Planet GNOME

Welcome to the first GNOME Foundation update of 2026! I hope that the new year finds you well. The following is a brief summary of what’s been happening in the Foundation this week.

Trademark registration renewals

This week we received news that GNOME’s trademark registration renewals have been completed. This is an example of the routine legal functions that the GNOME Foundation handles for the GNOME Project, and is part of what I think of as our core operations. The registration lasts for 10 years, so the next renewal is due in 2036. Many thanks to our trademark lawyers for handling this for us!

Microsoft developer account

Another slow registration process that completed this week was getting verified status on our Microsoft Developer Account. This was primarily being handled by Andy Holmes, with a bit of assistance on the Foundation side, so many thanks to him. The verification is required to allow those with Microsoft 365 organizational accounts to use GNOME Online Accounts.

Travel Committee

The Travel Committee had its first meeting of 2026 this week, where it discussed travel sponsorships for last month’s GNOME.Asia conference. Sadly, a number of people who were planning to travel to the conference had their visas denied. The committee spent some time assessing what happened with these visa applications, and discussed how to support visa applicants better in future. Thanks in particular to Maria for leading that conversation.

GNOME.Asia Report

Also related to GNOME.Asia: Kristi has posted a very nice report on the event, including some very nice pictures. It looks like it was a great event! Do make sure that you check out the post.

Audit preparation

As I mentioned in previous posts, audit preparation is going to be a major focus for the GNOME Foundation over the next three months. We are also finishing off the final details of our 2024-25 accounts. These two factors resulted in a lot of activity around the books this week. In addition to a lot of back and forth with our bookkeeper and finance advisor, we also had a regular monthly bookkeeping call yesterday, and will be having an extra meeting to make more process in the next few weeks.

New payments platform rollout

With it being the first week of the month, we had a batch of invoices to process and pay this week. For this we made the switch to a new payments processing system, which is going to be used for reimbursement and invoice tracking going forward. So far the system is working really well, and provides us with a more robust, compliant, and integrated process than what we had previously.

Infrastructure

Over the holiday, Bart cleared up the GNOME infrastructure issues backlog. This led him to write a service which will allow us to respond to GitLab abuse reports in a better fashion. On the Flathub side, he completed some work on build reproducibility, and finished adding the ability to re-publish apps that were previously marked as end of life.

FOSDEM

FOSDEM 2026 preparations continued this week. We will be having an Advisory Board meeting, for which attendance is looking good, so good that we are currently in the process of booking a bigger room. We are also in the process of securing a venue for a GNOME social event on the Saturday night.

GNOME Foundation donation receipts

Bart added a new feature to donate.gnome.org this week, to allow donors to generate a report on their donations over the last calendar year. This is intended to provide US tax payers with the documentation necessary to allow them to offset their donations against their tax payments. If you are a donor, you can generate a receipt for 2025 at donate.gnome.org/help .

That’s it for this week’s update! Thanks for reading, and have a great weekend.

If you ask people why they are using AI (or want other people to use it) you get a ton of different answers. Typically none of them contain the real reason, which is that using AI is dirt cheap. Between paying a fair amount to get something done and paying very little to give off an impression that the work has been done, the latter tends to win.

The reason AI is so cheap is that it is being paid by investors. And the one thing we know for certain about those kinds of people is that they expect to get their money back. Multiple times over. This might get done by selling the system to a bigger fool before it collapses, but eventually someone will have to earn that money back from actual customers (or from government bailouts, i.e. tax payers).

I'm not an economist and took a grand total of one economics class in the university, most of which I have forgotten. Still, using just that knowledge we can get a rough estimate of the money flows involved. For simplicity let's bundle all AI companies to a single entity and assume a business model based on flat monthly fees.

The total investment

A number that has been floated around is that AI companies have invested approximately one trillion (one thousand billion or 1e12) dollars. Let's use that as the base investment we want to recover.

Number of customers

Sticking with round figures, let's assume that AI usage becomes ubiquitous and that there are one billion monthly subscribers. For comparison the estimated number of current Netflix subscribers is 300 million.

Income and expenses

This one is really hard to estimate. What seems to be the case is that current monthly fees are not enough to even pay back the electricity costs of providing the service. But let's again be generous and assume that some sort of a efficiency breakthrough happens in the future and that the monthly fee is $20 with expenses being $10. This means a $10 profit per user per month.

We ignore one-off costs such as buying several data centers' worth of GPUs every few years to replace the old ones.

The simple computation

With these figures you get $10 billion per month or $120 billion per year. Thus paying off the investment would take a bit more than 8 years. I don't personally know any venture capitalists, but based on random guessing this might fall in the "takes too long, but just about tolerable" level of delay.

So all good then?

Not so fast!

One thing to keep in mind when doing investment payback calculations is the time value of money. Money you get in "the future" is not as valuable as money you have right now. Thus we need to discount them to current value.

Interest rate

I have no idea what a reasonable discount rate for this would be. So let's pick a round number of 5.

The "real-er" numbers

At this point the computations become complex enough that you need to break out the big guns. Yes, spreadsheets.

Here we see that it actually takes 12 years to earn back the investment. Doubling the investment to two trillion would take 36 years. That is a fair bit of time for someone else to create a different system that performs maybe 70% as well but which costs a fraction of the old systems to get running and operate. By which time they can drive the price so low that established players can't even earn their operating expenses let alone pay back the original investment. 

Exercises for the reader

• This computation assumes the system to have one billion subscribers from day one. How much longer does it take to recuperate the investment if it takes 5 years to reach that many subscribers? What about 10 years?
• How long is the payback period if you have a mere 500 million paid subscribers?
• Your boss is concerned about the long payback period and wants to shorten it by increasing the monthly fee. Estimate how many people would stop using the service and its effect on the payback time if the fee is raised from $20 to $50. How about $100? Or $1000?
• What happens when the ad revenue you can obtain by dumping tons of AI slop on the Internet falls below the cost of producing said slop?

GNOME ASIA 2025 took place in Tokyo, Japan, from 13–14 December 2025, bringing together the GNOME community for the featured annual GNOME conference in Asia.
The event was held in a hybrid format, welcoming both in-person and online speakers and attendees from across the world.

GNOME ASIA 2025 was co-hosted with the LibreOffice Asia Conference community event, creating a shared space for collaboration and discussion between open-source communities.

Photo by Tetsuji Koyama, licensed under CC BY 4.0 About GNOME.Asia Summit

The GNOME.Asia Summit focuses primarily on the GNOME desktop while also covering applications and platform development tools. It brings together users, developers, foundation leaders, governments, and businesses in Asia to discuss current technologies and future developments within the GNOME ecosystem.

The event featured 25 speakers in total, delivering 17 full talks and 8 lightning talks across the two days. Speakers joined both on-site and remotely.

Photo by Tetsuji Koyama, licensed under CC BY 4.0

 

 

 

 

 

 

 

 

Around 100 participants attended in person in Tokyo, contributing to engaging discussions and community interaction. Session recordings were published on the GNOME Asia YouTube channel, where they have received 1,154 total views, extending the reach of the event beyond the conference dates.

With strong in-person attendance, active online participation, and collaboration with the LibreOffice Asia community, GNOME ASIA 2025 once again demonstrated the importance of regional gatherings in strengthening the GNOME ecosystem and open-source collaboration in Asia.

Photo by Tetsuji Koyama, licensed under CC BY 4.0

 

 

Update on what happened across the GNOME project in the week from January 02 to January 09.

GNOME Core Apps and Libraries Maps ↗

Maps gives you quick access to maps all across the world.

mlundblad announces

Thanks to work done by Jamie Gravendeel Maps has now been ported to use Blueprint to define the UI templates. Also Hari Rana ported the share locations (“Send to”) dialog to AdwDialog.

Third Party Projects

Giant Pink Robots! says

Version v2026.1.5 of the Varia download manager was released with automatic archive extraction, improvements to accessibility and tons of bug fixes and small improvements. The biggest part of this new release however is macOS support, albeit in an experimental state for now. With this, Varia now supports all three big desktop OS platforms: Linux, Windows and Mac. https://giantpinkrobots.github.io/varia/

francescocaracciolo announces

Newelle, AI Assistant for Gnome, received a new major update!

• Added MCP server support, enabling integration with thousands of apps
• Added Tools, extensions can now add new tools very easily
• Added the possibility to set some models as favoutites
• You can now trigger recording and TTS stop with keyboard shortcuts

Download it on Flathub

Phosh ↗

A pure wayland shell for mobile devices.

Guido announces

Phosh 0.52 is out:

We’ve added a QR code to the Wi-Fi quick setting so clients can connect easily by scanning it and there’s a new gesture to control brightness on the lock screen.

There’s more — see the full details here.

Flare ↗

Chat with your friends on Signal.

schmiddi announces

Version 0.18.0-beta.1 of Flare was now released on flathub-beta. This release includes fixes for using Flare as a primary device, which I have done successfully for a while now. Feel free to test it out and provide feedback. Note that if you want to try it out, I would heavily encourage linking Signal-Desktop to Flare in order to set your profile information and to start new chats. Feel free to give feedback if you have any issues with this beta in the Matrix room or issue tracker.

Emergency Alerts ↗

Receive emergency alerts

Leonhard reports

Emergency Alerts 2.0.0 has been released! It finally brings the long-awaited weather alerts for the U.S. and air raid alerts for Ukraine. Location selection is now also more powerful, allowing you to choose any point on Earth, and the new map view lets you see active alerts and affected areas at a glance. Please note that to make all this possible, the way locations are stored had to be updated. When you first launch the app after updating, it tries to migrate your existing locations automatically. In rare cases, this may not work and you might need to re-add them manually. If that happens a notification will be sent.

Highlights:

• Weather alerts now available across the U.S.
• Air raid alerts now available for Ukraine
• Pick any point on Earth as a location
• New map view showing active alerts and impacted areas

GNOME Websites

Sophie (she/her) says

The www.gnome.org pages are now available in English, Bulgarian, Basque, Brazilian Portuguese, Swedish, Ukrainian, and Chinese. You can contribute additional translations on l10n.gnome.org.

Miscellaneous

Guillaume Bernard reports

Damned Lies has been refreshed during the last weeks of 2025.

To refresh the statistics of branches, many of you complained that the task was synchronous and ended in timeouts. I have reworked this part in anticipation of ticket #409 (asynchronous git pushes) and the refresh now delegates refresh statistics to a Celery worker. For git pushes, we’ll use Celery tasks the same way!

In short, this means every time you click the refresh statistics button, it will start a job in the background, and a progress bar will show you the refresh status of the job in real time. There will be a maximum of three concurrent refreshes at a time, that should be enough :-).

In addition to these major changes, I reworked the presentation of languages and POT files in modules:

1. The date & time of the POT file generation is now shown with the number of messages.

2. Your languages are shown on top of the list; it will no longer be necessary to scroll down to find your language in the language list.

Arjan reports

PyGObject 3.55.1 has been released. It’s the second development release (it’s not available on PyPI) in the current GNOME release cycle.

Notable changes include:

• A fix do do_dispose() is always called on your object.
• You can define a do_constructed() method that will be called after the object is initialised.
• A regression in 3.55.0 has been fixed: instance data is now saved and outlives the garbage collector.

All changes can be found in the Changelog

This release can be downloaded from Gitlab and the GNOME download server.If you use PyGObject in your project, please give it a swing and see if everything works as expected.

That’s all for this week!

See you next week, and be sure to stop by #thisweek:gnome.org with updates on your own projects!

Last month, I attended the GNOME.Asia Summit 2025 held at the IIJ office in Tokyo. This was my fourth time attending the summit, following previous events in Taipei (2010), Beijing (2015), and Delhi (2016).

As I live near Tokyo, this year’s conference was a unique experience for me: an opportunity to welcome the international GNOME community to my home city rather than traveling abroad. Reconnecting with the community after several years provided a helpful perspective on how our ecosystem has evolved.

Addressing the post-quantum transition

During the summit, I delivered a keynote address regarding post-quantum cryptography (PQC) and desktop. The core of my presentation focused on the “Harvest Now, Decrypt Later” (HNDL) type of threats, where encrypted data is collected today with the intent of decrypting it once quantum computing matures. The talk was followed by the history and the current status of PQC support in crypto libraries including OpenSSL, GnuTLS, and NSS, and concluded with the next steps recommended for the users and developers.

It is important to recognize that classical public key cryptography, which is vulnerable to quantum attacks, plays an integral role on the modern desktop: from secure web browsing to the underlying verification of system updates. Given that major government timelines (such as NIST and the NSA’s CNSA 2.0) are pushing for a full migration to quantum-resistant algorithms between 2027 and 2035, the GNU/Linux desktop should prioritize “crypto-agility” to remain secure in the coming decade.

From discussion to implementation: Crypto Usage Analyzer

One of the tools I discussed during my talk was crypto-auditing, a project designed to help developers identify and update the legacy cryptography usage. At the time of the summit, the tool was limited to a command-line interface, which I noted was a barrier to wider adoption.

Inspired by the energy of the summit, I spent part of the recent holiday break developing a GUI for crypto-auditing. By utilizing AI-assisted development tools, I was able to rapidly prototype an application, which I call “Crypto Usage Analyzer”, that makes the auditing data more accessible.

Conclusion

The summit in Tokyo had a relatively small audience, which resulted in a cozy and professional atmosphere. This smaller scale proved beneficial for technical exchange, as it allowed for focused discussions on desktop-related topics than is often possible at larger conferences.

Attending GNOME.Asia 2025 was a reminder of the steady work required to keep the desktop secure and relevant. I appreciate the efforts of the organizing committee in bringing the summit to Tokyo, and I look forward to continuing my work on making security libraries and tools more accessible for our users and developers.

Graphics drivers in Flatpak have been a bit of a pain point. The drivers have to be built against the runtime to work in the runtime. This usually isn’t much of an issue but it breaks down in two cases:

1. If the driver depends on a specific kernel version
2. If the runtime is end-of-life (EOL)

The first issue is what the proprietary Nvidia drivers exhibit. A specific user space driver requires a specific kernel driver. For drivers in Mesa, this isn’t an issue. In the medium term, we might get lucky here and the Mesa-provided Nova driver might become competitive with the proprietary driver. Not all hardware will be supported though, and some people might need CUDA or other proprietary features, so this problem likely won’t go away completely.

Currently we have runtime extensions for every Nvidia driver version which gets matched up with the kernel version, but this isn’t great.

The second issue is even worse, because we don’t even have a somewhat working solution to it. A runtime which is EOL doesn’t receive updates, and neither does the runtime extension providing GL and Vulkan drivers. New GPU hardware just won’t be supported and the software rendering fallback will kick in.

How we deal with this is rather primitive: keep updating apps, don’t depend on EOL runtimes. This is in general a good strategy. A EOL runtime also doesn’t receive security updates, so users should not use them. Users will be users though and if they have a goal which involves running an app which uses an EOL runtime, that’s what they will do. From a software archival perspective, it is also desirable to keep things working, even if they should be strongly discouraged.

In all those cases, the user most likely still has a working graphics driver, just not in the flatpak runtime, but on the host system. So one naturally asks oneself: why not just use that driver?

That’s a load-bearing “just”. Let’s explore our options.

Exploration

Attempt #1: Bind mount the drivers into the runtime.

Cool, we got the driver’s shared libraries and ICDs from the host in the runtime. If we run a program, it might work. It might also not work. The shared libraries have dependencies and because we are in a completely different runtime than the host, they most likely will be mismatched. Yikes.

Attempt #2: Bind mount the dependencies.

We got all the dependencies of the driver in the runtime. They are satisfied and the driver will work. But your app most likely won’t. It has dependencies that we just changed under its nose. Yikes.

Attempt #3: Linker magic.

Until here everything is pretty obvious, but it turns out that linkers are actually quite capable and support what’s called linker namespaces. In a single process one can load two completely different sets of shared libraries which will not interfere with each other. We can bind mount the host shared libraries into the runtime, and dlmopen the driver into its own namespace. This is exactly what libcapsule does. It does have some issues though, one being that the libc can’t be loaded into multiple linker namespaces because it manages global resources. We can use the runtime’s libc, but the host driver might require a newer libc. We can use the host libc, but now we contaminate the apps linker namespace with a dependency from the host.

Attempt #4: Virtualization.

All of the previous attempts try to load the host shared objects into the app. Besides the issues mentioned above, this has a few more fundamental issues:

1. The Flatpak runtimes support i386 apps; those would require a i386 driver on the host, but modern systems only ship amd64 code.
2. We might want to support emulation of other architectures later
3. It leaks an awful lot of the host system into the sandbox
4. It breaks the strict separation of the host system and the runtime

If we avoid getting code from the host into the runtime, all of those issues just go away, and GPU virtualization via Virtio-GPU with Venus allows us to do exactly that.

The VM uses the Venus driver to record and serialize the Vulkan commands, sends them to the hypervisor via the virtio-gpu kernel driver. The host uses virglrenderer to deserializes and executes the commands.

This makes sense for VMs, but we don’t have a VM, and we might not have the virtio-gpu kernel module, and we might not be able to load it without privileges. Not great.

It turns out however that the developers of virglrenderer also don’t want to have to run a VM to run and test their project and thus added vtest, which uses a unix socket to transport the commands from the mesa Venus driver to virglrenderer.

It also turns out that I’m not the first one who noticed this, and there is some glue code which allows Podman to make use of virgl.

You can most likely test this approach right now on your system by running two commands:

rendernodes=(/dev/dri/render*) virgl_test_server --venus --use-gles --socket-path /tmp/flatpak-virgl.sock --rendernode "${rendernodes[0]}" & flatpak run --nodevice=dri --filesystem=/tmp/flatpak-virgl.sock --env=VN_DEBUG=vtest --env=VTEST_SOCKET_NAME=/tmp/flatpak-virgl.sock org.gnome.clocks

If we integrate this well, the existing driver selection will ensure that this virtualization path is only used if there isn’t a suitable driver in the runtime.

Implementation

Obviously the commands above are a hack. Flatpak should automatically do all of this, based on the availability of the dri permission.

We actually already start a host program and stop it when the app exits: xdg-dbus-proxy. It’s a bit involved because we have to wait for the program (in our case virgl_test_server) to provide the service before starting the app. We also have to shut it down when the app exits, but flatpak is not a supervisor. You won’t see it in the output of ps because it just execs bubblewrap (bwrap) and ceases to exist before the app even started. So instead we have to use the kernel’s automatic cleanup of kernel resources to signal to virgl_test_server that it is time to shut down.

The way this is usually done is via a so called sync fd. If you have a pipe and poll the file descriptor of one end, it becomes readable as soon as the other end writes to it, or the file description is closed. Bubblewrap supports this kind of sync fd: you can hand in a one end of a pipe and it ensures the kernel will close the fd once the app exits.

One small problem: only one of those sync fds is supported in bwrap at the moment, but we can add support for multiple in Bubblewrap and Flatpak.

For waiting for the service to start, we can reuse the same pipe, but write to the other end in the service, and wait for the fd to become readable in Flatpak, before exec’ing bwrap with the same fd. Also not too much code.

Finally, virglrenderer needs to learn how to use a sync fd. Also pretty trivial. There is an older MR which adds something similar for the Podman hook, but it misses the code which allows Flatpak to wait for the service to come up, and it never got merged.

Overall, this is pretty straight forward.

Conclusion

The virtualization approach should be a robust fallback for all the cases where we don’t get a working GPU driver in the Flatpak runtime, but there are a bunch of issues and unknowns as well.

It is not entirely clear how forwards and backwards compatible vtest is, if it even is supposed to be used in production, and if it provides a strong security boundary.

None of that is a fundamental issue though and we could work out those issues.

It’s also not optimal to start virgl_test_server for every Flatpak app instance.

Given that we’re trying to move away from blanket dri access to a more granular and dynamic access to GPU hardware via a new daemon, it might make sense to use this new daemon to start the virgl_test_server on demand and only for allowed devices.

Hey hey happy new year, friends! Today I was going over some V8 code that touched pre-tenuring: allocating objects directly in the old space instead of the nursery. I knew the theory here but I had never looked into the mechanism. Today’s post is a quick overview of how it’s done.

allocation sites

In a JavaScript program, there are a number of source code locations that allocate. Statistically speaking, any given allocation is likely to be short-lived, so generational garbage collection partitions freshly-allocated objects into their own space. In that way, when the system runs out of memory, it can preferentially reclaim memory from the nursery space instead of groveling over the whole heap.

But you know what they say: there are lies, damn lies, and statistics. Some programs are outliers, allocating objects in such a way that they don’t die young, or at least not young enough. In those cases, allocating into the nursery is just overhead, because minor collection won’t reclaim much memory (because too many objects survive), and because of useless copying as the object is scavenged within the nursery or promoted into the old generation. It would have been better to eagerly tenure such allocations into the old generation in the first place. (The more I think about it, the funnier pre-tenuring is as a term; what if some PhD programs could pre-allocate their graduates into named chairs? Is going straight to industry the equivalent of dying young? Does collaborating on a paper with a full professor imply a write barrier? But I digress.)

Among the set of allocation sites in a program, a subset should pre-tenure their objects. How can we know which ones? There is a literature of static techniques, but this is JavaScript, so the answer in general is dynamic: we should observe how many objects survive collection, organized by allocation site, then optimize to assume that the future will be like the past, falling back to a general path if the assumptions fail to hold.

my runtime doth object

The high-level overview of how V8 implements pre-tenuring is based on per-program-point AllocationSite objects, and per-allocation AllocationMemento objects that point back to their corresponding AllocationSite. Initially, V8 doesn’t know what program points would profit from pre-tenuring, and instead allocates everything in the nursery. Here’s a quick picture:

A linear allocation buffer containing objects allocated with allocation mementos

Here we show that there are two allocation sites, Site1 and Site2. V8 is currently allocating into a linear allocation buffer (LAB) in the nursery, and has allocated three objects. After each of these objects is an AllocationMemento; in this example, M1 and M3 are AllocationMemento objects that point to Site1 and M2 points to Site2. When V8 allocates an object, it increments the “created” counter on the corresponding AllocationSite (if available; it’s possible an allocation comes from C++ or something where we don’t have an AllocationSite).

When the free space in the LAB is too small for an allocation, V8 gets another LAB, or collects if there are no more LABs in the nursery. When V8 does a minor collection, as the scavenger visits objects, it will look to see if the object is followed by an AllocationMemento. If so, it dereferences the memento to find the AllocationSite, then increments its “found” counter, and adds the AllocationSite to a set. Once an AllocationSite has had 100 allocations, it is enqueued for a pre-tenuring decision; sites with 85% survival get marked for pre-tenuring.

If an allocation site is marked as needing pre-tenuring, the code in which it is embedded it will get de-optimized, and then next time it is optimized, the code generator arranges to allocate into the old generation instead of the default nursery.

Finally, if a major collection collects more than 90% of the old generation, V8 resets all pre-tenured allocation sites, under the assumption that pre-tenuring was actually premature.

tenure for me but not for thee

What kinds of allocation sites are eligible for pre-tenuring? Sometimes it depends on object kind; wasm memories, for example, are almost always long-lived, so they are always pre-tenured. Sometimes it depends on who is doing the allocation; allocations from the bootstrapper, literals allocated by the parser, and many allocations from C++ go straight to the old generation. And sometimes the compiler has enough information to determine that pre-tenuring might be a good idea, as when it generates a store of a fresh object to a field in an known-old object.

But otherwise I thought that the whole AllocationSite mechanism would apply generally, to any object creation. It turns out, nope: it seems to only apply to object literals, array literals, and new Array. Weird, right? I guess it makes sense in that these are the ways to create objects that also creates the field values at creation-time, allowing the whole block to be allocated to the same space. If instead you make a pre-tenured object and then initialize it via a sequence of stores, this would likely create old-to-new edges, preventing the new objects from dying young while incurring the penalty of copying and write barriers. Still, I think there is probably some juice to squeeze here for pre-tenuring of class-style allocations, at least in the optimizing compiler or in short inline caches.

I suspect this state of affairs is somewhat historical, as the AllocationSite mechanism seems to have originated with typed array storage strategies and V8’s “boilerplate” object literal allocators; both of these predate per-AllocationSite pre-tenuring decisions.

fin

Well that’s adaptive pre-tenuring in V8! I thought the “just stick a memento after the object” approach is pleasantly simple, and if you are only bumping creation counters from baseline compilation tiers, it likely amortizes out to a win. But does the restricted application to literals point to a fundamental constraint, or is it just accident? If you have any insight, let me know :) Until then, happy hacking!