Michal Čihař - Blog Archives for English

Weblate 2.10

Quite on the schedule, Weblate 2.10 is out today. This release brings Git exporter module, improves support for machine translation services and adds various CSV exports and API interfaces.

Full list of changes:

  • Added quality check to check whether plurals are translated differently.
  • Fixed GitHub hooks for repositories with authentication.
  • Added optional Git exporter module.
  • Support for Microsoft Cognitive Services Translator API.
  • Simplified project and component user interface.
  • Added automatic fix to remove control chars.
  • Added per language overview to project.
  • Added support for CSV export.
  • Added CSV download for stats.
  • Added matrix view for quick overview of all translations
  • Added basic API for changes and units.
  • Added support for Apertium APy server for machine translations.

If you are upgrading from older version, please follow our upgrading instructions.

You can find more information about Weblate on https://weblate.org, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on https://hosted.weblate.org/ as official translating service for phpMyAdmin, OsmAnd, Aptoide, FreedomBox, Weblate itself and many other projects.

Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.

Weekly phpMyAdmin contributions 2016-W49

My last week was about usual amount of bug screening and fixing. Overall it was quite calm bringing small progress in many areas and hard to highlight something.

There were also dozen of improvements to our Docker image, the most important being change to tags we provide - latest is now latest released version, while edge is getting changes from master branch (of docker repository, it still contains released phpMyAdmin).

Handled issues:

Gammu 1.38.0

Today Gammu 1.38.0 has been released. Changes in last two testing releases have been stabilized and this is the outcome. You can expect changes in API or SMSD tables as well as some additional features.

Also this is first stable release after several years which comes with Windows binaries. These are built using AppVeyor and will help bring Windows users back to latest versions.

Full list of changes and new features can be found on Gammu 1.38.0 release page.

Would you like to see more features in Gammu? You an support further Gammu development at Bountysource salt or by direct donation.

New location for Weblate

Today, Weblate got new home. The difference is not that big - it has been moved from my personal GitHub account to WeblateOrg organization.

The main motivation is to have all Weblate related repositories in one location (all others including wlc, Docker or website are already there). The move will also allow to better manage the project in future as having it in separate repositories provides less management options on GitHub than using organization.

In case you have cloned the git repository, please update

git remote set-url origin https://github.com/WeblateOrg/weblate.git

Of course all issue tracker locations have changed as well (I believe the redirect on GitHub will stay as long as I won't fork the repository, so expect it to work at least month). See GitHub documentation on repository moving.

I'm sorry for all the troubles, but I think this is really necessary move.

Weekly phpMyAdmin contributions 2016-W48

Last week was heavily focused on cleaning up our issue trackers. As you can see from huge list of issues I've closed there is always lot of things to handle. Many of those were not fixed though, it was just housekeeping of old questions where the submitter didn't come back after we've asked for clarification. On the code side there were some pull requests merges including those who needed non trivial fixes and authors didn't found time to implement them.

Another improvements were done on the Docker image, where several cleanups were done (more to follow this week).

Handled issues:

Weekly phpMyAdmin contributions 2016-W47

Last week we've finally managed to release phpMyAdmin 4.6.5 (and quickly followed by hotfix 4.6.5.1). This included several security fixes (see my comment on our security status yesterday and lot of bugfixes as we've really failed to release quickly this time. Next release should follow two month release schedule, so let's see how we will manage that.

There was some work on the code and libraries as well. The ShapeFile library has reached 1.0 milestone after several fixes and testsuite improvements, so if you are looking for PHP library to handle ESRI Shape Files, this is the best choice right now.

Handled issues:

phpMyAdmin security issues

You might wonder why there is so high number of phpMyAdmin security announcements this year. This situations has two main reasons and I will comment a bit on those.

First of all we've got quite a lot of attention of people doing security reviews this year. It has all started with Mozilla SOS Fund funded audit. It has discovered few minor issues which were fixed in the 4.6.2 release. However this was really just the beginning of the story and the announcement has attracted quite some attention to us. In upcoming weeks the security@phpmyadmin.net mailbox was full of reports and we really struggled to handle such amount. Handling that amount actually lead to creating more formalized approach to handling them as we clearly were no longer able to deal with them based on email only. Anyway most work here was done by Emanuel Bronshtein, who is really looking at every piece of our code and giving useful tips to harden our code base and infrastructure.

Second thing which got changed is that we release security announcements for security hardening even when there might not be any practical attack possible. Typical example here might be PMASA-2016-61, where using hash_equals is definitely safer, but even if the timing attack would be doable here, the practical result of figuring out admin configured allow/deny rules is usually not critical. Many of the issues also cover quite rare setups (or server misconfigurations, which we've silently fixed in past) like PMASA-2016-54 being possibly caused by server executing shell scripts shipped together with phpMyAdmin.

Overall phpMyAdmin indeed got safer this year. I don't think that there was any bug that would be really critical, on the other side we've made quite a lot of hardenings and we use current best practices when dealing with sensitive data. On the other side, I'm pretty sure our code was not in worse shape than any similarly sized projects with 18 years of history, we just become more visible thanks to security audit and people looked deeper into our code base.

Besides security announcements this all lead to generic hardening of our code and infrastructure, what might be not that visible, but are important as well:

  • All our websites are server by https only
  • All our releases are PGP signed
  • We actively encourage users to verify the downloaded files
  • All new Git tags are PGP signed as well

Weekly phpMyAdmin contributions 2016-W46

Last week was mostly focused on our libraries. I got merged several patches to our SQL parser from Deven and I've spent quite some time on ShapeFile library, which got several improvements.

It all started with one issue being reported and it actually pushed me to fix older issue - lack of tests. Few commits later the coverage went up to 92% and several bugs were fixed on the way, as some parts of the code were simply broken and nobody has used them so far.

Handled issues:

New free software projects on Hosted Weblate

Hosted Weblate provides also free hosting for free software projects. I'm quite slow in processing the hosting requests, but when I do that, I process them in a batch and add several projects at once.

This time, the newly hosted projects include:

  • Harbour AllRadio - a radio player for online streaming radio (on Sailfishos/jolla mobile)
  • Simpletask - a GTD tool for Android
  • FSearch - a fast file search utility for GNU/Linux based on GTK+3
  • Peek - a simple animated Gif screen recorder for Linux
  • QTodoTxt - a cross platform todo.txt GUI
  • Stykur - fitness journal for Android and iOS
  • walabag - a self hostable application for saving web pages

If you want to support this effort, please donate to Weblate, especially recurring donations are welcome to make this service alive. You can do them on Liberapay or Bountysource.

Hosted Weblate changes Git repositories URLs

Since today all Git repositories from Hosted Weblate are exported over https. The previous git URLs will continue to work for some time. The exact depreciation schedule is not yet decided as this URL might be included in various scripts and there is nothing pushing us to disable the service.

The new Git URLs are consistent with Weblate URLs, just with /git/ in the path, so for example when your project is https://hosted.weblate.org/projects/weblate/website/, you can clone it using git clone https://hosted.weblate.org/git/weblate/website/.

Another important change is for private repositories, this now requires authentication using API key. You can specify it on the clone URL (git clone https://user:key@hosted.weblate.org/git/weblate/website/) or use gitcredentials to store it separately. The API key can be obtained from your user profile API page (once you're authenticated to Weblate).