semanticscuttle-devel — General discussion about SemanticScuttle development

Re: [Semanticscuttle-devel] Configurable privacy and SSL client certificates are in master!

[Brett D. <bs...@fr...>]

Hello, Christian.

I've closed the issue with your suggested comment.

Rgrds,
Brett

On Fri, 13 May 2011 12:12:30 +0200, Christian Weiske
<cw...@cw...> wrote:
> Hi Brett,
> 
> 
>> Configurable privacy allows you to determine which privacy flag
>> (public/protected/private) a bookmark gets when adding it - when
>> importing bookmarks, adding them via the API or the web interface.
>> Brett, thanks for your work!
> 
> Could you close the issue in the tracker as "implemented, will be in
> 0.98.0"?

Re: [Semanticscuttle-devel] Privatekey / www/ajaxGetNewPrivateKey.php

[Christian W. <cw...@cw...>]

Hello Mark,


> No reason.  Basically cut/pasted one of the other ajax scripts that
> was currently in the www folder.  Thought I'd be consistent.  I too
> prefer using json.  You want a single person to alter all the ajax
> scripts in the www folder?  If so, I'll be glad to alter each of them
> to using json.  Let me know.
No, no. Just that new one.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

[Semanticscuttle-devel] Privatekey / www/ajaxGetNewPrivateKey.php

[Christian W. <cw...@cw...>]

Hi Mark,


Why did you choose XML as result format for
www/ajaxGetNewPrivateKey.php? I'd like to use json since it's more
light-weight and jquery supports loading it easily.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] google custom searches limited to main page of sites?

[Christian W. <cw...@cw...>]

Hello Chris,


> That's not the problem at all, though. For instance: in my Scuttle
> bookmarks I have bookmarked http://chrislott.org/ -- the Google Search
> setup by Scuttle looks like this:
> http://www.google.com/cse?cref=http://clinki.es/gsearch/context.php&q=david&sa=Search&siteurl=clinki.es/gsearch/index.php
> 
> and returns one result.
> 
> I setup a CSE on my own with http://chrislott.org/ as a site:
> http://www.google.com/cse/home?cx=005906874594202320794:pd1c3rhiyv8&hl=en
> 
> and perform the same search and get the expected results (many)


I think I found the problem: The google search engine description is
not valid XML. Try to visit http://clinki.es/gsearch/context.php -
there are comments around the leading XML tag.

Edit www/gsearch/context.php and change
> <!--?xml version="1.0" encoding="UTF-8" ?-->
to
> <?xml version="1.0" encoding="UTF-8" ?>

Also login as admin and click the "refresh at google" link on the
gsearch page.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] user session problems

[Christian W. <cw...@cw...>]

Hello Mark,


> If this is the same list you are referring to, I thought we went
> through all of them.
I *thought* I mentioned that the create-testbookmarks script had a
limit of 10k instead of 10 bookmarks in it, and that's what bothered
me. But I looked through the mails and didn't find it. Consider my
rant baseless.


-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] user session problems

[Mark P. <mpe...@gm...>]

Status:  I've created the new branch from main, and just finished migrating
over all the privatekey changes.  About to head out of town

On Fri, May 13, 2011 at 8:50 AM, Mark Pemberton <mpe...@gm...>wrote:

> Here's the last list that I can find:
>    > + Privatekey works fine for the user's own bookmarks
> > - Does not work with all bookmarks (plain rss.php?privatekey) - I'm
> >   likely to subscribe to the all bookmarks feed in a private SC setup
> >   with a several users.
> > + Enabling and disabling the private key works fine
> > + Error page when accessing feed with wrong private key
> > + Error page when accessing feed with disabled private key
> > - Generating new key throws away form changes. This isn't that nice,
> >   but I'll accept it for now and we can fix that when the quickform
> >   branch is finished.
> > - 1) BookmarkTest::testPrivateBookmarks
> >   Undefined offset: 1
> >   /home/cweiske/Dev/semanticscuttle/cwdev/tests/BookmarkTest.php:1387
> If this is the same list you are referring to, I thought we went through
> all of them.  Will confess that I did see some unit test errors and will
> work on them.  I also had a lot of conflicts when merging master, which I
> thought was normal.
>
> No excuses on my part.  Here's a new working to-do list.  Please add as you
> see fit:
>
> Before continuing I'll create a new branch from master (calling it
> primarykey2) and pull in all relevant changes.
>
> 1) Resolve unit test errors
> 2) Refine code in rss.php
> 3) Update User.php::loginPrivateKey() to follow updated user session
> configuration
> 4) Add private key support to tag feeds
>
> Cheers,
> Mark
>
>
> On Fri, May 13, 2011 at 12:56 AM, Christian Weiske <cw...@cw...>wrote:
>
>> Hello Mark,
>>
>>
>> > Whew, ok, I either passed or failed.  Please check my work to make
>> > sure we're on the same page.  If I failed, don't be too harsh on me.
>> > Everything seems to be in order with the rss feed.
>>
>> Could you please look through the last QA list I sent? I just began
>> testing and many items are still open.
>>
>> I also saw that the opensearch unit test does not work because of a
>> leading empty line. Did it really work for you?
>>
>> And I'd like to have another feature, that is private key support for
>> tag feeds (add it to the meta there, too).
>>
>> About your latest changes:
>>
>> www/rss.php: You have 2 times the same privatekey code, which is
>> unnecessary in my eyes.
>> Service/User.php::loginprivatekey(): you set the session variable
>> instead of using setcurrentuserid.
>>
>>
>> I've got to say that I have problems comparing the privatekey branch
>> with master because of the many unrelated changes in there. The diff is
>> a whopping 214kiB. Since I don't want to throw that changes away and
>> lose your work, I'll gradually merge whitespace changes from your branch
>> into master.
>>
>> Maybe it would be helpful to start a new branch with a fresh clone of
>> the master branch and cherry-pick the relevant changes from the current
>> privatekey branch. This way we'd have a clean pk branch and overview
>> about all changes.
>>
>> --
>> Regards/Mit freundlichen Grüßen
>> Christian Weiske
>>
>> -=≡ Geeking around in the name of science since 1982 ≡=-
>>
>>
>> ------------------------------------------------------------------------------
>> Achieve unprecedented app performance and reliability
>> What every C/C++ and Fortran developer should know.
>> Learn how Intel has extended the reach of its next-generation tools
>> to help boost performance applications - inlcuding clusters.
>> http://p.sf.net/sfu/intel-dev2devmay
>> _______________________________________________
>> Semanticscuttle-devel mailing list
>> Sem...@li...
>> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>>
>>
>

Re: [Semanticscuttle-devel] user session problems

[Mark P. <mpe...@gm...>]

Here's the last list that I can find:
> + Privatekey works fine for the user's own bookmarks
> - Does not work with all bookmarks (plain rss.php?privatekey) - I'm
>   likely to subscribe to the all bookmarks feed in a private SC setup
>   with a several users.
> + Enabling and disabling the private key works fine
> + Error page when accessing feed with wrong private key
> + Error page when accessing feed with disabled private key
> - Generating new key throws away form changes. This isn't that nice,
>   but I'll accept it for now and we can fix that when the quickform
>   branch is finished.
> - 1) BookmarkTest::testPrivateBookmarks
>   Undefined offset: 1
>   /home/cweiske/Dev/semanticscuttle/cwdev/tests/BookmarkTest.php:1387
If this is the same list you are referring to, I thought we went through all
of them.  Will confess that I did see some unit test errors and will work on
them.  I also had a lot of conflicts when merging master, which I thought
was normal.

No excuses on my part.  Here's a new working to-do list.  Please add as you
see fit:

Before continuing I'll create a new branch from master (calling it
primarykey2) and pull in all relevant changes.

1) Resolve unit test errors
2) Refine code in rss.php
3) Update User.php::loginPrivateKey() to follow updated user session
configuration
4) Add private key support to tag feeds

Cheers,
Mark


On Fri, May 13, 2011 at 12:56 AM, Christian Weiske <cw...@cw...>wrote:

> Hello Mark,
>
>
> > Whew, ok, I either passed or failed.  Please check my work to make
> > sure we're on the same page.  If I failed, don't be too harsh on me.
> > Everything seems to be in order with the rss feed.
>
> Could you please look through the last QA list I sent? I just began
> testing and many items are still open.
>
> I also saw that the opensearch unit test does not work because of a
> leading empty line. Did it really work for you?
>
> And I'd like to have another feature, that is private key support for
> tag feeds (add it to the meta there, too).
>
> About your latest changes:
>
> www/rss.php: You have 2 times the same privatekey code, which is
> unnecessary in my eyes.
> Service/User.php::loginprivatekey(): you set the session variable
> instead of using setcurrentuserid.
>
>
> I've got to say that I have problems comparing the privatekey branch
> with master because of the many unrelated changes in there. The diff is
> a whopping 214kiB. Since I don't want to throw that changes away and
> lose your work, I'll gradually merge whitespace changes from your branch
> into master.
>
> Maybe it would be helpful to start a new branch with a fresh clone of
> the master branch and cherry-pick the relevant changes from the current
> privatekey branch. This way we'd have a clean pk branch and overview
> about all changes.
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -=≡ Geeking around in the name of science since 1982 ≡=-
>
>
> ------------------------------------------------------------------------------
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
> http://p.sf.net/sfu/intel-dev2devmay
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>
>

Re: [Semanticscuttle-devel] Configurable privacy and SSL client certificates are in master!

[Christian W. <cw...@cw...>]

Hi Brett,


> Configurable privacy allows you to determine which privacy flag
> (public/protected/private) a bookmark gets when adding it - when
> importing bookmarks, adding them via the API or the web interface.
> Brett, thanks for your work!

Could you close the issue in the tracker as "implemented, will be in
0.98.0"?


-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-= Geeking around in the name of science since 1982 =-

Re: [Semanticscuttle-devel] Work on #3163623 started: SSL Client Certificates

[Christian W. <cw...@cw...>]

Hello Brett,


> > SSL Client certificate support is finished, apart from
> > documentation. It would be awesome if someone could test it.
> Does this need to be tested before 0.98.0?

That would be great. I wrote (hopefully) exhaustive documentation in
doc/ssl-client-certs.rst that you can follow. If you want pretty HTML,
install the docutils package and use rst2html, or just read
http://tmp.cweiske.de/ssl-client-certificates.html


-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] user session problems

[Christian W. <cw...@cw...>]

Hello Mark,


> Whew, ok, I either passed or failed.  Please check my work to make
> sure we're on the same page.  If I failed, don't be too harsh on me.
> Everything seems to be in order with the rss feed.

Could you please look through the last QA list I sent? I just began
testing and many items are still open.

I also saw that the opensearch unit test does not work because of a
leading empty line. Did it really work for you?

And I'd like to have another feature, that is private key support for
tag feeds (add it to the meta there, too).

About your latest changes:

www/rss.php: You have 2 times the same privatekey code, which is
unnecessary in my eyes. 
Service/User.php::loginprivatekey(): you set the session variable
instead of using setcurrentuserid.


I've got to say that I have problems comparing the privatekey branch
with master because of the many unrelated changes in there. The diff is
a whopping 214kiB. Since I don't want to throw that changes away and
lose your work, I'll gradually merge whitespace changes from your branch
into master.

Maybe it would be helpful to start a new branch with a fresh clone of
the master branch and cherry-pick the relevant changes from the current
privatekey branch. This way we'd have a clean pk branch and overview
about all changes.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

[Semanticscuttle-devel] Configurable privacy and SSL client certificates are in master!

[Christian W. <cw...@cw...>]

Hi all,


I just merged Brett's configurable privacy branch and my ssl client
certificate branch into master, which means that both features will be
in Version 0.98.0.

Configurable privacy allows you to determine which privacy flag
(public/protected/private) a bookmark gets when adding it - when
importing bookmarks, adding them via the API or the web interface.
Brett, thanks for your work!

SSL client certificates allow you to securely login automatically
without providing a username or password.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] SemanticScuttle 0.98.0 is near

[Brett D. <bs...@fr...>]

Okay. Thanks.

Rgrds,
Brett

On Wed, 11 May 2011 08:26:31 +0200, Christian Weiske
<cw...@cw...> wrote:
> Hello Brett,
> 
> 
>> > The release of SemanticScuttle 0.98.0 is near. All what's stopping
>> > me from publishing the release is the configurable-privacy2 and
>> > privatekey branches which need some minor fixes and will be merged
>> > then.
>> I can finish by the end of the week.
> 
> I saw that you did the changes I requested. I'll merge it into master
> today.

Re: [Semanticscuttle-devel] user session problems

[Mark P. <mpe...@gm...>]

Whew, ok, I either passed or failed.  Please check my work to make sure
we're on the same page.  If I failed, don't be too harsh on me.  Everything
seems to be in order with the rss feed.

On Thu, May 12, 2011 at 2:09 PM, Christian Weiske <cw...@cw...>wrote:

> Hello Mark,
>
>
> > > 1. The private key authenticates the user on certain areas of
> > >   SemanticScuttle - currently only on the RSS feeds. No other area.
> > > 2. To be able to use the service methods required for private RSS
> > >   feeds, we need to register the user identified by the private key
> > > as the current user.
> > > 3. The current user is stored in the session
> > > 4. To restrict privatekey access to the RSS feeds only, we need to
> > >   unregister the current user after the feed has been generated.
> > > 5. If the script crashes during RSS generation, the user does not
> > > get unregistered/unset. This means that the user will be still
> > > logged in and can access all areas although he originally only had
> > > the private key.
> > >
> > > So we need to decouple the current user from the session storage.
> > Gotcha.  About to walk into a meeting.  I think it can be done, and
> > hopefully with little pain.  Will catch up later.
>
> I fixed that in the master branch; just merge it - it should apply
> without problems.
>
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -=≡ Geeking around in the name of science since 1982 ≡=-
>
>
> ------------------------------------------------------------------------------
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
> http://p.sf.net/sfu/intel-dev2devmay
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>
>

Re: [Semanticscuttle-devel] user session problems

[Christian W. <cw...@cw...>]

Hello Mark,


> > 1. The private key authenticates the user on certain areas of
> >   SemanticScuttle - currently only on the RSS feeds. No other area.
> > 2. To be able to use the service methods required for private RSS
> >   feeds, we need to register the user identified by the private key
> > as the current user.
> > 3. The current user is stored in the session
> > 4. To restrict privatekey access to the RSS feeds only, we need to
> >   unregister the current user after the feed has been generated.
> > 5. If the script crashes during RSS generation, the user does not
> > get unregistered/unset. This means that the user will be still
> > logged in and can access all areas although he originally only had
> > the private key.
> >
> > So we need to decouple the current user from the session storage.
> Gotcha.  About to walk into a meeting.  I think it can be done, and
> hopefully with little pain.  Will catch up later.

I fixed that in the master branch; just merge it - it should apply
without problems.


-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Chat with Christian Weiske

[Christian W. <cw...@cw...>]

Hi Mark,



> > 3:36 AM Christian: do you have an idea how to solve the session
> > problem? I'd probably use a static class variable
> >   we need to see if logging in/logging off and all the unit tests
> > run afterwards
> Would you be kind enough to catch me up on the actual session problem?

1. The private key authenticates the user on certain areas of
   SemanticScuttle - currently only on the RSS feeds. No other area.
2. To be able to use the service methods required for private RSS
   feeds, we need to register the user identified by the private key as
   the current user.
3. The current user is stored in the session
4. To restrict privatekey access to the RSS feeds only, we need to
   unregister the current user after the feed has been generated.
5. If the script crashes during RSS generation, the user does not get
   unregistered/unset. This means that the user will be still logged in
   and can access all areas although he originally only had the private
   key.

So we need to decouple the current user from the session storage.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-= Geeking around in the name of science since 1982 =-

Re: [Semanticscuttle-devel] SemanticScuttle 0.98.0 is near

[Mark P. <mpe...@gm...>]

Is there something I can help with?
On May 11, 2011 1:33 PM, "Christian Weiske" <cw...@cw...> wrote:
> Hello Mark,
>
>
>> > I assume that getWatchNames uses the current user. Can't you just
>> > set the current user without storing that information in the
>> > session?
>> The call to getBookmarks() makes calls to getCurrentUserId() and
>> isLoggedIn() which both require data stored in the session
>> (via setCurrentUserId()). So if you want to avoid storing data in the
>> session then we may need to add an additional argument to
>> getBookmarks(). The getWatchNames() has two arguments (user ID,
>> Watched By), so it makes no reference to the session/current user
>> data.
>>
>> Throwing this out as an idea, I could pass the privatekey as an
>> argument in getBookmarks() which will eliminate the need to store any
>> data in the session. Thoughts?
>
> Nope, in that case we need to fix the user storage to not depend on the
> session. I'll fix that.
>
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] SemanticScuttle 0.98.0 is near

[Mark P. <mpe...@gm...>]

Ok.

On Wed, May 11, 2011 at 1:33 PM, Christian Weiske <cw...@cw...>wrote:

> Hello Mark,
>
>
> > > I assume that getWatchNames uses the current user. Can't you just
> > > set the current user without storing that information in the
> > > session?
> > The call to getBookmarks() makes calls to getCurrentUserId() and
> > isLoggedIn() which both require data stored in the session
> > (via setCurrentUserId()).  So if you want to avoid storing data in the
> > session then we may need to add an additional argument to
> > getBookmarks(). The getWatchNames() has two arguments (user ID,
> > Watched By), so it makes no reference to the session/current user
> > data.
> >
> > Throwing this out as an idea, I could pass the privatekey as an
> > argument in getBookmarks() which will eliminate the need to store any
> > data in the session.  Thoughts?
>
> Nope, in that case we need to fix the user storage to not depend on the
> session. I'll fix that.
>
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -=≡ Geeking around in the name of science since 1982 ≡=-
>
>
> ------------------------------------------------------------------------------
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
> http://p.sf.net/sfu/intel-dev2devmay
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>
>

Re: [Semanticscuttle-devel] SemanticScuttle 0.98.0 is near

[Christian W. <cw...@cw...>]

Hello Mark,


> > I assume that getWatchNames uses the current user. Can't you just
> > set the current user without storing that information in the
> > session?
> The call to getBookmarks() makes calls to getCurrentUserId() and
> isLoggedIn() which both require data stored in the session
> (via setCurrentUserId()).  So if you want to avoid storing data in the
> session then we may need to add an additional argument to
> getBookmarks(). The getWatchNames() has two arguments (user ID,
> Watched By), so it makes no reference to the session/current user
> data.
> 
> Throwing this out as an idea, I could pass the privatekey as an
> argument in getBookmarks() which will eliminate the need to store any
> data in the session.  Thoughts?

Nope, in that case we need to fix the user storage to not depend on the
session. I'll fix that.


-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] SemanticScuttle 0.98.0 is near

[Mark P. <mpe...@gm...>]

> I assume that getWatchNames uses the current user. Can't you just set
> the current user without storing that information in the session?
The call to getBookmarks() makes calls to getCurrentUserId() and
isLoggedIn() which both require data stored in the session
(via setCurrentUserId()).  So if you want to avoid storing data in the
session then we may need to add an additional argument to getBookmarks().
 The getWatchNames() has two arguments (user ID, Watched By), so it makes no
reference to the session/current user data.

Throwing this out as an idea, I could pass the privatekey as an argument in
getBookmarks() which will eliminate the need to store any data in the
session.  Thoughts?


On Wed, May 11, 2011 at 11:15 AM, Christian Weiske <cw...@cw...>wrote:

> Hi Mark,
>
>
>
> > When rss.php is called,
> > 1) User is defined, no private key
> > 2) User is defined, private key is defined and valid
> > 3) User is not defined, no private key
> > 4) User is not defined, private key is defined/valid
> >
> > Results:
> > 1) All public bookmarks returned for specified user
> > 2) All public bookmarks returned for specified user including any
> > that are shared to watchlist (with privatekey user being on the watch
> > list) 3) All public bookmarks
> > 4) All public bookmarks including any shared to watchlist bookmarks
> > where the privatekey user is on the watch list.
> >
> > (Please correct any assumptions I made above)
> >
> > #1 works fine, but the rest do not produce the correct results.  One
> > place I've pinpointed is the call in getBookmarks() where it calls
> > getWatchNames().  The second argument is true which I believe should
> > be false because we want the list of users that the passed user
> > (argument 1) is watching.  The other main change that will need to be
> > made in getBookmarks() is the ability to distinguish these calls from
> > rss.php where the user is authenticated via the privatekey but want
> > all bookmarks (#3 and #4 above).
>
> I assume that getWatchNames uses the current user. Can't you just set
> the current user without storing that information in the session?
>
>
> > One last point which is unrelated is the "Watchlist" page, should
> > that show the "shared" bookmarks of those users you are watching?  It
> > doesn't appear that it is now.
> No, it shows the bookmarks of the users that have you added to their
> watchlist. Actually the name "watchlist" is misleading, because it's a
> "trust list". You trust those users on your watchlist to see your
> protected bookmarks.
> If you would see the protected bookmarks of the users on your
> watchlist, you could easily see all protected bookmarks by adding all
> users to your watchlist.
>
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -= Geeking around in the name of science since 1982 =-
>
>
> ------------------------------------------------------------------------------
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
> http://p.sf.net/sfu/intel-dev2devmay
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>

Re: [Semanticscuttle-devel] SemanticScuttle 0.98.0 is near

[Christian W. <cw...@cw...>]

Hi Mark,



> When rss.php is called,
> 1) User is defined, no private key
> 2) User is defined, private key is defined and valid
> 3) User is not defined, no private key
> 4) User is not defined, private key is defined/valid
> 
> Results:
> 1) All public bookmarks returned for specified user
> 2) All public bookmarks returned for specified user including any
> that are shared to watchlist (with privatekey user being on the watch
> list) 3) All public bookmarks
> 4) All public bookmarks including any shared to watchlist bookmarks
> where the privatekey user is on the watch list.
> 
> (Please correct any assumptions I made above)
> 
> #1 works fine, but the rest do not produce the correct results.  One
> place I've pinpointed is the call in getBookmarks() where it calls
> getWatchNames().  The second argument is true which I believe should
> be false because we want the list of users that the passed user
> (argument 1) is watching.  The other main change that will need to be
> made in getBookmarks() is the ability to distinguish these calls from
> rss.php where the user is authenticated via the privatekey but want
> all bookmarks (#3 and #4 above).

I assume that getWatchNames uses the current user. Can't you just set
the current user without storing that information in the session?


> One last point which is unrelated is the "Watchlist" page, should
> that show the "shared" bookmarks of those users you are watching?  It
> doesn't appear that it is now.
No, it shows the bookmarks of the users that have you added to their
watchlist. Actually the name "watchlist" is misleading, because it's a
"trust list". You trust those users on your watchlist to see your
protected bookmarks.
If you would see the protected bookmarks of the users on your
watchlist, you could easily see all protected bookmarks by adding all
users to your watchlist.


-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-= Geeking around in the name of science since 1982 =-

Re: [Semanticscuttle-devel] SemanticScuttle 0.98.0 is near

[Mark P. <mpe...@gm...>]

Just to make sure I'm clear on everything, here's the possible scenarios
with the privatekey and user options:

When rss.php is called,
1) User is defined, no private key
2) User is defined, private key is defined and valid
3) User is not defined, no private key
4) User is not defined, private key is defined/valid

Results:
1) All public bookmarks returned for specified user
2) All public bookmarks returned for specified user including any that are
shared to watchlist (with privatekey user being on the watch list)
3) All public bookmarks
4) All public bookmarks including any shared to watchlist bookmarks where
the privatekey user is on the watch list.

(Please correct any assumptions I made above)

#1 works fine, but the rest do not produce the correct results.  One place
I've pinpointed is the call in getBookmarks() where it calls
getWatchNames().  The second argument is true which I believe should be
false because we want the list of users that the passed user (argument 1) is
watching.  The other main change that will need to be made in getBookmarks()
is the ability to distinguish these calls from rss.php where the user is
authenticated via the privatekey but want all bookmarks (#3 and #4 above).

One last point which is unrelated is the "Watchlist" page, should that show
the "shared" bookmarks of those users you are watching?  It doesn't appear
that it is now.


On Wed, May 11, 2011 at 10:12 AM, Christian Weiske <cw...@cw...>wrote:

> Hi Mark,
>
>
> > I'm nearing completion of the privatekey branch.  The delay is
> > adjusting the coding to log in with only the privatekey (which is
> > done), as well as trying to figure out how to adjust rss.php and its
> > call to getBookmarks() without having to change getBookmarks().
> > Definitely going to try to finish tonight so we can get 0.98.0 out.
> If it makes sense to change getBookmarks, we can change it. What are
> you trying to achieve?
>
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -= Geeking around in the name of science since 1982 =-
>
>
> ------------------------------------------------------------------------------
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
> http://p.sf.net/sfu/intel-dev2devmay
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>

Re: [Semanticscuttle-devel] SemanticScuttle 0.98.0 is near

[Christian W. <cw...@cw...>]

Hi Mark,


> I'm nearing completion of the privatekey branch.  The delay is
> adjusting the coding to log in with only the privatekey (which is
> done), as well as trying to figure out how to adjust rss.php and its
> call to getBookmarks() without having to change getBookmarks().
> Definitely going to try to finish tonight so we can get 0.98.0 out.
If it makes sense to change getBookmarks, we can change it. What are
you trying to achieve?


-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-= Geeking around in the name of science since 1982 =-

Re: [Semanticscuttle-devel] SemanticScuttle 0.98.0 is near

[Mark P. <mpe...@gm...>]

I'm nearing completion of the privatekey branch.  The delay is adjusting the
coding to log in with only the privatekey (which is done), as well as trying
to figure out how to adjust rss.php and its call to getBookmarks() without
having to change getBookmarks().  Definitely going to try to finish tonight
so we can get 0.98.0 out.


On Wed, May 11, 2011 at 2:26 AM, Christian Weiske <cw...@cw...>wrote:

> Hello Brett,
>
>
> > > The release of SemanticScuttle 0.98.0 is near. All what's stopping
> > > me from publishing the release is the configurable-privacy2 and
> > > privatekey branches which need some minor fixes and will be merged
> > > then.
> > I can finish by the end of the week.
>
> I saw that you did the changes I requested. I'll merge it into master
> today.
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -=≡ Geeking around in the name of science since 1982 ≡=-
>
>
> ------------------------------------------------------------------------------
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
> http://p.sf.net/sfu/intel-dev2devmay
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>
>

Re: [Semanticscuttle-devel] SemanticScuttle 0.98.0 is near

[Christian W. <cw...@cw...>]

Hello Brett,


> > The release of SemanticScuttle 0.98.0 is near. All what's stopping
> > me from publishing the release is the configurable-privacy2 and
> > privatekey branches which need some minor fixes and will be merged
> > then.
> I can finish by the end of the week.

I saw that you did the changes I requested. I'll merge it into master
today.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Work on #3163623 started: SSL Client Certificates

[Christian W. <cw...@cw...>]

Hello all,


SSL Client certificate support is finished, apart from documentation.
It would be awesome if someone could test it. Basically you need to
setup HTTPS on your web server, register a client certificate in your
browser and visit your profile page to register the certificate with
your user profile. After that, you will be automatically logged into
SemanticScuttle.

I got my server and client certificate from CAcert.org and used the
following settings in apache:

    SSLEngine On
    SSLCertificateFile /etc/ssl/private/bm.bogo.cweiske.de-cacert.pem
    SSLCertificateKeyFile /etc/ssl/private/bm.bogo.cweiske.de.key

    SSLCACertificateFile /etc/ssl/private/cacert-1and3.crt

    #enable client certificate login
    SSLOptions +StdEnvVars
    SSLVerifyClient optional
    SSLVerifyDepth 1



-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-