semanticscuttle-devel

[Semanticscuttle-devel] Privatekey / Opensearch problem / Configurable privacy

[Christian W. <cw...@cw...>]

Hi Mark, Golanor and Brett,



Now that the 0.97.2 with the urgent bugfixes is out, I'd like to get
0.98.0 rolling. Each of your tasks should be part of it.

Do you have a rough timeframe when you plan to finish them? A feature
I'd like to implement for 0.98.0 is theming support; that's relatively
easy to implement and should give users greater control and
possibilities in using SemanticScuttle. But before beginning that I'd
really like to merge the privatekey branch since it contains really
many changes.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Privatekey / Opensearch problem / Configurable privacy

[Mark P. <mpe...@gm...>]

Hey Christian,

I think the only thing left on the privatekey branch is adding some
additional unit tests which I should be able to do this weekend.  The only
other thing that I remember being in question is the ajax call to generate a
new key.  If it is unacceptable, I'll recode it to work without ajax.  I'm
certainly open to any additions or changes necessary.

Thanks all,
Mark

On Thu, Feb 17, 2011 at 5:07 PM, Christian Weiske <cw...@cw...>wrote:

> Hi Mark, Golanor and Brett,
>
>
>
> Now that the 0.97.2 with the urgent bugfixes is out, I'd like to get
> 0.98.0 rolling. Each of your tasks should be part of it.
>
> Do you have a rough timeframe when you plan to finish them? A feature
> I'd like to implement for 0.98.0 is theming support; that's relatively
> easy to implement and should give users greater control and
> possibilities in using SemanticScuttle. But before beginning that I'd
> really like to merge the privatekey branch since it contains really
> many changes.
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -=≡ Geeking around in the name of science since 1982 ≡=-
>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>
>

Re: [Semanticscuttle-devel] Privatekey

[Christian W. <cw...@cw...>]

Hi Mark,


> I think the only thing left on the privatekey branch is adding some
> additional unit tests which I should be able to do this weekend.  The
> only other thing that I remember being in question is the ajax call
> to generate a new key.  If it is unacceptable, I'll recode it to work
> without ajax.  I'm certainly open to any additions or changes
> necessary.

I'd really like to see that it works without Javascript, too. There
also needs to be an option to disable the privatekey fully, so that the
only way to access private bookmarks is by logging in.


-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Privatekey

[Mark P. <mpe...@gm...>]

Good idea.  Assuming disabling it at the user level, do you think there
needs to be an option for the site to turn off/on this feature?

Question on the ajax call, would you entertain the option to do an ajax call
if the browser has js enabled?  So code it to work both ways?  This might
help with the other components that make ajax calls (i.e. voting).
 Thoughts?

To Do List:
1) build additional unit tests
2) Remove ajax call for new key generation and make it POST (unless above is
acceptable)
3) user option to enable/disable private key option
4) possible site option to enable/disable private key option

I should have a little time this weekend to work on it, but after next week
I should have even more time to devote to SemanticScuttle.

Cheers!  North Carolina weather is fantastic for February!
Mark

On Fri, Feb 18, 2011 at 12:54 AM, Christian Weiske <cw...@cw...>wrote:

> Hi Mark,
>
>
> > I think the only thing left on the privatekey branch is adding some
> > additional unit tests which I should be able to do this weekend.  The
> > only other thing that I remember being in question is the ajax call
> > to generate a new key.  If it is unacceptable, I'll recode it to work
> > without ajax.  I'm certainly open to any additions or changes
> > necessary.
>
> I'd really like to see that it works without Javascript, too. There
> also needs to be an option to disable the privatekey fully, so that the
> only way to access private bookmarks is by logging in.
>
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -=≡ Geeking around in the name of science since 1982 ≡=-
>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>
>

Re: [Semanticscuttle-devel] Privatekey

[Christian W. <cw...@cw...>]

Hi Mark,


> Good idea.  Assuming disabling it at the user level, do you think
> there needs to be an option for the site to turn off/on this feature?
I don't think that's needed, given that by default nobody has private
feeds enabled.


> Question on the ajax call, would you entertain the option to do an
> ajax call if the browser has js enabled?  So code it to work both
> ways?  This might help with the other components that make ajax calls
> (i.e. voting). Thoughts?
I'm all for that. Having it working with JS is always nice; I just
don't want to exclude non-js browsers.

> To Do List:
> 1) build additional unit tests
I did some additional unittest fixes in the master branch; you might
want to merge them in your branch.

> 2) Remove ajax call for new key generation and make it POST (unless
> above is acceptable)
The REST rules state that actions that change data should never be
GET, so using POST is fine.

> 3) user option to enable/disable private key option
I think some checkbox or radio button would work here nicely:

( ) feed key: [abcde....] <regen>
(·) disable feed key

> 4) possible site option to enable/disable private key option
Ok.

> Cheers!  North Carolina weather is fantastic for February!
Have a nice weekend!


-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Privatekey / Opensearch problem / Configurable privacy

[<go...@gm...>]

I still can't run the opensearch plugin from my browser, anyone have any
idea what to do?
When I try to install, it shows me: "could not download the search plugin".

On Fri, Feb 18, 2011 at 12:07 AM, Christian Weiske <cw...@cw...>wrote:

> Hi Mark, Golanor and Brett,
>
>
>
> Now that the 0.97.2 with the urgent bugfixes is out, I'd like to get
> 0.98.0 rolling. Each of your tasks should be part of it.
>
> Do you have a rough timeframe when you plan to finish them? A feature
> I'd like to implement for 0.98.0 is theming support; that's relatively
> easy to implement and should give users greater control and
> possibilities in using SemanticScuttle. But before beginning that I'd
> really like to merge the privatekey branch since it contains really
> many changes.
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -=≡ Geeking around in the name of science since 1982 ≡=-
>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>
>

Re: [Semanticscuttle-devel] Privatekey / Opensearch problem / Configurable privacy

[Christian W. <cw...@cw...>]

Hi Golanor,


> I still can't run the opensearch plugin from my browser, anyone have
> any idea what to do?
> When I try to install, it shows me: "could not download the search
> plugin".
When I remember correctly did you get a white page when opening 
> /api/opensearch.php
directly. This is probably a php error that does not get displayed.

To activate error display, open your php.ini and set display_errors to
1. Then restart your web server to activate the changes.

The problem here is probably that you have short_open_tags "On" in
php.ini, which clashes with "<?xml" - simply set it to "Off" in php.ini
and restart your web server.


-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Privatekey / Opensearch problem / Configurable privacy

[<go...@gm...>]

yes, that fixed it.
I think I found an error..In the opensearch.php there is a reference to
"$GLOBALS['root']", which I have no idea where it was defined (not in
config.php).
Did you all install SemanticScuttle on a root directory or in a different
folder?
I installed it in a folder, and when I try to search using opensearch, it
tries searching in the root of the server, i.e:
instead of
http://localhost/sc/search.php/all/google%20homepage
it goes to
http://localhost/search.php/all/google+homepage
Did I simply forget to define it, or is it really not defined anywhere?


On Sun, Feb 20, 2011 at 12:04 PM, Christian Weiske <cw...@cw...>wrote:

>
> php.ini, which clashes with "<?xml" - simply set it to "Off" in php.ini

Re: [Semanticscuttle-devel] Privatekey / Opensearch problem / Configurable privacy

[Christian W. <cw...@cw...>]

Hi Golanor,



> yes, that fixed it.
Great.


> I think I found an error..In the opensearch.php there is a reference
> to "$GLOBALS['root']", which I have no idea where it was defined (not
> in config.php).
> Did you all install SemanticScuttle on a root directory or in a
> different folder?
> I installed it in a folder, and when I try to search using
> opensearch, it tries searching in the root of the server, i.e:
> instead of
> http://localhost/sc/search.php/all/google%20homepage
> it goes to
> http://localhost/search.php/all/google+homepage
> Did I simply forget to define it, or is it really not defined
> anywhere?

cweiske:~/Dev/semanticscuttle/cwdev> grep -r "'root'" .
src/SemanticScuttle/constants.php
14:if (!isset($GLOBALS['root'])) {
30:	define('ROOT', $GLOBALS['root']);

data/config.php
60:        'username' => 'root',

www/api/opensearch.php
15:  <Url type="text/html" template="http://<?php echo
$_SERVER['HTTP_HOST'] . '/' .
$GLOBALS['root']?>search.php/all/{searchTerms}"/>


You may define $GLOBALS['root'] as described in data/config.default.php

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Privatekey / Opensearch problem / Configurable privacy

[<go...@gm...>]

Ok, I fixed it.
Added a new variable meant specifically to get the terms from opensearch, it
then gets url-decoded, and url-recoded again, just see the code.
code changes - search.php and opensearch.php
i'll be comitting the changes in a few minutes.

On Sun, Feb 20, 2011 at 3:56 PM, Christian Weiske <cw...@cw...>wrote:

> Hi Golanor,
>
>
>
> > yes, that fixed it.
> Great.
>
>
> > I think I found an error..In the opensearch.php there is a reference
> > to "$GLOBALS['root']", which I have no idea where it was defined (not
> > in config.php).
> > Did you all install SemanticScuttle on a root directory or in a
> > different folder?
> > I installed it in a folder, and when I try to search using
> > opensearch, it tries searching in the root of the server, i.e:
> > instead of
> > http://localhost/sc/search.php/all/google%20homepage
> > it goes to
> > http://localhost/search.php/all/google+homepage
> > Did I simply forget to define it, or is it really not defined
> > anywhere?
>
> cweiske:~/Dev/semanticscuttle/cwdev> grep -r "'root'" .
> src/SemanticScuttle/constants.php
> 14:if (!isset($GLOBALS['root'])) {
> 30:     define('ROOT', $GLOBALS['root']);
>
> data/config.php
> 60:        'username' => 'root',
>
> www/api/opensearch.php
> 15:  <Url type="text/html" template="http://<?php echo
> $_SERVER['HTTP_HOST'] . '/' .
> $GLOBALS['root']?>search.php/all/{searchTerms}"/>
>
>
> You may define $GLOBALS['root'] as described in data/config.default.php
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -=≡ Geeking around in the name of science since 1982 ≡=-
>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>
>

Re: [Semanticscuttle-devel] Privatekey / Opensearch problem / Configurable privacy

[Christian W. <cw...@cw...>]

Hi Golanor,


> Ok, I fixed it.
> Added a new variable meant specifically to get the terms from
> opensearch, it then gets url-decoded, and url-recoded again, just see
> the code. code changes - search.php and opensearch.php
> i'll be comitting the changes in a few minutes.

1. You did not revert the change from your last commit
2. Why did you add a new parameter? Isn't it better to just decode the
   existing terms variable?

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Privatekey / Opensearch problem / Configurable privacy

[Brett D. <bs...@fr...>]

Hello,

I'm pretty close to having configurable privacy implemented. I'm
wondering where I should place my unit test. I was thinking I should add
it to BookmarkTest.php in the tests directory, correct?

Also, I ran BookmarkTest.php in PHPUnit and there was one failure:
1) BookmarkTest::testHardCharactersInBookmarks
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-#{|`^@]³¹¡¿<&é__(-è\_çà)
+#{|`^@]

I had not changed anything in this file.

Rgrds,
Brett

Re: [Semanticscuttle-devel] Privatekey

[Christian W. <cw...@cw...>]

Hi Mark,



> Christian, I've updated privatekey with the following changes:
> 1) I added an enable checkbox to allow user to enable/disable the
> Private RSS feed.
That's a good addition since it allows people to easily deactivate
their private key without manually deleting the key.

I saw that you added a second column beside the private key;
enablePrivateKey. In my eyes this is not necessary since that
information can be transmitted in the private key column - when it's
empty/NULL, it's deactivated. Please change that.

> 2) I took out the ajax call in profile.php - I ran into some issues
> with trying keep the javascript for those who use it.  Didn't think
> it was that big enough of a deal to worry about it.
Fine with me.

I've got a little special configuration on my dev system:
> $sitename = 'b"m.bo\'go';
The site name here contains both single and double quotes, something
that helped me discovering quite a number of quoting/escaping bugs. It
seems that you double-htmlencode the title in the rss feed so that I
get
> title="b"m.bo'go: (private) b"m.bo'go"
instead of the 
> title="b"m.bo'go: Recent bookmarks"
as it is for the normal feed in the HTML head. Also add a newline
before the private <link> so the html looks cleaner. You also do not
escape the & in the link before privatekey=, which makes the page fail
to validate.

There is no fail message when an unknown privatekey is used.
SemanticScuttle should send a status 400 (Bad request) with an
explanatory message.

The user's bookmark list does also not contain a privatekey feed link.
I think that all pages that link feeds should also link the
associated private feed (i.e. useful when someone wants to bookmark a
search that may contain private bookmarks).

And unit tests are a must here:
- fetch feed with private key, do the private bookmarks appear?
- same without priv key
- are the private feed links on all relevant pages when logged in and
  the user has a private key?
- same for logged out -> no private links
- same for logged in bug no private key -> no private feed links


> 3) on a separate commit, I took a stab at updating the getBookmarks()
> function to make the queries a little more efficient.  The base of the
> problem was doing both a GROUP BY and an ORDER BY in the same query
> (as well as the use of multiple tables on the same query).  I got
> spoiled on Oracle because it tends to be a little more efficient.
> MySQL as well as other RDBS's don't optimize it enough to make it
> very efficient.  So I tweaked the queries to get around some of the
> issues.  I haven't tested it on MySQL 4 so I can't confirm if the
> query will work on that version.  There was one component that I
> couldn't make more efficient and that is searching by a tag, or by a
> user, or searching.  Those queries are simply too complex to make
> efficient.  However, they are fast if there is only a small
> resultset. Anyway, outside of doing a full redesign of the data
> tables, this is the best I could come up with.  My last commit
> contains the updates to the user table and the bookmarks table.  I
> simply added an additional index on the bookmarks table to help with
> the query.  Please let me know if you have any questions.

Do the tests do still run? I get a bunch of errors when running them.
Please also do that in a different branch; we're using one branch per
feature which makes it easier to merge the relevant features in the
master branch later. Just imagine that the private key feature is
ready, but your sql optimizations are buggy but we want to release a
new version. If we have clean feature branches, we just merge the ones
that are ready and are done. Currently this is not possible since an
unfinished feature is in the same branch as the other one.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Privatekey / Opensearch problem / Configurable privacy

[Christian W. <cw...@cw...>]

Hi Brett,


> I'm pretty close to having configurable privacy implemented. I'm
> wondering where I should place my unit test. I was thinking I should
> add it to BookmarkTest.php in the tests directory, correct?
Yep, that's the correct one.


> Also, I ran BookmarkTest.php in PHPUnit and there was one failure:
> 1) BookmarkTest::testHardCharactersInBookmarks
> Failed asserting that two strings are equal.
> --- Expected
> +++ Actual
> @@ @@
> -#{|`^@]³¹¡¿<&é__(-è\_çà)
> +#{|`^@]
> 
> I had not changed anything in this file.

Does it suddenly work when running the tests the second (or third)
time? i know of one unstable tests (which is crap and needs to be
fixed).

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Privatekey

[Mark P. <mpe...@gm...>]

Thanks for the great response Christian!  I'll work on these items and get
back to you.  Cheers to all!

On Mon, Mar 7, 2011 at 2:03 PM, Christian Weiske <cw...@cw...> wrote:

> Hi Mark,
>
>
>
> > Christian, I've updated privatekey with the following changes:
> > 1) I added an enable checkbox to allow user to enable/disable the
> > Private RSS feed.
> That's a good addition since it allows people to easily deactivate
> their private key without manually deleting the key.
>
> I saw that you added a second column beside the private key;
> enablePrivateKey. In my eyes this is not necessary since that
> information can be transmitted in the private key column - when it's
> empty/NULL, it's deactivated. Please change that.
>
> > 2) I took out the ajax call in profile.php - I ran into some issues
> > with trying keep the javascript for those who use it.  Didn't think
> > it was that big enough of a deal to worry about it.
> Fine with me.
>
> I've got a little special configuration on my dev system:
> > $sitename = 'b"m.bo\'go';
> The site name here contains both single and double quotes, something
> that helped me discovering quite a number of quoting/escaping bugs. It
> seems that you double-htmlencode the title in the rss feed so that I
> get
> > title="b&amp;quot;m.bo'go: (private) b&amp;quot;m.bo'go"
> instead of the
> > title="b&quot;m.bo'go: Recent bookmarks"
> as it is for the normal feed in the HTML head. Also add a newline
> before the private <link> so the html looks cleaner. You also do not
> escape the & in the link before privatekey=, which makes the page fail
> to validate.
>
> There is no fail message when an unknown privatekey is used.
> SemanticScuttle should send a status 400 (Bad request) with an
> explanatory message.
>
> The user's bookmark list does also not contain a privatekey feed link.
> I think that all pages that link feeds should also link the
> associated private feed (i.e. useful when someone wants to bookmark a
> search that may contain private bookmarks).
>
> And unit tests are a must here:
> - fetch feed with private key, do the private bookmarks appear?
> - same without priv key
> - are the private feed links on all relevant pages when logged in and
>  the user has a private key?
> - same for logged out -> no private links
> - same for logged in bug no private key -> no private feed links
>
>
> > 3) on a separate commit, I took a stab at updating the getBookmarks()
> > function to make the queries a little more efficient.  The base of the
> > problem was doing both a GROUP BY and an ORDER BY in the same query
> > (as well as the use of multiple tables on the same query).  I got
> > spoiled on Oracle because it tends to be a little more efficient.
> > MySQL as well as other RDBS's don't optimize it enough to make it
> > very efficient.  So I tweaked the queries to get around some of the
> > issues.  I haven't tested it on MySQL 4 so I can't confirm if the
> > query will work on that version.  There was one component that I
> > couldn't make more efficient and that is searching by a tag, or by a
> > user, or searching.  Those queries are simply too complex to make
> > efficient.  However, they are fast if there is only a small
> > resultset. Anyway, outside of doing a full redesign of the data
> > tables, this is the best I could come up with.  My last commit
> > contains the updates to the user table and the bookmarks table.  I
> > simply added an additional index on the bookmarks table to help with
> > the query.  Please let me know if you have any questions.
>
> Do the tests do still run? I get a bunch of errors when running them.
> Please also do that in a different branch; we're using one branch per
> feature which makes it easier to merge the relevant features in the
> master branch later. Just imagine that the private key feature is
> ready, but your sql optimizations are buggy but we want to release a
> new version. If we have clean feature branches, we just merge the ones
> that are ready and are done. Currently this is not possible since an
> unfinished feature is in the same branch as the other one.
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -=≡ Geeking around in the name of science since 1982 ≡=-
>
>
> ------------------------------------------------------------------------------
> What You Don't Know About Data Connectivity CAN Hurt You
> This paper provides an overview of data connectivity, details
> its effect on application quality, and explores various alternative
> solutions. http://p.sf.net/sfu/progress-d2d
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>
>

Re: [Semanticscuttle-devel] Privatekey / Opensearch problem / Configurable privacy

[Brett D. <bs...@fr...>]

Hi, Christian.

I ran the test five times consecutively, and the assert failed each
time.

Rgrds,
Brett

On Mon, 7 Mar 2011 20:04:43 +0100, Christian Weiske
<cw...@cw...> wrote:
> Hi Brett,
> 
> 
>> I'm pretty close to having configurable privacy implemented. I'm
>> wondering where I should place my unit test. I was thinking I should
>> add it to BookmarkTest.php in the tests directory, correct?
> Yep, that's the correct one.
> 
> 
>> Also, I ran BookmarkTest.php in PHPUnit and there was one failure:
>> 1) BookmarkTest::testHardCharactersInBookmarks
>> Failed asserting that two strings are equal.
>> --- Expected
>> +++ Actual
>> @@ @@
>> -#{|`^@]³¹¡¿<&é__(-è\_çà)
>> +#{|`^@]
>>
>> I had not changed anything in this file.
> 
> Does it suddenly work when running the tests the second (or third)
> time? i know of one unstable tests (which is crap and needs to be
> fixed).

Re: [Semanticscuttle-devel] Privatekey / Opensearch problem / Configurable privacy

[Christian W. <cw...@cw...>]

Hello Brett,


> >> Also, I ran BookmarkTest.php in PHPUnit and there was one failure:
> >> 1) BookmarkTest::testHardCharactersInBookmarks
> >> Failed asserting that two strings are equal.
> >> --- Expected
> >> +++ Actual
> >> @@ @@
> >> -#{|`^@]³¹¡¿<&é__(-è\_çà)
> >> +#{|`^@]
> >>
> >> I had not changed anything in this file.
> > Does it suddenly work when running the tests the second (or third)
> > time? i know of one unstable tests (which is crap and needs to be
> > fixed).
> I ran the test five times consecutively, and the assert failed each
> time.

That really looks like DOS characters. Maybe it'll solve itself when
you get a unix box or run the tests on the normal windows command line.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Privatekey

[Mark P. <mpe...@gm...>]

Sorry for the delay on the privatekey code.  I'm finishing up with the tests
and should be done shortly.  Cheers to all.
Mark


On Mon, Mar 7, 2011 at 4:08 PM, Mark Pemberton <mpe...@gm...>wrote:

> Thanks for the great response Christian!  I'll work on these items and get
> back to you.  Cheers to all!
>
> On Mon, Mar 7, 2011 at 2:03 PM, Christian Weiske <cw...@cw...>wrote:
>
>> Hi Mark,
>>
>>
>>
>> > Christian, I've updated privatekey with the following changes:
>> > 1) I added an enable checkbox to allow user to enable/disable the
>> > Private RSS feed.
>> That's a good addition since it allows people to easily deactivate
>> their private key without manually deleting the key.
>>
>> I saw that you added a second column beside the private key;
>> enablePrivateKey. In my eyes this is not necessary since that
>> information can be transmitted in the private key column - when it's
>> empty/NULL, it's deactivated. Please change that.
>>
>> > 2) I took out the ajax call in profile.php - I ran into some issues
>> > with trying keep the javascript for those who use it.  Didn't think
>> > it was that big enough of a deal to worry about it.
>> Fine with me.
>>
>> I've got a little special configuration on my dev system:
>> > $sitename = 'b"m.bo\'go';
>> The site name here contains both single and double quotes, something
>> that helped me discovering quite a number of quoting/escaping bugs. It
>> seems that you double-htmlencode the title in the rss feed so that I
>> get
>> > title="b&amp;quot;m.bo'go: (private) b&amp;quot;m.bo'go"
>> instead of the
>> > title="b&quot;m.bo'go: Recent bookmarks"
>> as it is for the normal feed in the HTML head. Also add a newline
>> before the private <link> so the html looks cleaner. You also do not
>> escape the & in the link before privatekey=, which makes the page fail
>> to validate.
>>
>> There is no fail message when an unknown privatekey is used.
>> SemanticScuttle should send a status 400 (Bad request) with an
>> explanatory message.
>>
>> The user's bookmark list does also not contain a privatekey feed link.
>> I think that all pages that link feeds should also link the
>> associated private feed (i.e. useful when someone wants to bookmark a
>> search that may contain private bookmarks).
>>
>> And unit tests are a must here:
>> - fetch feed with private key, do the private bookmarks appear?
>> - same without priv key
>> - are the private feed links on all relevant pages when logged in and
>>  the user has a private key?
>> - same for logged out -> no private links
>> - same for logged in bug no private key -> no private feed links
>>
>>
>> > 3) on a separate commit, I took a stab at updating the getBookmarks()
>> > function to make the queries a little more efficient.  The base of the
>> > problem was doing both a GROUP BY and an ORDER BY in the same query
>> > (as well as the use of multiple tables on the same query).  I got
>> > spoiled on Oracle because it tends to be a little more efficient.
>> > MySQL as well as other RDBS's don't optimize it enough to make it
>> > very efficient.  So I tweaked the queries to get around some of the
>> > issues.  I haven't tested it on MySQL 4 so I can't confirm if the
>> > query will work on that version.  There was one component that I
>> > couldn't make more efficient and that is searching by a tag, or by a
>> > user, or searching.  Those queries are simply too complex to make
>> > efficient.  However, they are fast if there is only a small
>> > resultset. Anyway, outside of doing a full redesign of the data
>> > tables, this is the best I could come up with.  My last commit
>> > contains the updates to the user table and the bookmarks table.  I
>> > simply added an additional index on the bookmarks table to help with
>> > the query.  Please let me know if you have any questions.
>>
>> Do the tests do still run? I get a bunch of errors when running them.
>> Please also do that in a different branch; we're using one branch per
>> feature which makes it easier to merge the relevant features in the
>> master branch later. Just imagine that the private key feature is
>> ready, but your sql optimizations are buggy but we want to release a
>> new version. If we have clean feature branches, we just merge the ones
>> that are ready and are done. Currently this is not possible since an
>> unfinished feature is in the same branch as the other one.
>>
>> --
>> Regards/Mit freundlichen Grüßen
>> Christian Weiske
>>
>> -=≡ Geeking around in the name of science since 1982 ≡=-
>>
>>
>> ------------------------------------------------------------------------------
>> What You Don't Know About Data Connectivity CAN Hurt You
>> This paper provides an overview of data connectivity, details
>> its effect on application quality, and explores various alternative
>> solutions. http://p.sf.net/sfu/progress-d2d
>>
>> _______________________________________________
>> Semanticscuttle-devel mailing list
>> Sem...@li...
>> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>>
>>
>

Re: [Semanticscuttle-devel] Privatekey

[Mark P. <mpe...@gm...>]

Ok Christian, I've backed out the bookmark query updates, and removed the
recently added User column, added a number of new tests, and addressed most
(if not all) of your concerns).  I'm still a bit green on unit testing, so
be easy on me.  :)  Cheers to all.  Have a great weekend!


On Tue, Mar 15, 2011 at 10:55 PM, Mark Pemberton <mpe...@gm...>wrote:

> Sorry for the delay on the privatekey code.  I'm finishing up with the
> tests and should be done shortly.  Cheers to all.
> Mark
>
>
> On Mon, Mar 7, 2011 at 4:08 PM, Mark Pemberton <mpe...@gm...>wrote:
>
>> Thanks for the great response Christian!  I'll work on these items and get
>> back to you.  Cheers to all!
>>
>> On Mon, Mar 7, 2011 at 2:03 PM, Christian Weiske <cw...@cw...>wrote:
>>
>>> Hi Mark,
>>>
>>>
>>>
>>> > Christian, I've updated privatekey with the following changes:
>>> > 1) I added an enable checkbox to allow user to enable/disable the
>>> > Private RSS feed.
>>> That's a good addition since it allows people to easily deactivate
>>> their private key without manually deleting the key.
>>>
>>> I saw that you added a second column beside the private key;
>>> enablePrivateKey. In my eyes this is not necessary since that
>>> information can be transmitted in the private key column - when it's
>>> empty/NULL, it's deactivated. Please change that.
>>>
>>> > 2) I took out the ajax call in profile.php - I ran into some issues
>>> > with trying keep the javascript for those who use it.  Didn't think
>>> > it was that big enough of a deal to worry about it.
>>> Fine with me.
>>>
>>> I've got a little special configuration on my dev system:
>>> > $sitename = 'b"m.bo\'go';
>>> The site name here contains both single and double quotes, something
>>> that helped me discovering quite a number of quoting/escaping bugs. It
>>> seems that you double-htmlencode the title in the rss feed so that I
>>> get
>>> > title="b&amp;quot;m.bo'go: (private) b&amp;quot;m.bo'go"
>>> instead of the
>>> > title="b&quot;m.bo'go: Recent bookmarks"
>>> as it is for the normal feed in the HTML head. Also add a newline
>>> before the private <link> so the html looks cleaner. You also do not
>>> escape the & in the link before privatekey=, which makes the page fail
>>> to validate.
>>>
>>> There is no fail message when an unknown privatekey is used.
>>> SemanticScuttle should send a status 400 (Bad request) with an
>>> explanatory message.
>>>
>>> The user's bookmark list does also not contain a privatekey feed link.
>>> I think that all pages that link feeds should also link the
>>> associated private feed (i.e. useful when someone wants to bookmark a
>>> search that may contain private bookmarks).
>>>
>>> And unit tests are a must here:
>>> - fetch feed with private key, do the private bookmarks appear?
>>> - same without priv key
>>> - are the private feed links on all relevant pages when logged in and
>>>  the user has a private key?
>>> - same for logged out -> no private links
>>> - same for logged in bug no private key -> no private feed links
>>>
>>>
>>> > 3) on a separate commit, I took a stab at updating the getBookmarks()
>>> > function to make the queries a little more efficient.  The base of the
>>> > problem was doing both a GROUP BY and an ORDER BY in the same query
>>> > (as well as the use of multiple tables on the same query).  I got
>>> > spoiled on Oracle because it tends to be a little more efficient.
>>> > MySQL as well as other RDBS's don't optimize it enough to make it
>>> > very efficient.  So I tweaked the queries to get around some of the
>>> > issues.  I haven't tested it on MySQL 4 so I can't confirm if the
>>> > query will work on that version.  There was one component that I
>>> > couldn't make more efficient and that is searching by a tag, or by a
>>> > user, or searching.  Those queries are simply too complex to make
>>> > efficient.  However, they are fast if there is only a small
>>> > resultset. Anyway, outside of doing a full redesign of the data
>>> > tables, this is the best I could come up with.  My last commit
>>> > contains the updates to the user table and the bookmarks table.  I
>>> > simply added an additional index on the bookmarks table to help with
>>> > the query.  Please let me know if you have any questions.
>>>
>>> Do the tests do still run? I get a bunch of errors when running them.
>>> Please also do that in a different branch; we're using one branch per
>>> feature which makes it easier to merge the relevant features in the
>>> master branch later. Just imagine that the private key feature is
>>> ready, but your sql optimizations are buggy but we want to release a
>>> new version. If we have clean feature branches, we just merge the ones
>>> that are ready and are done. Currently this is not possible since an
>>> unfinished feature is in the same branch as the other one.
>>>
>>> --
>>> Regards/Mit freundlichen Grüßen
>>> Christian Weiske
>>>
>>> -=≡ Geeking around in the name of science since 1982 ≡=-
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> What You Don't Know About Data Connectivity CAN Hurt You
>>> This paper provides an overview of data connectivity, details
>>> its effect on application quality, and explores various alternative
>>> solutions. http://p.sf.net/sfu/progress-d2d
>>>
>>> _______________________________________________
>>> Semanticscuttle-devel mailing list
>>> Sem...@li...
>>> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>>>
>>>
>>
>

Re: [Semanticscuttle-devel] Privatekey

[Christian W. <cw...@cw...>]

Hello Mark,


> Ok Christian, I've backed out the bookmark query updates, and removed
> the recently added User column, added a number of new tests, and
> addressed most (if not all) of your concerns).  I'm still a bit green
> on unit testing, so be easy on me.  :)  Cheers to all.  Have a great
> weekend!


> >>> I've got a little special configuration on my dev system:
> >>> > $sitename = 'b"m.bo\'go';
> >>> The site name here contains both single and double quotes,
> >>> something that helped me discovering quite a number of
> >>> quoting/escaping bugs. It seems that you double-htmlencode the
> >>> title in the rss feed so that I get
> >>> > title="b"m.bo'go: (private) b"m.bo'go"
> >>> instead of the
> >>> > title="b"m.bo'go: Recent bookmarks"
> >>> as it is for the normal feed in the HTML head.
The problem still exists for me. Seems I did not describe it properly
since you did remove the escaping in rss.tpl.php which needs to stay
there.
You don't double-encode it in the rss feed but in the rss feed link on
the html main page:
> <link rel="alternate" type="application/rss+xml"
>  title="b&quot;m.bo'go: Recent bookmarks"
>  href="http://bm.bogo/rss.php?sort=date_desc" />
> <link rel="alternate" type="application/rss+xml"
>  title="b&amp;quot;m.bo'go: (private) b&amp;quot;m.bo'go"
>  href="http://bm.bogo/rss.php/test?sort=date_desc&amp;privatekey=-e36a17f2717a3da7321aa742e328e92" />

It's already fixed on the main page. On the user bookmark page
you unfortunately did not encode the & in the URL, making the page
invalid. I either spot these things manually or use the W3C HTML
Validator. With the Opera browser, you just have to right-click a page
and "Validate", on firefox you may want to install the web developer
toolbar - it has a "validate local html" button on the "extras" menu.

You also removed the htmlspecialchars on the opensearchdescription
title in top.inc.php - that needs to be kept, too.


> >>> There is no fail message when an unknown privatekey is used.
> >>> SemanticScuttle should send a status 400 (Bad request) with an
> >>> explanatory message.
I see that a 404 is sent, but I don't see any error message in the
browser. This is due to the fact that the error is sent as HTML page,
but the Content-Type in the headers is application/rss+xml:

$ curl -i 'http://bm.bogo/rss.php/test?sort=date_desc&privatekey=foobar'
HTTP/1.1 404 Not Found
Date: Mon, 21 Mar 2011 06:46:04 GMT
....
Content-Type: application/rss+xml; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html
xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">


One thing I noted on the profile page:
When I uncheck the "enable" checkbox, I get a new key of
"-e36a17f2717a3da7321aa742e328e92" the the checkbox still enabled.
Also, the "enabled" text should be surrounded with a <label
for="checkbox-id"> tag so that the user can click the text and does not
have to aim on the checkbox itself.
I just see that this is due to the SQL change that I did not apply yet
on my database!

The attribute "readonly" is ok, but please make it XHTML-compatible by
using readonly="readonly".


About this:
> +     * @param string $privateKey       RSS Private Key
> +     * @param string $enablePrivateRSS RSS Private Key
From that signature, I don't understand why you need two parameters
here since they have the same type and the same description. Plus, the
type is string but the default value in the method signature is still
0 :) Use a boolean type here and keep the original name of
"enablePrivateKey", since we it does not have to be limited to the RSS
feeds in the future.

And I see that we misunderstood each other; you want to keep the
original key and be able to re-enable the key in the profile while
being able to restore the old one. I thought that setting it to NULL or
empty string would suffice, but your idea of prepending a "-" is
actually better.

I like that you hide the implementation details of
deactivating/activating the private key in the updateuser method by
providing a "enableprivatekey" parameter. Unfortunately, you don't hide
the details when checking for it and always rely on the 32 characters
length: 
> www/index.php
> +    if ($currentUser->getPrivateKey() <> null &&
> strlen($currentUser->getPrivateKey()) == 32) {
It'd be cool if you implemented and used
$currentUser->isPrivateKeyAllowed() there.


The API tests look really good. What I miss is tests that query the
actual feed URLs with parameters; see the API tests that do
->getRequest()->send().

I'm beginning to see the finish line here now :)

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Privatekey

[Christian W. <cw...@cw...>]

Hello Mark,


> Well that was easy.... :)  Thanks for the tip!  I'll finish up on the
> unit tests and hopefully we'll be done.
Any updates?

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Privatekey

[Mark P. <mpe...@gm...>]

Yep, made some final changes last night and didn't get a chance to commit.
 I just committed my work so please review.  Ok, I confess, I haven't done
the below:

"The API tests look really good. What I miss is tests that query the
actual feed URLs with parameters; see the API tests that do
->getRequest()->send()."

I was hoping to do them last week when I thought I would have the time, but
never got to it.  I will try to complete that this evening.

Cheers!
Mark

On Wed, Apr 6, 2011 at 1:02 PM, Christian Weiske <cw...@cw...> wrote:

> Hello Mark,
>
>
> > Well that was easy.... :)  Thanks for the tip!  I'll finish up on the
> > unit tests and hopefully we'll be done.
> Any updates?
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -=≡ Geeking around in the name of science since 1982 ≡=-
>
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>
>

Re: [Semanticscuttle-devel] Privatekey

[Mark P. <mpe...@gm...>]

And just a heads-up, I tried to test everything regarding the special
characters with the titles, etc.  If you find something that is not right,
let me know.

On Wed, Apr 6, 2011 at 2:52 PM, Mark Pemberton <mpe...@gm...>wrote:

> Yep, made some final changes last night and didn't get a chance to commit.
>  I just committed my work so please review.  Ok, I confess, I haven't done
> the below:
>
> "The API tests look really good. What I miss is tests that query the
> actual feed URLs with parameters; see the API tests that do
> ->getRequest()->send()."
>
> I was hoping to do them last week when I thought I would have the time, but
> never got to it.  I will try to complete that this evening.
>
> Cheers!
> Mark
>
> On Wed, Apr 6, 2011 at 1:02 PM, Christian Weiske <cw...@cw...>wrote:
>
>> Hello Mark,
>>
>>
>> > Well that was easy.... :)  Thanks for the tip!  I'll finish up on the
>> > unit tests and hopefully we'll be done.
>> Any updates?
>>
>> --
>> Regards/Mit freundlichen Grüßen
>> Christian Weiske
>>
>> -=≡ Geeking around in the name of science since 1982 ≡=-
>>
>>
>> ------------------------------------------------------------------------------
>> Xperia(TM) PLAY
>> It's a major breakthrough. An authentic gaming
>> smartphone on the nation's most reliable network.
>> And it wants your games.
>> http://p.sf.net/sfu/verizon-sfdev
>>
>> _______________________________________________
>> Semanticscuttle-devel mailing list
>> Sem...@li...
>> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>>
>>
>

Re: [Semanticscuttle-devel] Privatekey

[Christian W. <cw...@cw...>]

Hello Mark,


> > Yep, made some final changes last night and didn't get a chance to
> > commit. I just committed my work so please review.  Ok, I confess,
> > I haven't done the below:
> And just a heads-up, I tried to test everything regarding the special
> characters with the titles, etc.  If you find something that is not
> right, let me know.

+ Privatekey works fine for the user's own bookmarks
- Does not work with all bookmarks (plain rss.php?privatekey) - I'm
  likely to subscribe to the all bookmarks feed in a private SC setup
  with a several users.
+ Enabling and disabling the private key works fine
+ Error page when accessing feed with wrong private key
+ Error page when accessing feed with disabled private key
- Generating new key throws away form changes. This isn't that nice,
  but I'll accept it for now and we can fix that when the quickform
  branch is finished.
- 1) BookmarkTest::testPrivateBookmarks
  Undefined offset: 1
  /home/cweiske/Dev/semanticscuttle/cwdev/tests/BookmarkTest.php:1387

I did also run the unit tests with with coverage enabled and saw that
i.e. "getUserByPrivateKey" is not tested. I'll help you with writing
the tests.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Re: [Semanticscuttle-devel] Privatekey

[Mark P. <mpe...@gm...>]

> Does not work with all bookmarks (plain rss.php?privatekey) - I'm
> likely to subscribe to the all bookmarks feed in a private SC setup
> with a several users.
Totally missed this.  I bet unit testing would have caught it..... :(

> Generating new key throws away form changes. This isn't that nice,
> but I'll accept it for now and we can fix that when the quickform
> branch is finished.
If quickform is not far off, then I agree.  I'm a bit agitated for missing
this one, so if it needs to be corrected now, I'll be glad to do it.

> 1) BookmarkTest::testPrivateBookmarks
> Undefined offset: 1
> /home/cweiske/Dev/semanticscuttle/cwdev/tests/BookmarkTest.php:1387
Ok then I guess we can test the size of the array instead of the value.
 I'll replace it with this:
        $this->assertEquals(count($bookmarks['bookmarks']),1);




On Thu, Apr 7, 2011 at 4:57 PM, Christian Weiske <cw...@cw...> wrote:

> Hello Mark,
>
>
> > > Yep, made some final changes last night and didn't get a chance to
> > > commit. I just committed my work so please review.  Ok, I confess,
> > > I haven't done the below:
> > And just a heads-up, I tried to test everything regarding the special
> > characters with the titles, etc.  If you find something that is not
> > right, let me know.
>
> + Privatekey works fine for the user's own bookmarks
> - Does not work with all bookmarks (plain rss.php?privatekey) - I'm
>  likely to subscribe to the all bookmarks feed in a private SC setup
>  with a several users.
> + Enabling and disabling the private key works fine
> + Error page when accessing feed with wrong private key
> + Error page when accessing feed with disabled private key
> - Generating new key throws away form changes. This isn't that nice,
>  but I'll accept it for now and we can fix that when the quickform
>  branch is finished.
> - 1) BookmarkTest::testPrivateBookmarks
>  Undefined offset: 1
>  /home/cweiske/Dev/semanticscuttle/cwdev/tests/BookmarkTest.php:1387
>
> I did also run the unit tests with with coverage enabled and saw that
> i.e. "getUserByPrivateKey" is not tested. I'll help you with writing
> the tests.
>
> --
> Regards/Mit freundlichen Grüßen
> Christian Weiske
>
> -=≡ Geeking around in the name of science since 1982 ≡=-
>
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Semanticscuttle-devel mailing list
> Sem...@li...
> https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel
>
>