Two-step authentication: a necessity for secure webapps

21 June, 2011 § 2 Comments

Recently, my girlfriends Gmail account showed that it had been accessed from Poland, France, and the United States, all within a couple hours of each other. This breach of security was horrifying, and pointed out how easy it can be for someone to access another persons account.

We’re not sure how her password leaked. Maybe it was through a phishing site or some malware/key logger on her machine. But that was neither here nor there. The plain fact is that her account was granting access to unknown parties without her permission.

Not too long ago, Google announced 2-step verification for Gmail. With 2-step verification, the user logs in with their password, and then enters in a code that was obtained using their mobile phone. A friend of mine also uses a similar procedure for his World of Warcraft account.

I’ve signed up for 2-step authentication as well, and don’t mind the subtle inconvenience. If you are a Gmail user, you should try it out today.

Features like these make account security much stronger, and it is time that more secure websites start offering it (especially online banking).

What happened to Google SMS?

5 February, 2011 § 1 Comment

I’ve been using Google SMS now for a couple years. It allows users of “feature-phones” basic access to some of the luxuries that smart-phone users get.

Google SMS Search is accessible by sending a text message to 466453. It’s free and quick.

For instance, sending a message ncaab michigan state would reply with:

Basketball: NCAA
Michigan State Spartans (13-9)
Last game: Feb 2, Iowa Hawkeyes 72 - Michigan State Spartans 52
Next game: @ Wisconsin Badgers, Feb 6 1:00pm ET

Tip: get phonebook entries: send HELP PHONEBOOK to learn more.

This works great, providing up-to-date sports scores, local listings, and more. Lately I’ve been getting odd results when doing sports searches:

Here’s what I saw today when sending the same message ncaab michigan state:

Did you mean 'NCAAF michigan state'?

Basketball: NCAA
Michigan State Spartans (13-9)
Last game: Feb 2, Iowa Hawkeyes 72 - Michigan State Spartans 52
Next game: @ Wisconsin Badgers, Feb 6 1:00pm ET

Tip: get phonebook entries: send HELP PHONEBOOK to learn more.

No, I didn’t want football scores. In fact, college football is out of season. According to the command HELP SPORTS:

For EU Football and NBA/NHL/NFL/MLB scores and schedules, 
type SCORE and team name (ex: 'SCORE Arsenal', 'SCORE red sox').

For NCAA sports, enter NCAAB (basketball) or NCAAF (football)
and team name (ex: 'NCAAB Duke', 'NCAAF USC'). No results for sports 
not in season.

So yes, I didn’t get results for a sport not in season. But the response that I got is pretty awkward. In the traditional Google search, when you get a “Did you mean…”, it will usually auto-correct your search for you and return those results. In this case, it didn’t auto-correct my search.

So what happens if I do send a message with NCAAF michigan state?

Local listings:
State of Michigan: Branch Offices
400 Albert Avenue
East Lansing
1 (888) 767-6424

Tip: check flight status; send HELP FLIGHT to learn more.

Weird huh? All of this used to work as it prescribed. I wonder what has happened?

Google I/O 2011: No love for Academia?

2 February, 2011 § 3 Comments

Reading blogs on the web would make one believe that attendees of last year’s Google I/O conference are allowed to register January 31, a week before general registration opens.

Yet a couple days ago I received an email telling me to “mark my calendar for February 7th, when general registration will open.”  Last year I attended the conference using the Academia discount, and as far as I can tell, the Academia discount is the reason why there is no preference.

Why isn’t Google showing appreciation to their peers in academia?

Don’t be evil? Google Street View’s ulterior motives

26 January, 2011 § 1 Comment

You may have used Google Street View before. Street View is a service that allows you to walk around cities as if you were standing right there in the street.

Did you hear about Google “accidentally” collecting personal information from wireless networks? In May, 2010, Google made public that their street view cars had accidentally collected data from wireless networks. Spain and Canada have been threatening fines, and now Google has this to say:

Google still intends to offer location-based services, but does not intend to resume collection of WiFi data through its Street View cars. Collection is discontinued and Google has no plans to resume it.

That’s a very interesting quote considering the Reuters article had said that this was mistake. The quote makes the WiFi data collection sound intentional, however they will continue their “location-based services”.

These location-based services allow websites to provide special targeted advertisements or targeted content based on where you are located. A couple years ago this meant that they would use your computers IP address to see what city you were located in.

Now with Google’s location-service, they can get within 30 feet of your actual location.

When the street view cars were driving around your neighborhood, they weren’t just taking pictures. They were also collecting wireless SSID and signal strength data. Using triangulation, they can now determine exactly where you are sitting.

If you are connected to the internet with a wired connection the accuracy will be low, but on wireless it is stunning.

Moral of the story: Things aren’t always what they seem at first. While all the world’s data may be great when you’re working on a research paper, it can also be frightening for privacy.

Protecting your open source project from poisonous people

25 January, 2011 § 1 Comment

This previous Thursday I attended a talk by Brian “Fitz” Fitzpatrick of Google on “How to Protect Your Open Source Project from Poisonous People”. Brian started Google’s Chicago Engineering office in 2005 working as an engineer on Google Code. He now leads several of Google’s Chicago engineering efforts, including Google Code, the Data Liberation Front, and the Google Affiliate Network. He also serves as internal advisor for Google’s open source efforts.

Brian started off the talk by recommending “Producing Open Source Software“, a free book written by Karl Fogel. I’ve added the book to my future reading list, and will try to take it in once the semester ends.

A lot of students within Computer Science think that the hardest part about making software is inventing algorithms or finding ways to use obscure data structures for improved performance. As someone who has worked within industry now for a few years, I immediately knew where he was going with this. I agreed with Brian when he said that the actual hardest problem is working with other people.

Poisonous people on a project can make others leave and cause fighting over little things. To reduce this problem, you’ll want to build a strong community based on politeness, respect, trust, and humility. If a person joins on to the project and is causing a disruption of some sorts, it is best to identify behaviors and address them the best way you can. Notice there that addressing behaviors is the goal, not addressing people.

Addressing behaviors vs. addressing people comes up in a lot of conflict resolution scenarios, and often the importance of it is overlooked. Jay Smooth describes a very similar scenario very well.

Brian also recommended defining a mission for the project. As he said, if the mission isn’t already defined, someone else will define it for you.

Feel free to read the rest of my notes from the talk as I’ve typed them up on a Google Doc.

Using Google Alerts for the inside scoop on Google I/O

23 January, 2011 § 1 Comment

Just a couple weeks ago I wrote a post on how to get the inside scoop on Google I/O. I listed a couple Twitter accounts to follow and also explained how to set up a Google Alert for details about conference registration.

Since setting up the Google Alert on January 1st, I gotten twenty-six alerts. Some have been interesting, most have been worthless, but one of them was great! It appears that Google indexed the preregistration page, and sent me an alert saying so.

While this alert didn’t allow me to register earlier than anybody else, I was able to know that registration was coming soon before I saw it on any other blogs.

First thoughts on the Google CR-48 laptop

16 January, 2011 § 2 Comments

Less than a month ago I was lucky enough to arrive home and find one of the Google CR-48 laptops on my doorstep. I had applied for the program when I saw a small link on the “new tab page” of Chrome, and didn’t receive any notification that I had been chosen.

This isn’t the first gift I’ve gotten from Google. While technically this isn’t a gift, the fact that it was free and that only select individuals snagged one puts me in the “gift” mindset. About a month earlier, one of the new Logitech Revues showed up on my doorstep, and at 2010’s Google IO I was given a Motorola Droid and an HTC Evo 4G.

I’ve been logging bugs while using the laptop, and am happy with how simple and well thought-out the laptop is. One of the first things that bothered me was the Mac-like mouse gestures. I worked on a Mac for a few weeks and enjoyed the mouse gestures, but the CR-48’s implementation is just a little off.

Mouse Gestures

There are two things that I’ve had to get relearn while using the laptop. First, there is no side scrolling using two fingers. Second, the two finger right-click often gets interpreted as a left-click. This makes opening a link in a new tab much more cumbersome. I have since become acquainted with Ctrl-clicking on links to open in a new window. While the keyboard shortcut is faster, having to be “retrained” is less than ideal.


The designers of the laptop made some large changes to the accepted keyboard layouts. They removed the traditional Caps Lock key (hiding it functionality behind a toggle in the Chrome OS settings) and replaced it with a Search button. This is different from the Logitech Revue keyboard, which used the system-dependent key location for the search button (for example, replacing the Windows key/Apple key with the Search key).

Internet connections

Another thing to notice is the lack of wired Ethernet connection. The laptop requires network connections to come through the air, whether using Verizon 3G or WiFi. The current release does not support certificate-based WiFi, so I am unable to test it on our main wireless network at work.

Also, it may just be the layout of my house, but when I’m in bed using the notebook the WiFi signal is very weak. To conserve battery, when the laptop goes to sleep it powers down the WiFi hardware. This means that even though the device is advertised of having a 10-second boot up time, there is another 10 seconds or more of waiting for the wireless access to be negotiated.

Battery Usage

The battery life on the laptop is great. I can charge it to 100% and use it over the course of two days without recharging. The downside comes in how aggressive the device is in conserving battery. For example, the device shuts off the screen if the mouse hasn’t been moved in around 10 minutes. This makes watching a movie online quite cumbersome, as I have to keep moving the mouse to preempt the screen from shutting off.

In conclusion

With those minor caveats aside, the laptop is really great. It is light and super portable, and I’m looking forward to getting more out of it and will update here later with more experiences.

Where Am I?

You are currently browsing entries tagged with google at JAWS.