SemanticScuttle 0.97 and 0.97.1
This post is just a heads up that development in SemanticScuttle is still going on.
In 2010-06-09, your own bookmark manager had been released with a number of bug fixes and some new features:
- A number of SQL optimizations - the tool lists bookmarks 4 times faster now
- Russian translation
- Improvements on the delicious-compatible ajax API
On 2010-09-28 I got a private security-related bug report that there was a permission problem with the "delete bookmark" API, and probably also with other API methods. I verified the bug and also verified that the other methods did not suffer from the same problem, and a day later, 2010-09-29, the security updated version 0.97.1 got released.
The issue had been that, although the user authentification had been verified, SemanticScuttle did not actually make sure that the bookmark that was to be deleted belongs to the user. You could delete any bookmark by just having a valid user account.
I'm still spending quite a lot of time hacking on SemanticScuttle, with some interesting enhancements to come:
- The whole form handling code will be rewritten to use html_QuickForm2. Since QuickForm2 has some nice CAPTCHA elements , registration and perhaps login will get real captchas that cannot be broken that easy like the current security question. It will also mean that in the future it will be possible to replace the plain text bookmark description text field with a rich text input area.
- More optimized SQL queries. Currently, SemanticScuttle is a bit slow when you have some 30.000 or more bookmarks. The issues can be fixed (and I prototyped that fix already) by adding some clever indexes to the database and rewriting the generated SQL queries. When this is done, you can host millions of bookmarks without problems.
- A good part of the delicious compatible API already got unit tests; those changes are in SVN already. While writing the tests, I also re-wrote the relevant API method code - leading to cleaner code, more supported parameters and more compatibility with the original delicious API.
- Anti-spam measures. SemanticScuttle is a target for spammers, and you can actually buy tools that fill SemanticScuttle installations with spam links. Our bookmark manager will get options to make it harder for bad people to register - like admin approval of accounts, rate limiting for adding bookmarks and other things.
- Implementation of the extended delicious API, so that one day you can use the official delicious Firefox extension with your SemanticScuttle installation - which means address bar, bookmark and sidebar integration.