Does Diigo’s Heartbleed?

Lately there has been a buzz of fear and confusion surrounding the recently identified security vulnerability CVE-2014-0160, fancifully named “Heartbleed”. At the time of its discovery, Heartbleed affected some 15% of internet servers. Let me start by saying that Diigo’s servers are not now, nor have they ever been, affected by the vulnerability, and Diigo users need not worry that Diigo has allowed attackers to gain access to their personal information. However, many people use the same password for several sites. If you have received notice that you should change your password for one of the sites that you use, and you happen to use the same password for Diigo, you should change your Diigo password as well.

Heartbleed is a bug found in OpenSSL, a widely used piece of software meant for encryption and secure transportation of information on the internet. More specifically, Heartbleed is a bug in an optional part of OpenSSL known as “TLS/DTLS heartbeat extension”, hence the witty name of the bug. The heartbeat extension allows users of secure connections to detect whether the connection has been lost.

Let’s imagine a secure connection as a phone call. You are talking to a friend, and your friend is in a loud area. When your friend enters a quiet library while you are speaking to him/her, you might think the connection was lost, so you ask “Are you still there?” Your friend replies so you realize you don’t need to hang up and call again. The heartbeat extension allows for a similar behavior in secure connections. One computer ‘says’ to the other “If you’re still there, say the 3-letter word ‘yes’.” The other computer responds with “yes” and the connection continues.

The Heartbleed vulnerability allows one computer to lie about the length of the word “yes”, by claiming it has more than 3 letters. The first computer asks for the 1000-letter word “yes”. The second computer responds with the first 1000 letters in recent memory– “yes and-the-previous-nine-hundred-ninety-seven-letters-I-was-working-with”.

To tie back in with the phone call analogy let’s suppose your friend calls to confess all their secrets to you while he/she is drunk. The next day, someone using your friend’s number who sounds remarkably like your friend calls you and says, “I think I told you more than I meant to last night, what all did I say?” If you tell the imposter the secrets your friend told you, then you have a bug similar to Heartbleed.

When Heartbleed was identified, Diigo was using OpenSSL version 1.0.1e. Experts will note that this is one of the versions made vulnerable by the heartbleed bug, however, because we disabled the heartbeat extension, Diigo was not susceptible. We have now updated to the newest version, OpenSSL 1.0.1g, in which the heartbleed bug has been fixed.

New Feature – Save Links and Notes Through Email

This feature allows you to email your links and notes directly into your Diigo library. This is especially handy when you are on a mobile app. Emailed links or notes will be saved as private by default.

Go ahead and get started now.

If you are unsure how this feature works, check out the following illustrations by screenshots.

1) Send a link to your personal diigo email address from a mobile App:

Save by email

2) The emailed link is saved in your library:

Emailed

Diigo Welcomes its 7th Million User with a Major Redesign

Diigo-logo256x256-sm

Diigo Welcomes its 7th Million User with a Major Redesign
~ heightening its focus on being a “multi-tool” for knowledge management

Diigo was started as a simple social bookmarking service in 2005, and is now widely regarded as the most widely used and most robust web annotation tool in the world. By steadily enhancing its offerings beyond bookmarking/annotation to include web archiving, image/screenshot markup, group collaboration, improved information organization and presentation, and mobile apps, Diigo has effectively become an integrated “multi-tool” for personal knowledge management (PKM).

Diigo, as a multi-tool for PKM, now touches on the entire workflow for knowledge-oriented information consumption, from browsing, reading, researching, annotating, storing, organizing, remembering, collaborating, sharing, to connecting dots into knowledge – a workflow that we believe is still largely ad-hoc and inefficient.  Diigo is here to streamline this workflow and dramatically improve your productivity.

The current redesign includes the following:

  • a complete site redesign which includes numerous usability and aesthetic improvements

  • a redesign of the company logo and brand image to emphasize our focus on personal knowledge management.

  • a complete redesign of Diigo Web Collector, our flagship browser extension on Chrome browser.

  • a major update to Diigo Browser on iOS, which provides the best web reading and annotating experience on iPad and iPhone (coming soon)

As Diigo has steadily became more versatile and powerful, it has also steadily grown its user base, amassing 7 million registered users,  with more than 350 million items saved and 100 million pieces of annotations.  Our users include law firms, marketing agencies, consultants, recruiters, web designers, researchers, students, teachers … — basically anyone who do a lot of knowledge-oriented information consumption, either individually or as a team, either professionally, or for personal purposes such as reading and researching related to travel, health, shopping, career, hobbies, news, online learning, smart investing, school papers, work projects, etc, etc.

Going forward, the Diigo team aims to evolve Diigo into the best personal knowledge management system (PKM) on the market, providing unsurpassed capabilities for the collection, compilation, organization, digestion, presentation and collaboration of knowledge and information.

Scheduled Maintenance Notice

Our data center will be making their infrastructure upgrade this week: the planned maintenance window is Thursday, June 27th at 11:00PM US Pacific Standard Time (GMT: 6:00AM, Friday June 28th.) We expect the actual downtime to be approximately 30 minutes or so.  Diigo will not be accessible during this time.

Our team is working on the next Diigo release which will be available soon.  Please stay tuned as we continue to make Diigo better and better!

PS: Follow us on Twitter for whispers, early news, reviews, and updates from Diigo!

Import Google Reader Starred Items

If you use Google Reader, you must have heard that it will close down soon. As avid Google Reader users ourselves, we feel your pain and have prepared a small pain reliever for you: you can easily import your starred items in Google Reader to Diigo.

The closing of Google Reader again reminds us that it is important to make sure the services you rely on have a sustainable business model. At Diigo, it is your paid subscription that sustain our developers to keep Diigo fast and reliable, and make it better and better. If you have not upgraded, show your support for less than $2 per month and get a lot of goodies now!

Diigo Chrome Extension much enhanced, renamed as “Diigo Web Collector”

Over the past month or so, we have rolled out some significant enhancements to the Diigo extension on Chrome browser. With the new extension, you can now:

  • Capture and markup screenshots
  • More easily add highlights, especially multi-color highlights
  • Access cached versions of web pages you bookmarked
  • Easily add pages to read later (and optionally close the page automatically)
  • Save images from webpages as part of a bookmark or as a separate item
  • Support keyboard shortcuts
  • Search your library from the extension (coming soon) 

For more details, please see the changelog here >>

The new extension is now named “Diigo Web Collector” to reflect the fact it enables a variety of ways for you to collect web content of interest to you, so you can:

  • Just bookmark the link
  • Save the page itself
  • Capture screenshot
  • Add highlights and sticky notes
  • Save images on the page

Diigo’s mission is to provide you with the best experience for collecting and annotating your online content.  Let us know how we are doing and how we can do better!

Scheduled Maintenance Notice

Our data center will update their electrical system upgrade this weekend: the planned maintenance window is Friday March 8th at 9:00PM to 12:00AM US Pacific Time (GMT: 5:00AM to 8:00AM GMT Sat March 9th). Please note this is the maintenance window. We expect the actual downtime to be approximately 15-30 minutes.

PS: Follow us on Twitter for whispers, early news, reviews, and updates from Diigo!

Webpage Caching Improved

As Diigo users know, Diigo has always strived to provide the best capability on the market for your bookmarking and annotation needs.  One of the things that differentiate Diigo from other bookmarking services is that Diigo not only lets you save a link,  Diigo enables you to save the page itself! This provides several significant benefits:

  • Have a peace of mind that whatever you were interested in will always be there.
  • You can have more powerful search capability since our internal search engine can index the page text itself, in addition to meta data like titles, tags, and annotations.
  • You can cache multiple versions of the same page at different times to track the changes for purposes of competitive intelligence or whatever.

We are now releasing several improvements to the caching feature:

  1. The ability to view and add annotations on cached pages, so the same annotations will show up on both the cached pages and the original page.
  2. The ability to easily visit cached pages from your Diigo Chrome extension (other extensions and Diigolet to follow.) So when you browse to a webpage you bookmarked before, you will see a link to “Cached Versions” on the extension.  This can be a lifesaver if the page is not available for whatever reason.

Give it a try and let us know what you think!

Diigo @ #ISTE2012

We’ve just arrived in Sunny San Diego and look forward to lots of engaging conversations and learning in the next few days.  If you’re a Diigo fan,  also  love to meet up in person as well.

There are several Diigo sessions in ISTE2012:

Monday, 6/25/2012, 2:30pm–3:30pm, SDCC 33AB

Digital-Age Teaching & Learning : Achieving the NETS for Students
by Roseanne Sessa, Abington Friends School with John Rison

Digital age research skills in action! Learn how students collaborate, find, and organize current research and connect with experts using Twitter, YouTube, and Diigo.Tuesday, 6/26/2012, 3:45pm–4:45pm,  SDCC 31AB

Bookmarks, PLNs, and More: Supercharge Your Learning, Teaching, and Research

by Vicki Davis, Cool Cat Teacher with Ben Curran, Susan Nestico and Maggie Tsai

Flat Classroom cofounder, Vicki Davis; Diigo founder, Maggie Tsai; and Flat Classroom Teacher, Suzie Nestico share how class bookmarking groups facilitate research and information exchange.

Tuesday, 6/26/2012, 4:30pm–7:30pm,  SDCC 28D

The Ed Tech Toolbox: Creating Your Personal Learning Environment

by Leslie Perry, Whitby School

Take control of the wide variety of tech tools available today by creating a personal learning environment that works for you and your students.
Maggie will also be hanging out in Blogger Cafe from time to time.  She will be wearing a Diigo t-shirt, so quite easy to spot :-)    Hope to see you around.

A Tempting Trio: Using Diigo, Twitter and YouTube in the Classroom

Check out this cool video featuring students using Diigo, Twitter and Youtube in the Classroom:

If you plan to attend ISTE2012, make sure to check out Roseaane Sessa’s ISTE session:

BM119 A Tempting Trio: Twitter, YouTube, and Diigo in the Classroom

Roseanne Sessa, Abington Friends School with John Rison

Digital age research skills in action! Learn how students collaborate, find, and organize current research and connect with experts using Twitter, YouTube, and Diigo.