Dropbox

September 24, 2008 in en, open source, privacy, software

I had this in my “almost-finished-near-ready-to-publish” folder for some time already. Past week was again a little crazy in my personal life, so no real time to finish this small piece until now… :)

Do you frequently switch between two computers not connected with local network? If so, I guess you wanted to share data between them at least once before. It used to be a hassle. Now it’s easy. Dropbox started public open beta-testing of their service few weeks ago. If you haven’t heard of Dropbox here is my little intro. Dropbox is essentially centralized version tracking accessible from anywhere without need to configure anything. You copy files you want to share with other machines to your Dropbox directory and they are automatically uploaded to Dropbox server. If another machine on the other end of the world is running with same Dropbox account, it is automatically synced. If it sounds confusing, I encourage you to read the introduction tour on their website. Free account enables you to use 2GB storage and unlimited bandwith, so it’s not that bad. Most of all, it “just works(tm)“. And you can later upgrade to Pro versio with 50GB space for $9.99/month or $99.99/year. I am not sure about availability outside US, but I guess that’s not gonna be a problem.

You can synchronize files between Windows, MacOS X and Linux machines.There are still a few rough edges, but I guess that’s why it’s beta :)..It would be really nice if the protocol for communication with Dropbox server was made public, but I guess I am asking for too much. At least the Nautilus interface in Linux is GPLed and there are already alternative “clients” forĀ  retrieving status of your Dropbox account.

Good thing is that you can also share files with the rest of the world. Just like you would with for example Rapidshare account. The difference? No limits on file sizes (so far, as far as I know). I just wonder how will they fight sharing of illegal data.

With services like this privacy is always a concern. You give up certain amount of privacy by uploading your files to 3rd party server. So whatever you do, be sure to encrypt your private files. Happy sharing.

Stackoverflow launched

September 16, 2008 in en, howto, software engineering

If someone actually read my previous posts (heh), (s)he may have noticed that I quite often link to www.codinghorror.com. It is Jeff Atwood’s blog, and I usually find it very exciting to read. His style of writing and ability to convey complex messages in a simple way is my holy grail. And if he is not able to do it himself, he links to other authors A LOT. Instead of repeating same thing that has been said over and over again he just links to proper post made by some other fellow programmer/software engineer. Avoiding duplicity is really one of basic goals of programming. Instead of repeating same code 20 times, just write a function and call it 20 times.

But that is just low-level stuff. Jeff, Joel Spolsky and few others, embarked on an adventure to get rid of duplicity in minds of programmers. Programming is so inherently complex that no one really knows solution to every problem. And don’t get me started on optimal solutions. What did you do when you found solution to some programming challenge, or some tricky workaround for problem that was bugging you for weeks? If you have a blog, you could go and post your solution there. Maybe someone would notice. Maybe not. So what did Jeff & Co. do? They created and launched ww.stackowerflow.com. Quoting from about page:

Stack Overflow is a programming Q & A site that’s free.

As is often the case, powerful ideas come in simple packages :-). It is that simple. You ask, others answer. Then you vote and best answer wins. It’s kind of expertexchange.com, just without the paying part, and with better user participation. Users who have proven themselves to be worthy can earn karma points and thus become more-less moderators. Try it out, and you will see what I mean. Begin with reading their FAQ.

Google Chrome mass betatesting

September 16, 2008 in en, google, rant, security, software, software engineering

Google released its own Web browser called Chrome few weeks ago and whole web was buzzing with excitement since then. They did it Google style. Everything is neat, clean and simple. And quite a few features are also unique. Google engineers obviously put a lot of thought into scratching their itches with web applications. Javascript engine is fast and whole browser is created around the idea that web is just a place for applications. One of the most touted things about Chrome were its security features. You can read whole account of basic Chrome features on its project page.

In Chrome each tab runs as a separate process communicating with main window through standard IPC. This means that if there is fatal error in handling of some page (malicious or otherwise), other tabs should be unaffected and your half-written witty response to that jerk on the forum will not be lost. Chrome also has other security enhancements, that should make it more secure. I said should. Within few days of Chrome release several security vulnerabilities surfaced, ranging from simply annoying DOS to plain dangerous remote code execution.

What caught my attention was bug that enabled downloading files to user’s desktop without user confirmation. It was caused by Googlers using older version of Webkit open source rendering engine in Chrome. Integrating “foreign” software with your application can be tricky, especially if you have to ensure that everything will be working smoothly after the upgrade. In that respect, it is sometimes OK to use older versions of libraries. As long as you fix at least security bugs. People write buggy software. Google engineers included. I am just surprised that they don’t have any process that would prevent distribution of software with known security vulnerabilities to the public.

And that is the main problem. Chrome is beta software. Because of this, bugs are to be expected. But Google went public with Chrome in the worst possible way. They included link to Chrome download page on their home page, making hundreds of thousands of people their beta testers. People who have no idea what “beta testing” actually means. They just know that Google has some cool new stuff. So let’s try it right? Wrong. Most of us expect our browser to be safe for e-banking, porn and kids (not necessarily in that order). Unfortunately Chrome is not that kind of browser. Yet. I am pretty sure it is gonna be great browser in the future though. But right now Google should put big red sign saying “DANGEROUS” in the middle of Chrome download page.

Until Chrome becomes polished enough for Google to stop calling it “beta“, it has no place on desktops of common computer users. Even oh-so-evil Microsoft doesn’t show download link for IE8 beta on their main page to promote it. Mentioned issues aside, Chrome really sports few good ideas that other browsers could use as well. Try it out, and you will like it. Then go back to your old browser for the time being.

Google getting too big for it’s shoes

September 16, 2008 in Uncategorized

Google giant falling
lapses in judgement in past months, getting too big?
like their products
getting to the point where they can’t keep promises.

Google copying ideas?

September 11, 2008 in en, rant

Google’s Marissa Mayer (head of Search Products & User Experience dep.) today wrote blog post about current limitations of search and possible future improvements. All in all very interesting article where she compares current search to biology of 16th-17th century.
[search is] a new science where we make big and exciting breakthroughs all the time. However, it could be a hundred years or more before we have microscopes and an understanding of the proverbial molecules and atoms of search. Just like biology and physics several hundred years ago, the biggest advances are yet to come.

I can only concur. Search is relatively easy for tech savvy people. But the common mother of three will have problems formulating her search queries and picking right keywords for the job. There is still a lot of work ahead of Google it’s search boffins.

What made me write this article though was this excerpt:

Our presentation is still very linear (the results are just a list) and even (no one result is more important or larger than the next). What if the results page began to transform radically to really harness these different types of results into something that felt much more like an answer rather than just 10 independent guesses? What if results pages pulled the best media together and laid it out such that the most useful content was not only first but largest? What if we laid out content in columns to use more of the width available on newer, wider screens?

Does it remind you of anything? To me it does. Few weeks ago there appeared a new player in search engine wars. It’s name is Cuil. It does exactly the things that Mayer is thinking about changing. Multiple column results, (mostly) relevant media added to search results and completely different layout. Google has lot of smart people, so I would not be surprised if they were working on revamping Google homepage completely for some time. But the timing of these ideas is not very convincing for me. In the end it’s the end user who wins because we should not care about the search engine, but the results.

Stumbleupon password policy

September 10, 2008 in en, rant, security

I already wrote one post about passwords few weeks ago. As much as we would like to, passwords are not going away in foreseeable future. But it seems I found something worth mentioning again :)

Recently I started using stumbleupon. For those who don’t know this site I provide short description from their main page:

StumbleUpon discovers web sites based on your interests. Whether it’s a web page, photo or video, our personalized recommendation engine learns what you like, and brings you more.

It’s basically social networking site for link rating and exchange. It’s a nice way to discover yet unknown gems of the Interweb. Just stumble around :)

Here’s what sparked my interest. After registering with the site I received following email:

StumbleUpon

Discover new web sites

Hi xxx,
Thanks for joining StumbleUpon! Please click here
to verify your email address:

http://www.stumbleupon.com/verifyuser.php?email=3Dxxx%4=0gmail.com&verification=3Dd6z505kjmtjox3

Here are your login save this information and
store it securely:

Email: xxx@gmail.com

Password: MY PASSWORD IN CLEARTEXT

...
...

What the hell are they thinking? Sending cleartext password through email is not acceptable for quite a few years now, especially for large public websites. There are other options when users forget their password, for example:

  • resetting password to random one that is usable only once,
  • using control questions, i.e. “What was the name of your first pet?”. They are not very secure, but still better then cleartext passwords.
  • lots of other options (google training for the readers :) )

Maybe they count on Stumbleupon being low-risk site, where losing account is not dangerous to your online identity. But they obviously forgot that most users use the same password over and over again. So their password for Stumbleupon will be the same as for their Gmail account, and that will be the same as xy other passwords. I am only fortunate that I stopped recycling passwords long time ago. Shame on you Stumbleupon!

End of the world is not here yet

September 10, 2008 in en, rant

Hooray! The world didn’t end today. If you’ve been living under a rock (or you are not interested in these things :) ) then you may have missed that today morning the LHC started working. Goal of the whole project is to create really small Big Bang.

You can easily guess why some people consider these experiments dangerous. The general consensus among scientists was that it’s safe. But not everyone is sure. It’s almost like with first tests of nuclear weapons. Edward Teller, Hungarian scientist, was concerned that nuclear testing in atmosphere could ignite it, and burn everything (I mean EVERYTHING). The speculation was later refuted by more-less mathematical proof, that it’s not possible. I would say that in the end, LHC can be as important for advances of human race as was Manhattan Project. Yes, I know that they created atomic bomb, but by doing so they started revolution in nuclear energy and certainly other research areas that were not possible before.

Anyway, read at least the Wikipedia article about LHC. It’s really worth it. Or even better, I think that BBC had a LHC documentary, go watch it.

Note: I will finally have time to write some more posts today hopefully. I was too busy living my life for the past week :)