Wednesday, 29 June 2011
My first experience with Google+/Google Plus

I received an invite to join the Google Plus Field Test from a friend of mine who works at Google. My first impressions of the sign up process for Google+ (or g+ as people now refer to it) was "this is rather simple" simple is good!

Page1

I suppose the beauty of Google+ is that most people have a Google Account, well lets put it this way most people in the IT industry have a Google Account and therefore a lot of the people I associate with have Google Accounts.

All Google+ asked me when I signed up was if I wanted to link my Google+ account to my PicasaWeb Albums, it automatically picked up that I had a Google Buzz account (which I seldom use). 

Logging into Google+ for the first time, you are presented with the following screen

 

GooglePlusHomePage

The first thing I noted about the interface in Google+ is its pretty clean, they've done a bit of work making sure its not cluttered. Facebook has that cluttered feel to it which has probably come about by Facebook bolting on new features throughout the years as its grown organically while Google has had the chance to think about this from the ground up.

The Circles
One of Google+'s selling points is its "Circles" concept, basically a human being has many circles, they can be a circle of friends, circle of associates a family circle.you get the picture.

GoogleCircle

Google+ suggests people I have corresponded with in the past be they from Google Talk, Buzz or my GMAIL contact list.

I can also import contacts from Yahoo and Hotmail.

I can then choose to add these people to my network by dragging them into the circle I think they fit into best.

Later when I want to share content I can choose which of these circles I'd like to share my content with or just make the content public. Google appears to have carefully noted peoples annoyances with Facebook and appear to be making sure Google+ does not fall into the same security trap Facebook did in the past. (hopefully I didn't speak too soon!)

 

The Streams
When posting updates, Google has a concept called "Streams", the circles you placed your friends into earlier each have their own corresponding stream where anything posted by these users appear in the corresponding stream.

writingupdates

As on a Facebook wall you can post different kinds of content into a stream such as photos, video's, your location and links.

Trying it out for a while I quite like the Stream concept I think its very cleverly done. I also like how easy it is to see who I am sharing my content/updates with by selecting a Circle from the drop down list (see the picture).


Hangouts
Another feature I didn't get to test out (not many of my friends are online early in the morning!) is a video conferencing feature called Hangouts. You can basically open a Hangout to which you can choose which friends or Circles of friends can join at their leisure. In a Hangout you can watch YouTube videos together and video chat or text chat to each other. The video conferencing with more than one person at a time seems to be a direct competitor with Skype's premium conferencing service. I can see the potential for Google to Launch a commercial version of this tool with their business offerings.

Security
So far Google have made the security simple to understand. You can access these settings from the top right hand side of the screen.

image

Google carefully explains to you what can and cannot be seen, how the various features work and how to change these settings if you wish.

You are also able to see how other people might see your profile by typing in their username.


Conclusion
I have only used Google+ briefly but from what I have seen I am pretty impressed and I would love it to succeed. I know there have been a lot of anti-Facebook groups lately who are unhappy with the security in Facebook, I believe they now have a suitable alternative to choose from (albeit no one finds a gaping security hole). Will people leave Facebook in droves to join Google+ ? I am not so sure they would I believe people may sign up for both because its pretty easy to do so. Which one they may end up using the most may depend on several factors such as ease of use and where their friends hang out the most. As Google is just about everyone's search engine of choice these days the integration with their flagship search engine will probably appear seamless and easy for users to switch between.

I can foresee further integrations between Google+ and search which will help Google monetise plus. For example a friend finds a jacket they like on Google Shopping and hits a button on Google Shopping which says share with my Circle. The friends in that circle then get to see a nicely displayed update in their stream so they can click on the product and see more details. Every click in theory would earn Google AdSense revenue.

What I have found in the past is that Google often focuses on launching a product or service that at the time doesn't really make much sense until later when you see the bigger picture. If Google gets this right they could crack a large revenue stream if they get it wrong it could be yet another Wave.

Note: Please don't ask me for a Google+ invite. People in the field trial have not been given the ability to issue invites as yet.

posted on Wednesday, 29 June 2011 19:17:55 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Friday, 24 June 2011

I have just upgraded to BT Infinity and am getting a good 37meg download and about 5.28megs upload (not that happy with the upload but its better than what I used to get).

After the BT engineer installed the new modem I asked him if the BT Infinity Modem (the kit that connects you to the new socket) supports PPoE. The engineer told me it did and I asked if I could plug in my trusty FritzBox instead of using the BT Home Hub (which I was less keen on) he was quite keen to see it work as he hadn't seen one before. I plugged the FritzBox I had setup previously for PPoE WAN over LAN port 1 into the modem and within seconds everything worked! The speed at first was dreadful as I was only picking up 5meg downloads and less than a 1 meg upload. The engineer tested the line and told me he was getting 40meg down and 10meg up. I knew then it had to be the FritzBox, I took a look at the settings and discovered my upstream was set to 5megs and my downstream was around 1meg. Ah ha! I set the Upstream to 5760 kBit and the Downstream to 6400 kBits. I know these values are a bit higher than what is supported on Infinity but it seems to have done the trick in giving me 37meg down and 5.28 meg up.

There is a little guide below for those of you who have a FritzBox. Mine is a 7170 but the FritzBox's are very similar. For those that do not have a FritzBox, you just need to check if your old ADSL router supports PPoE over one of its LAN ports or sometimes referred to as a WAN port. Note this is not replacing the BT Infinity modem which supports VDSL it is just connecting another device to it, other than the BT Home Hub using a standard network cable.

How its done on the FritzBox 7170

  1. Log into the admin interface on your FritzBox and click on Settings
  2. Go to Advanced Settings > Internet > Account Information from the left hand menu (your router may need to be in advanced mode to see these)
  3. Ensure you have the settings as illustrated in the diagram below. The important part is "Internet connection via LAN 1" and the other options should appear for you to select.Note the username is broadbanduser@btinternet.com you do not need a password.

    image

  4. IMPORTANT: Scrolling down the page, I set my Upstream and Downstream to the following values (below). You may need to experiment to see what gives you the better speed. Some FritzBox's may not have this setting as they may automatically configure these settings for you.
    image
  5. The next step is to plug LAN port 1 on the FritzBox into the BT Infinity Modem sometimes referred to as the BT OpenReach Modem. There should be some cables that came with your install to do this, otherwise a normal network cable should suffice.

That's really all there is to it, you are basically no longer using the DSL part of your FritzBox/ADSL Router you are just making use of its WAN feature, almost as if you were connecting to a cable provider.

posted on Friday, 24 June 2011 19:37:13 (GMT Standard Time, UTC+00:00)  #    Comments [3]

 Thursday, 16 June 2011
Setting up DasBlog on Windows Server 2008

I've been meaning to do a quick blog article about this for some time so I don't forget. I found setting up DasBlog on Windows Server 2008 pretty difficult. I currently run DasBlog on a Windows Server 2008 server with the following app pool ".Net Framework v2.0 Application pool in Integrated Mode"

One of the issues I discovered was setting up the permissions so that DasBlog could read and write the to the content folders. To do this follow the steps you find here http://learn.iis.net/page.aspx/624/application-pool-identities/ 

Basically you need to give the Application Pool that DasBlog is running under, permission to these folders. So for example setting permission on the content folder to allow the following user IIS AppPool\[your app pool name] read and write access.

posted on Thursday, 16 June 2011 20:12:10 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Friday, 03 June 2011
My morning roundup

Hackers attack Sony network.again
According to the BBC website a group called Lulz Security hacked into a database containing unencrypted passwords, names, addresses and dates of births of Sony customers.  It appears they only targeted Sony Music Japan.

Hyper-V to run Linux?
Missed this one yesterday, it looks like Microsoft may soon be supporting Ubuntu, Debian, CentOS, RedHat and SuSE on its virtualisation stack. This could also include Azure.

Microsoft may buy Nokia
According to this article on CNET's website "..an industry insider has claimed a Microsoft offer for Nokia is already on the table"

Apple signs Universal Music to iCloud
It appears Apple has had more success with its new cloud service by getting some of the major players to sign up to it in comparison to Amazon and Google ".it will be the first among the big three to offer licensed music."

Read more on CNET and Neowin

posted on Friday, 03 June 2011 08:51:15 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Thursday, 02 June 2011
My morning roundup

Windows 8 First Look
A first look at Windows 8 and it seems to be a lot about "touch" my first impressions when seeing a video demo was "this looks a lot like Windows Phone". They appear to have reinvented the Start menu and it looks like a lot of thought has gone to usability it also appears as though some ideas have been influenced by the experience with the iPad.

See for yourself on  Neowin and Engadget  for some interesting commentary checkout this article on The Register

Hackers in China compromise Google e-mail accounts
According to the BBC website hackers from China have attempted to access the Google e-mail accounts of US Officials, military personal and journalists.

How clean is your keyboard?
Checkout this article on How-To Geek on how to clean your keyboard (without breaking it). Warning there are some gory infested keyboard images in the article!

UltraViolet (buy it once play it everywhere?)
Its the first time I have heard about it. UltraViolet is supposed to be a media service supported by all the big players in the industry (except Disney). Basically manufactures will create TV's, mobiles, etc that support UV. You as the user can purchase UV compatible content such as a BluRay or DVD disk containing a UV logo and will be able to watch the content on any UV compatible device (even if it doesn't have a DVD player).  It sounds as though the industry has realised the issue with having many different DRM formats where content I download on my PS3 won't necessarily work on my PC or mobile phone if I want to watch it on the train. See what you think?

posted on Thursday, 02 June 2011 09:55:22 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Tuesday, 31 May 2011
My morning roundup

BT upgrading its network to Multicast
According to this article on the Register's website. BT's network is suddenly going to become pretty IPTV friendly as BT upgrades its routers. I would imagine BT is getting ready for the launch of YouView?

ASUS's new Padfone at Computex in Taipei
Asus's new Padfone will be making an appearance at Computex computing show in Taipai, Taiwan. 

Not sure how I feel about this device. It appears to be phone that can become a tablet PC by plugging into the back of a tablet attachment. What happens when you upgrade your phone?

 

 

Google Chrome OS doesn't need anti-virus software
Interesting article questioning Google's claim that its new OS will not need anti-virus software. Saying that, it is an anti-virus company that is questioning that claim Smile

NASA finally pulls the plug on Spirit Sad smile
NASA has finally given up hope on its Spirit Rover which landed on Mars in 2004 and lasted much longer than its initially planned 3 month life.

A new Bionic Eye gets given the go ahead in Britain
Thousands of blind people have been given the hope of seeing again using an artificial retina implant according to this article on The Express.

Germany to shut down its nuclear power plants by 2022
Its a brave step and maybe Germany will lead the way in clean renewable energy. However I am not sure how Germany will deal with the shortfall not covered by renewable energy. Maybe they will become more reliant on imported gas?

posted on Tuesday, 31 May 2011 09:07:54 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Saturday, 02 April 2011
LizaMoon–Injection and Cross Site Scripting attacks

Following the news on the LizaMoon injection attacks which have been publicised a lot in the press lately really made me want to find out more. Being a technically minded person I wanted to scrape past the general media version of what was happening and get down to what this means to people who run websites that might be vulnerable.

Reading posts on Stack Overflow it seemed to be the same old vulnerabilities that have been around for a very long time were once again being exploited.   Even though I have checked many sites I have worked on in the past, you can't help but wonder if there is anything you have forgotten. Security vulnerabilities in websites is not something you can say "yes I fixed it" its an on going battle (a bit like an arms race) where you have to keep up to date with the latest vulnerabilities.

One of the classic vulnerabilities I have seen from such attacks in the classic query string SQL injection attack. Take for example the following url on a website.

readmessage.asp?messageid=234

or

readmessage.php?messageid=234

There is nothing wrong with the above urls as long as what happens behind the scenes makes sure that whichever SQL database you are using be it MySQL or MS SQL Server is protected from bad input. Basically you cannot trust any input you get from the web.

One of the things I like doing with the above type of input before I even reach SQL is to ensure that the query string I am being sent in this case messageid is an integer. So in what ever language you are coding in, a very simple step is if messageid is indeed intended to be a query string test it to make sure it is. If you find it is not a query string you can either boot the user back to the page they came from or just send them to a generic error page that basically says that you can't understand what they wanted to do. Never display a detailed error message that divulges SQL statements and lines of code.

If messageid is supposed to be a string such as say a GUID? Test that all the characters used in the GUID are in a whitelist of acceptable characters first so for example accept A-Z, a-z, 0-9 and -  and reject everything else. In addition you can also HTML Encode or escape the input before sending it along to your code that persists it to SQL. In your code that does SQL persistence you can also help prevent such attacks by trying to use parameterised SQL statements instead of building your SQL update or insert statements as strings.

Other methods I have seen being used (although not a fan of) is where no text input is expected is to literally remove words and symbols such as "update", ), (, ',"insert" and "delete" this however can only be done where you definitely know these words are not intended as text values in a table field. If not used properly this could backfire and you could end up loosing data in sentences a user may have been innocently entering into a system.

The other thing to remember is just because the content went into the database safely doesn't mean that when you display that same content back to the user its going to be safe. Take for example a message board that uses a SQL server to store its messages, its pretty easy to escape what a user enters so that its perfectly preserved in SQL. Lets for example say that happened to be some JavaScript and that the JavaScript functionality was to redirect a user to a malicious site.  If you do not HTML Encode the message board text when displayed in the users browser you are basically putting users that trust your site at risk. HTML Encoding what you display to the user ensures that the user sees text of what is being presented and that the browser doesn't suddenly kick in and starts to execute the code its been given. Remember that this is just about any text you display to the user including the browser title tag which may be  something like this..

<title>Does anyone know how to make green widgets?</title>

The above if not encoded could quite easily be changed to the following by a malicious user post on your message board.

<title>Does anyone</title><script>document.location='somesite'</script><title></title>

The code above could potentially redirect a user to a malicious site.

posted on Saturday, 02 April 2011 20:38:48 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Thursday, 10 March 2011
Cookie Trouble

I read the following news article with interest about the European Unions new laws that basically state you have to ask the users consent to place a cookie on their machine.  Reading through the new legislation I found the paragraph below, which appears to be the only paragraph that refers to cookies.

"Third parties may wish to store information on the equip­ment  of a user, or gain  access to information  already stored, for a number of purposes, ranging from the legiti­mate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spy­ware or  viruses). It is therefore of paramount importance that users be provided with clear and comprehensive infor­mation when engaging in any  activity which could result in such storage or gaining of access. The methods of pro­viding information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical  storage or access is strictly necessary for the legitimate purpose of
enabling the use of a specific service explicitly requested by the subscriber or user
. Where it is technically possible and effective,  in accordance  with the relevant  provisions  of Directive 95/46/EC, the user's consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these require­ments should be made more effective by way of enhanced powers granted to the relevant national authorities.."

If you look at the second section of highlighted text it appears an exception to this rule is when placing a cookie onto the users machine is to do with the explicit working of the service the user was expecting. So for example if you log into your banks website with a username and password the placing of a cookie onto the users machine without their consent is legitimate as the service would not work without it as the user expected. This is basically how I understood this paragraph.

What I do think will be an issue are people that use analytics packages on their websites (it is unclear if this is covered), paid for advertising and  affiliate tracking programs. I can already think of several organisations such as Google, Yahoo and even MSN/Bing that may be affected by this. I don't feel much thought has gone into this legislation and I am not too sure how this legislation will be enforced. It will not stop affiliate or tracking sites that are not hosted in the EU. It could end up with companies hosting these services or making use of services from countries outside of the EU zone to get around this issue.

One thing that is incredibly difficult to do, and that is to govern how sites work on the Internet. It is not the job of governments but of International bodies how this should work.  What the legislation cannot protect against are spyware and illegal sites making use of this information or tracking users in this way. I also feel that not much thought has gone into how this legislation would be interpreted or if it could possibly destroy how some businesses work.

A rather funny take on this new legislation can be found here

posted on Thursday, 10 March 2011 00:25:18 (GMT Standard Time, UTC+00:00)  #    Comments [1]