I have started working on the phpmyadmin codebase from 22 May, 2017. I have spend 5 days in familiarize myself with the phpmyadmin core functionality and architecture. Below are the details of the issues that I have fixed in first week or in community bonding period.
This summer, I was selected for the prestigious Google Summer of Code ’17 program with the phpmyadmin organization. phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc) can be performed via the user interface, while you still have the ability to directly execute any SQL statement.
Introduction
phpmyadmin currently has a large number of open issues (~210 at time of writing this). To maintain and improve phpmyadmin core project the numbers of issues should be lower down. This project aims to resolving the major issues and improvements to be done in phpmyadmin. I have selected a list of issues on which I will be working this summer.
Community Bonding
Before the beginning of the official program period, Google allows students one month to get familiar with the organization they will contribute to, to get familiar with the programming practices, source code, get doubts cleared etc. phpMyAdmin is a PHP project that provides wide range of operations that can be performed via the user interface. The project code is available on GitHub at this link https://github.com/phpmyadmin/phpmyadmin
As the world is going more mobile everyday, so It would be a good idea to make phpMyAdmin responsive, so it works on smartphones and tablets too instead of desktop only.
Currently phpmyadmin have two javascript plugins for table sorting so it’s better to replace it with simply one. I will be replacing jquery.sortableTable.js with jquery.tablesorter.js
It will add the feature to have an easy view of the JSON data of a column of a table. Right now it shows in only one line, without any kind of format, so we can have an option to show when you are viewing a table with JSON data or when editing a nice JSON view.
Also, If the team decides they still don’t want to pursue the responsive interface enhancement, I’m prepared to replace that part of my summer with the solving these issues.
There are several places which uses inline javascript (onclick, onsubmit and onchange). These should be removed and placed into javascript files. After removal we can get rid of ‘unsafe-inline’ for scripting in CSP.
It would be really nice to have a progress bar showing import and export progress in real time in terms of percentage and having some more detailed information like which step/table it is processing.
When a user has access to a db (or table), but is not in the user table he’s shown as not having a password. Even after successfully running the query delete from mysql.user where user = ‘test’ I was still able to login with the test account.
The PMA should fallback to default table names if controluser + pmadb options are set while other like ‘relation’, ‘column_info’ are NOT in config.inc.php.
I will implement this feature by allowing user to drag and drop the existing column from the “structure page” as well as from the navigation tree table column entry, to the “New” column entry in the navigation tree columns section of the target table.
Update 1
I will work on the forked repository and submit the Pull Request as soon it is completed. I will also post the weekly update about the project on medium. This is my GSoC’17 proposal.
Mobile platforms are centered around speed and agility. And yet, building for mobile can sometimes feel clunky and slow. It doesn’t have to be that way.
Google Firebase Team came at New Delhi to show how you to build an app in a day. We can do this by having the application code talk directly to Firebase’s managed back-end services. This means we spend less time on infrastructure and more time on building the features that the users care about. And in the cases where we need server-side logic, use Cloud Functions — Firebase’s scaleable serverless solution.
Cloud storage — To Store and share images, audio, video, or other user-generated content easily with powerful, simple, and cost-effective object storage built for Google scale
Firebase now supports multiple bucket support plus region selection so you deploy your app where your customers are.
Firebase Test Lab — To run automatic and customized tests for your app on virtual and physical devices hosted by Google.
Crash Reporting — To diagnose problems in your mobile app with detailed reports of bugs and crashes.
Performance Monitoring — To diagnose app performance issues occurring on your users’ devices.
Google Analytics — Its free + unlimited and can be used to analyze user attributions and behavior in a single dashboard to make informed decisions on your product roadmap.
Cloud Messaging — To send messages and notifications to users across platforms like Android, iOS, and the web for free.
Remote Config — To customize how your app renders for each user.
Invites — To enable your users to share all aspects of your app, from referral codes to favorite content, via email or SMS.
App Indexing — To re-engage users with their installed apps with this Google Search integration.
Admob — To earn money by displaying engaging ads to a global audience.
This talk was given by Doug Stevenson (Developer Advocate, Google). He gives the information on What we can do with Cloud Functions in firebase.
Notify users when something interesting happens — To use cloud Functions to keep users engaged and up to date with relevant information about an app.
2. Resize image — To take advantage of Cloud Functions to offload to the Google cloud resource-intensive work (heavy CPU or networking) that wouldn’t be practical to run on a user’s device.
3. Perform Realtime Database sanitization and maintenance to block offensive language — With Cloud Functions database event handling, you can modify the Realtime Database in response to user behavior, keeping the system up to date and clean.
He showcased a small demo on how to replace text with emoji using cloud function.
After this talk the Hackathon was open for hacking using firebase.
Test your app using Firebase
This talk was again given by Doug Stevenson (Developer Advocate, Google). In this talk he has given the overview on some more fetaures.
Firebase Test Lab for Android — It provides cloud-based infrastructure for testing Android apps. With one operation, you can initiate testing of your app across a wide variety of devices and device configurations. Test results — including logs, videos, and screenshots — are made available in your project in the Firebase console. Even if you haven’t written any test code for your app, Test Lab can exercise your app automatically, looking for crashes.
Performance Monitoring — To diagnose app performance issues occurring on your users’ devices. Use traces to monitor the performance of specific parts of your app and see a summarized view in the Firebase console. Stay on top of your app’s startup time and monitor HTTP requests without writing any code.
Talk by Kushagra Gour
Kushagra Gour is currently working as a front-end developer at an awesome startup called Wingify building VWO.
Side Projects = More Self Improvement
He has developed a lot of side projects that are available on Github. He has given an overview on some of his side projects.
hint.css — A CSS only tooltip library for your lovely websites.
2. screenlog.js — Bring console.log on the screen.
5. Web Maker — Chrome extension for a fast & offline web playground.
Hackathon
After that 7 teams were shortlisted for presenting their idea on stage for 3 minutes.
After that the judges selected team Decoder as the Hackathon winner. They have made a smart travel application that helps to plan your travel and share it with your friends/family.
What Next
They are coming to Pune (24 June 2017 — Novotel Pune Nagar Road), Bangalore (28 June 2017 — Vivanta by Taj, MG Road) and Hyderabad (1 July 2017 — Hyderabad International Convention Center). So you can register for them here: https://events.withgoogle.com/in-firebase-appfest/
ngDownloader is a web application that gives the download links of the videos from various websites like youtube, facebook, udemy etc with no ads. I have made this application for AngularAttack 2017 Hackathon and selected as winner in Fun/Utility Category.
I have used Amazon AWS Lamda function and API gateway to host and run the backend. Here is the link of the backend code. Also it uses youtube-dl library to fetch download links.
Bugs or feature request ? Drop email at hi@manishbisht.me I would be happy to make it available for you.
I will keep making more improvements and adding features in the future. I am using my Kendo UI Professional license so that I can improve the UI and use more components.
There is the yearly renewal is charge for the domain per year and pay per use charge for Amazon AWS for backend. If you want to contribute a year or pay for hosting, send me an email and I’ll add the years on. Of course I’ll do my best to continue running the domain and hosting, but this is your chance to contribute to the community project.
Talk to me
If anyone would like to get in touch with me I am not too hard to reach. Just drop an email at hi@manishbisht.me I would be happy to have a chat with you.
I submitted pull request for my second task i.e., adding configuration options for default transformations. As I explained in the proposal. I thought I will have to add configuration for every transformation. But I realised not all of the transformations make use of options. So, I added configuration only for those that looked like they make use of paramaeters. I have a feeling that a better option would be to add empty arrays for those transformations that don’t make use of options because in future, the transformations may be modified to make use of parameters and they can modify these empty arrays. Anyway, I raised this question in comments on my pull request. I will act according to response.
I also thought I will have to add configuration options in page-wise settings and setup script separately. But, I realised any change in configuration directives reflects in both setup script and page-wise settings. Awesome!!
Screenshots of new configuration directives:
I will be moving on to my 3rd task this week – Allow designer to show other Databases. According to my plan, I will be submitting code for my 3rd task after first evaluation, but I have to start discussing design with my mentor now. I guess this puts me in a good position for my first evaluation as I submitted all required code. From now on, I will be addressing reviews on the submitted code and plan for my 3rd task.
Besides usual bug screening and pull requests merging, I've spent quite some amount in digging reports in our error reporting server and fixed the most visible ones.
The error reporting server collects errors happening in phpMyAdmin installations worldwide (this is opt-in reporting) and gives us insights where our users suffer most. Some of the errors are really weird and probably indicate PHP bug, but as we don't collect more information than is necessary, we really can not say for sure and we can not find person to reproduce the bug. Anyway if something has happened hundredth times on several installations, it's probably worth fixing in our code base.
#98 aimed to bring back the ability of the Error Reporting Server to follow the status of report-linked Github issues and update the same for the reports that it is linked with. Github provides a interface to listen to events through webhooks. Webhooks allow developers to listen to a variety of events like push, issues etc. I added a controller in the Error Reporting Server which listens to all the issues events and if it receives an event for an issue which is linked to by any of the reports, it updates the status of the linked reports accordingly.
For the next week, I would be taking on two tasks #159 and #160, which were not originally part of the proposal, but seem to be natural extensions to the task in #98.
Thanks :) I have faced some issues while adding left and right scrolling icon and its functionality but with little more debugging I have made it possible.
Next while working on table structure page when I have written this in js/menu-resizer.js the icons are loading n number of times where n is number of columns in the table. It was working fine on all pages except table structure page.
Last issue that I faced was while adding scrolling inside the fieldset tag seems like the width in percentage was not working so I used javascript here to implement this.
Rest all implementation were straight forward. Just needed some debugging on browser developer tools.
Also I have made some standards for how I am naming the new classes the details of which I will add after completing it because I think more will come as I keep working on it.
Weblate 2.15 is almost ready (I expect no further code changes), so it's really great time to contribute to it's translations! Weblate 2.15 should be released early next week.
I'd especially like to see improvements in the Italian translation which was one of the first in Weblate beginnings, but hasn't received much love in past years.
It has been few months since I'm providing Windows binaries for Gammu, but other parts of the family were still missing. Today, I'm adding python-gammu.
Unlike previous attempts which used crosscompilation on Linux using Wine, this is also based on AppVeyor. Still I don't have to touch Windows to do that, what is nice :-). This has been introducted in python-gammu 2.9 and depend on Gammu 1.38.4.
What is good on this is that pip install python-gammu should now work with binary packages if you're using Python 3.5 or 3.6.
Maybe I'll find time to look at option providing Wammu as well, but it's more tricky there as it doesn't support Python 3, while the python-gammu for Windows can currently only be built for Python 3.5 and 3.6 (due to MSVC dependencies of older Python versions).
Hosted Weblate provides also free hosting for free software projects. The hosting requests queue was over one month long, so it's time to process it and include new project.
If you want to support this effort, please donate to Weblate, especially recurring donations are welcome to make this service alive. You can do them on Liberapay or Bountysource.
As mentioned in my previous post, I am working on making new UI for multi-table query for phpMyAdmin. I believe I can safely say it is in good shape as of now, although code review is still pending. I have added most of the features from earlier interfaces. Some of the examples of queries which you can construct are:
Basic queries.
select `wp_posts`.`*` from `wp_posts`;
select `wp_posts`.`ID` from `wp_posts`;
Aliases.
select `a`.`ID` from `wp_posts` as `a`;
select `a`.`ID` as `id_col` from `wp_posts` as `a`;
WHERE clause
select `wp_posts`.`ID`, `wp_posts`.`post_title` from `wp_posts` WHERE `wp_posts`.`ID` > 49 AND `wp_posts`.`ID` < 74;
ORDER BY clause
select `wp_posts`.`ID`, `wp_posts`.`post_title` from `wp_posts` WHERE `wp_posts`.`ID` > 49 AND `wp_posts`.`ID` < 7 ORDER BY `wp_posts`.`post_date`;
Following is a screenshot of the UI:
I had a plan to add filtering and pagination of queries, but luckily they are built-in for query response HTML. You can checkout code from the PR and try it yourself. As always, any feedback and suggestions are more than welcome.
According to my timeline, I am supposed to complete this with code-review by 15th June. But I understand that other developers may be busy right now. So, I will be moving on to my next task this week i.e.Ă‚Â Default options for transformations.
I will update the code for Multi-Table querying once I get code reviews.
Last week was again quite busy on the issue tracker and pull requests. I start to think that I barely get to real development over handling flow of incoming reports and pull requests.
I've manged to fix some issues with parsing comments in SQL parser, which probably was not that much visible in phpMyAdmin, but was quite annoying when using SQL parser as library. Generally it seems that people are starting to use it, so at least one of our separate libraries is getting some user base outside phpMyAdmin.
Issue #106 focussed on adding better functionality of notifications handling. I added a ‘Select all’ check box to select all the notifications on a single page. The pagination was not working before and was fixed. I also added a ‘Mark All Notifications as Read’ button which would ask the user to confirm and if confirmed will mark all his notifications read (unrecoverable).
Issue #31 was about providing email notifications to the developers whenever a new report is added on the Error reporting system. A tricky part was to test sending of emails in unit testing, it needed me to add a new custom email transport.
For the next week, I would be targeting to implement #98 which aims to bring back the ability of the Error Reporting Server to follow the status of report-linked Github issues and update the same for the reports that it is linked with.
During last weeks I was finally able to push out some releases of Gammu and related tools. Those were mostly waiting for quite some time in Git, but still will be useful for many users.
Gammu 1.38.3 brings several SMSD performance improvements (I'd like to hear feedback here how much it helped in real world workloads), fixes USSD related crashes and adds support for new devices.
python-gammu 2.8 finally brings emoji fixes to Python users as well. Those were fixed in Gammu quite some time ago, but the Python API still didn't handle them properly. There was also simplification in the calls API.
Wammu release will follow shortly in next days, the most important change there being license change to GPLv3 or later.
As mentioned in my timeline, I am working on building a New UI for Multi-table querying. The following is the mockup of what I put forward to community. My mentor Isaac Bennetch expressed that he is happy with it.
I made an implementation for the UI and added support for basic queries which don’t involve any criteria (WHERE clause is not supported yet). This is what it looks like right now.
You can checkout the code from this PRÂ and test it yourself. For the following week, I will be adding support for WHERE clause. I should also enable saving of queries. Last UI has that feature and I also feel it is very useful for users as it is very common for database admins to need to run same queries repeatedly. I look forward to any feedback regarding this feature.
Before the coding period started, I started out with moving the code-base for Error Reporting server to more phpMyAdmin-like coding styles (which is in fact quite similar to PSR-4 with few exceptions) in #131 and #132.
I had talked to Michal and actually started the work on the project a few weeks before the actual GSoC coding period started. Initially I spent time fixing bugs from the production logs (ex. #134, #135, #139, #141, #142), which helped to get started with the codebase.
The first task from the proposal that I implemented turned out to be #129. The views were strayed with control structures with a lot of opening and corresponding closing braces. This PR changed the view files to use alternative syntax for the control structures.
The next task (#123) that I picked up was to allow searching/filtering reports (on Reports listing page) using Filename. This helps the developer in differentiating between all the similar errors/exceptions but originating from different files.
The tasks #119 and #120 were related in a sense both were related with the interactions that our error reporting system has with Github. #119 focused on improving the content that we add while creating a new linked-issue for a report or while adding a link of an report to an existing issue on Github.
#120 helped to simplify the long list of existing issue states and they were mapped to a simpler (and more Github-related statuses) as ‘New’, ‘Forwarded’, ‘Resolved’.
For the next week, I would be targeting to implement #31 which aims to provide an email notification (to developers at phpmyadmin.net) about new reports being added on the Error Reporting Server.
Last week was a bit shorter for me, but still there was quite some bugfixes done.
Most of the time was spent of fixing handling malformed mo files in motranslator, where the issues were reported by Emanuel Bronshtein. The library is now way more fault tolerant than it used to be if it gets corrupted file.
There was also quite some pull requests on phpMyAdmin to review and merge, but that seems to be usual in last weeks :-).
For quite some I'm happy user of Turris Omnia router. The router has quite good hardware, so I've decided to try if I can run Bitcoin node on that and ElectrumX server.
To make the things easier to manage, I've decided to use LXC and run all these in separate container. First of all you need LXC on the router. This is the default setup, but in case you've removed it, you can add it back in the Updater settings.
Now we will create Debian container. There is basic information on using in Turris Documentation on how to create the container, in latter documentation I assume it is called debian.
It's also good idea to enable LXC autostart, to do so add your container to cat /etc/config/lxc-auto on :
config container
option name debian
You might also want to edit lxc container configration to enable clean shutdown:
# Send SIGRTMIN+3 to shutdown systemd (37 on Turris Omnia)
lxc.haltsignal = SIGRTMIN+3
To make the system more recent, I've decided to use Debian Stretch (one of reasons was that ElectrumX needs Python 3.5.3 or newer). Which is
anyway probably sane choice right now given that it's already frozen and will
be soon stable. As Stretch is not available as a download option in Omnia, I've
chosen to use Debian Jessie and upgrate it later:
Now you have up to date system and we can start installing dependencies. First thing to install is Bitcoin Core. Just follow the instructions on their website to do that. Now it's time to set it up and wait for downloading full blockchain:
$ adduser bitcoin
$ su - bitcoin
$ bitcoind -daemon
Depending on your connection speed, the download will take few hours. You can monitor the progress using bitcoin-cli, you're waiting for 450k blocks:
Depending how much memory you have (mine has 2G) and what all you run on the router, you will have to tweak bitcoind configuration to consume less memory. This can be done by editing .bitcoin/bitcoin.conf, I've ended up with following settings:
par=1
dbcache=150
maxmempool=150
You can also create startup unit for Bitcoin daemon (place that as /etc/systemd/system/bitcoind.service):
Now we can enable services to start on container start:
systemctl enable bitcoind.service
Then I wanted to setup ElectrumX as well, but I've quickly realized that it uses way more memory that my router has, so there is no option to run it without using swap, what will probably make it quite slow (I haven't tried that).
I am excited to say that I will be working with phpMyAdmin this summer on the project ‘Enhancements collection for phpMyAdmin’. Here is the detailed project proposal including timeline.
Synopsis
The project aims at enhancing phpMyAdmin by implementing several features. The following are github links to respective issues:
New UI for Multi-table query generator:Currently, we have two ways of building multi-table queries in order to reduce user effort while querying multiple tables – one is designer (db_designer.php) and the other is a form-based query builder (db_qbe.php) which is redundant. The new UI replaces these two interfaces. This UI helps in reducing the learning curve for users who are new to managing databases and also to make multi-table querying faster and easier.
Default options for transformations: While browsing a table, the way in which a user interacts with output is formatted by PMA to visualize output in an intuitive way (for eg. showing formatted JSON). These transformations can be set and edited in tbl_structure.php page. These transformations accept parameters (for eg. what is the length of substring to be shown if col value is a large string). The defaults for these parameters are hard-coded in PMA. It will be better if we enable user to configure these defaults, preferably in page related settings modal (also in configuration directives if necessary).
Allow designer to show other Databases: Adding foreign key constraint from ‘Relation view’ has option of choosing a different database. Right now, users cannot create foreign key constraints with other databases using designer. This task involves showing tables from other databases and allowing to add foreign key constraints.
Google Authenticator: Two factor authentication provides an additional layer of security and makes it harder for attackers to gain access to user accounts. We have also had some users complain that the only weak spot in their environments is access to phpMyAdmin which does not support two-factor authentication.
Consolidate tablesorter libraries: Remove redundant libraries being used for sorting tables. From this task, there is no benefit directly reflecting to users, except loading one less library. This will help us (developers) to maintain sanity of the code.
Facilitate drag and drop of columns between tables: Users will be able to copy columns across tables which they cannot do now. Example case: Engines like InnoDB allow only 64 columns to be indexed in a table due to which users are forced to split tables. Such users will find it very helpful to be able move columns across tables.
Setup improvements: Many potentially very useful features like auto-update are not implemented right now as it would require filesystem access. With this solution in place, we can add features like Editing configuration file, Auto-update PMA installation, Theme downloader etc.
Project Details
The following is a more detailed description of the features which will be implemented:
New UI for Multi-table query generator:
Right now, after result of submitted query is fetched, a lot of space is occupied on top with various options pushing the actual builder down (image). This is unfriendly as it is common to want to modify the query soon. The new interface will ensure that builder itself will take much less amount of space on top leaving room for result to be shown below builder.
Inherit most of the functionality provided by both of the existing interfaces.
I have made a mockup of what I planned to implement. Criteria will be entered as free text (we can provide interface for basic criteria like ‘AND’, ‘OR’ etc.)
I also have a plan to add additional filters after results are displayed, as reflected in the mockup referred above.
Default options for transformations: We currently have pagewise settings and a setup script where configuration options are available. A form for ‘Default options for transformations’ will be added in one (or both) of these places. All the transformation plugins are in $PMA_HOME/libraries/plugins/transformations/ directory. Results are created by $PMA_HOME/libraries/DisplayResults.php where applyTransformation function is called. This function uses hard-coded defaults (eg: substring-transformation ). We have to:
Replace these hard-coded parameters with parameters obtained from $cfg. These parameters can either be set in page related settings or in configuration options in standalone settings page.
The existing hard-coded defaults will be added to config.defaults.php.
Allow designer to show other Databases: As discussed on the issue on Github, adding all databases by default to the designer doesn’t make sense. A better suggested UI to reduce cluttering would be:
To include all the tables where foreign key constraints of current database are pointing.
Provide interface to add more tables.
Google Authenticator:
Users will have an interface (a separate page) which they can access through settings page to set up 2FA.
We will be generating a QR code which a user can scan through Google Authenticator app (or any 2FA app) and enter the code (TOTP). If this is successful, we store the seed for the user in a database. We will be using this seed to verify code (TOTP) entered by user at every login attempt. A good option here is to use an existing library like TwoFactorAuth (MIT license).
We have to decide what happens if a user loses access to his/her Google Authenticator app. One option here is to follow what github does. Github provides recovery codes when you set up 2FA and these can be used instead if you lost your device or app. You can read about it here.
Consolidate tablesorter libraries:
Identify the places where the two libraries (jquery.sortableTable.js and jquery.tablesorter.js) are used. Doing a simple grep, I was able to see that tablesorter is used much more than sortableTable (44 times vs 14 times).
Refactor the code base in those areas so that finally only one library is used. I am assuming I have to replace those 14 instances of sortableTable are to be replaced (other way is also fine if we decide that tablesorter is better). They also have decent documentation available.
Facilitate drag and drop of columns between tables: In the tbl_structure.php page, an option will be added to append the columns from other table clicking on which displays list of tables and columns in selected table. User will be able to drag a particular column from this and add it to current table. This has issues like mismatch of no of rows in the column being added and current table. This needs to be further discussed.
Setup improvements:
We will be adding a special option where users are requested for credentials for setting up these additional features. In future, these features can only be accessed by using these credentials.
The features which will be added include editing configuration file (config.inc.php), an option to update PMA to latest stable release (or re-install current version), PMA configuration storage setup (files in $PMA_HOME/sql/ directory).
Since these features affect only server side filesystem, having write access on $PMA_HOME/ directory to server should suffice.
The exact flow for any of the above features is subject to change on discussion with mentor and community during implementation. All the implemented features will be clearly documented. As mentioned in the timeline below, if time permits I will be taking up more feature requests and bugs.
Deliverables
New UI for Multi-table query generator: A new interface for multi-table queries which replaces the two existing interfaces.
Default options for transformations: A configuration option (a form) where default options for transformation can be configured.
Allow designer to show other Databases: An interface to enable users to add other tables (tables from other databases) to designer.
Google Authenticator: An optional two-factor-authentication while logging in.
Consolidate tablesorter libraries: Removed redundant libraries used for sorting tables.
Facilitate drag and drop of columns between tables: Added functionality to drag and drop columns between tables
Setup improvements: An interface to add features which require filesystem access such as PMA installation updater, PMA configuration storage setup, editing configuration file etc. I will try to implement as many of these features as possible.
Project Schedule
Span
Task
May 4th – May 29th
Bonding with community.
Understand the code base clearly.
Work on some feature requests and bugs.
Discuss and clear the ambiguities and implementation details.
May 30th – Jun 5th
New UI for Multi-table query generator.
Formalize the exact UI design.
Create and finalize UI.
Jun 6th – Jun 15th
New UI for Multi-table query generator.
Complete UI with backend.
Get the code reviewed.
Jun 16th – Jun 20th
Implement Default options for transformations.
Formalize the interface for configuration.
Implement the interface and code-review.
Jun 21st – Jun 24th
Implement showing tables from other databases in designer.
Formulate and design the UI which allows this functionality.
Jun 25th – Jun 29th
Submitting work for phase-1 evaluations.
Make up week.
Fix any bugs/issues in the work till now.
Jun 30th
Phase-1 evaluations.
Jul 1st – Jul 7th
Implement showing tables from other databases in designer.
Complete the backend part.
Get the code reviewed.
Jul 8th – Jul 13th
Add support for 2FA.
Jul 14th – Jul 20th
Remove redundant libraries used for sorting tables.
Identify where both libraries are used.
Refactor the code to ensure only one library is used.
Get the code reviewed.
Jul 21st – Jul 27th
Make-up week.
Fix any bugs/issues in the work till now.
Submit work for phase-2 evaluations
Jul 28th
Phase-2 evaluations
Jul 29th – Aug 4th
Setup improvements
Credentials setting up
Editing configuration file
Aug 5th – Aug 13th
Setup improvements
Other features such as PMA updater, Theme downloader, Configuration storage editor
Aug 14th – Aug 22nd
Facilitate drag and drop of columns across tables
Discuss and finalize the UI design.
Implement the finalized design.
Code-review.
Aug 23rd – Aug 28th
Make up week.
Wrap up the work.
Fix any bugs and do required documentation.
Work on more features if time permits.
Aug 29th
Final evaluation.
Time
I will be able to spend up to 30-40 hours a week on average.
Bio
I have been programming since my 11th standard (2011). I open-source most of my assignments and course projects which can be found on my github profile. The following are some of the relevant courses I have completed:
Computer Programming
Data Structures
Algorithms
Database Systems
Structured Systems Analysis and Design
IT workshop
I was Teaching Assistant for ITWS course at my university for two semesters which involves teaching HTML, CSS, JS, Introduction to PHP, encryption, git etc.
I am familiar with the technologies used by phpMyAdmin project, namely PHP, MySQL, JS, jQuery, HTML and CSS.
My other interests include NLP, Machine Learning and Research.
Other than phpMyAdmin, I contributed to an organization called Catrobat. My other open-source work can be found on my github.
phpMyAdmin contributions
I’ve contributed to phpMyAdmin for some months in the past. I’ve fixed few bugs and also added some features. These are my contributions.
Favorite phpMyAdmin feature
I find Navigation tree and autocomplete most useful. The one I liked the most is normalizing databases.
phpMyAdmin improvement
I feel the layout of phpMyAdmin can be further improved. For example, It can be centrally aligned (vaguely speaking) so that interface experience remains consistent with varying monitor resolutions. I found that this issue addresses whatever I am saying. I would really like to see this being taken up.
Weblate 2.14.1 has been released today. It is bugfix release fixing possible migration issues, search results navigation and some minor security issues.
Full list of changes:
Fixed possible error when paginating search results.
Fixed migrations from older versions in some corner cases.
Fixed possible CSRF on project watch and unwatch.
The password reset no longer authenticates user.
Fixed possible captcha bypass on forgotten password.
You can find more information about Weblate on https://weblate.org, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on https://hosted.weblate.org/ as official translating service for phpMyAdmin, OsmAnd, Turris, FreedomBox, Weblate itself and many other projects.
Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.
Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.
Last week I was again quite active on development side bringing several improvements to master branch.
The biggest news is probably that phpMyAdmin no longer relies on eval() function. We've used it to run advisory rules on server configuration, but that is now done using Symfony ExpressionLanguage (which we anyway need due to motranslator).
When looking at things this does pull in, I've noticed that there is mbstring polyfill, which can be used instead of the one we ship (and was never completed). Thanks to this the mbstring dependency is now optional, but still recommended for performance reasons.
Another quite visible change is adding JSON metadata to our themes. Right now it covers basic things like theme compatibility and authorship, but more can be added later. This is also covered in our documentation.
Weblate has started to use HackerOne Community Edition some time ago and I think it's good to share my experience with that. Do you have open source project and want to get more attention of security community? This post will answer how it looks from perspective of pretty small project.
I've applied with Weblate to HackerOne Community Edition by end of March and it was approved early in April. Based on their recommendations I've started in invite only mode, but that really didn't bring much attention (exactly none reports), so I've decided to go public.
I've asked for making the project public just after coming from two weeks vacation, while expecting the approval to take some time where I'll settle down things which have popped up during vacation. In the end that was approved within single day, so I was immediately under fire of incoming reports:
I was surprised that they didn't lie - you will really get huge amount of issues just after making your project public. Most of them were quite simple and repeating (as you can see from number of duplicates), but it really provided valuable input.
Even more surprisingly there was second peak coming in when I've started to disclose resolved issues (once Weblate 2.14 has been released).
Overall the issues could be divided to few groups:
Server configuration such as lack of Content-Security-Policy headers. This is certainly good security practice and we really didn't follow it in all cases. The situation should be way better now.
Lack or rate limiting in Weblate. We really didn't try to do that and many reporters (correctly) shown that this is something what should be addressed in important entry points such as authentication. Weblate 2.14 has brought lot of features in this area.
Not using https where applicable. Yes, some APIs or web sites did not support https in past, but now they do and I didn't notice.
Several pages were vulnerable to CSRF as they were using GET while POST with CSRF protection would be more appropriate.
Lack of password strength validation. I've incorporated Django password validation to Weblate hopefully avoiding the weakest passwords.
Several issues in authentication using Python Social Auth. I've never really looked at how the authentication works there and there are some questionable decisions or bugs. Some of the bugs were already addressed in current releases, but there are still some to solve.
In the end it was really challenging week to be able to cope with the incoming reports, but I think I've managed it quite well. The HackerOne metrics states that there are 2 hours in average to respond on incoming incidents, what I think will not work in the long term :-).
Anyway thanks to this, you can now enjoy Weblate 2.14 which more secure than any release before, if you have not yet upgraded, you might consider doing that now or look into our support offering for self hosted Weblate.
The downside of this all was that the initial publishing on HackerOne made our website target of lot of automated tools and the web server was not really ready for that. I'm really sorry to all Hosted Weblate users who were affected by this. This has been also addressed now, but the infrastructure really should have been prepared before on this. To share how it looked like, here is number of requests to the nginx server:
I'm really glad I could make Weblate available on HackerOne as it will clearly improve it's security and security of hosted offering we have. I will certainly consider providing swag and/or bounties on further severe reports, but that won't be possible without enough funding for Weblate.
For quite some time, we did provide Composer packages for phpMyAdmin, though they were available only in separate repository and not in the main Packagist repository, but now it's there!
The reason why we didn't do that was that it really doesn't integrate well with our release process - we release ready to use tarballs, while the VCS doesn't contain all things end users expect (eg. byte compiled localization files). Putting generated content to VCS didn't sound right and there is no option of using own tarballs on Packagist repo.
That's why we've ended up providing own channel with release tarballs. However this approach is not good either as that already bundles dependencies installable by composer, possibly causing problems when trying to upgrade these.
Therefore I've decided to generate separate VCS for composer packages. This way it doesn't pollute development VCS, but still Composer gets what it expects. The phpmyadmin/phpmyadmin is now using separate VCS and is updated daily using shell script. There might be some glitches during initial runs, so please report me any problems you see.
Weblate 2.14 has been released today slightly ahead of the schedule. There are quite a lot of security improvements based on reports we got from HackerOne program, API extensions and other minor improvements.
Full list of changes:
Add glossary entries using AJAX.
The logout now uses POST to avoid CSRF.
The API key token reset now uses POST to avoid CSRF.
Weblate sets Content-Security-Policy by default.
The local editor URL is validated to avoid self-XSS.
The password is now validated against common flaws by default.
Notify users about imporant activity with their account such as password change.
The CSV exports now escape potential formulas.
Various minor improvements in security.
The authentication attempts are now rate limited.
Suggestion content is stored in the history.
Store important account activity in audit log.
Ask for password confirmation when removing account or adding new associations.
Show time when suggestion has been made.
There is new quality check for trailing semicolon.
Ensure that search links can be shared.
Included source string information and screenshots in the API.
Allow to overwrite translations through API upload.
You can find more information about Weblate on https://weblate.org, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on https://hosted.weblate.org/ as official translating service for phpMyAdmin, OsmAnd, Turris, FreedomBox, Weblate itself and many other projects.
Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.
Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.
Last week I finally got to doing something else than bug screening and fixing.
First of all the daily snapshots were improved in order to indicate the snapshot detail on our website, so that it's clear when it has been built and from which Git commit.
I've also looked at long outstanding issue of removing eval() usage from our codebase. The last piece where it has been used for Advisor and there is now my pull request to get rid of that.
Second long annoying thing is that we really don't have theme metadata in some easy to read format. Some of the information is set by PHP code and that's not really something you want to use to just get theme name, author or compatibility (actually the last bit is not really there). I've rewritten this to use JSON and there is pull request to implement the changes.
Probably both pull requests will land into master this week.
Hosted Weblate provides also free hosting for free software projects. The hosting requests queue was over one month long, so it's time to process it and include new project.
If you want to support this effort, please donate to Weblate, especially recurring donations are welcome to make this service alive. You can do them on Liberapay or Bountysource.
As I had posted earlier, my proposal for ‘Improving phpMyAdmin’s Selenium testsuite and Error Reporting Server’ got accepted in Google Summer of Code with phpMyAdmin.
The project aims to provide some added and improved functionality in the areas of functional/selenium testing and phpMyAdmin’s error reporting server.
The project details are presented under two broad headings:
Tasks related to Error Reporting Server
Tasks related to Selenium testing
Tasks related to Error Reporting Server
This involves implementing these tasks over the summer:
Current behaviour: No such option. Prior to migration of our issue tracker, the state of reports were synced with the linked SourceForge issues. On migration, this functionality has been lost.
Expected behaviour: The error reporting server should be able to follow state of linked issues and update state of the reports linked to that issue according to them.
Implementation Procedure:
Github provides event webhooks for any repository which can be listened by a controller on our reporting server.
Once an issue (close) event is received, the controller will set the state of all the reports linked with that issue to ‘closed’. This way we would not have to run a cron job, and this would ideally be tracking changes in real time.
If the operation takes a lot of time, we might have to use queueing mechanisms to hold these event payloads received from Github.
Security aspects have to be considered as mentioned here
Alternate Implementation Procedure:
Github developer APIs provides a rich way of interacting with the issues on a repository. We could use the APIs provided, for example: GET /repos/:owner/:repo/issues/:number to get the current state of the linked issue for a report and update the same on server
This can be implemented as a shell, which could be run as a cron-job using the console tool that CakePHP provides.
   2. Issue #31 : Provide email notification for new reports
Current Behaviour: New reports are not reported to the developers via emails. This leads to the developer manually checking the error reporting server to check, if new relevant reports have been added.
Expected behaviour: New report generation would be accompanied by emailing a small summary of the new report’s details to the developer community (maybe through a new ‘bugs’ mailing list).
Implementation Procedure:
Cakephp3 has a core library included for custom emails through cakephp. The ReportsController.php, in its creation of the report, would also include a function call to mail the summary of new report’s details to the bugs mailing list. Reference – http://book.cakephp.org/3.0/en/core-libraries/email.html
Current Behaviour: We don’t provide any option to clear all notifications. Moreover, there is not even a ‘Select all’ checkbox to select all the notifications on a page.
Expected behaviour: The missing ‘Clear all notifications’ button (and the corresponding action) should be provided so that the developer can start with a clean slate. Moreover, a ‘Check all’ checkbox would enable the developers to quickly filter and clear the notifications shown currently on the page
Implementation Procedure:
We use Data tables to populate, order and enable search queries (though order and search are actually run in with SQL queries) in the tables on Notifications page.
A check-all box can be added similar to what is present on the reports page
The ‘Clear all notification button can added above the table header (may be right-aligned in the same row as ‘Action for Selected Notifications’)
   4. Issue #119 : Improve generated issues content
Current Behaviour: Once a report on the error reporting server is linked to an issue, a comment is posted with the error type, error message, exception type and the link to the report.
Expected behaviour: It would be really help the developers looking at the comment in the issue tracker if affected phpMyAdmin version, script name and number of incidents are also included in the generated comment.
Implementation Procedure:
The changes have to made in the src/Controller/GithubController.php file
We would have to fetch the required information related to the report from the database using appropriate models.
This extra information can be included in the data being posted in the request to the Github server while posting the comment (while linking to existing issue) or while creating a new issue.
Current Behaviour: Since we used to track the issue state from SourceForge through a cron job, we had adapted to the issue states available in SourceForge’s issue tracker and had added corresponding issue state for our reports.
Expected behaviour: Since we have moved to Github issue tracker, we would need only three states namely: opened, closed and forwarded. Opened is the default when a new report is generated, it is set to forwarded when the report is linked to a new or existing issue. Once an issue gets closed on Github, the linked reports are also marked as closed.
Implementation Procedure:
The changes would be involved to the $state array in the src/Model/ReportsTable.php
Then changes would be required in the flow which creates a new issue and/or links a report to an existing issue on Github, so that the state of the linked report can be changed to forwarded.
The other change required would be that the state of the report should be updated once we receive a issue-closed event from the Github webhook.
Current Behaviour: We allow the search in data tables on reports page based on exception name, message, phpMyAdmin version affected, state, exception type.
Expected behaviour: The search functionality does not help much when the exception name and the message are very similar but are actually present in different files. We should have a column stating the filename and allow search by that column to help distinguish such reports.
Implementation Procedure:
Adding a column involves changes to the template, the view action in src/Controller/ReportsController.php by changing the $aColumns array.
Moreover, the searchable property for this newly added column in the data table would be automatically enabled. (It can be disabled by specifying in the webroot/js/custom.js aoColumnDefs field, but we don’t have to touch it in this case)
Current Behaviour: For accessing the error reporting server, one needs to have commit access to the phpmyadmin/phpmyadmin repository on Github. This prevents contributors (non-team members) to access the application. Currently, any issue on the tracker that has been forwarded from a report on error reporting server might be incomprehensible (or at least a pain to work on a fix for) to any non-team developer, since (s)he can’t even take a look at the actual report/incidents.
Expected behaviour: We should allow for public read-only interface so that anyone can take a look at the error reports. This would enable democratization of the technology and help in increasing the developer engagement in the community.
Implementation Procedure:
The reports main page (i.e. the index action in ReportsController) can remain as it is, while the view action can be changed to have the action buttons like ‘Mark same as’, ‘Create new issue’, ‘Link to an existing issue’ made conditional on whether the user is logged in (ideally only team members)
The currently unused function ‘canCommitTo’ in the Github API can be used to check whether the user is authorized to access the report actions. Moreover, the $whitelist in src/AppController.php would have to be altered to allow for anonymous users to access the read-only interface
   8. Issue #129 : Use cleaner alternative syntax for control structures in View templates
Current Behaviour: The templates, in the current code, use the standard syntax for the control structures that is used in the .php files. It makes it very inconvenient to read and comprehend the code, since there are a lot of braces and they may not be correctly indented etc.
Rewrite the control structures in the template files using the alternative syntax, of course, without breaking any existing functionality.
Tasks related to Selenium testing
These tasks are broadly divided into 2 major sub-lists:
Fixing existing tests: This involves fixing the existing set of broken selenium tests. This would help in making the overall test suite reliable, so that it can be run on every  commit.
S. No.
Test name
Current status
1
CreateDropDatabaseTest
Works
2
CreateRemoveUserTest
Works
3
DbEventsTest
Inconsistent
4
DbOperationsTest
Broken
5
DbProceduresTest
Broken
6
DbStructureTest
Broken
7
DbTriggersTest
Broken
8
ExportTest
Broken
9
LoginTest
Works
10
NormalizationTest
Broken
11
PrivilegesTest
Broken
12
ServerSettingsTest
Broken
13
TableBrowseTest
Broken
14
TableCreateTest
Broken
15
TableInsertTest
Broken
16
TableOperationsTest
Broken
17
TableStructureTest
Broken
18
TableTrackingTest
Broken
19
XSSTest
Broken
20
ImportTest
Broken
Assuming that each test and its test-cases can be fixed in a day’s work (on an average), fixing all the current tests would require 3 weeks of time.
Adding new tests: The selenium testsuite will be extended to common operations by adding a new set of tests and improve the selenium testsuite coverage.
S. No.
Feature Covered
Expected duration
1
Typing and executing SQL query – Server SQL
1-2 day(s)
2
Typing and executing SQL query – Database SQL
1-2 day(s)
3
Typing and executing SQL query – Table SQL
1-2 day(s)
4
Granting an user access to a database
1-2 day(s)
5
Import tests
1-2 week(s)
6
Exports tests (expand to test more options, for Server-level, Db-level, table-level)
4 days
I would be posting weekly updates every Monday, about the work undertaken during the previous week as soon as the coding period starts.
Looking forward to another exciting summer with phpMyAdmin.
Last week I finally got back to work after mostly two weeks of vacation, so there was quite a lot of things to do. I've merged several pull requests, gone through incoming bugs and generally did some cleanup in our issue trackers.
The list of accepted projects for Google Summer of Code (GSoC), 2017 was published yesterday. My proposal on ‘Improving phpMyAdmin’s Selenium testsuite and Error Reporting Server’ submitted to phpMyAdmin has been selected.
This is the second time that I would be participating in GSoC and my second time with phpMyAdmin. This time I would be mentored by Michal ÄŒihaĹ™. I would soon be adding a separate blog post about the project details.
Congratulations to all those whose proposals were selected. Cheers!
Looking forward to a great summer ahead with phpMyAdmin again!
We have stopped providing daily snapshots for phpMyAdmin pretty much at time we've moved to GitHub, which allowed to download any branch as zip file. However since introduction of Composer to manage our dependencies, additional steps were required to get working copy of phpMyAdmin out of the snapshots.
Since today the ready to use snapshots are available again. They will be updated every day and are built in exactly same way as our releases, so all you need to do is download them and start using.
These snapshots can be also used from Docker - the phpMyAdmin image now has brand new tags edge-4.7 and edge-4.8 which are updated with every snapshot and contain latest changes from development branches.
I got back to work last week after vacation I had. The GSoC selection process is almost done (in two days the accepted students will be announced by Google) and things got again a bit calmer, so the usual amount of bug fixing and pull requests review has been done.
One thing worth mentioning is that we have started to use Twig templates and first templates were just ported to this. It will better enforce logic separation from the templates and also it makes templates easier to read.
Last week was a bit shorter for me due to Easter, but still quite some work has been done. My time was mostly was spent on Docker and handling pull requests.
Anyway you won't see my report next week as I'm having few days off.
After getting a lots of questions from my friends and social channels about “how to make my resume”. These are my suggestions to make your resume GOOD that can help you to get your dream job or Internship. You are free to use these suggestions and make changes according to your needs.
KISS — Keep it Simple and Stupid
What to include ?
Everything that you want to tell to your recruiter. This is the sequence that I should suggest you to follow keeping below points in mind but you can definitely reorder it.
For Beginners
Name and Contact Details.
Education
Projects
Skills and/or Technologies known
Languages known (position specific)
Honors and Awards
For Experienced Peoples
Name and Contact Details.
Work Experience
Education
Projects
Skills and/or Technologies known
Languages known (position specific)
Honors and Awards
Plus point (Common)
Freelancing work
Online Portforlio
Volunteer or nonprofit work
Internships
Plus point for Developers
Open Source Contributions
Competitive Programming
Contest Participation/Winners in regular contests or Hackathons
GitHub Profile Link
Host all your projects online
Plus point for Designers
Behance Profile Link
Creativity (Make resume info-graphic)
Plus point for Marketing
Google Certifications
I don’t know much about this field. :)
What NOT to include?
Content that seems that looks irrelevant for the position you are applying. For Example if you lives in Jaipur and writes “I know Hindi” then it doesn’t make any sense as almost all people knows it. It’s just consuming the useful space.
One Page Resume
Now most of you will ask why ?
Short Answer
Do you really think that the recruiters will be going to read your entire resume ? Big “NO” because every company receives lots of applications daily so like every people they also don’t have time to read it from the starting till the end.
Long Answer
Recruiters do not read your resume. They just scan it for 15–30 second. When your resume is too long, then you have written everything about you and it may possible that you have include things that not required or irrelevant. Now two things can happen in those 15–30 seconds, the recruiter sees the best/good part in your resume or some irrelevant stuff. If the worst case happen they will see the worst part and makes their decision as no hire. It will dilute your best/good part from your resume. Lengthy resumes do not make you more impressive. And if you think you can’t get your resume to just one page, trust me, you can! You just need to think about what is really important for a recruiter to see.
Introduction and Contact Details
This should be the very first part of your resume. As it will helps recruiters to know more about you and how they can contact you. Name, Mobile Number and E-Mail is must to be mentioned in this section. Also make sure your email looks professional not like toohottohandle@gmail.com At least your first name should be included in your email. You can also place the links to your social profiles or that can be included in footer. This thing is optional but it depends for example you are developer or graphic designer then they expect GitHub and Behance profile links respectively.
No Objectives
The company already knows that because you applied for a particular position. It will just waste useful space. Also it may limit your profile to considered it for other positions that might be interesting for you.
Use a Resume Template with Columns
Use a template that has multiple columns. It makes your resume easier to read and saves space.
Use Tables
Use tables with 0(zero) border to manage content on resume.
Your bullets should focus on your accomplishments rather than your responsibilities.
Quantify
Whenever possible, you should quantify your accomplishments. For example If you won an award, out of how many people?
Education
Add all your education related stuff in this section. Name of College/School, Session and percentage/GPA (percentage/GPA is optional try to not mention it if you have too low percentage/GPA). Make it more organised either write percentage for all schools/colleges or for none because mentioning the good percentage/GPA and not mentioning the bad ones makes the negative impact. This section can also includes the courses that you have taken online. For most of the good recruiters this section doesn’t plays important role in their decision. (For IIT, NIT, IIM etc sometimes it works because they also know how hard it is to get into those institutes)
Projects
Select top 2–3 projects to list on your resume. These can be academic required project or independent projects. They do not need to be completed or launched either. As long as you’ve done a good amount of work on them, that’s good enough! because in your Interviews they will defiantly going to ask questions on it.
Additional Experience
You can put additional experience, like leadership activities or awards, in a section like this (changing the name of the section depending on what you list). Be careful here to focus on what really matters.
Skills and Technologies (Only for technical positions)
It’s a good idea to list your skills and technologies that you know, but remember that anything you list here interviewer will going to test it. Also mention it with level of expertise For Example C++ (Proficient), C# (Prior Experience), etc
Languages
If you know any language that will help company in any way then make sure to mention it with more details like can talk in English or can write in English. For Example if you are applying for automobile companies that are Germany based and you know German then it is worth mentioning it.
Interests
This isn’t really necessary, but if you are applying for a job and want them to know you have interests related to the job this would be a good place to mention them. I would suggest you to keep this section at the very end of the resume.
Make it easy for Applicant tracking system
An applicant tracking system (ATS) is a software application that enables the electronic handling of recruitment needs. Now a days most of the companies uses it as everyone wants automation. So add things in organised way is that it can be easy for machine to filter details about you.
NOTE: Images can’t be parsed through these systems so make sure not to include images in your resume.
Extra Tips
1. Never lie on resume
Never lie on your resume because if you do this and get caught then company will be definitely going to blacklist you. They will never going to take the second chance.
2. Choose your fonts wisely
It is generally a good idea to stick to simple and readable fonts. If you make it hard for them to read then they will make it hard for you to get the job. ;)
3. Keep document size as A4
It will be easy for take print out and will easy for the company too when they take printout after sending them through email (I have once made this mistake after that I have changed default page settings to A4).
4. Grammar and spelling
If you’re applying for a job as a designer, does it matter how well you write? The simple answer is yes. Spelling and grammar mistakes will make you appear uneducated, ignorant and/or lazy
5. Make it early and then update monthly
If you are not planing to apply in next 1 month then also I will suggest you to start making it early. Because the resume that is made day earlier is far better then the one that is made few time ago and modified multiple times. Try to modify resume on regular basic and add more relevant and exciting things to it.
6. Remove repetitive information
Never write the same thing multiple times in your resume even not your name. Trust me this is not your exam answer sheet where you write the same thing multiple times to get passed ;)
7. Use space wisely
Play with page margins, borders and font sizes because you only have one page to write.
This is the link to my current resume http://goo.gl/Rro9Sk. Hope this post helps you to make your resume better.
Need help in something else. Feel free to ping me anywhere. I am not too hard to reach. Please do your homework before reaching out to me so you don’t end up asking some random question. :)
You can find more information about Weblate on https://weblate.org, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on https://hosted.weblate.org/ as official translating service for phpMyAdmin, OsmAnd, Aptoide, FreedomBox, Weblate itself and many other projects.
Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.
Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.
Google Developer Days are interactive conferences, providing the latest updates on Google technologies and open platforms for developers and industry leaders. Google Developer Days 2017 will be held throughout year at various cities in India. They are excited to share their thoughts on innovative technologies and encourage developers to build the next big mobile, web, cloud or machine learning solutions.
KeyNote
The event started with the welcome note by Manoranjan Padhy(Community Manager — Google Developer Relations, India)
Session #1
The first session was on Google Cloud Platform by Romin Irani(Google Developer Expert — Cloud Platform) He started with telling key updates from Google Cloud Next 2017 Event.
Next session was by Rohit Gupta(Solution Engineer — Google Cloud Platform) on Big Data. This was the very interactive session. He told us why Google is data oriented company through his own example.
Also he also told us that the “Hadoop” most trending thing in Data Science was derived from the “MapReduce” research that was done by Google.
Next session was on Firebase overview by Manoranjan Padhy(Community Manager — Google Developer Relations, India). He showed us how to get started with Firebase and how to use the API to store the data. He also showed the example of the Chat Application on Firebase.
Next session was by Romin Irani(Google Developer Expert — Cloud Platform) on Machine Learning then the more updates about the Google cloud machine learning APIs
Then an another session by Manoranjan Padhy on Tenserflow. He tell us the things how to start Machine Learning with tenserflow. Tenserflow requires maths as an prerequisite.
If you want to use already created Machine Learning models then you can use Google Cloud Machine Learning and if you want to build your own Machine Learning model then use tenserflow.
Next session was again on Firebase by Manoranjan Padhy(Community Manager — Google Developer Relations, India) This session was more on server less development which doesn’t means there are no servers but it means we don’t have to manage them.
Next session was by Rohit Gupta(Solution Engineer — Google Cloud Platform) on GCP Deveoper and Management tools.
He tell us why we never see “We are on maintenance” like messages on Google products. The difference between 99.99% and 99.999% up-time. Google Storage is 99.999999999999% reliable which means their is very low chances of losing your files if you save it in Google storage like drive, Google Photos. so this session was quite Interesting. He tell us about various new tools that Google internally use in their products.
Google also learns from other technology companies. And recently they learnt from Netflix a new way to deploy the updates that are more reliable and very less chances of failure.
On 9 December, 2016 It was my last fifth semester practical exam so after giving that one of my friend asked for the videos of Udacity FrontEnd Nanodegree I opened my laptop and here is the email from Google Japan with subject “ Google Japan — Next steps on your application” I was so excited thinking that yes finally my resume passed from their ATS (When you apply in any company the resume is saved in their Application Tracking System which is used by the recruiter to select candidates by searching through all the resumes using some keywords because no one has that much time to look through every resume because they receive more than 75,000 job applications every week).
This is not the first time I have applied in Google I have applied in my second year also for the EP Intern but received no response from them because I think I was late that time because they complete all interns hiring by January for summers as answers written on Quora. So I check their job portal in every 15–20 days and apply for the positions relevant to me and update my resume on the monthly basis. I have received response after applying more than 30+ times through their portal so Yes, patience pays…
As the first step in the process I have to fill one survey form asking some basic details. After that on 16 December, 2016 received the email with subject “ Google Japan — Confirmation of Online Quiz”. They have scheduled the online test on 20 December, 2016 and I have to submit the code on the portal. It was something like Google APAC but with no scoreboards.
On 20 December, 2016 There were 2 questions on the quiz out of which I am able to pass 33/101 test cases for first question and 11/100 test cases for second question. The questions were of medium level out of which one was on graph. Also It was written on the on instructions that they will make the next steps based on the code that I have submitted and my resume.
Finally today 22 December, 2016 2:21 P.M. got the email with subject “ Google Japan — Update on your application” This was the rejection email from them. :(
I missed the awesome opportunity this year and will try again next year
For those who want to prepare for the Internship/Full Time this resource (https://github.com/jwasham/google-interview-university) is more than enough to crack interviews at Google. Here Google doesn’t means only Google it means the company which builds cool products using the concepts of Computer Science in a highly creative way.
Even though I am in in Search and Information Extraction Lab, my research work focuses more on NLP. If you are into NLP, you will know that most of the major recent advances in NLP are using Deep Learning. Initially, I had a very tough time understanding most of the papers which used Deep NLP techniques such as LSTMs, Recursive Neural Networks, Attention models etc. This is when I came across this course offered by Richard Socher at Stanford. I am not done with this course completely yet, but doing a part of it itself gave me a lot of confidence. Best part about it is that all their assignments and material, which are very elegantly designed, are publicly available. Hopefully, this will also help someone who has similar interests.
You can find more details about it on its homepage.
So, I came across this problem while installing tensorflow GPU version. Any deeplearning framework’s GPU version needs you to have CUDA installed prior to it. You will have to download the drivers from here . The site simply says to run the file as sudo to install. But wait. If you proceed like this on Ubuntu 16.04, there is a very good chance you will end up with a black screen when you reboot the system. Follow these steps to have a safe CUDA installation:
In case you already installed the way mentioned on the site and are seeing a black screen, just go to command line interface using ctrl+alt+F2. Login and do
sudo apt-get --purge remove nvidia-*
And reboot. Now you should get your display back. Install CUDA as mentioned here.
Hello, this is my first blog post. Any suggestions regarding improvements are very welcome.
Formally, this is called semi-supervised POS tagging.
What is POS tagging?
If you have some acquaintance with NLP, then you will most probably know what POS tagging is. Basically, given a sentence, you have to label each word with its part-of-speech tag. This can simply be put as a sequence labeling task. You can read more about POS tagging here.
HMM and POS tagging
The first approach for POS tagging is to use an HMM with Viterbi algorithm, which is basically a dynamic programming technique to speed up HMM for POS tagging. You can read more about HMM and Viterbi following the links given. But for giving a high-level view, we should find the sequence of tags which maximizes the probability P(t1, t2, … tn | w1, w2, … wn). Not going completely into derivation which involves Markov assumption and some probability manipulation, the above expression can be converted to finding tag sequence which maximises
Π P(wk|tk) P(tk|tk-1).
P(wk|tk) is called emission probability as it is the probability of wk occurring given that tk occurred. P(tk|tk-1) is called transition probability as this determines the probability of next tag, given the previous tag. This is a good tutorial for this technique.
Semi-supervised?
The method discussed above is called supervised because the emission and transmission probabilities are usually calculated from training data by counting bigram frequencies:
P(wk|tk) = count(wk, tk)/count(tk)
P(tk|tk-1) = count(tk, tk-1)/count(tk-1)
But, what if we don’t have bigram counts of all possible bigrams, which is clearly the case in real world data. One basic approach is to use some smoothing technique, but we will be looking at a different approach here. It is clear that we don’t have exhaustively labeled data (all possible bigram counts). So, we make use of limited labeled data and word similarities to find the tags, which is why we call it semi-supervised.
Clustering and two-level HMM
Finally, we come to the actual solution. We first cluster the words in the train data into some k no of clusters. k can be fixed by experimenting. For this, we need vector representations of words. We can obtain vector representations by building a cooccurrence matrix and reducing the dimensionality by using SVD. A simpler way would be to use Word2Vec or GloVe vectors. But the problem with them is that they are general and may not be very relevant to the domain of our data. Anyway, it won’t make much of a difference. Now, we have n clusters – k1, k2 …, kn.
To visualize, our HMM looks like following:
As you can see, the first level of HMM is to get the cluster sequence from the word sequence. As discussed in the previous section, this will require two probabilities – emission and transition. There is no problem with transition probability as the count based approach earlier can still be used (all possible cluster bigram counts are mostly present). But, emission probability cannot be count-based as all possible cluster-word pair counts may not be available. This is the place the clustering and word vectors prove useful. The inverse of the euclidean distance between word vector and mean vector of a cluster can be considered as emission probability:
P(wi | kj) = ||vector(wi)-mean(kj)||-1
Now, we obtained cluster sequence. From this, we have to obtain the tag sequence. This part is the second level of HMM. Similar to the first level, transition probabilities can remain count-based as all tag bigram counts are usually available. Now comes the most tricky part of the entire approach – emission probabilities of cluster-tag. We already have tags for all the words in training data. We now calculate embedding for a tag as the mean of vectors of all words with that tag. Once we have tag embeddings, emission probabilities of tag-cluster can be obtained as the inverse of the euclidean distance between the mean of cluster and tag embedding.
P(ki | tj) = ||vector(tj)-mean(ki)||-1
vector(ti) = 1/n ∑ vector(wj) such that tag(wj) = ti
Points to note while implementing
While doing Viterbi, during every iteration, you will have to multiply three probabilities – emission, transition, and probability from the previous word. Since these are very small values, multiplying them over and over makes them even smaller. So, instead of multiplying them, we have to add their log probabilities which yield the same result:
For every probability, we have to apply softmax before using as measures like inverse of euclidean distance are very arbitrary and does not obey rules or probability.
Failing to do any of the above will result in putting all tags same or a repetition of a sequence of tags.
Last week saw the release of phpMyAdmin 4.6.5 (and 4.6.5.1 which included two minor fixes in 4.6.5) and security releases 4.4.15.9 and 4.0.10.18.
The 4.6.5 release had two minor but irritating issues: one with mysqli_real_escape_string() being passed improper parameters and was reproducible when $cfg['only_db'] or $cfg['hide_db'] are set, other one was about user being forced to input a partition count on new table create page. The fixes have been made and are released as a part of 4.6.5.1
Majority of last week was spent on refactoring and templating of various PMA_getHtml* functions apart from regular issue assessment.
Last week I continued with regular bug-fixing and issue investigation.
The bug reported some months back about Long Request URI in the AJAX call while browsing the results of Database search was fixed. It was partially because everything was being embedded in the href attribute of the link which was changed to use the HTML5’s data-* attributes and the Request method was changed to POST (originally GET).
Some issues (#12360, #12361) with self-injections in some scripts was also fixed and a bug reported in the SQL parser repository (#62) some months back turned out to be already fixed covered with a lot of fixes that have been made over the last three months. Though there is an issue left with
Meanwhile, while working on some issue-related files in the codebase, I tried to clean up some old commented debugging calls as well.
Next week should be ideally focused on fixing some security issues and the regular bug-fixing.
Last week, I started by looking at some security issues and made fixes for them. The rest of the week was focused on regular bug-fixing and issue assessment.
I worked on the issue to detect wrong ordering of clauses in the queries (#22) while being parsed by the SQL parser. There were some fixes in the main repository, too. The visual query builder used to generate a wrong query in case a foreign key with more than one columns was present between the tables (#12652) and was fixed by #12689.
There was fix (#12685) for an old issue (#12257) with the Table search page being very slow, as we were issuing an extra COUNT(*) queries (for helping us decide which UI to show) which might be very slow if tables have a large number of rows. It was fixed by implementing a work around for the COUNT(*) queries to get the necessary information.
I finally got all the tests and assertions to pass with the replacement of Util::sqlAddSlashes with escapeString function of the Database Interface (which in turn calls the inbuilt mysqli_real_escape_string ) in PR #12564, which also fixed the issue related to corrupted export of SQL (#12453). Some other minor fixes were also made and are listed in the list below.
Next week should be ideally focused on fixing some security issues, bug-fixing and some refactoring if time permits.
Last week was slightly calmer on the work side, since I fell ill once I got back to campus. But during the later part of the week, I worked on getting the tests to work in the old PR that was originally made to replace the custom escape functions by the escape functions like mysqli_real_escape_string provided by the PHP-MySQL connectors. This is being tracked at PR #12564 and once merged, it would also fix the issue #12453.
Meanwhile I have made some PRs (#12678, #12683) which once merged would go on to fix #12674 (which is about preventing incorrect identifiers as table names and database names) and #12681 (which is about incorrect link to table structure if table name contains $ symbol).
This week I also took out some time to refactor a small Language selection display and converted it into a template. Also, quite a lot of commits are being made in the PR #12564 itself, since a lot of tests have to be fixed. Along with this, some time was spent on
Next week I would continue to look at the bug-fixing and might also look at some security issues if the time permits.
Last week was focused on bug-fixing in main repository and refactoring and adding some tests to the SQL parser. The parser library has now has reached unit test coverage of 99.75% as reported by the Codecov.io tool. The rest of week in which I had thought I would find less time, in fact turned out to be quite normal and I made and pushed fixes for some newer issues as well
as some issues which had been opened since a few months. I also reviewed a pull request adding a grey color for NULL cells in the result set to make it more recognizable.
Some issues in the SQL parser, for example, an issue with incorrect parsing of various types of JOINs and improper lexing of begin labels in the stored procedure statements were also fixed during the week’s bug-fixing.
Next week, I might take a look at the security issues along with the regular bug-fixing and taking up some refactoring work if the time permits. Since, I would be travelling back to campus on Monday and Tuesday, my activity might be slightly less over these two days, but I hope I would be able to make up for it during the remaining part of the week.
In the last week, I could contribute slightly less as I spent some time working on the python library pcap_to_ditg (related to my research project at the university and unrelated to PMA as such). Friday and Saturday also saw slightly less activity as I was travelling home for the Diwali festivities upcoming in the next week.
While using the debugging feature of phpMyAdmin in reproducing some other issue, I managed to discover some issues with the debugging feature of phpMyAdmin as it was throwing a JS error while trying to look at the traces and arguments of the functions which were called without any arguments. I reported it and fixed the issue at #12639.
Since version 10.1.2, MariaDB has introduced password validation plugins (for ex. simple_password_check) for validating if the password provided while creating a new user satisfies the minimum requirements or not. phpMyAdmin tried to create the new user using CREATE USER … IDENTIFIED VIA .. USING … where we used the hashed password which the validating plugins reject as they cannot check for the complexity from the hash. So, we now check if any of these plugins are active in MariaDB and provide a cleartext password in such cases.
I worked on a few JS issues which we have received regarding our TIME, TIMESTAMP, DATETIME, DATE fields’ input in phpMyAdmin’s Table Insert page and the Grid edit feature on Browse page, but the work on these is still on-going and they should be fixed in coming week(s).
Next week might have a similar focus on bug-fixing, some issue assessment of remaining unattended issues and some refactoring. I might find slightly less time next week due to festivities, but having spent slightly more than scheduled time in the first two weeks of this month, it should not be much of a problem overall.
Yesterday, I packaged and released my first python library pcap_to_ditg‘s version 0.1.1.
The library can be used to convert the Packet capture files generated from Wireshark, TCPDump etc. into DITG script files. This would make it possible to read a trace file generated from any port of any topology and replay the traffic exactly onto your custom topology. I hope this would go on and help the network researchers while testing their prototypes in real traffic scenarios.
Since last semester, I had been working with Dr. K. Haribabu, who is an Assistant professor at BITS Pilani currently working on the research areas like Software Defined Networking (SDN), Hybrid and cost-effective SDN deployment, P2P networks etc. I co-authored a paper with him which was presented in July, 2016 at the International Network Conference 2016, Frankfurt, Germany. For the performance evaluation, we were in need of replicating real Network traffic and check how our prototype delivers and scales.
I researched and tried out various traffic generators mentioned in this list, but no one was fulfilling our requirements exactly. Moreover, even after one gets the real network traces (for ex, we used one here), since there is no prior knowledge of the topology of the network of the trace, it’s not very simple to replicate it as it is. So, I manually mapped the hosts and IPs in the traces to the hosts in our test topology and we decided that we would use the DITG script files to replay the traffic. Once the mapping is complete, the library would generate the script files for all our hosts, which can then be run as it is.
The library installation and usage details are available in README on Package Index page or on my Github (where mostly its future development should go on).
Share it with your friends if you know someone who might need to use it. Contributions in Pull Requests, Feature Requests, Bug reports etc. are always welcome (through Github tracker).
The last week was again mostly focused on bug-fixing along with working on some fixes for the recently raised security issues (and so are not included in the issues listed below).
Similar to last week, I also continued looking at previously unattended and unlabeled issues on the tracker. Some fixes for #12366 (which is about using password in CREATE USER statement while the *_password_check plugins in MariaDB are active) and #12472 (which is related to wrong DSN shown in phpMyAdmin setup page with config method) are currently made as PRs to get a review before merging them.
The issue #12610 would also be fixed once the new SQL parser is released and is updated to the recent version in the main repository. I have also made the fix for #12533 but I am waiting for a feedback from the original reporter to see if it has fixed the problem as expected.
Next week might focus on bug-fixing, some issue assessment of remaining unattended issues and some refactoring.
This is my final blog post reporting about the work I have carried out under the phpMyAdmn developer contract. However, I will continue to contribute to phpMyAdmin in a voluntary basis.
During the period, my focus was solely on bus fixes. This was mostly due to the continuous stream of bugs we were receiving and most of the bugs were related to the newly released 4.6 version.
Following are the bugs fixes during the period.
issue #12092 Rename exported databases/tables doesn't seem to work
issue #12099 Undefined index: controllink
issue #12094 PHP Fatal error: Call to undefined function __()
issue #12116 Fulltext indexes are not copied when using copy database function
issue #12125 Cannot highlight a column if I scroll down from the top of the table
issue #12132 Can not open table with JSON field
issue #12143 Cannot login with certain password
Additionally, I attended to the following bugs.
issue #12088 Improper comment creation and escaping with Percona 5.7 (` instead of ', extra "AS")
issue #12091 Import file does not working when data have \' (4.6.0rc2)
issue #12101 Change or remove "Slave replication" "Reset slave"
issue #12104 Copy Database no longer working
issue #12115 Relations vs Orphans
issue #12139 Import Export error
issue #12130 Error for Browser when got error 500
issue #12149 Class 'PMA_Util' not found
Moreover, I attended to following pull requests as well.
issue #12113 Add new server variables
issue #12136 Fix offering JSON datatype in incompatible MySQL versions
I engaged in a mix of bug fixes and improvements (including refactoring) during the fortnight. The bugs fixed and attended are as follows.
Bugs fixed issue #12073 Hide edit and delete buttons when the results are not related to a table issue #12085 Like search strings being escaped incorrectly Bugs attended issue #12071 Syntax error in PMA, not at command line client issue #12074 Invalid export issue #12087 Add support for JSON data type (in MySQL 5.7)
I went on to refactor the code that handled bookmarks. I used object orientation and updated the existing unit tests to suit the refactored code. Moreover, I updated the metro theme to be compatible with the upcoming 4.6.0 version, so phpMyAdmin has, at least, one additional theme compatible with the new version.
Refactoring Clean up dead code Refactor bookmark handling code
Other improvements Update metro theme to be compatible with 4.6.0
The work carried out during the two weeks was very diverse. I attended bug fixes (primarily), feature requests, documentation and questions, security issues, pull requests and code improvements in general.
The bugs fixed and attended during the period are, Bugs fixed issue #11964 Undefined index: TABLE_COMMENT in database structure page issue #11969 Missing confirmation while dropping a view in view_operations.php issue #11977 Table name is not recognized by parser in DROP INDEX statement issue #11979 DECLARE not accepted as valid SQL issue #12017 Cannot easily select multiple tables when exporting Fix SQL syntax highlighting in database search page
Bugs attended issue #11965 Deprecation Notice: StringReader has a deprecated constructor issue #11982 Row count wrong when grouping joined tables
Additionally, following feature request was implemented and code improvements were performed.
Improvements Use back quotes around table names in confirmation messages Fix coding style violations
Meanwhile, I also attended to pull requests submitted mainly bu GSoC aspirants.
Pull requests attended issue #32 Fix Row count wrong when grouping joined tables, phpmyadmin/phpmyadmin#11982 issue #12036 Fix for wrong mysql_upgrade message on Users tab with Percona Server 5.7
Documentation and Questions issue #11970 Can you add an option to remove UUID for primary keys? issue #11972 Missing documentation for $cfg['Servers'][$i]['favorite'] and $cfg['NumFavoriteTables']
Towards the end of the month, we received two detailed reports on vulnerabilities in phpMyAdmin and I contributed by coordinating, and fixing the vulnerabilities.
Security issues issue #12 1.3 XSS in tbl_type parameter [PMASA-2016-12] issue #13 1.4 XSS in normalization.php [PMASA-2016-12] issue #14 1.5 XSS in normalization.js [PMASA-2016-12] issue #15 1.6 XSS in normalization.js [PMASA-2016-12] issue #25 XSS in normalization.js [PMASA-2016-12] issue #26 XSS in User accounts page [PMASA-2016-11] issue #27 XSS in Central columns page [PMASA-2016-12] issue #28 XSS in Zoom search [PMASA-2016-11]
During the nineteenth and twentieth weeks, I was away from work between 2nd Feb to 10th Feb. However, during the rest of the days, I engaged in both code refactoring and bus fixes. Early on the fortnight, I refactored the server binary logs page to use the MVC architecture. This included introducing a controller class, using templating and updating unit tests.
Code refactoring Refactor server binary logs page to use MVC architecture
In terms of bugs, following bugs were fixed and more bugs were attended.
Bugs fixed issue #11909 Can't insert row into table that contains generated column issue #11911 Inserts via tbl_change.php in VARBINARY columns does not allow using HEX() and MD5() issue #11923 Errors on Structure tab when user only has select access on certain columns issue #11942 Change column action takes ages Bugs attended issue #11922 Browse fails with users who have only column privileges for some columns issue #11434 Class 'SqlParser\Lexer' not found (OS X)
I was continuing on my year-end break on fifteenth week and did not work during the week, except for 2 hours on 4th January. So this report includes work carried out during the sixteenth week.
During the week, I concentrated solely on bug fixes since there were a sizable number of bugs being reported. Most of the bugs fixed were regressions. For example, #11771 and #11846 were only present in latest git version and was due to refactoring and JS library updates respectively.
The complete list of bugs fixed and investigated are as follows,
Bugs Fixed
issue #11771 Transformation column path problem
issue #11772 Table pagination does nothing when session expired
issue #11810 'Add to central columns' in tbl_structure.php (per column button) nothing happens
issue #11814 SQL comment and variable stripped from bookmark on save
issue #11840 Index comments not working properly
issue #11846 Grid editing window is disabled the second time
issue #11854 Undefined property: stdClass::$releases at version check when disabled in config
Bugs Investigated
issue #11712 "Browse Foreign Values" Search broken across databases in 4.5.2
issue #11713 Not receiving notifications for updates
My work during these two weeks concentrated pretty much on the security vulnerabilities that were reported. We received two lengthy reports on a number of security vulnerabilities which included cross-site scripting, full path disclosure, weaknesses in token generation and comparison etc. Altogether these vulnerabilities resulted in 9 PMASAs taking into the different combinations of phpMyAdmin versions they affected.
I contributed by fixing some vulnerabilities, testing security patches, porting some fixes done by others developers to older branches, preparing PMASAs and coordinating with the reporter, CVE team and phpMyAdmin security team.
The latter part of the fortnight was spent on fixing two regressions introduced by the security releases.
issue #11891 Error with PMA 4.0.10.13 with PHP 5.2
issue #11892 Error with PMA 4.4.15.3
Moreover, following bug was fixing during the two weeks.
![[RSS 1.0 Feed]](images/rss10.png){kind=small}
![[RSS 2.0 Feed]](images/rss20.png){kind=small}
![[Atom Feed]](images/atom.png){kind=small}
![[FOAF Subscriptions]](images/foaf.png){kind=small}
![[OPML Subscriptions]](images/opml.png){kind=small}
![[Venus]](images/venus.png){kind=small}