Les articles publiés sur le site
-
New Piwik Mobile 2.2.0 is released
21 décembre 2014, par Thomas Steur — Piwik Mobile ReleasesWe are proud to announce that Piwik Mobile 2.2.0 is now available! This new version brings many improvements to our Android app. Here’s the list of changes:
- Android: The keyboard is no longer displayed when opening the app [#5320]
- Android: Back button did not work in a few screens and could cause the app to unexpectedly close under circumstances [#5316]
- Android: The graph is now displayed fullscreen on tablets when maximizing it [#5315]
- Android: New material design icons [#5310]
- Android: Better exit workflow – we now open the left sidebar before closing the app if the left sidebar was opened at least once. Another back button press closes the app [#4305]
- iOS: The left sidebar was positioned too far down on iPhone 4s with iOS 8 [#5306]
- Region is now shown in visitor screen if possible [#5300]
- Other performance, UI and usability improvements
- List of all 18 closed issues
Download
Update now or install either the iOS version or the Android version.
In case you are an Android user who is not using the Google Play Store you can download Piwik Mobile 2.2.0 for Android 4+.Feel free to send us feature wishes, bug reports, wireframes, mockups or even layouts. We can improve Piwik Mobile much better with your feedback. and suggestions
-
New Piwik Mobile 2.2.0 is released
21 décembre 2014, par Thomas Steur — Piwik Mobile ReleasesWe are proud to announce that Piwik Mobile 2.2.0 is now available! This new version brings many improvements to our Android app. Here’s the list of changes:
- Android: The keyboard is no longer displayed when opening the app [#5320]
- Android: Back button did not work in a few screens and could cause the app to unexpectedly close under circumstances [#5316]
- Android: The graph is now displayed fullscreen on tablets when maximizing it [#5315]
- Android: New material design icons [#5310]
- Android: Better exit workflow – we now open the left sidebar before closing the app if the left sidebar was opened at least once. Another back button press closes the app [#4305]
- iOS: The left sidebar was positioned too far down on iPhone 4s with iOS 8 [#5306]
- Region is now shown in visitor screen if possible [#5300]
- Other performance, UI and usability improvements
- List of all 18 closed issues
Download
Update now or install either the iOS version or the Android version.
In case you are an Android user who is not using the Google Play Store you can download Piwik Mobile 2.2.0 for Android 4+.Feel free to send us feature wishes, bug reports, wireframes, mockups or even layouts. We can improve Piwik Mobile much better with your feedback. and suggestions
-
New Piwik Mobile 2 Beta app (Android only)
9 décembre 2014, par Thomas Steur — Piwik Mobile ReleasesAre you interested in testing our newest features, bug fixes and performance improvements before they make it to our next Piwik Mobile version?
Check out our new app Piwik Mobile 2 Beta on Google Play. This beta includes more than 15 bugfixes and improvements.
We have been testing as much as we could. Now is your time to experiment and help us to track down any bugs, or even suggest usability improvements. Start using it and send us any feedback or issue a bug. We can improve Piwik Mobile much better with your help!
Be aware that this version may contain bugs, if you are interested in a more stable version install Piwik Mobile 2 instead.
-
New Piwik Mobile 2 Beta app (Android only)
9 décembre 2014, par Thomas Steur — Piwik Mobile ReleasesAre you interested in testing our newest features, bug fixes and performance improvements before they make it to our next Piwik Mobile version?
Check out our new app Piwik Mobile 2 Beta on Google Play. This beta includes more than 15 bugfixes and improvements.
We have been testing as much as we could. Now is your time to experiment and help us to track down any bugs, or even suggest usability improvements. Start using it and send us any feedback or issue a bug. We can improve Piwik Mobile much better with your help!
Be aware that this version may contain bugs, if you are interested in a more stable version install Piwik Mobile 2 instead.
-
How to verify signatures for Piwik release packages
19 novembre 2014, par Piwik Core Team — SecurityWe are proud to announce that Piwik project now cryptographically signs the Piwik releases using PGP following requests from several community members. In this post we will explain how you can verify the signatures of the Piwik release you downloaded, with instructions for Windows, Mac OS X and Linux.
What is a signature and why should I check it?
How do you know that the Piwik platform you have is really the one we made? Some software sites list sha1 hashes alongside the software on their website, so users can verify that they downloaded the file without any errors. These “checksums” help you answer the question “Did I download this file correctly from whoever sent it to me?” They do a good job at making sure you didn’t have any random errors in your download, but they don’t help you figure out whether you were downloading it from a compromised server. The better question to answer is: “Is this file that I just downloaded the file that Piwik intended me to get?”. Over the years several Piwik users have requested that we start signing our releases.
Where do I get the signatures and the keys that made them?
Each file on our release server builds.piwik.org is accompanied by a file with the same name as the package and the extension
.asc. These .asc files are GPG signatures. They allow you to verify the file you’ve downloaded is exactly the one that we intended you to get. For example,piwik-2.9.0.zipis accompanied bypiwik-2.9.0.zip.asc.Currently Matthieu Aubry is the release manager and signs the Piwik releases. His signature can be found here: builds.piwik.org/signature.asc
How to verify signatures on Windows
You need to have GnuPG installed before you can verify signatures. Download it from http://gpg4win.org/download.html.
Once it's installed, use GnuPG to import the key that signed your package. Since GnuPG for Windows is a command-line tool, you will need to use cmd.exe. Unless you edit your PATH environment variable, you will need to tell Windows the full path to the GnuPG program. If you installed GnuPG with the default values, the path should be something like this: C:\Program Files\Gnu\GnuPg\gpg.exe.
Import Piwik Release manager Matthieu's key (0x416F061063FEE659) by starting cmd.exe and typing:
"C:\Program Files\Gnu\GnuPg\gpg.exe" --keyserver keys.gnupg.net --recv-keys 814E346FA01A20DBB04B6807B5DBD5925590A237
After importing the key, you can verify that the fingerprint is correct:
"C:\Program Files\Gnu\GnuPg\gpg.exe" --fingerprint 814E346FA01A20DBB04B6807B5DBD5925590A237
You should see:
pub 4096R/5590A237 2013-07-24 Key fingerprint = 814E 346F A01A 20DB B04B 6807 B5DB D592 5590 A237 uid Matthieu Aubry <matt@piwik.org> uid Matthieu Aubry <matthieu.aubry@gmail.com> uid Matthieu Aubry <matt@piwik.pro> sub 4096R/43F0D330 2013-07-24To verify the signature of the package you downloaded, you will need to download the ".asc" file as well. Assuming you downloaded the package and its signature to your Desktop, run:
"C:\Program Files\Gnu\GnuPg\gpg.exe" --verify C:\Users\Alice\Desktop\piwik-2.9.0.zip.asc C:\Users\Alice\Desktop\piwik-2.9.0.zip
The output should say "Good signature":
gpg: Signature made Thu 13 Nov 2014 17:42:18 NZDT using RSA key ID 5590A237 gpg: Good signature from "Matthieu Aubry <matt@piwik.org>" gpg: aka "Matthieu Aubry <matthieu.aubry@gmail.com>" gpg: aka "Matthieu Aubry <matt@piwik.pro>"
Notice that there may be a warning in case you haven't assigned a trust index to this person. This means that GnuPG verified that the key made that signature, but it's up to you to decide if that key really belongs to the developer. The best method is to meet the developer in person and exchange key fingerprints.
Mac OS X and Linux
On Linux GnuPG is usually installed by default. On Mac OS X, you need to have GnuPG installed before you can verify signatures. You can install it from http://www.gpgtools.org/.
Once it's installed, use GnuPG to import the key that signed your package. Matthieu Aubry signs the Piwik releases. Import his key (814E346FA01A20DBB04B6807B5DBD5925590A237) by starting the terminal (under "Applications") and typing:
gpg --keyserver keys.gnupg.net --recv-keys 814E346FA01A20DBB04B6807B5DBD5925590A237
After importing the key, you can verify that the fingerprint is correct:
gpg --fingerprint 814E346FA01A20DBB04B6807B5DBD5925590A237
You should see:
pub 4096R/5590A237 2013-07-24 Key fingerprint = 814E 346F A01A 20DB B04B 6807 B5DB D592 5590 A237 uid Matthieu Aubry <matt@piwik.org> uid Matthieu Aubry <matthieu.aubry@gmail.com> uid Matthieu Aubry <matt@piwik.pro> sub 4096R/43F0D330 2013-07-24To verify the signature of the package you downloaded, you will need to download the ".asc" file as well. Assuming you downloaded the package and its signature to your Desktop, run:
gpg --verify /Users/Alice/piwik-2.9.0.zip{.asc*,}The output should say "Good signature":
gpg: Signature made Thu 13 Nov 2014 17:42:18 NZDT using RSA key ID 5590A237 gpg: Good signature from "Matthieu Aubry <matt@piwik.org>" gpg: aka "Matthieu Aubry <matthieu.aubry@gmail.com>" gpg: aka "Matthieu Aubry <matt@piwik.pro>"
Notice that there may be a warning in case you haven't assigned a trust index to this person. This means that GnuPG verified that the key made that signature, but it's up to you to decide if that key really belongs to the developer. The best method is to meet the developer in person and exchange key fingerprints.
That's it! In this article you have learnt how you can verify that the Piwik package you have downloaded on your computer was the same as the one Piwik team has officially created. We hope this helps you use Piwik with more security.
Source: this article was copied and adapted from the great Tor Browser project website page How to verify signatures for Tor packages
