Michal Čihař - Archives

Heartbleed fun

You probably know about heartbleed bug in OpenSSL as it is so widespread that it got to mainstream medias as well. As I'm running Debian Wheezy on my servers, they were affected as well.

The updated OpenSSL library was installed immediately after it has been released, but there was still option that somebody got private data from the server before (especially as the vulnerability exists for quite some time). So I've revoked and reissued all SSL certificates while regenerating new private keys. This has nice benefit that they now use SHA 256 intermediate CA compared to SHA 1 which was used on some of them before.

Though there is no way to figure out whether there was some information leak or not, I have decided to reset all access tokens for OAuth (eg. GitHub), so if you have used GitHub login for Weblate, you will have to reauthenticate.

New SSL certificates

Today, I've replaced server SSL certificates with new ones issues by GlobalSign. These should not suffer of same trust problems as CACert one used so far (especially after CACert root certificate being removed from Debian).

While doing this, I had to use SNI on server to be able to decide which SSL certificate it should use. This should work for any decent browser, but I guess your scripts might have problems, but I hope this will be rare. Anyway if you will face some issues because of this, please let me know.

Other than that I've also tweaked SSL setup to follow current best practice, what could also cause troubles to some ancient clients, but I hope these are non existing in this case :-). See Qualys SSL report for more details.

Anyway thanks to GlobalSign free SSL certificates for open source projects you can use hosted Weblate without any SSL warnings.

PS: Similar change (just without SNI) has happened last week on phpMyAdmin web servers as well.

Going to FOSDEM

Same as in past year, I'm attending FOSDEM 2014. This is the best opportunity to meet with free software world in Europe and get in touch with people you know only from mailing lists.

If you want to meet me in person and discuss anything, just get in touch with me and we'll arrange it.

Weblate 1.8

Weblate 1.8 has been released today. It comes with lot of improvements, especially in registration process where you can now use many third party services.

Full list of changes for 1.8:

  • Please check manual for upgrade instructions.
  • Nicer listing of project summary.
  • Better visible options for sharing.
  • More control over anonymous users privileges.
  • Supports login using third party services, check manual for more details.
  • Users can login by email instead of username.
  • Documentation improvements.
  • Improved source strings review.
  • Searching across all units.
  • Better tracking of source strings.
  • Captcha protection for registration.

You can find more information about Weblate on it's website, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Ready to run appliances will be soon available in SUSE Studio Gallery.

Weblate is also being used https://l10n.cihar.com/ as official translating service for phpMyAdmin, Gammu, Weblate itself and others.

If you are free software project which would like to use Weblate, I'm happy to help you with set up or even host Weblate for you.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far!

Weblate 1.8 is close

Thanks to great amount of changes I've been able do in Weblate during Hackweek, the 1.8 release is quite close.

All features I wanted there are implemented and it is already running for some time on my production servers which look quite stable. The only thing which needs still some improvement are translations. So that's your chance to contribute.

Translation status

If there won't be any blocking issue, Weblate 1.8 will be released during next week.

Hackweek is over

10th hackweek is over and I think it has been again great chance to hack on something. This year we even had better food supplies so interruptions from hacking were even less frequent.

As you've might have already noticed, I was working on Weblate whole week and I think it worked pretty well and I've implemented all what I wanted.

First of all, Weblate now supports login using lot of third party services (like GitHub, Facebook, Google, ...). This was achieved by using python-social-auth for that. It is quite new module for this, so hopefully it's API will stay stable enough to be usable in the long term. It was surprisingly easy to implement, though I've spent quite a lot of tweaking of the login and registration process to make it work according to my expectations.

After doing this quite big change, I thought it's about time to restructure the documentation and document new features in it. I think it now covers all important things, but if you can't find something or some parts are hard to understand, just let me know, I'll fix it.

Another quite big feature (though it won't be much visible in upcoming 1.8 release) is source string tracking. This is prerequisite for many features people have requested in Weblate's issue tracker, but these will have to wait for next releases. If you want to see some feature earlier, you can support it by money on Bountysource :-).

Weblate can now also search in all strings, which might become handy if grepping over dozen of Git repositories is not your favorite game.

And last but not least, I've implemented simple Captcha protection for new registrations as the demo server is full of bots who register there and do nothing afterward.

Basically I think this makes Weblate 1.8 feature complete and I'd like to stabilize it in upcoming weeks to release. Right now it is deployed on the demo server, where you can play with it and discover bugs :-). Also it's now time to work on Weblate translations!

First day of Hackweek

First day of hackweek did not really go as planned. I had to spend too much time on tasks which I did not now I will have to do in advance.

I've started with releasing Weblate 1.7. As a part of that I update SUSE Studio images with Weblate. Unfortunately this turned out to be more challenging than usual as with new version the build script always failed but without any obvious error. After some time, I've realized that it just does not show whole output, so the last (and most important) lines are missing.

Then it was easy to spot that the problem is in Whoosh version and it's just matter of providing newer version.

After fixing the image, I could finally focus on Weblate's issue tracker and resolved few issues and questions. I've also improved some of the in application documentation and links to documentation or other resources.

Meanwhile I could also setup translation hosting for monkeysign, happy translating!

Weblate 1.7

Weblate 1.7 has been released today. It comes with lot of improvements, especially in translation speed and many new features.

Full list of changes for 1.7:

  • Please check manual for upgrade instructions.
  • Support for checking Python brace format string.
  • Per subproject customization of quality checks.
  • Detailed per translation stats.
  • Changed way of linking suggestions, checks and comments to units.
  • Users can now add text to commit message.
  • Support for subscribing on new language requests.
  • Support for adding new translations.
  • Widgets and charts are now rendered using Pillow instead of Pango + Cairo.
  • Add status badge widget.
  • Dropped invalid text direction check.
  • Changes in dictionary are now logged in history.
  • Performance improvements for translating view.

You can find more information about Weblate on it's website, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Ready to run appliances will be soon available in SUSE Studio Gallery.

Weblate is also being used https://l10n.cihar.com/ as official translating service for phpMyAdmin, Gammu, Weblate itself and others.

If you are free software project which would like to use Weblate, I'm happy to help you with set up or even host Weblate for you.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far!

Call for Weblate translations

Weblate, a free web-based translation management system, of course also needs to be translated. Now it's right time to complete translation into your language before Weblate 1.7 will be released.

The release is currently planned on Monday, to have clean table before hacking on Weblate during Hackweek. There is not much time left so jump in right now and start translating :-).

Translation status

Weblate free hosting

The amount of projects using Hosted Weblate grows every month so it seems like there is quite interest in that. This growth will however bring some challenges in the future.

Currently everything is managed by myself and that really does not scale well. There should be some automation in the process of adding new projects and there should be more control given to project admins, so that they can change some things on them own. This is quite some coding, but there is another Hackweek on the way, so my plan is to implement at least something in this area as well.

Other side is unsurprisingly money - even though I just got new hardware to run this service (which will be hopefully deployed in a month or so), in the long term it might need other investments as well. That's why I've rewritten the donation page for Weblate and added some more options.

Most importantly the goal is now to get some regular income which would allow sustainable development of both Weblate and free hosting service. I think Gittip is great service for such goal, so let's see how it works.