Michal Čihař - Archives

Heartbleed fun

You probably know about heartbleed bug in OpenSSL as it is so widespread that it got to mainstream medias as well. As I'm running Debian Wheezy on my servers, they were affected as well.

The updated OpenSSL library was installed immediately after it has been released, but there was still option that somebody got private data from the server before (especially as the vulnerability exists for quite some time). So I've revoked and reissued all SSL certificates while regenerating new private keys. This has nice benefit that they now use SHA 256 intermediate CA compared to SHA 1 which was used on some of them before.

Though there is no way to figure out whether there was some information leak or not, I have decided to reset all access tokens for OAuth (eg. GitHub), so if you have used GitHub login for Weblate, you will have to reauthenticate.

New SSL certificates

Today, I've replaced server SSL certificates with new ones issues by GlobalSign. These should not suffer of same trust problems as CACert one used so far (especially after CACert root certificate being removed from Debian).

While doing this, I had to use SNI on server to be able to decide which SSL certificate it should use. This should work for any decent browser, but I guess your scripts might have problems, but I hope this will be rare. Anyway if you will face some issues because of this, please let me know.

Other than that I've also tweaked SSL setup to follow current best practice, what could also cause troubles to some ancient clients, but I hope these are non existing in this case :-). See Qualys SSL report for more details.

Anyway thanks to GlobalSign free SSL certificates for open source projects you can use hosted Weblate without any SSL warnings.

PS: Similar change (just without SNI) has happened last week on phpMyAdmin web servers as well.

GSoC 2014 applications for phpMyAdmin

As usual, I look at the application stats for phpMyAdmin just after student application period of Google Summer of Code is over.

First of all we got more proposals than in last years, this time there is way more students from India and discussions on mentors lists shows this is quite similar for other projects. Maybe it's just different timing which works better for students there, but there might be different reasons as well. There is also quite low number of spam or bogus proposals.

Same as in past years, people leave the submission to the last moment, even though we encourage them to submit early so that they can adjust the application based on our feedback.

Number of applications over time

Anyway we're just working on evaluation and will finalize it in upcoming days. Of course you will know the results from Google on April 21st.

Automatically checking pull request on GitHub

Since introduction of Developer's Certificate of Origin in phpMyAdmin, we've struggled with automatically checking pull requests on GitHub that they match this.

First attempt was to integrate this check into Travis environment, but that proven to be hard to understand by potential contributors as it did not give direct feedback what went wrong. So it was still useful for us, but still we had to explain the situation. With recent flood of contributions from potential GSoC students, it became quite tedious task.

So let's automate that. GitHub has quite powerful API, so it should not be that hard. Looking at Webhooks documentation, it is quite easy to get hooked on pull request creation and updates and checking commits and adding comments is just a piece of cake. The hardest choice was choosing language in which to implement it :-). While not finding binding for GitHub in any of my favorite language packaged in Debian. I've decided to hack this quickly in PHP without using any library and if this turns out to be limitation in future, it can be easily rewritten.

First incarnation of our commit checker did check just Signed-Off-By lines in commit messages, but I've found that there might be some other useful checks. So the script got extended for various simple coding style violations, which we see quite often like wrong indentation or using DOS end of lines (the example of all fired checks can be found in pull request 1081). You can find the code for it in our scripts repository.

phpMyAdmin participating in GSoC 2014

phpMyAdmin has been accepted for Google Summer of Code 2014. So if you are a student and thinking about how to spend this summer, you might want to join us.

As usual, we have prepared dozen of ideas, so in case you are interested, it's really the time to start to work on your application. We require you to contribute before GSoC, so that we can see you can handle the code and our tools. All details you might need are available in our applicant guide.

Our requirements might sound strict, but without them, we would drown in hundredths of applications with no clue how to decide, so do your homework and prepare perfect application. If you have any questions, get in touch with us on mailing list and submit the application to to GSoC website.

Going to FOSDEM

Same as in past year, I'm attending FOSDEM 2014. This is the best opportunity to meet with free software world in Europe and get in touch with people you know only from mailing lists.

If you want to meet me in person and discuss anything, just get in touch with me and we'll arrange it.

Changes in phpMyAdmin support

As usual with our phpMyAdmin team meetings, quite a lot things get decided there and it was no difference this year, when we've met at DebConf 13.

We've discussed quite a lot of topics and some had quite interesting outcome.

One of already changes is that we're going to consolidate our support efforts on Stack Overflow. We've provided various support channels so far (IRC, mailing list, web forums and support tracker), which have overlapped quite a lot and we simply lack manpower to do all of that properly.

So users on IRC mostly get bored and left before somebody got to them. The mailing list received just few mails in a month, so they were almost not used. The web forums worked quite well for answering questions, but nobody was able to find answers there (the forums on SourceForge are quite hard to get properly indexed by Google), so the questions got repeated quite a lot. In the end we've decide to use Stack Overflow as it was anyway already used by lot of our users and concentrating our effort on single channel will even improve this.

DebConf day trip

Yesterday, we've spent nice day on a day trip of DebConf. I took the long hike, which ended up at Creux du Van, what is wonderful rocky place.

The way up was through nice nature and we've met quite a lot of cows on the way:

They we've finally arrived to Creux du Van:

Of course we could not miss an opportunity to take a group photo:

After wandering around the rocks, we took a lunch and headed to Neuchâtel, where some music festival was going on:

The whole day was nicely finished on a boat with a dinner.

PS: More DebConf photos are available in my gallery.

Weblate 1.6

Weblate 1.6 has been released today. It comes with lot of improvements, especially adds voting for suggestions, improves import performance and brings more helpful admin interface. This is also first release with crowdfunded feature, but there are still some features to fund!

Full list of changes for 1.6:

  • Nicer error handling on registration.
  • Browsing of changes.
  • Fixed sorting of machine translation suggestions.
  • Improved support for MyMemory machine translation.
  • Added support for Amagama machine translation.
  • Various optimizations on frequently used pages.
  • Highlights searched phrase in search results.
  • Support for automatic fixups while saving the message.
  • Tracking of translation history and option to revert it.
  • Added support for Google Translate API.
  • Added support for managing SSH host keys.
  • Various form validation improvements.
  • Various quality checks improvements.
  • Performance improvements for import.
  • Added support for voting on suggestions.
  • Cleanup of admin interface.

You can find more information about Weblate on it's website, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Ready to run appliances will be soon available in SUSE Studio Gallery.

Weblate is also being used https://l10n.cihar.com/ as official translating service for phpMyAdmin, Gammu, Weblate itself and others.

If you are free software project which would like to use Weblate, I'm happy to help you with set up or even host Weblate for you.

phpMyAdmin in GSoC 2013

As student application period of Google Summer of Code 2013 is over, it's time to look at proposals we got for phpMyAdmin.

First of all we got slightly less proposals than in past years. This is probably related to the fact that we still heavily focus on code cleanup this year and this is definitely not that interesting topic as adding new features. I think quality has also slightly improved and this time we received no bogus or spam proposals.

Also as usual, people tend to leave submission for very last date (though not that much as in past years):

Number of applications over time

Quite unsurprisingly the most interesting topic seemed to be interface improvements, though it is quite wide. You can see how other topics were frequent in following chart:

Number of applications for various types

Please note that the numbers are not 100% accurate as some proposals really did not fit into above categories.

Anyway we're just working on evaluation and will finalize it in upcoming days. Of course you will know the results from Google on May 27th.