Michal Čihař - Archive for Jan. 1, 2017

Most of last week was spent on bringing U2F and 2FA to phpMyAdmin. Besides that it was really just minor bug fixing.

We've had one pull request for the 2FA already open, however it was not really in quality to be merged and the original author really didn't come back to address our concerns. I was thinking to start over from his work, but in the end I've decided to start from scratch and come with code which will make easier to implement additional second authentication factors in the future.

Anyway what is now there is support for HOTP/TOTP authentication (Google Authenticator and similar) and FIDO U2F hardware tokens. The latter has been tested with TREZOR, but should work with any compliant device.

Handled issues:

• #13344 Correct location information for locales from Twig templates
• #13787 Second authentication factor
• #6197 Enhance security by adding support for 2-factor-authentication via Google Authenticator
• #13517 Select only visible / filtered results
• #13781 Delete filtered databases deletes ALL databses !
• #13783 Error message on the User accounts page
• #13784 Many messages shown on database privilege page.
• #13777 Removing inline CSS

Last week was mostly focused on code cleanup. I've done quite some fixups in the database interface layer, which now has easier to use API and no more relies on global variables to store database links. Pretty much similar was done in the authentication layer, where many of the methods had names coming from historical reasons rather than their current functionality.

Handled issues:

• #13776 Cannot add decimal
• #13774 Symbol "\" lost in the code editor.
• #13770 Database interface cleanups
• #13771 Scrutinizer Auto-Fixes
• #13764 Authentication API cleanup

Last week was mostly focused on refactoring and code cleanup. This time I've worked on authentication plugins, which now fully handle authentication (previously it was partly done in the mighty common.inc.php).

Handled issues:

• #13762 Redirecting issue on changelog.php
• #13758 single-sign-on: mysqli_real_escape_string() expects parameter 1 to be mysqli, boolean given
• #12965 Fatal error when working with bookmarked queries in a different database
• #13761 Bookmark::getList function has a logical bug in the query conditions
• #13746 Add word wrap in export option heading-2 (H2)
• #13760 config.inc.php add more server,host not current
• #13755 RFC: Create CODE_OF_CONDUCT.md
• #13748 Table name hides column descriptions when creating table
• #13749 Fix for table names being obscured when changing table structure
• #13745 In mobile Export page is not responsive
• #13729 Differentiate between no default and empty string default.
• #137 Add app.json
• #177 wrong error row number

Today, Gammu 1.38.5 has been released. After long period of bugfix only releases, this comes with several new noteworthy features.

The biggest feature probably is that SMSD can now handle USSD messages as well. Those are usually used for things like checking remaining credit, but it's certainly not limited to this. This feature has been contributed thanks to funding on BountySource.

You can read more information in the release announcement.

Last week I've continued on cleaning up common.inc.php, but there were other bug fixes as well. Most notable probably being fixing SQL parser to better handle CREATE TABLE queries defining partitions.

Handled issues:

• #13731 Export as CSV returns HTML
• #13514 Index - Options issue
• #13170 Collecting usage statistics.
• #13127 Dashboard page UI : Settings/Information panels can be customizable
• #13725 Copy partitioned table
• #176 Update CreateStatement.php
• #174 Partition by tables

Weblate 2.17 has been released today. There are quite some performance improvements, improved search, improved access control settings and various other improvements.

Full list of changes:

• Weblate by default does shallow Git clones now.
• Improved performance when updating large translation files.
• Added support for blocking certain emails from registration.
• Users can now delete their own comments.
• Added preview step to search and replace feature.
• Client side persistence of settings in search and upload forms.
• Extended search capabilities.
• More fine grained per project ACL configuration.
• Default value of BASE_DIR has been changed.
• Added two step account removal to prevent accidental removal.
• Project access control settings is now editable.
• Added optional spam protection for suggestions using Akismet.

Update: The bugfix 2.17.1 is out as well, fixing testsuite errors in some setups:

• Fixed running testsuite in some specific situations.
• Locales updates.

If you are upgrading from older version, please follow our upgrading instructions.

You can find more information about Weblate on https://weblate.org, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on https://hosted.weblate.org/ as official translating service for phpMyAdmin, OsmAnd, Turris, FreedomBox, Weblate itself and many other projects.

Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.

For quite some time I have some cryptocurrencies on hold. These mostly come from times it was possible to mine Bitcoin on the CPU, but I've got some small payments recently as well.

I've been using Electrum wallet so far. It worked quite well, but with increasing Bitcoin value, I was considering having some hardware wallet for that. There are few options which you can use, but I've always preferred Trezor as that device is made by guys I know. Also it's probably device with best support out of these (at least I've heard really bad stories about Ledger support).

In the end what decided is that they are also using Weblate to translate their user interface and offered me the wallet for free in exchange. This is price you can not beat :-). Anyway the setup was really smooth and I'm now fully set up. This also made me more open to accept other cryptocurrencies which are supported by Trezor, so you can now see more options on the Weblate donations page.

Hosted Weblate provides also free hosting for free software projects. The hosting requests queue has grown too long, so it's time to process it and include new project.

This time, the newly hosted projects include:

• Hunspell - famous spell checker
• Eolie - a web browser for GNOME
• SkyTube - an open-source YouTube app for Android
• Eventum - issue tracking system

Additionally there were some notable additions to existing projects:

• Password management module for Pext
• Minetest Mod Hopper
• Ayatana Indicators now include several new applets

If you want to support this effort, please donate to Weblate, especially recurring donations are welcome to make this service alive. You can do that easily on Liberapay or Bountysource.

Last week I've finally got to common.inc.php cleanup which is assigned to me for more than year. I've again managed to cleanup some parts of it, but it's quite challenging task as whenever I touch this (mostly ancient) code, I found some issues with it and have to fix other things as well.

Another interesting topic was fixing operation with database or table called 0. This is well known PHP issue that empty function in string containing just 0 will return true, however some of our code was using that to test whether database or table are set. This should be now fixed in master branch.

Handled issues:

• #13718 Move server selection to Config class
• #13699 Using empty() to check for a set db
• #13403 on 4.7.1, exporting of a whole database to SQL doesn't output the sql, outputs the html.
• #13543 Cannot log in to the MySQL server
• #13552 Not working transformation Ip To Binary
• #13477 Input transformations can't be set
• #13688 http login blank page
• #13709 PMA does not detect real server character set
• #13710 Internal Server Error with Advisor
• #13711 Database Structure view is very slow as of version 4
• #13717 Simplify Template API
• #13715 Creating an easy option for accesing past queries/ History
• #13716 Added FullText #13303
• #13303 Can't create fulltext index on multiple columns

Upcoming Weblate 2.17 will bring improved access control settings. Previously this could be controlled only by server admins, but now the project visibility and access presets can be configured.

This allows you to better tweak access control for your needs. There is additional choice of making the project public, but restricting translations, what has been requested by several projects.

You can see the possible choices on the UI screenshot:

On Hosted Weblate this feature is currently available only to commercial hosting customers. Projects hosted for free are limited to public visibility only.