Scheduled Maintenance Notice 2

The scheduled maintenance is the second step for a backend upgrade.  We will move Diigo from current data center to Amazon cloud.  You will experience a faster and more stable Diigo after the migration.

The planned maintenance window is Wednesday, Feb 11th at 0:00PM US PST.  We expect the actual downtime to be approximately 1 hour.

Annotating PDF Docs with Diigo – A Tutorial  

There are two different methods with which you can annotate a PDF doc with Diigo.

(If you don’t want to read the tutorial,  try the PDF annotation feature directly.)

Mehtod 1:   Annotate a PDF doc by first uploading it  to the Diigo website

  • Step 1:  Upload a pdf doc to your diigo library in “My Library” page;
  • Step 2: Open the uploaded PDF doc in your browser, and you should see a toolbar on top of the doc;
  • Step 3: Select text to highlight or add a sticky note. Your highlight and sticky notes on the PDF will be saved in your Diigo library.


Method 2: Annotate a PDF using the  Diigo browser extension (available for Chrome and Firefox only, and the instructions below are for Chrome)

  • Step 1: Open an online PDF doc,within Chrome, with the Diigo extension installed;
  • Step 2: Click the  “Annotate” button at the upper right corner of the opened PDF doc (see the first screenshot below). The doc is then opened again with a toolbar on top (see the second screenshot below);
  • Step 3: Select text to highlight or add a sticky note. Your highlight and sticky notes on the PDF will be saved in your Diigo library.


How to Annotate and Clip non-text PDF Doc

If a PDF doc is in a form of an image, then you cannot highlight any text, but you can use the screenshot feature of of the Diigo extension (chrome and firefox) to capture or crop the image, and then annotate it as a screenshot.



Export an annotated PDF doc

The annotated PDF doc can be exported.  However, due to some tech limitation, after being exported, in-line sticky notes are invisible  for mac users who use preview as their pdf reader.

Due to the complexity of the PDF format and the compatibility issues for different browsers and browser versions,  Diigo PDF annotation may not work perfectly for every PDF file. If you experience any issue,  please do let us know.

PDF Annotation, Social Members for Anti-spam, and the New Pricing Plan lead to Diigo 6.0!

Dear Diigo Users,

We are excited to release the capability to annotate PDF files, a feature that has been among the most requested for a long time. The reason that it has taken us so long to release this feature is that PDF is a proprietary standard and very challenging to work with, especially within browsers. But with enough dedication to the problem by our team, we are happy to finally take it out of beta.

Another problem that we have been struggling for a long time is spam – spammers have been very aggressive and crafty on our site, harassing users and importing junky content. Spammers are costing us lots of resources not only in hardware, but also in manpower as we spent time developing anti-spam techniques and manually policing the site.  We have decided to take a different approach to this problem by limiting the social privileges of free users.  We now require captcha on many social features, such as following people, joining groups, etc. For a very nominal fee, you can upgrade yourself to “Social Membership,”  which would grant you full social features without capcha, plus a lot of other goodies.  We expect to stop the vast majority of the spammers with this simple measure.

We’d like to elaborate more about Social Membership and its pricing and our thoughts behind the decisions.   As long-time Diigo users know, Diigo is a personal knowledge management tool on the one hand, and a knowledge-sharing community on the other hand.  While it is perfectly fine to use Diigo solely as the former, we do believe that the value of the knowledge-sharing community could be substantial, as the number of active users increases, and as the spam is minimized.  As a result, we have decided to set the social membership annual fee at $5/year on Oct 1, 2014,  and will increase the price gradually thereafter according to a pre-determined formula, as the number of active social members increases.  To reward existing users, an attractive promotion price of $2/year will be available until Oct. 1, 2014.  For future years, you will continue to pay the low annual price you paid in the first year, as long as your credit card stay valid for automatic renewal.

We have also taken this opportunity to re-adjust our pricing plan to better align users needs with our business model.   Existing basic and premium users will be automatically upgraded to Standard in the new pricing plan.

We believe that it is paramount for both the Diigo team and Diigo users that Diigo has a viable financial model so it can continue to have the resources necessary to get better and better, and be around for 100 years or so :-)    In the last few months, several products that sort of compete with Diigo, such as Springpad, Kippt, etc,  have either announced shut-down or were put on hold.  Diigo is in a better shape than these companies, thanks to your support, and we hope you will continue to show your support and help Diigo improve and flourish!

With these exciting developments, we feel ready to declare the arrival of Diigo 6.0. Although version number does not mean a whole lot with internet products like Diigo that are being continuously improved, we are still happy to use it as a reminder of the long journey we have been through and the exciting improvements to come.

Our team always sees our users as a partner in getting the product right, and we appreciate and look forward to your feedback and continued involvement.


Does Diigo's Heartbleed?

Lately there has been a buzz of fear and confusion surrounding the recently identified security vulnerability CVE-2014-0160, fancifully named “Heartbleed”. At the time of its discovery, Heartbleed affected some 15% of internet servers. Let me start by saying that Diigo’s servers are not now, nor have they ever been, affected by the vulnerability, and Diigo users need not worry that Diigo has allowed attackers to gain access to their personal information. However, many people use the same password for several sites. If you have received notice that you should change your password for one of the sites that you use, and you happen to use the same password for Diigo, you should change your Diigo password as well.

Heartbleed is a bug found in OpenSSL, a widely used piece of software meant for encryption and secure transportation of information on the internet. More specifically, Heartbleed is a bug in an optional part of OpenSSL known as “TLS/DTLS heartbeat extension”, hence the witty name of the bug. The heartbeat extension allows users of secure connections to detect whether the connection has been lost.

Let’s imagine a secure connection as a phone call. You are talking to a friend, and your friend is in a loud area. When your friend enters a quiet library while you are speaking to him/her, you might think the connection was lost, so you ask “Are you still there?” Your friend replies so you realize you don’t need to hang up and call again. The heartbeat extension allows for a similar behavior in secure connections. One computer ‘says’ to the other “If you’re still there, say the 3-letter word ‘yes’.” The other computer responds with “yes” and the connection continues.

The Heartbleed vulnerability allows one computer to lie about the length of the word “yes”, by claiming it has more than 3 letters. The first computer asks for the 1000-letter word “yes”. The second computer responds with the first 1000 letters in recent memory– “yes and-the-previous-nine-hundred-ninety-seven-letters-I-was-working-with”.

To tie back in with the phone call analogy let’s suppose your friend calls to confess all their secrets to you while he/she is drunk. The next day, someone using your friend’s number who sounds remarkably like your friend calls you and says, “I think I told you more than I meant to last night, what all did I say?” If you tell the imposter the secrets your friend told you, then you have a bug similar to Heartbleed.

When Heartbleed was identified, Diigo was using OpenSSL version 1.0.1e. Experts will note that this is one of the versions made vulnerable by the heartbleed bug, however, because we disabled the heartbeat extension, Diigo was not susceptible. We have now updated to the newest version, OpenSSL 1.0.1g, in which the heartbleed bug has been fixed.