Of course my presence there will not be just about phpMyAdmin, I'll meet there few Weblate users and developers, but if you have anything else to discuss, just stop by, I'll be usually around the booth.
You probably know about heartbleed bug in OpenSSL as it is so widespread that it got to mainstream medias as well. As I'm running Debian Wheezy on my servers, they were affected as well.
The updated OpenSSL library was installed immediately after it has been released, but there was still option that somebody got private data from the server before (especially as the vulnerability exists for quite some time). So I've revoked and reissued all SSL certificates while regenerating new private keys. This has nice benefit that they now use SHA 256 intermediate CA compared to SHA 1 which was used on some of them before.
Though there is no way to figure out whether there was some information leak or not, I have decided to reset all access tokens for OAuth (eg. GitHub), so if you have used GitHub login for Weblate, you will have to reauthenticate.
Today, I've replaced server SSL certificates with new ones issues by GlobalSign. These should not suffer of same trust problems as CACert one used so far (especially after CACert root certificate being removed from Debian).
While doing this, I had to use SNI on server to be able to decide which SSL certificate it should use. This should work for any decent browser, but I guess your scripts might have problems, but I hope this will be rare. Anyway if you will face some issues because of this, please let me know.
Other than that I've also tweaked SSL setup to follow current best practice, what could also cause troubles to some ancient clients, but I hope these are non existing in this case :-). See Qualys SSL report for more details.
Anyway thanks to GlobalSign free SSL certificates for open source projects you can use hosted Weblate without any SSL warnings.
PS: Similar change (just without SNI) has happened last week on phpMyAdmin web servers as well.
As usual, I look at the application stats for phpMyAdmin just after student application period of Google Summer of Code is over.
First of all we got more proposals than in last years, this time there is way more students from India and discussions on mentors lists shows this is quite similar for other projects. Maybe it's just different timing which works better for students there, but there might be different reasons as well. There is also quite low number of spam or bogus proposals.
Same as in past years, people leave the submission to the last moment, even though we encourage them to submit early so that they can adjust the application based on our feedback.
Anyway we're just working on evaluation and will finalize it in upcoming days. Of course you will know the results from Google on April 21st.
Since introduction of Developer's Certificate of Origin in phpMyAdmin, we've struggled with automatically checking pull requests on GitHub that they match this.
First attempt was to integrate this check into Travis environment, but that proven to be hard to understand by potential contributors as it did not give direct feedback what went wrong. So it was still useful for us, but still we had to explain the situation. With recent flood of contributions from potential GSoC students, it became quite tedious task.
So let's automate that. GitHub has quite powerful API, so it should not be that hard. Looking at Webhooks documentation, it is quite easy to get hooked on pull request creation and updates and checking commits and adding comments is just a piece of cake. The hardest choice was choosing language in which to implement it :-). While not finding binding for GitHub in any of my favorite language packaged in Debian. I've decided to hack this quickly in PHP without using any library and if this turns out to be limitation in future, it can be easily rewritten.
First incarnation of our commit checker did check just Signed-Off-By lines in commit messages, but I've found that there might be some other useful checks. So the script got extended for various simple coding style violations, which we see quite often like wrong indentation or using DOS end of lines (the example of all fired checks can be found in pull request 1081). You can find the code for it in our scripts repository.
As usual, we have prepared dozen of ideas, so in case you are interested, it's really the time to start to work on your application. We require you to contribute before GSoC, so that we can see you can handle the code and our tools. All details you might need are available in our applicant guide.
Our requirements might sound strict, but without them, we would drown in hundredths of applications with no clue how to decide, so do your homework and prepare perfect application. If you have any questions, get in touch with us on mailing list and submit the application to to GSoC website.
Same as in past year, I'm attending FOSDEM 2014. This is the best opportunity to meet with free software world in Europe and get in touch with people you know only from mailing lists.
If you want to meet me in person and discuss anything, just get in touch with me and we'll arrange it.
We've discussed quite a lot of topics and some had quite interesting outcome.
One of already changes is that we're going to consolidate our support efforts on Stack Overflow. We've provided various support channels so far (IRC, mailing list, web forums and support tracker), which have overlapped quite a lot and we simply lack manpower to do all of that properly.
So users on IRC mostly get bored and left before somebody got to them. The mailing list received just few mails in a month, so they were almost not used. The web forums worked quite well for answering questions, but nobody was able to find answers there (the forums on SourceForge are quite hard to get properly indexed by Google), so the questions got repeated quite a lot. In the end we've decide to use Stack Overflow as it was anyway already used by lot of our users and concentrating our effort on single channel will even improve this.
The way up was through nice nature and we've met quite a lot of cows on the way:
They we've finally arrived to Creux du Van:
Of course we could not miss an opportunity to take a group photo:
After wandering around the rocks, we took a lunch and headed to Neuchâtel, where some music festival was going on:
The whole day was nicely finished on a boat with a dinner.
PS: More DebConf photos are available in my gallery.
Weblate 1.6 has been released today. It comes with lot of improvements, especially adds voting for suggestions, improves import performance and brings more helpful admin interface. This is also first release with crowdfunded feature, but there are still some features to fund!
Full list of changes for 1.6:
- Nicer error handling on registration.
- Browsing of changes.
- Fixed sorting of machine translation suggestions.
- Improved support for MyMemory machine translation.
- Added support for Amagama machine translation.
- Various optimizations on frequently used pages.
- Highlights searched phrase in search results.
- Support for automatic fixups while saving the message.
- Tracking of translation history and option to revert it.
- Added support for Google Translate API.
- Added support for managing SSH host keys.
- Various form validation improvements.
- Various quality checks improvements.
- Performance improvements for import.
- Added support for voting on suggestions.
- Cleanup of admin interface.
You can find more information about Weblate on it's website, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with
demo account using
demo password or register your own user. Ready to run appliances will be soon available in SUSE Studio Gallery.
If you are free software project which would like to use Weblate, I'm happy to help you with set up or even host Weblate for you.