Archive for the ‘Blogs’ Category
Two of Google’s worst products in its product line up are Orkut and Blogger. There are various reasons why those two deserve that label, but when a company worth billions, with more PhDs than you anyone can count on its rolls puts up a notice that says, “Security tip: Never paste a URL or script into your browser while logged into orkut.com, no matter what it claims to do,” it really does not get any worse than that. Google, please do yourself and your users a favour and shut the damn thing down till you fix it.
Apparently there has been a spate of recent Google Account hijackings that don’t follow any particular pattern. There is a fairly high probability that the warning on Orkut has something to do with one of the twin curses of Web 2.0: a CSRF or an XSS attack. Orkut handles its authentication and cookies differently from the rest of the Google framework.
You can log into Orkut and also be logged into other Google products like Google Reader and Gmail without being prompted to authenticate yourself again when you browse to those products. Conversely, if you log into the other two and browse over to Orkut, you will be faced with the authentication prompt.
In all probability, Orkut is using another cookie of its own in addition to the Google account cookie and somewhere in between a malicious script is hijacking the Google account cookie, using the cross domain permissions that are granted to Orkut pages to do the initial authentication on the GLogin.aspx page. In any case, Google should have fixed the problems with Orkut than to expect users not to paste a URL or a script into the browser while they are logged into the website.
Google’s greatest strength is its computing framework (one that even Microsoft will take a lot of time to catch up with its ‘cloud’ initiative), where applications basically plug into Big Table and GFS, requiring relatively smaller teams of developers to sustain and develop the lesser-important products; Orkut and Blogger belong to that category. After all, since when does getting an Ajax button to post a comment or having product blog (OMG! We have a blog now, we are so 2005!) or having dynamic pages on a blog network represent significant advances in the history of humanity?
The trouble is that the same strength works as Google’s major weakness too. Since they don’t need massive teams to deploy and sustain these applications, the products don’t get the attention that’s required and function mostly on autopilot. And unlike what most people think, Google does not really care much about being a segment leader as long as they can mine usage data, do behavioral analysis and use that to improve the advertising cash cow. But that does leave holes like these open, which is just not done and I hope Google fixes the holes soon before someone figures out a Orkut-wide attack.
p.s: Get someone to fix the language in the warning. It almost sounds like they are urging users not to use Orkut irrespective of what the site claims to do.
After the unconventional ways of Jonathan Schwartz (Sun’s CEO), who’s kept up his blogging efforts even after being bumped up to the post rather admirably (albeit in a less interesting manner ever since) and Alan Meckler (CEO, Jupiter Media) who is not half an interesting a blogger as the former is, we now have Mårten Mickos (CEO, MySQL AB) battling the hordes in the very unfriendly waters of Slashdot. I quite like the openness in these conversations, though I have to wonder how long it would be (basically around the time till they list) before Mårten would also be snowed under the numerous directives issued by the attorneys and the shadow of the infamous SOX. It is an interesting thread to follow all the same.
Okay, before I start, I need to say one thing. If we are looking to live our lives inside the browser, it has to manage memory (yes, I am
looking glaring at you Firefox) a zillion times better. My normal laptop usage is to never switch it off or restart it for days on end. During the daily commute it is set to hibernate and once I am home or in office, I pick up from where I left off.
Now, I’ve had Firefox running for 2 days now and it has eaten up a whopping 476 MB of physical memory. I really don’t give a damn whether it is the 20 extensions which I have that is bleeding my laptop of these resources. If it is the extension model that is one of the core value propositions of the Firefox platform, there needs to be a solution that will fix this problem. Asking me to ditch the extensions is not a solution. Honestly, 500 MB of RAM is what fairly graphics intensive games takes up on PCs these days, it is not something any self-respecting browser should ever have to consume.
Back to the title of the post. My switch to Google Reader has progressed in a manner considerably better than what I’d expected. One very good positive from the switch is that it has saved me a lot of bandwidth. Leaving GreatNews on overnight often would cause me to pull around 100 MB worth of data (that does not include any podcasts), whether I end up reading any of the items or not. Using Google Reader treats the feeds pretty much like IMAP email, you get the ‘unread’ count from Google in the left pane, but you don’t download the items till you click on them. And for some strange reason I quite like the ‘river of news’ view in Google Reader than in GreatNews.