Michal Čihař - Blog Archives for phpMyAdmin

Looking for Pootle alternative

For some time, we use Pootle as online translation tool for phpMyAdmin. It is indeed great tool, but somehow we seem to be hitting more and more issues with it and I feel it really won't fit nicely once we will want to support translations on two divergent branches. Also it's code base is not something easy to understand so that I would be able to fix bugs myself without major effort.

So this is when I started to look for alternatives. Unfortunately there is nothing I could find what would work in way I want. I've looked at Transifex, Translatewiki, Crowdin and others whose names I've forgotten and I still haven't found what I'm looking for.

The key feature I want from such system is full integration with git. This means that whatever is changed should be committed to local git branch and merging translations back should be as easy as merging remote branch. I've hacked such thing into Pootle (in quite dirty way), so this is basically workflow we have right now and I'm pretty much happy with that.

Another thing (which seems to be existing in some tools) is support for simultaneous translation of more branches - if same string exists in more branches, it should be translated in all of them. And last but not least, it should support import of po files allowing users offline translation.

Thinking about this I'm starting to thing that it should be pretty easy to implement something what I want using existing pieces of software without major effort. I'll probably start to play with Django, translate-tookit and GitPython to see if I can come up with something working reasonably well in few days...

PS: Anybody working on updated GitPython packages for Debian, looks like I will need them soon :-).

PS 2: The solution for me is Weblate.

phpMyAdmin translations status

With first RC for phpMyAdmin 3.5, we're really close to final release, so let's again look at translations status. Here comes fourth round of translation status update.

Since last update we have three new translations at 100%:

  • Czech
  • English (Great Britain)
  • Estonian
  • French
  • Japanese
  • Russian
  • Slovenian
  • Spanish
  • Swedish
  • Turkish

There are few which are really close to 100% and I hope they will get there soon:

  • Danish
  • Dutch
  • Italian
  • Polish

As you can see, there is still lot of languages missing, this might be your opportunity to contribute to phpMyAdmin.

Secure your phpMyAdmin

phpMyAdmin is quite popular software (to give some numbers let's mention 10000 downloads daily on SourceForge.net or 122685 reports in Debian's popcon) and as such is quite attractive target for various scripted attacks. If you run phpMyAdmin installation somewhere you should really make sure it is enough secured, so that these script kiddies don't get through.

In past month I've looked at what kind of attacks are these guys trying and in all cases these are pretty old vulnerabilities, some of them fixed years ago. So the first thing you should do is to update. It is always good to run latest stable version, but in case you can not for whatever reason, try at least taking the most important fixes and using them.

In ideal world your distribution would do this job for you, but in case it did not, you can for example take patches from Debian, which is pretty good at taking our patches (surprisingly it is not much related to my involvement there). To check which patches they have applied you can use excellent patch-tracker tool, which exposes patches from all released packages.

To give you overview of which issues are mostly being attempted to exploit by script kiddies right now, here is the list:

  • PMASA-2010-3 - yes, more than two years old, but still unpatched in some places
  • PMASA-2011-5 - "only" half year old
  • PMASA-2011-6 - only useful together with wrongly configured PHP

If you have fixed these, you should be pretty safe for now, but follow our security announcements for possible future issues (you can use RSS feed or subscribe to news mailing list, where all security issues are announced as well).

However there are more things you can do to keep you safer:

  • remove setup directory from phpMyAdmin, you will probably not use it after initial setup
  • prevent access to libraries directory from browser, as it is not needed, supplied .htaccess file does this
  • properly choose authentication method - cookie is probably the best choice for shared hosting
  • in case you don't want all MySQL users to be able to access phpMyAdmin, you can use AllowDeny rules to limit them
  • consider hiding phpMyAdmin behind authentication proxy, so that MySQL credenticals are not all users need to login

So these are the basic steps which will help you against possible compromise, I might return to some of these in more details in future posts.

phpMyAdmin translations status

As phpMyAdmin is approaching to 3.5 release, it has come time to share about translations status. Here comes third round of translation status update.

Since last update we have one new translation at 100%, but one has dropped from the list:

  • Czech
  • English (Great Britain)
  • Russian
  • Slovenian
  • Spanish
  • Swedish
  • Turkish

There are few which are really close to 100% and I hope they will get there soon:

  • French
  • Danish
  • Japanese
  • Polish

As you can see, traveling around FOSDEM was really useful for Czech translation, which I've managed to complete during that weekend (+ Monday when I traveled to Nuremberg).

There was great amount of work done on Polish translation, so hopefully it will be on 100% in next report. Also Rouslan is progressing quite well on Italian, but there is still fair amount of work to be done.

Was your language not mentioned? It's now perfect time to contribute to it.

Book about phpMyAdmin 3.4

With quite usual delay after release, book Mastering phpMyAdmin 3.4 for Effective MySQL Management has been published.

Unlike the previous edition, I was not doing technical review here, but it is anyway special book for me - the cover photo is coming from me, what is actually for the very first time this has happened.

As usual with Packt opensource books, phpMyAdmin project receives some money for each sold copy of the book, so you're welcome to buy it :-).

Migrating code to github

As you might have noticed from my previous posts, we've moved phpMyAdmin code to github. Now I'm going to describe some things which might be useful for you if you are about do to similar switch.

While using git, moving to another hosting provider should be pretty straightforward. Just add another remote, push code there and it should be done. On the other side you probably have dozens of things in your infrastructure which you need to adjust. So the first thing to do is write down what all services are connected to your current git repositories. Let me name some which might be worth checking:

  • continuous integration server
  • snapshots generating
  • demo server (in case you're providing something like we do)
  • commit notifications
  • various statistics services such as cia.vc
  • website generating
  • references in wiki, website and documetation

Once you think you have remembered all important things (the less important will probably show up anyway, but majority of things should work), you're ready to make the move.

I've decided to make the move in few steps. First push all data to new location, what can take some time. I'll get in more details to that later. In the same time I asked all contributors to give me their login information, so that I can allow them access to new repositories. Once all recently active developers were migrated, it was time to push all remaining commits to new git repositories and make the switch for real.

Pushing git repo to another location, should be pretty easy. On the other side if you have many branches, it get's slightly more complex, I've ended up with following shell snippet (pushing all branches present in origin to github remote):

git branch -r | grep origin/ | grep -v HEAD | sed 's@.*/@@' | while read b ; do git checkout $b ; git push github $b:$b ; done

Please ensure that you check output of this, because you may hit network problems somewhere in the middle and you end up with few branches than you expect. As the code is pretty much idempotent, you can safely run it several times until there is nothing to push. You should also push all tags to new location:

git push --tags github

Okay, we've all data on right place, so let's switch all our users to new location:

git remote set-url origin git@github.com:phpmyadmin/phpmyadmin.git # read/write
git remote set-url origin git://github.com/phpmyadmin/phpmyadmin.git # read only

Of course everybody has to do this manually.

Next good thing is to let people know when they are using wrong repo (which will stay there for some time). Unfortunately there is AFAIK no way to warn them on pull, so let's warn at least on push:

$ cat > hooks/update
#!/bin/sh
echo "phpMyAdmin git repositories have moved to https://github.com/phpmyadmin"
exit 1

I think this is pretty much all. You can find some more bits in our Git migration wiki page.

PS: Thanks to github for offering us hosting and sorry for breaking their branch displaying page by too many divergent branches.

phpMyAdmin is now at github

I've just updated phpMyAdmin repos on github and enabled notifications hooks there, so the earlier announced switch to github is done.

All you need to do is point your repositories to pull/push to github, for main repository it can be done using:

git remote set-url origin git@github.com:phpmyadmin/phpmyadmin.git

If you are using just read only access then use following:

git remote set-url origin git://github.com/phpmyadmin/phpmyadmin.git

For other repositories just replace last part of the URL with repository name (they have not changed).

Everything should work as before, pushes should be now faster, because all notifications are done in background on github and they don't block pushing.

Back from FOSDEM

Yet another FOSDEM is behind us and I'd like to thank all people organizing it. It was a great event as usual.

This year there were some changes - the conference grew and there was an extra building. This is great, but on the other side, there were more tracks to follow and occasionally I wanted to be in four places at once, what is of course not manageable.

Combined with quite freezing weather (well it was still much warmer than it is now in Prague), moving from one side of campus to another was not that comfortable as in last years, but there is not much man can do with that.

And the biggest change for me - I did not manage beer event this year. We enjoyed great team dinner on Friday evening and while it ended, I was too lazy to move to crowded beer event and rather enjoyed bed in my hotel.

phpMyAdmin goes github

Yesterday we did held phpMyAdmin team meeting and we discussed several things for project future. One of discussed things was to move our repositories to github for easier collaboration and management of private repositories.

After some discussions we've decided to go for it. As I write this blog, all repositories are being pushed there and once all developers will get their access rights there, we will move completely.

But even right now, you can fork us on github, the code is already there and will be updated obsessionally until we fully move there.