Michal Čihař - Blog Archives for Debian

Weekly phpMyAdmin contributions 2016-W04

As I've already mentioned in separate blog post we mostly had some security issues fun in past weeks, but besides that some other work has been done as well.

I've still focused on code cleanups and identified several pieces of code which are no longer needed (given our required PHP version). Another issue related to security updates was to set testing of 4.0 branch using PHP 5.2 as this is what we've messed up in the security release (what is quite bad as this is only branch supporting PHP 5.2).

In addition to this, I've updated phpMyAdmin packages in both Debian and Ubuntu PPA.

All handled issues:

Canon MF8540Cdn on Debian Linux

I've recently bought this beast and of course want to run it on Linux. Vendor does provide Linux drivers which even come with source, so that looked quite okay in the beginning.

However it turned out not to be that easy. First attempt was to install the 64-bit drivers and all I got from the printer is almost blank page with:

**** Unable to open the initial device, quitting.

Okay, that's not much helpful. Meanwhile I did install i386 system where it worked just fine. I started to smell some problems and looked at the source. It turned out to be almost complete, there was just single i386 binary, which is obviously needed by the driver.

Once realizing this, it was quite easy to make it work on 64 bit system as well:

dpkg --add-architecture i386
apt install libxml2:i386 libstdc++6:i386

Not that I'd be happy to run binary blob on my system, but at least printing now works.

Scanning from the device is easy - all you need to configure access to email and Samba and it works pretty without problems.

Security work

As you can now see on phpMyAdmin's security page, we've managed to spend 9 security announcements on todays release. Hopefully it won't continue that bad in rest of the year.

Anyway receiving such extensive report was really challenging for us - correctly tracking and fixing all reported issues, discovering which versions are affected. This proven to be quite difficult given that most of the affected code has been refactored meanwhile. But I'm quite happy we've managed to fix ll issues on three supported branches in two weeks.

Another challenge (especially for Isaac) was that this all came with change of our release manager, so forgive us some minor problems with the releases (especially not updated changelogs), we will do it better next time!

PS: Updated packages are on their way to Debian and phpMyAdmin PPA.

PS2: It seems we've messed few more things, so expect quick followup releases for older versions.

Supporting Software Freedom Conservancy

Last week the Software Freedom Conservancy has launched fundraiser to be able to continue operation under new circumstances, where some sponsors left them after GPL enforcement activities.

I think Conservancy does quite a lot for free software ecosystem and GPL enforcement is something what has to be done, if we want to protect free software world. That's reason, why I've decided to become their supporter:

Become a Conservancy Supporter!

Packaging python-gammu

After Monday release of separate Gammu and python-gammu, the obvious task was to get the new package to distributions.

First I've started with Debian packages, what was quite easy as from quite complex CMake + Python package it is now purely CMake and it was mostly about removing stuff. Soon the updated Gammu package was uploaded to experimental. Once having that ready, I've also update the backports for Ubuntu and these are available in Gammu PPA. Creating new python-gammu package was a bit harder as this is the first Python 3 compatible package I've created, but it's now ready and sitting in the NEW queue.

While working on python-gammu package, I've realized that some of the data used in testsuite are missing in the tarball. While not being critical, this is definitely not nice, so I've decided to release python-gammu 2.1 today. It also includes fixes for some corner cases found by coverity.

For openSUSE the packaging was quite easy as well, stripping out unneeded parts of Gammu package went smoothly and it's now in hardware project, SR to Factory is pending. With python-gammu it turned out to be much harder as the testsuite had failed there with some strange error coming out of libdbi. After looking deeper into it, the problem is in new return type available in Git snapshot openSUSE is shipping. Fortunately producing fix was quite easy, so next Gammu upstream will handle that properly and package in hardware project is already patched. You can now use python-python-gammu from devel:languages:python and SR to Factory is pending as well.

Changes in phpMyAdmin support

As usual with our phpMyAdmin team meetings, quite a lot things get decided there and it was no difference this year, when we've met at DebConf 13.

We've discussed quite a lot of topics and some had quite interesting outcome.

One of already changes is that we're going to consolidate our support efforts on Stack Overflow. We've provided various support channels so far (IRC, mailing list, web forums and support tracker), which have overlapped quite a lot and we simply lack manpower to do all of that properly.

So users on IRC mostly get bored and left before somebody got to them. The mailing list received just few mails in a month, so they were almost not used. The web forums worked quite well for answering questions, but nobody was able to find answers there (the forums on SourceForge are quite hard to get properly indexed by Google), so the questions got repeated quite a lot. In the end we've decide to use Stack Overflow as it was anyway already used by lot of our users and concentrating our effort on single channel will even improve this.

DebConf day trip

Yesterday, we've spent nice day on a day trip of DebConf. I took the long hike, which ended up at Creux du Van, what is wonderful rocky place.

The way up was through nice nature and we've met quite a lot of cows on the way:

They we've finally arrived to Creux du Van:

Of course we could not miss an opportunity to take a group photo:

After wandering around the rocks, we took a lunch and headed to Neuchâtel, where some music festival was going on:

The whole day was nicely finished on a boat with a dinner.

PS: More DebConf photos are available in my gallery.

Good morning DebConf

Yesterday evening I've arrived at DebConf 13. I was quite tired after traveling so I just had few beers and went to bed.

The travel went quite well besides somebody else broke wine and my suitcase was all wet from it. Fortunately almost nothing got inside so I have some clean clothes for next week :-).

As I went to bed quite early, I woke up early as well so I went to short walk to see what is nearby:

Sunrise at Lake Neuchâtel Castle Vaumarcus Castle Vaumarcus

Photo uploader 0.10

Photo uploader has just got first release under new maintainer. It mostly fixes various bugs, but the project is going on.

Full list of changes:

  • Compatibility with Python 3.
  • Fix build with Python 2.7.
  • Added documentation in Sphinx format.
  • Updated imageshack support.

Thanks to Andrew Shadura for taking over this tool.

PS: The package should be soon available in Debian as well.

FOSDEM 2013 summary (Sunday)

FOSDEM 2013 is over and it's time to look what interesting I have seen there on Sunday.

Sunday was supposed to start for me with L20N, but it was postponed to 13:00 as the presenters weren't on time. I could have used one more hour of sleep, but at least I spent some time on coding.

Detect merge conflicts in realtime was quite interesting talk, though I was pretty surprised that the conflict detecting does not at all care about underlying version control system, but does purely file based guesses.

The Hardening MySQL talk pretty much described why security in MySQL sucks and what you should do to make it secure. Quite good introduction to the topic, but not much new information for me.

Introduction of Firefox OS, was quite nice demo showing they have something working, though it had some problems with flaky network on FOSDEM. Looking forward to see phone being sold, though it will probably not be something I'd buy.

To add some fun, I've stayed on systemd, Two Years Later presentation, which gave some summary of what is currently in systemd and where it wants to go. Still it did not move systemd from category of "I don't care as long as it works".

Now followed delayed L20N talk - it showed new Mozilla's effort for localization. Which is quite powerful and has nice features, on the other side it put's quite more load to translators - now they would have to understand some basics of programming as well to be able to use the new features (or not so new ones as plurals). Their motivation is to remove localization effort from developers, but I'm not really convinced it will work nicely.

After some meetings and lunch, I went to LibreOffice: cleaning and re-factoring a giant code-base, which showed some challenges LibreOffice has to take and how they dealt with that. I think it's pretty great job done and I'm looking forward to new releases.

Being GNOME user, I could not skip Has the GNOME community gone crazy?. It of course tried to tell that they did not :-).

Last, but not least my friend Dieter from phpMyAdmin had talk Present and future of phpMyAdmin. He listed some of the new features, demoed 3.5 and 4.0 version (of course the demo of 4.0 version broke due to some caching). Even when the talk had quite unpleasant timing, it has attracted some people and they even asked few questions.

This years FOSDEM was again great and looking forward to be there next year.