Michal Čihař - Archive for Jan. 1, 2014

For quite some time, I'm working on new UI for Weblate. As the time is always limited, the progress is not that fast as I would like to see, but I think it's time to show the current status to wider audience.

Almost all pages have been rewritten, the major missing parts are zen mode and source strings review. So it's time to play with it on our demo server. The UI is responsive, so it works more or less on different screen sizes, though I really don't expect people to translate on mobile phone, so not much tweaking was done for small resolutions.

Anyway I'd like to hear as much feedback as possible :-).

For quite some time I was pretty confident that Weblate will need some UI rewrite at some point. This is always problematic thing for me as I'm no way an UI designer and thus I always hope that somebody else will do that. I've anyway spent few hours on train home from LinuxTag to check what I could do with that.

The first choice for me was to try Twitter Bootstrap as I've quite good experience with using that for UI at work, so I hoped it will work quite well for Weblate as well. The first steps went quite nicely, so I could share first screenshots on Twitter and continue to work on that.

After few days, I'm quite happy with basic parts of the interface, though the most important things (eg. the page for translating) are still missing. But I think it's good time to ask for initial feedback on that.

Main motivation was to unite two tab layout used on main pages, which turned out to be quite confusing as most users did not really get into bottom page of the page and thus did not find important functions available there. So all functions are accessible from top page navigation, either directly or being in menu.

I've also decide to use colors a bit more to indicate the important things. So the progress bars are more visible now (and the same progress bar now indicates status of translation per words). The quality checks also got their severity, which in turn is used to highlight the most critical ones. The theme will probably change a bit (so far it's using default theme as I did not care much to change that).

So let's take a look at following screenshot and let me know your thoughts:

You can also try that yourself, everything is developed in the bootstrap branch in our Git repository.

Weblate 1.9 has been released today. It comes with lot of improvements and bug fixes and with experimental Zen mode for editing translations.

Full list of changes for 1.9:

• Django 1.6 compatibility.
• No longer maintained compatibility with Django 1.4.
• Management commands for locking/unlocking translations.
• Improved support for Qt TS files.
• Users can now delete their account.
• Avatars can be disabled.
• Merged first and last name attributes.
• Avatars are now fetched and cached server side.
• Added support for shields.io badge.

You can find more information about Weblate on http://weblate.org, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Ready to run appliances will be soon available in SUSE Studio Gallery.

Weblate is also being used https://l10n.cihar.com/ as official translating service for phpMyAdmin, Gammu, Weblate itself and others.

If you are free software project which would like to use Weblate, I'm happy to help you with set up or even host Weblate for you.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far!

Together with many phpMyAdmin guys, I'm traveling to LinuxTag 2014 in few days. We'll have a booth there (hall 6, booth A13), where we will show some demos and you can stop by and chat with us.

Of course my presence there will not be just about phpMyAdmin, I'll meet there few Weblate users and developers, but if you have anything else to discuss, just stop by, I'll be usually around the booth.

You probably know about heartbleed bug in OpenSSL as it is so widespread that it got to mainstream medias as well. As I'm running Debian Wheezy on my servers, they were affected as well.

The updated OpenSSL library was installed immediately after it has been released, but there was still option that somebody got private data from the server before (especially as the vulnerability exists for quite some time). So I've revoked and reissued all SSL certificates while regenerating new private keys. This has nice benefit that they now use SHA 256 intermediate CA compared to SHA 1 which was used on some of them before.

Though there is no way to figure out whether there was some information leak or not, I have decided to reset all access tokens for OAuth (eg. GitHub), so if you have used GitHub login for Weblate, you will have to reauthenticate.

Today, I've replaced server SSL certificates with new ones issues by GlobalSign. These should not suffer of same trust problems as CACert one used so far (especially after CACert root certificate being removed from Debian).

While doing this, I had to use SNI on server to be able to decide which SSL certificate it should use. This should work for any decent browser, but I guess your scripts might have problems, but I hope this will be rare. Anyway if you will face some issues because of this, please let me know.

Other than that I've also tweaked SSL setup to follow current best practice, what could also cause troubles to some ancient clients, but I hope these are non existing in this case :-). See Qualys SSL report for more details.

Anyway thanks to GlobalSign free SSL certificates for open source projects you can use hosted Weblate without any SSL warnings.

PS: Similar change (just without SNI) has happened last week on phpMyAdmin web servers as well.

As usual, I look at the application stats for phpMyAdmin just after student application period of Google Summer of Code is over.

First of all we got more proposals than in last years, this time there is way more students from India and discussions on mentors lists shows this is quite similar for other projects. Maybe it's just different timing which works better for students there, but there might be different reasons as well. There is also quite low number of spam or bogus proposals.

Same as in past years, people leave the submission to the last moment, even though we encourage them to submit early so that they can adjust the application based on our feedback.

Anyway we're just working on evaluation and will finalize it in upcoming days. Of course you will know the results from Google on April 21st.

Since introduction of Developer's Certificate of Origin in phpMyAdmin, we've struggled with automatically checking pull requests on GitHub that they match this.

First attempt was to integrate this check into Travis environment, but that proven to be hard to understand by potential contributors as it did not give direct feedback what went wrong. So it was still useful for us, but still we had to explain the situation. With recent flood of contributions from potential GSoC students, it became quite tedious task.

So let's automate that. GitHub has quite powerful API, so it should not be that hard. Looking at Webhooks documentation, it is quite easy to get hooked on pull request creation and updates and checking commits and adding comments is just a piece of cake. The hardest choice was choosing language in which to implement it :-). While not finding binding for GitHub in any of my favorite language packaged in Debian. I've decided to hack this quickly in PHP without using any library and if this turns out to be limitation in future, it can be easily rewritten.

First incarnation of our commit checker did check just Signed-Off-By lines in commit messages, but I've found that there might be some other useful checks. So the script got extended for various simple coding style violations, which we see quite often like wrong indentation or using DOS end of lines (the example of all fired checks can be found in pull request 1081). You can find the code for it in our scripts repository.

phpMyAdmin has been accepted for Google Summer of Code 2014. So if you are a student and thinking about how to spend this summer, you might want to join us.

As usual, we have prepared dozen of ideas, so in case you are interested, it's really the time to start to work on your application. We require you to contribute before GSoC, so that we can see you can handle the code and our tools. All details you might need are available in our applicant guide.

Our requirements might sound strict, but without them, we would drown in hundredths of applications with no clue how to decide, so do your homework and prepare perfect application. If you have any questions, get in touch with us on mailing list and submit the application to to GSoC website.

Same as in past year, I'm attending FOSDEM 2014. This is the best opportunity to meet with free software world in Europe and get in touch with people you know only from mailing lists.

If you want to meet me in person and discuss anything, just get in touch with me and we'll arrange it.