recipes and right next to the PipeWire and libcamera hackfests. I took the opportunity to have a chat with the PipeWire developers about Flatpak, Portals, and the direction we would like to take in regard to video and audio access. Arun Raghavan has a nice summary if you're interested.

That also brings me to another point: I have mostly stopped working on compositor and color-related areas. It's not because I lost interest, but rather that I took over Flatpak and Portals maintenance. That by itself was taking a big chunk of time, but then LLMs became good at finding security vulnerabilities and now this takes more time than I have.

Before the hackfest, I sat down for one week and hacked on Mutter (the GNOME Shell compositor) to create a prototype with all the changes I wanted to do but never found the time for:

With the prototype done, I made my way to Nice, taking a sleeper train from Paris and waking up to the Côte d'Azur in the morning. Then I met with Robert in the botanic garden, where he used his deep cross-stack offloading knowledge to test a bunch of video playback scenarios.

Over the hackfest days we found some glitches in the AMD driver, which were promptly fixed by Harry Wentland. We also had some discussions on strategies to do KMS color pipeline offloading, which prompted some changes in the prototype, and now have something we can start upstreaming.

For the KMS color pipeline, we got a new fixed matrix operation for YCbCr to RGB conversion, and new named curves for important video playback cases. We talked about control over the color format on the cable (which has been merged by now), as well as control over the minimum BPC.

Another thing that we all got annoyed by was all the funky colors our in-kernel console became when our offloading worked a bit too well. We've wanted a reset mechanism for KMS for a few years now anyway, so we decided to prototype it and test it on Smithay. Proper patches are now on the mailing list thanks to Maxime Ripard.

Mario Limonciello managed to push out patches for backlight support via KMS before the hackfest - another thing we've wanted for years. We tested them on Mutter, and KWin added support for it as well.

Xaver Hugl showed that we can easily support AMD FreeSync Premium Pro, the worst name for a feature that is essentially Source-Based Tone Mapping (SBTM). We also got good news regarding SBTM on HDMI. In general, it looks like we might finally get HDR that isn't entirely awful.

DisplayID, the replacement for EDID, is going to become much more prevalent, and we discussed how we're going to roll out support in the kernel and in libdisplay-info.

We once again managed to put enough wayland developers in a room for a bigger protocol change to get merged. This time it was multi device dmabuf feedback which made Victoria Brekenfeld happy.

There was a lot more happening - check out Xaver's and Louis Chauvet's blog posts.

Even though I wasn't as prepared as the previous times, it was very productive and there was more actual hacking this year. I also enjoyed meeting everyone again a lot, hanging out in the water while watching the 1% take off in their private jets, struggling to find an adequate Döner, and eating lots of pizza.

Until next time!

09 Jul 2026 1:28pm GMT

08 Jul 2026

feedPlanet GNOME

Code of Conduct Committee: Transparency report from October 2025 to June 2026

GNOME's Code of Conduct is our community's shared standard of behavior for participants in GNOME. This is the Code of Conduct Committee's periodic summary report of its activities from October 2025 to June 2026.

The current members of the CoC Committee are:

All the members of the CoC Committee have completed Code of Conduct Incident Response training provided by Otter Tech, and are professionally trained to handle incident reports in GNOME community events.

The committee has an email address that can be used to send reports: conduct@gnome.org as well as a website for report submission.

Reports

Since October 2025, the committee has received reports on a total of 17 possible incidents. Several of these were not actionable; all the incidents listed here were resolved during the reporting period. There is currently a total of 7 incidents in process.

Meetings of the CoC committee

The CoC committee has two meetings each month for general updates, and weekly ad-hoc meetings when they receive reports. There are also in-person meetings during GNOME events.

Ways to contact the CoC committee

The website repository, and the Code of Conduct itself and the committee's procedures, are kept at https://gitlab.gnome.org/Teams/Conduct/gnome-code-of-conduct

The Code of Conduct Committee is happy to receive questions about the CoC itself and its procedures, and we will gladly assist you. Please use the communications channels listed above.

08 Jul 2026 3:40pm GMT

07 Jul 2026

feedPlanet GNOME

Sophie Herold: Accessibility in GNOME

July is Disability Pride Month. I want to use the occasion to speak about my perspective on accessibility in GNOME and what I think we should do.

For disabled people, computers are often even more important than for abled (non-disabled) people. Many areas of everyday life are currently only accessible via a computer for many disabled people. Still, accessibility is often an afterthought in software and hardware development.

GNOME is fortunate enough to have many disabled contributors in its community. We have contributors who are visually impaired, deaf, autistic, ADHD, or who live with migraines and other chronic conditions. While we have people that care about accessibility and work on improving it, the general state is far from ideal.

The reality of tech communities is that they are often ableist and elitist. Probably more so than the average population. If a user or contributor struggles with a tool, blame is shifted to a "skill issue," if an interface is simplified to make it accessible to more people, it's "dumbed down". Assistive technologies are often developed by abled people, without involving and paying disabled people. This also leads to an attitude where contributors expect gratefulness from disabled people for providing them with the most basic needs. All these issues are also not absent from the GNOME community.

What We Already Do

The goal of this section isn't to boast about GNOME's accessibility efforts. I believe that accessibility is a fundamental right, and nothing any disabled person is obligated to praise contributors for. Instead, the goal is to capture where we stand, and give other projects ideas they can adopt. Equally, I would be very happy to learn how other FLOSS projects try to work towards better accessibility.

Our review criteria for Core and Circle apps require checking if keyboard navigation, screen reader support, large text, and high contrast mode work. We also require sufficient contrast in apps, which we usually use the Contrast app to check against the WCAG requirements. We have shown that we are able to enforce these requirements by delaying the inclusion or replacement of apps until accessibility issues were actually fixed. That's also an improvement GNOME has seen over the last years, since originally, no quality criteria for apps existed.

Many of the accessibility aspects are automatically covered by using our toolkits GTK and libadwaita correctly. I witnessed that accessibility is often considered during initial design and implementation. However, we don't have any guidelines or requirements in GNOME for the development of these libraries.

The GNOME Foundation funded work on screen reader support in GTK 4 in 2020 and 2021. In 2023 and 2024, accessibility was also one of the larger areas the GNOME STF project worked on. That means both the GNOME Foundation, and the STF organizers were willing to allocate money for accessibility, which is a good sign.

However, accessibility is so much more than screen reader support. I think that GNOME's general design philosophy is very important to being more accessible to a broader audience. This includes the focus on simplicity with good defaults, trying to avoid the possibility of misconfiguring the system, and the attempt to distract less. Translations, while often overlooked as an accessibility aspect, are another huge factor that makes our software accessible to so many more people. This shows that accessibility is hardly a separate set of features. Instead, it has to be considered as part of every area in a project.

Among the more "traditional" accessibility tools within GNOME are the screen reader, high contrast, reduced motion, always show scrollbars, sound over-amplification, input adjustments, and magnification. But equally important are the "Dark Mode" and "Do Not Disturb" mode, which are not directly labeled as accessibility.

How We Can Improve

Disability Pride is about being proud of who you are. But, like Queer Pride, it is also about fundamentally changing the society in which we live. Hence, for this year's Disability Pride, I am also thinking of what we can change within GNOME.

Create an Accessibility Team

Except for a dedicated accessibility chat room, there is currently very little coordination for accessibility within GNOME. My goal for this month is to establish a formal Accessibility Team. My initial ideas for the team are to prioritize voices of those with lived experience, instead of having others make decisions for us. Nothing about us without us. In more practical terms, the team should help to maintain and develop guidelines and review criteria that are especially relevant for accessibility. The team should also review larger changes in the GNOME project that affect accessibility. Ideally, we could provide and user testing on accessibility features directly from the people who rely on them.

In addition to guarding the accessibility aspects of the software we produce, the team should also advocate for accessibility in our events, workflows, and tooling.

If you are interested in contributing, please reach out via #a11y or in our issue #1. Let us know where and how you want to contribute.

Use This Month Yourself

If you are disabled, and you want to share your experience in FLOSS communities or have accessibility issues in GNOME or other FLOSS software, report the issues and/or post about them on social media under #AccessibilityInFreeSoftware.

If you are a contributor, see if you can tackle one of the roughly 450 open issues that are labeled with "Accessibility" this month. Try to broaden your horizons by reading articles from disabled people you know less about, or follow them on a social media platform. Embrace accessibility as a fundamental human right, not something disabled people have to show gratefulness for. Try to reflect on your language. Don't use sanist language like "sane defaults," using "good defaults" does the job. Ask yourself if you want to keep words like "idiot" in your vocabulary, knowing that "idiocy" was the first category the Nazis used to systematically kill people.

But also, don't be scared of disabled people. We want to and deserve to be part of the community like everyone else.

Happy Disability Pride Month! Let's build a desktop that is accessible to as many people as possible.

This blog post represents my personal opinions and not those of any organization I work for.

07 Jul 2026 10:10am GMT

Hylke Bons: Icon for Demostage

Icon for Demostage

Week 25

This week's icon is for Val Packett's project:
Demostage: "Perform live demos from a virtual desktop"

Check out all weekly app icons created so far over here and follow my icon creation adventures as they happen (including sketches) on the Fediverse.

Need icons?

I love designing icons and am happy to contribute them free of charge when your project is Free and Open Source. Funded by community sponsors (every little helps!).

07 Jul 2026 12:00am GMT

06 Jul 2026

feedPlanet GNOME

Jakub Steiner: The Machinist

I couldn't remember something for weeks. It popped into my head during a run - a relief, even though the memory itself was not pleasant. This episode of my flaky mind reminded me of this movie.

I won't give you even a hint of what the movie is about. The strength of it is not the premise, but the mood, the superb acting and Christian Bale's physical dedication to the role impressed me, alongside a cast of wonderfully weird characters and ominous presence of giant spinning machines. If you somehow missed the movie, give it a go. It's one of those that keep coming back to you.

06 Jul 2026 12:00am GMT

05 Jul 2026

feedPlanet GNOME

Hylke Bons: Icon for Meshy

Icon for Meshy

Week 24

This week's icon is for Jiří Eischmann's project:
Meshy: "Meshcore mesh network client"

Check out all weekly app icons created so far over here and follow my icon creation adventures as they happen (including sketches) on the Fediverse.

Need icons?

I love designing icons and am happy to contribute them free of charge when your project is Free and Open Source. Funded by community sponsors (every little helps!).

05 Jul 2026 12:00am GMT

03 Jul 2026

feedPlanet GNOME

This Week in GNOME: #256 Beyond 8-Bit

Update on what happened across the GNOME project in the week from June 26 to July 3.

Third Party Projects

Haydn Trowell says

The latest version of Typesetter updates the built-in Typst compiler to version 0.15, which brings a long-awaited feature: variable font support - no more warnings and faulty font rendering when using your system's default fonts. This release also adds a popularly requested feature to the editor: manual font size adjustment - use the standard keyboard shortcuts to make the text larger and smaller.

Get it on Flathub: https://flathub.org/apps/net.trowell.typesetter

albfan reports

Finally is here: gitg 50, more stable and customizable

Full of new actions to interact with your git repos, even customizable ones

Once downstream packaging is available, give it a try and send feedback

Shell Extensions

Fabiano Junior says

Hello everyone! I've just released new updates for ChromaLeon, my extension that extracts and applies colors from your wallpaper to your GNOME Shell and LibAdwaita theme.

The focus of these updates was refinement: the color extraction system is now smarter, ensuring better compliance with WCAG accessibility guidelines regarding contrast. Additionally, I've improved the icon generation system (folders and apps) to make it much faster and more efficient, now generating icons almost instantly.

You can check out the project on GitHub and GNOME Extensions.

storageb reports

Create custom time-of-day schedules for the Night Light!

Night Light Scheduler lets you create a custom schedule for GNOME's built-in Night Light allowing you to automatically adjust the color temperature throughout the day according to your schedule.

Features:

  • Create a schedule to automatically adjust Night Light color temperature throughout the day
  • Smoothly transition between temperatures with an adjustable transition time
  • Import and export schedule configuration as an editable .ini file
  • Uses GNOME's built-in Night Light functionality
  • Easy to use visual interface

More information is available on the project's GitHub page.

Miscellaneous

Cleo Menezes Jr. | World Cup mode 🇧🇷🇧🇷 says

Mosaic WM is maturing and being refined, polishing the rough edges, finding bugs, hearing from you.

To do that, I've created a Matrix room and I'd like you to be there. You don't need to be an expert, just someone who wants to help make it better.

In?

Damned Lies

The internal application to manage localization of GNOME & friends modules

Guillaume Bernard announces

This week, we released for Damned Lies a new feature for team coordinators. When updating your team details, you can now create a presentation that will be sent to new team members as a notification. Use it to present the team, the workflow, link your docs, identify a module for newcomers…

Internships

AnonymouX47 announces

Five weeks into GSoC 2026, I've made solid progress on GPU reset recovery in Mutter!

When a GPU reset occurs, Mutter currently has no way to recover; the desktop either freezes or crashes. My project implements a recovery path: detecting the reset, waiting for it to complete, recreating the context, and propagating that change through the compositor to recreate resources so rendering can resume.

The display now comes back after a reset, and the session remains usable, though there's still work ahead: notably, automatic framebuffer recreation and fixing the desktop background, which currently renders with garbled textures after recovery.

Read the full details, including a demo: https://blogs.gnome.org/anonymoux47/2026/07/02/gpu-reset-recovery-in-mutter-a-progress-update

That's all for this week!

See you next week, and be sure to stop by #thisweek:gnome.org with updates on your own projects!

03 Jul 2026 8:55pm GMT

Laureen Caliman: Pick a word, any word

Over the past few weeks, I have been writing the backend for the vocabulary-puzzle generator for Crosswords.

But what entirely dictates a valid word placement whilst being mindful of all edge cases and managing the state of the puzzle upon the exploration of possible solutions?

Finding valid intersections

For each word in the list, the vocab generator searches for every valid location where the word at the current depth could be added (or not added) to the current puzzle. A candidate must satisfy several constraints:

As more words are added, the number of possible intersections rapidly grow. A single placement may produce several valid connections, each of which must be evaluated independently.

Modeling the intersections

The vocab grid generator represents candidate placements by using the coordinates of the intersection, placement direction (across, down), and the offset of the intersecting character within the word. As a whole, an intersection can transform the entire puzzle. For instance, "APPLE" and "PEAR" are just two words, but share four possible intersections. Rather than selecting one immediately, we ultimately want to record every valid candidate.

Each of these shared candidates then become a potential node in our recursive search tree. As our puzzle grows in size, the problem becomes less about placing words and more about exploring all valid intersections whilst preserving the integrity of the puzzle state as we add and rearrange words.

03 Jul 2026 3:40pm GMT

Matthew Garrett: Securing agentic identity

As is the case for many people working in the security industry, the last few months of my life have been focused on dealing with people wanting to use LLMs everywhere. From an enterprise security perspective that's not an inherent problem - what's more of a problem is that people want those agents to have access to resources like their calendar and email and so on, and now we have somewhat non-deterministic agents that seem very enthusiastic to achieve what you asked whether that's a good idea or not, and we're combining this with credentials that give them access to sensitive data, and leaving those credentials on disk where they can be committed into git repos or exfiltrated to some other service to make use of them on the agent's behalf or well just any other number of things, at which point your CEO's email is suddenly readable by everyone and you're having a bad day.

As I mentioned in my last post, pretty much every strong mechanism for keeping credentials in place is just not supported in the wider world. We can imagine a universe where agents use hardware (or at least hypervisor) backed certificates to obtain credentials and any that end up leaking are worthless as a result. But, sadly, that's not an option for most people using existing identity providers. The state of the art is that you use the device code flow and a human authenticates and the token ends up back inside the agent environment and then it proceeds to do whatever it wants with it and you just hope that you wake up the next morning without an awful infoleak occurring.

(An aside: I do not like the device code flow as used in enterprise environments, and I never will. The identity provider doesn't have a real opportuity to inspect the security posture of the system asking for the token, and as a result some identity providers will restrict tokens that are issued in this way. The common alternative of doing stuff using a more standard flow and having a redirect URI pointing at localhost works fine for local systems and is a pain for remote ones, even if you can commit crimes with SSH forwarding. I'm going to suggest something that I think is better, and you are free to disagree)

I'm not in a position to get every identity provider and service provider to change their security posture, so I'm somewhat stuck in terms of the tokens they're willing to issue me - largely either JWTs or opaque access tokens, with no support for any mechanism of binding that token to an instance. The token that's going to have to be provided to the remote service is something I have little influence over. But that doesn't mean I can't influence the token that lands inside the agent's environment. I can issue a placeholder token to the agent, and force it to communicate via a proxy that swaps out the placeholder for the real thing. The worst the agent can do is exfiltrate the placeholder token, and as long as malicious actors don't have access to that proxy, it doesn't matter - nobody else can do anything with the placeholder.

This isn't a terribly novel insight, and it seems like almost everybody has reinvented this on their own. But a lot of these implementations involve you somehow obtaining the real token in advance and then pasting that into something that generates a placeholder that you provide to your agent environment somehow, and it's all a bit clunky and awkward, and it also means that you need to deal with something that keeps track of the mapping between placeholders and real tokens and oh no we've just invented a secret store, and if you want this to work at scale and reliably you're just invented a high availability distributed secret store, and a lot of people who've read that are now shaking their heads and reaching for gin. Can we simplify this, and improve security at the same time? I think we can!

Remember when I said "as long as malicious actors don't have access to that proxy, it doesn't matter"? What if they do? What if they compromise one machine inside your environment and are then able to email a bunch of employees and convince their agents to send more tokens back to them and then delete the email before a human reads it? Now you have someone inside the wall with access to those tokens, and presumably with access to the proxy, and now they can be anyone whose agent was gullible enough to think sending them a token was a good idea. This isn't good!

So, I thought for a while, and I came up with a new idea. We can have a broker service that obtains credentials for us. We can run that centrally, away from the agents. A client in an agentic environment can request a token, and that can result in a URL being generated and the user being directed to open a URL in a browser and authenticate. When the user authenticates, the authentication flow redirects the confirmation back via the broker, and the broker obtains the real auth token. The obvious thing to do now would be to return the auth token to the client in the agentic environment, but we don't do that. Instead, we mint a new JWT, and add a new claim - one that contains an encrypted copy of the token. In the process we can copy over all the original claims, because those aren't secret - and now even if the client inspects the token to figure out what access it has, it'll get a correct answer. We sign the new token with our own signing key, and pass that back to the client. The client now has a legitimate JWT that is utterly useless, because the signature isn't trusted by anyone other than us.

How does it use it? It makes an API request via a proxy, including the new token in the Authorization: header. The proxy verifies the signature on the token, and then decrypts the original token and swaps out the fake token for the real one. The remote API sees what it expects, and everyone is happy. There's never a real token in the agentic environment, but also we don't need to store anyting anywhere. The only state is the encryption keys, and those can be injected into the environment at startup. You need to scale? Just start more of these processes. You need to support multiple availability zones? Just start more of these processes in different places. No persistent data is ever held in the broker or the proxy. You don't need to care about distributed databases or secret stores.

This felt wonderfully elegant and I felt smug about coming up with a better idea, and then I went to a bar earlier this week and sat down to read RFC 8705 and the guy next to me saw that over my shoulder and asked what I was reading and I explained why I was interested and we talked about agentic identity and then he mentioned that fly.io had something that sounded very similar and I read that and gosh yes it is very similar, so damn you fly.io for stealing my ideas 3 years before I even had them. Anyway. Now I need to do better.

Remember that there's still a risk around anyone who has access to the proxy having access to the encrypted keys? We can remove that risk as well. It's not uncommon for agentic environments to have an identity issued via something like SPIFFE, at which point they have a client certificate. You can probably guess where I'm going with this. If we require that an agent present a client cert to the broker when requesting a token, we can embed a representation of that client cert into the token we mint. The proxy can then require mTLS for the client connection, and can verify that the presented certificate matches the one represented in the token. If it does then whoever's using the token has access to the private key associated with the environment it was issued to. If we then ensure that the private keys backing these certificates are either hardware or hypervisor backed, and as such tied to a specific instance, we now have a high degree of confidence that the token can only be used in its intended environment. Even if our identity provider doesn't support RFC 8705, we can.

This is fairly straightforward where you're using a platform where your identity provider is also the environment that's consuming your tokens, and more annoying for third parties. The broker potentially needs some amount of third party vendor knowledge to make that work for everyone. This is even more the case where login isn't via your identity provider (thanks, github), but none of this is insurmountable - just annoying. And where vendors issue opaque tokens rather than JWTs, this still isn't a problem; we can just mint a new JWT that includes the opaque token as an encrypted claim, and include the same certificate binding. The opaque token ends up being the thing that's presented to the third party, but only after we've verified the mTLS binding.

In an ideal world none of this would be necessary - someone would spin up a new agentic environment, a user would prove their identity, and a certificate embodying that identity would be issued to the environment with a private key that can't be exfiltrated. That certificate would be sufficient to obtain new certificates associated with the same private key, and we could still bind that into mTLS identity. This would be much simpler, but browsers don't support it, so it's not likely to happen any time soon.

Anyway. Even if we can't have the best thing, we can do better than we are at the moment, and also it would be lovely if we could standardise on this rather than have everyone build their own thing. The end.

03 Jul 2026 12:38am GMT