The Spot Blog

This has been a fairly eventful release cycle for LimeSpot, though in ways you probably won't see in the release notes.

The photo is from the first day in our new digs within the 9th floor of Lime offices, which we moved into a few weeks ago. Pretty nice space, but what's nicer is the fact that we'll be in the same general area as the rest of the Lime Wire teams for the first time in the history of our project. All that creative energy and light has seemed to do us well already.

We've also added three new team members -- Ari, Derek, and Tieg -- which has almost doubled the size of the LimeSpot team overnight. They've already been contributing a lot or hard work and new ideas, and I'm excited to see what the future holds for with all this new muscle to flex.

Finally, on the interface side of things, we're just about to conduct our second round of usability testing. You can see some of the results of the first round of testing in the interface tweaks debuting in today's update to LimeSpot. We already know that we have a good looking web app here, but we want it to be as easy to use as it is easy on the eyes.

By the way, this usability testing is slated to be an ongoing thing, so if anyone out there in the New York City area would be interested in helping us, then by all means drop us a line.

The blog has been quiet, but LimeSpot's been busy, picking up steam and returning to form after a raucous SXSW.  There's been a lot of work done over the past few weeks, and I'd like to highlight a few changes.

First, the covers have finally come off and LimeSpot Beta is now fully open to the public.  After a brief private beta period, we're ready to allow anybody to register and begin publishing using sites and apps.  Have at it.

One of our short term goals is to improve LimeSpot's interface, making its functionality intuitive.  In that regards, feedback is always welcome.

Some visual changes have also been added recently.  For example, notifications now appear in a pop-over on the lower left of the page, and we're using the same widget for both AJAX and non-AJAX messages.  We think this is a big improvement over our previous notifications, which were anchored to the top of the page and moved content when they appeared or disappeared.

Finally, we also added mutual friend badges to the user cards on the Friends page.  Now it's easy to tell if a friend has been kind enough to return the favor.

What's in store for the future?  Continue to expect UI improvements that will make LimeSpot even simpler to use.  We also want to highlight the social side by adding a Followers page (users who have friended you) and a user search tool. 

A bit further out... well, we have some big plans.  LimeSpot is marked for some serious growth and change, so stay tuned.

When a few of us from the LimeSpot team began using LimeSpot for our own blogs, we quickly realized that content scrubbing is a real pain.  We had been whitelisting tags, which meant that any time we discovered we needed a new tag we'd have to add it to the LimeSpot codebase.  Furthermore, there are some tags that we can't add because malicious users can do bad things with them.

User-generated javascript is one of those things that presents so many opportunities but is so dangerous that most sites remove it completely. One of the main dangers of user-generated javascript is cookie theft—malicious users can embed javascript that steals other users' cookies and thus gain access to the users' accounts.  Another danger is the possibility of user-generated javascript executing an AJAX post request to do something malicious such as deleting the user's own account.

Because of these vulnerabilities, users usually have to have their own hosting in order to use Javascript.  For LimeSpot we wanted something a bit more.

Our first approach was to try and protect the cookies.  Several browsers now have support for HTTP-only cookies, but there are still too many browsers that do not.   Also, javascript allows too many methods for evaluating code for us to simply remove the methods for retrieving cookies.  What we ended up doing was moving all user-generated content into separate subdomains, leaving limespot.com for administrative tasks.  By putting users' sites on separate domains, javascript that is executed there cannot access the cookies on limespot.com.  We split our cookies into trusted cookies and untrusted cookies.  Trusted cookies are set for limespot.com and allow users to do anything they please, whereas untrusted cookies are set for (your site).limespot.com and only allow a few actions, such as leaving comments for that particular site.

Each untrusted site cookie needs to be linked with a trusted limespot cookie, so we used <script> tags register the untrusted cookie: (it conveniently renders our lime bar as well)

<script src="http://limespot.com/sessions/lime_bar?app_id=3 
      &app_session_id=123456789abcde&site_id=1" type="text/javascript"></script>

When we receive this on limespot.com, we go ahead and set up an app_session that is linked with the user's real (trusted) session. This way we can always tell who a user is, but we know to limit their privileges when they are on user-generated sites.

There are still a few kinks to be worked out, but we think this is a pretty good way to mix trusted and untrusted markup in the same web application.

Its been a long, strange trip for us to get to this point, but after weeks and weeks of frantic work and feverish discussion, things have finally begun to draw down into a relative, quiet calm.  And yes, this is the proverbial calm before the storm.

Austin, TX is the place this storm will be centered, because that's where we finally get to open our fledgling site to the public at large as part of Lime Wire's attack on SXSW.  But we sure hope its effects will be felt far and wide shortly thereafter.

While this is a big moment in our short and stormy existence, it's also very exciting for one huge reason: this is only the beginning.  It might sound cliched, but its true.  Up until now, it's been a monumental task just getting the gates opened.  But now we can start actually building on the platform we've worked so hard to create -- adding new apps and tweaking the ones we have as the feedback starts rolling in.

Welcome to the starting line.  ^_^ 

LimeSpot was updated again yesterday evening, with only a minor outage.  Another week, another spate of backend fixes that aren't readily apparent -- we've overhauled much of the admin UI and begun to split off asset serving and thumbnailing to dedicated processes.  Exciting work!

Unfortunately, the update introduced a slight misconfiguration and emails weren't being sent out starting at 6:00PM EST yesterday.  My apologies for the error.  To users who registered after that time: confirmation messages have been resent, so please check your inbox.

This was supposed to be a Thursday Update, since we've moved our weekly deployment back in order to give ourselves a working day to fix any immediate issues.  A series of mishaps, however, delayed the actual release until today.  It was also another "disruptive" update, so I apologize for the outage, but these sorts of things should become far more infrequent.

The big change this week: we've moved LimeSpot onto Engine Yard, and we're thrilled to be backed by such a responsive, savvy crew.  Scaling up should be a lot easier with a dedicated Rails host supporting us, and it's nice to leave the anxiety of managing your own servers behind.

Otherwise, we're continuing towards the public unveiling of LimeSpot's publishing features, and in fact, I'd like to announce that we'll be lifting the curtain prior to SXSW in early March.  Stay tuned for more news about that as we approach the date.

So we came in on this lovely Monday morning to find 14,000 emails in our inbox notifying us of failures in the latest build.

On one hand this means that our exception notification system works, which is a good thing as it allows us to be notified of problems in the field without you having to send us feedback. On the other hand each of these emails represents a user who didn't get the content which they were searching for meaning that the latest build has a few problems to say the least.

Oh the joys of beta software....

To everyone who experienced the random and unexpected "500 Error" page over the weekend we apologize. We have identified the problem and will be pushing out a bug-fix release this afternoon.

Thank you for your patience and support through this roller coaster of a beta!

For those of you who have been captivated by our posts of progress here, bless your hearts.  But honestly, there hasn't been a whole lot of visible changes at LimeSpot unless you've been lucky enough to have a site here.  With this past Friday's release, that has started to change.

There's been a long ongoing dialog inside our offices about updating and refining the user interface, and the first bits of that can be seen in the new navigation menu.  Of course, this is just the tip of the iceberg, but Jorge did a nice job of making it the prettiest looking iceberg he could.

This is along with all our normal bug fixes, code revisions, etc.  But hip-hip-hooray!  UI is in the house! 

Nothing major to report this week. We tweaked the UI a bit in preparation for a major face lift that Jorge and Andrew have been working on. In addition we enabled user confirmations, which were mistakenly broken.

As always if you run into any problems, or have any suggestions, please let us know. Contact details are over on the feedback page.

As I mentioned in the last post, LimeSpot's moving to a weekly update cycle, which we've scheduled for Friday evenings.  It's nice to start with a clean slate every Monday, and we also happen to have the kind of hubris that lets us introduce potential show-stoppers when absolutely nobody will be at the office.

For this release, we've fixed a few bugs, primarily within the admin section, but we've also introduced a very important public feature -- feedback.  In the footer of LimeSpot pages and in the bar at the top of the blogs you should now see links to the feedback page.

We hope you'll share your comments, questions, well-wishes, bugs and annoyances with us as LimeSpot grows.  So speak up, we'll do our utmost to keep our ears open, and help us make LimeSpot truly yours.