Michal Čihař - Blog Archives for phpMyAdmin

phpMyAdmin translations status

phpMyAdmin 3.5 should be released on April 7, 2012, so let's again look at translations status. Here comes sixth round of translation status update.

Since last update we have two more translations summing up to 11 translations at 100%:

  • Czech
  • English (Great Britain)
  • Estonian
  • French
  • Greek
  • Japanese
  • Russian
  • Slovenian
  • Spanish
  • Swedish
  • Turkish

There are few which are really close to 100% and I hope they will get there soon:

  • Chinese
  • Danish
  • Dutch
  • German
  • Italian
  • Polish

As you can see, there is still lot of languages missing, this might be your opportunity to contribute to phpMyAdmin. Also you are welcome to translate phpMyAdmin 3.5 using translation server.

phpMyAdmin translations status

We're heading towards final phpMyAdmin 3.5, so let's again look at translations status. Here comes fifth round of translation status update.

Since last update we one less translation (it was not really complete, the po file missed few strings) at 100%:

  • Czech
  • English (Great Britain)
  • French
  • Japanese
  • Russian
  • Slovenian
  • Spanish
  • Swedish
  • Turkish

There are few which are really close to 100% and I hope they will get there soon:

  • Danish
  • Dutch
  • Estonian
  • Italian
  • Polish

As you can see, there is still lot of languages missing, this might be your opportunity to contribute to phpMyAdmin. Also you are welcome to translate phpMyAdmin 3.5 using new translation server.

l10n.cihar.com switched to Weblate

I've just switched https://l10n.cihar.com/ to Weblate as I think it's stable enough to replace Pootle installation there. This change immediately affects translation of all projects which were done there - phpMyAdmin, Gammu, Wammu, GePeS or Ukolovnik. In addition Weblate itself is also being translated there.

Your old usernames and passwords should be valid (in case you've activated the account and used it in last year), but you might want to adjust your profile as the settings were intentionally not imported (many users had corrupted name in Pootle and hope this will let them fix it).

Let's see how many bugs will this switch reveal, but I expect it will work quite smoothly.

Looking for Pootle alternative

For some time, we use Pootle as online translation tool for phpMyAdmin. It is indeed great tool, but somehow we seem to be hitting more and more issues with it and I feel it really won't fit nicely once we will want to support translations on two divergent branches. Also it's code base is not something easy to understand so that I would be able to fix bugs myself without major effort.

So this is when I started to look for alternatives. Unfortunately there is nothing I could find what would work in way I want. I've looked at Transifex, Translatewiki, Crowdin and others whose names I've forgotten and I still haven't found what I'm looking for.

The key feature I want from such system is full integration with git. This means that whatever is changed should be committed to local git branch and merging translations back should be as easy as merging remote branch. I've hacked such thing into Pootle (in quite dirty way), so this is basically workflow we have right now and I'm pretty much happy with that.

Another thing (which seems to be existing in some tools) is support for simultaneous translation of more branches - if same string exists in more branches, it should be translated in all of them. And last but not least, it should support import of po files allowing users offline translation.

Thinking about this I'm starting to thing that it should be pretty easy to implement something what I want using existing pieces of software without major effort. I'll probably start to play with Django, translate-tookit and GitPython to see if I can come up with something working reasonably well in few days...

PS: Anybody working on updated GitPython packages for Debian, looks like I will need them soon :-).

PS 2: The solution for me is Weblate.

phpMyAdmin translations status

With first RC for phpMyAdmin 3.5, we're really close to final release, so let's again look at translations status. Here comes fourth round of translation status update.

Since last update we have three new translations at 100%:

  • Czech
  • English (Great Britain)
  • Estonian
  • French
  • Japanese
  • Russian
  • Slovenian
  • Spanish
  • Swedish
  • Turkish

There are few which are really close to 100% and I hope they will get there soon:

  • Danish
  • Dutch
  • Italian
  • Polish

As you can see, there is still lot of languages missing, this might be your opportunity to contribute to phpMyAdmin.

Secure your phpMyAdmin

phpMyAdmin is quite popular software (to give some numbers let's mention 10000 downloads daily on SourceForge.net or 122685 reports in Debian's popcon) and as such is quite attractive target for various scripted attacks. If you run phpMyAdmin installation somewhere you should really make sure it is enough secured, so that these script kiddies don't get through.

In past month I've looked at what kind of attacks are these guys trying and in all cases these are pretty old vulnerabilities, some of them fixed years ago. So the first thing you should do is to update. It is always good to run latest stable version, but in case you can not for whatever reason, try at least taking the most important fixes and using them.

In ideal world your distribution would do this job for you, but in case it did not, you can for example take patches from Debian, which is pretty good at taking our patches (surprisingly it is not much related to my involvement there). To check which patches they have applied you can use excellent patch-tracker tool, which exposes patches from all released packages.

To give you overview of which issues are mostly being attempted to exploit by script kiddies right now, here is the list:

  • PMASA-2010-3 - yes, more than two years old, but still unpatched in some places
  • PMASA-2011-5 - "only" half year old
  • PMASA-2011-6 - only useful together with wrongly configured PHP

If you have fixed these, you should be pretty safe for now, but follow our security announcements for possible future issues (you can use RSS feed or subscribe to news mailing list, where all security issues are announced as well).

However there are more things you can do to keep you safer:

  • remove setup directory from phpMyAdmin, you will probably not use it after initial setup
  • prevent access to libraries directory from browser, as it is not needed, supplied .htaccess file does this
  • properly choose authentication method - cookie is probably the best choice for shared hosting
  • in case you don't want all MySQL users to be able to access phpMyAdmin, you can use AllowDeny rules to limit them
  • consider hiding phpMyAdmin behind authentication proxy, so that MySQL credenticals are not all users need to login

So these are the basic steps which will help you against possible compromise, I might return to some of these in more details in future posts.

phpMyAdmin translations status

As phpMyAdmin is approaching to 3.5 release, it has come time to share about translations status. Here comes third round of translation status update.

Since last update we have one new translation at 100%, but one has dropped from the list:

  • Czech
  • English (Great Britain)
  • Russian
  • Slovenian
  • Spanish
  • Swedish
  • Turkish

There are few which are really close to 100% and I hope they will get there soon:

  • French
  • Danish
  • Japanese
  • Polish

As you can see, traveling around FOSDEM was really useful for Czech translation, which I've managed to complete during that weekend (+ Monday when I traveled to Nuremberg).

There was great amount of work done on Polish translation, so hopefully it will be on 100% in next report. Also Rouslan is progressing quite well on Italian, but there is still fair amount of work to be done.

Was your language not mentioned? It's now perfect time to contribute to it.

Book about phpMyAdmin 3.4

With quite usual delay after release, book Mastering phpMyAdmin 3.4 for Effective MySQL Management has been published.

Unlike the previous edition, I was not doing technical review here, but it is anyway special book for me - the cover photo is coming from me, what is actually for the very first time this has happened.

As usual with Packt opensource books, phpMyAdmin project receives some money for each sold copy of the book, so you're welcome to buy it :-).

Migrating code to github

As you might have noticed from my previous posts, we've moved phpMyAdmin code to github. Now I'm going to describe some things which might be useful for you if you are about do to similar switch.

While using git, moving to another hosting provider should be pretty straightforward. Just add another remote, push code there and it should be done. On the other side you probably have dozens of things in your infrastructure which you need to adjust. So the first thing to do is write down what all services are connected to your current git repositories. Let me name some which might be worth checking:

  • continuous integration server
  • snapshots generating
  • demo server (in case you're providing something like we do)
  • commit notifications
  • various statistics services such as cia.vc
  • website generating
  • references in wiki, website and documetation

Once you think you have remembered all important things (the less important will probably show up anyway, but majority of things should work), you're ready to make the move.

I've decided to make the move in few steps. First push all data to new location, what can take some time. I'll get in more details to that later. In the same time I asked all contributors to give me their login information, so that I can allow them access to new repositories. Once all recently active developers were migrated, it was time to push all remaining commits to new git repositories and make the switch for real.

Pushing git repo to another location, should be pretty easy. On the other side if you have many branches, it get's slightly more complex, I've ended up with following shell snippet (pushing all branches present in origin to github remote):

git branch -r | grep origin/ | grep -v HEAD | sed 's@.*/@@' | while read b ; do git checkout $b ; git push github $b:$b ; done

Please ensure that you check output of this, because you may hit network problems somewhere in the middle and you end up with few branches than you expect. As the code is pretty much idempotent, you can safely run it several times until there is nothing to push. You should also push all tags to new location:

git push --tags github

Okay, we've all data on right place, so let's switch all our users to new location:

git remote set-url origin git@github.com:phpmyadmin/phpmyadmin.git # read/write
git remote set-url origin git://github.com/phpmyadmin/phpmyadmin.git # read only

Of course everybody has to do this manually.

Next good thing is to let people know when they are using wrong repo (which will stay there for some time). Unfortunately there is AFAIK no way to warn them on pull, so let's warn at least on push:

$ cat > hooks/update
#!/bin/sh
echo "phpMyAdmin git repositories have moved to https://github.com/phpmyadmin"
exit 1

I think this is pretty much all. You can find some more bits in our Git migration wiki page.

PS: Thanks to github for offering us hosting and sorry for breaking their branch displaying page by too many divergent branches.