Tech Industry – Page 25

The Google Apps Security Hole

August 12, 2007 Leave a Comment

Lately, I have been using Google Apps for some of my work. Started off with mail, moved to calendar, and then to docs. The hardest part of this before today was getting used to the limited capabilities within Google Docs. Today, I realized the that Google Apps has a huge security hole it it that scares the hell out of me.

There is no configuration option (that I or others have found) to force all interactions with Google Apps to be secure!

Sure, Google Apps will encrypt your password as you login in. But if you are passing sensitive information via GMail, or storing sensitive information in Google Docs, all that information will be passed over the internet in the clear! Google Apps lacks a configuration option to “encrypt all access to Google Apps”. (I’m letting the security aspect of encrypting the data on the Google servers to slide for now…one thing at a time.)

Sure, you can manually change every Google App’s URL to be encrypted (to use https), but expecting users to do this is a fallacy, users are the weakest link of the security network…they will forget and information will be passed unsecured. And some people will say that “encrypting everything is too much over head”, but that is the smallest price to pay for security. Most people don’t think of security until it is too late. If Google wants Apps to be taken as a serious service, then this is a needed price to pay.

If you are a corporate user of Google Apps, send Google a message that this hole needs to be filled! Even if you’re not a corporate user, but are a user that takes their security seriously…send the message!

In the mean time, make sure you install one of the following plug-ins in your web browser:

Firefox: The CustomizeGoogle Add-On – https://addons.mozilla.org/en-US/firefox/addon/743
Internet Explorer: The CG4IE utility (CustomizeGoogle for InternetExplorer) – http://www.cg4ie.com/

I now use the Firefox add-on on every computer I use. When configured properly, it will automatically change all the URLs going to Google Apps to encrypt them (to use https). I disabled all the other features of the plug-in (which I didn’t see value in).

These add-ons are not a solution to this problem. Again, they require action by the user and can also be disabled by the user (remember: weakest link in the security chain!). Google needs to add the previously described feature to Google Apps ASAP in order to provide adequate security to the users of Google Apps.

Stop Me – Something Cool from Microsoft?

July 18, 2007 Leave a Comment

When you think about the “cool companies” in the technology space that are working on “cool things”, Microsoft is usually not the name that first jumps to everyone’s mind. And yet, yesterday I learned about something Microsoft is working on that made me say “Wow, that’s cool”.

My colleague William Henry mentioned Microsoft Surface in a recent blog posting; I hadn’t heard of Surface before and checked it out based on William’s recommendation. The concept behind it was quite impressive and I agree with William that this is the type of thing that I would expect ot see from Apple, not Microsoft.

Image an entire table top (about the size of a coffee table) that is a touch sensitive computer screen. What ever gets displayed on the screen can be interacted with in a iPhone sort of way. If there are photos on the screen, they look like a bunch of photos just tossed on a table. Grab one and it moves to the top of the stack; drag your fingers at opposite corners and resize the photo; grab a corner drag in a half circle to rotate the photo to show to your friend sitting on the oppose side of the table; touching the photo and flicking your finger tosses the photo aside.

Now take that same table and integrate it via bluetooth with you cell phone, iPod (of course on the Surface website they use that Microsoft music player…), camera, or other portable device of choice. Lay the device on the table, and the table now displays options for interfacing with the device and accessing data on the device. If it’s a camera, the photos display as in the example above. If its an iPod…er…music player, songs are displayed from your collection as well as from the phone. Dragging the songs from your collection to the music player transfers the songs.

The other example Microsoft gives is in a restaurant where your menu is displayed on the table. After you order via Surface, the table changes into some hip night club psychedelic screen savers. Or, as more apt to happen in our modern age, it might start displaying advertisements.

The concept of Surface is intriguing and has a lot of potential behind it, some that aren’t even imagined yet. It completely removes the interface device aspect of working with a computer. The interaction has the potential to be much more humanistic and nature. Has the potential. There are some aspects about Surface that are a bit ahead of their time. Like how quickly photos could be transfered from a phone to the Surface via wireless connection (it takes me many minutes to transfer my photos to my computer today via a high speed USB port). Not to mention the interoperability issues with all the different phone, camera manufacturers.

If Surface ever becomes a reality, the key to it’s success will depend on the development community. The iPhone has been out for just about two weeks now, and there are already a rush of new software applications coming out for it. Someone was smart enough to have a iPhone developer boot camp the weekend after the phone was released (sad thing is that it appears that Apple wasn’t smart enough to sponsor or get involved in it). This type of network around Surface would be sure to generate some really amazing things. Of course, when it is actually released.

To really appreciate Surface, you gotta check out the demo movies on the Surface website. Regardless of how real the technology is right now, the concept is killer. After the last movie, I got bit by the sci-fi aspect that Surface could have. How about placing a stack of documents on it, having them get absorbed into the surface and digitized. Then send those documents to another Surface user half way around the world only to have the stack emerge from that Surface so the receiver can pick them up and walk away. Might be a bit too Star Trek for now, but we’re getting there.

Side Box: Actually two really cool things from Microsoft. The other that has recently come out of Microsoft in conjunction with some research conducted at University of Washington is Photosynth. This is an amazing fast and unique way to interact with photos and view associated photos as they relate to the real world. You are given a 3-D view of something and can zoom in and out of photos of that thing taken from different angles. The killer aspect is that those photos could all be from a public archive like Flickr and taken by different people. The best way to understand Photosynth is to watch a killer demo of this from TED2007 and play around with a demo from Microsoft Labs.

Ohloh: Insight into Your Open Source Projects

June 13, 2007 Leave a Comment

One of the great things about Open Source software development is, well, it’s open-ness. Sort through your list of Open Source packages that you are running in your organization. You can go in and look at the source code for each one of them, right? But what’s behind that source code? Or Who?

I recently found a very interesting open source directory called Ohloh. Ohloh (oh, what a name!) takes a very interesting ‘bot’ approach to open source. They employ a legion of software bots to crawl through the major open source repositories and collect information about open source projects that you may never have known.

For example, did you know that the Firefox project has over 3 million lines of code? More importantly, how fast has the code base been growing? (or is it shrinking?). All you have to do is check out Firefox’s Code Statistics on Ohloh. You can see a breakdown of how many files within the Firefox code base are licensed under which licensing scheme. A trended history of code lines. And a breakdown of what percentage of Firefox is written in what programming language. When deciding on an which smaller scale open source projects to use, you can use this information to make a better decision. Do you have programmers with experience in the languages used within a project?

You can also look at an open source project’s list of contributors and how long they have been with the project as well as how often they submit code. The system even gives a heuristic on each contributors experiences level with various languages based on how many submissions have been found in each language and over a given period. There is even a social network aspect to the site where programmers can rate their peers (which needs to be taken in context of any social network site…). About the only thing that is missing is the one click ability to see if there are other projects that a contributor is also involved with (you can do this by doing a search for a contributor on the main page of the site, but this is so obvious I’m surprised the site’s developers didn’t include that on each developer’s project page).

Of course, what would a website with social features be if you couldn’t have an account and provide your own feedback on projects. Ohloh has that, as well as the ability for members to define the stack of open source software that they use. Which gives viewers the ability to see how many people are using a projects.

Ohloh provides a new twist on evaluating opens source software projects. However, there were a number of projects that I use which were not on the site, some of those missing projects surprised me as Ohloh has been around since 2004. Guess no one is perfect…