SemanticScuttle 0.97 and 0.97.1

This post is just a heads up that development in SemanticScuttle is still going on.

SemanticScuttle 0.97.0

In 2010-06-09, your own bookmark manager had been released with a number of bug fixes and some new features:

SemanticScuttle 0.97.1

On 2010-09-28 I got a private security-related bug report that there was a permission problem with the "delete bookmark" API, and probably also with other API methods. I verified the bug and also verified that the other methods did not suffer from the same problem, and a day later, 2010-09-29, the security updated version 0.97.1 got released.

The issue had been that, although the user authentification had been verified, SemanticScuttle did not actually make sure that the bookmark that was to be deleted belongs to the user. You could delete any bookmark by just having a valid user account.

The future

I'm still spending quite a lot of time hacking on SemanticScuttle, with some interesting enhancements to come:

  1. jQuery will replace dojo as the javascript framework. For you as the user, this means faster code, nicer-looking tag menus and prettier bookmark tagging. For me as a developer it means that I can use the javascript features even when being offline while riding the train to or from work - so they won't break by accident because I see it immediately. This work is nearly finished; the code is in my SemanticScuttle git repository in the jquery branch. Version 0.98 will have this change as the main feature.
  2. The whole form handling code will be rewritten to use HTML_QuickForm2. Since QuickForm2 has some nice CAPTCHA elements , registration and perhaps login will get real captchas that cannot be broken that easy like the current security question. It will also mean that in the future it will be possible to replace the plain text bookmark description text field with a rich text input area.
  3. More optimized SQL queries. Currently, SemanticScuttle is a bit slow when you have some 30.000 or more bookmarks. The issues can be fixed (and I prototyped that fix already) by adding some clever indexes to the database and rewriting the generated SQL queries. When this is done, you can host millions of bookmarks without problems.
  4. A good part of the delicious compatible API already got unit tests; those changes are in SVN already. While writing the tests, I also re-wrote the relevant API method code - leading to cleaner code, more supported parameters and more compatibility with the original delicious API.
  5. True XHTML+XML compatibility. When you activate debug mode, the Content-Type header is already application/xhtml+xml - which means that broken HTML and broken JavaScript leads to a page display failure, because your browser will behave really bitchy. Since implementing that change, I already fixed some XHTML and JavaScript issues. It will not be yet activated if SemanticScuttle is not in debug mode, but that will come once there has been enough testing.
  6. Anti-spam measures. SemanticScuttle is a target for spammers, and you can actually buy tools that fill SemanticScuttle installations with spam links. Our bookmark manager will get options to make it harder for bad people to register - like admin approval of accounts, rate limiting for adding bookmarks and other things.
  7. Implementation of the extended delicious API, so that one day you can use the official delicious Firefox extension with your SemanticScuttle installation - which means address bar, bookmark and sidebar integration.

Written by Christian Weiske.

Comments? Please send an e-mail.