There was quite a bit of constructive feedback from my blog posting the other day about Synchrotron, my recent pet microproject to make it easy to create and maintain OCS feeds for application addons, and so I thought I'd spend a few minutes sharing some of the feedback and thoughts with you here.
Let's start with the whimsical: Parker Coates suggested this song by Canadian alt-rockers Carbon Dating Service as the theme song for the project. Who knew there'd be a song called "Light Up The Synchrotron"? Awesome.
On a more serious note, some asked as to the security of the service. Well, it's pretty simple: All data sent back in response to requests comes from the PostgreSQL database. All requests are written to be safe against things like SQL injection. If someone managed to find a way to do something untoward with the SQL queries, the scripts that power the public API use a database user with read-only writes to the database with one exception: it can insert rows into the IP access time log table. This (nearly) read-only user can not delete or update anything in the database. PostgreSQL just rocks in how easy it makes to add and manage a layer of security right inside the databas itself.
Other than this database access, the public API scripts do not touch the filesystem at all. So I'm pretty comfortable with it, though I'm still very much interested in people actually looking at the code, however, to ensure everything is indeed in good shape.
Speaking of which, I forgot to mention that there is a TODO file as well as some sketchy documentation in the repository in case you are wanting to get started on something. We also started up the respository for the actual addons where we are starting to collect items.
A few people asked if Synchrotron could replace kde-look.org or kde-files.org and the simple answer is: "no". The reason is that Synchrotron is not meant to allow for uploads and sharing of content by users. It is quite specifically an upstream tool. It's designed to make our lives as upstreams as easy as possible, in fact, but this makes it rather useless as a public file and data sharing hub. In theory it's possible for Synchrotron to be extended to be such a thing, but I have zero personal interest in that. :)
Something I do have interest in is using Synchrotron as a component in some larger projects that have been waiting for attention for a while, such as Plasma Classroom. So I do hope to reclaim the ~2 days spent on this project many times over.
Finally, Josef Spillner pointed out to me that there is the Hotstuff project that he started back in 2004 that strives to do some things similar to Synchrotron. Indeed, this was the project that helped birth the whole Get Hot New Stuff feature that can be seen in many KDE applications today. Sadly, I wasn't aware Hotstuff was still active and a viable candidate, as the last time I'd had a discussion about it I was left with the impression that the Hotstuff server wasn't really being kept up. Hotstuff is written in Perl, which is even less my language than PHP is, and is significantly more complex (and so probably does all kinds of nifty things Synchrotron doesn't); I'd probably still be struggling away by now instead of having something that works if I'd tried to go with Hotstuff. Still, Hotstuff is an interesting bit of software, it's been there for quite a while (nearly 7 years!) and Joseph is still interested in the Hotstuff code. So if you find Hotstuff to be something more like what you need, please get a hold of Joseph! :)
For that matter, if Hotstuff gained the features of Synchrotron and was easy to install/maintain, I'd probably drop Synchrotron for it myself. Necessity, however, is indeed the mother of (re-)invention. ;)