Category Archives: en

Google Buzz start-up requesters update

Apparently the Google Buzz team is very hard at work (on a week-end break!) to fix some of the more blatant problems with Buzz initialization, see their post titled A new Buzz start-up experience based on your feedback; including a nice apology at the end regarding the panic.

My gut feeling is that there are still way too many opt-out things. List visibility, for one: opt-out still does not feel quite right to me; it is too easy for people to not care at first and regret it only when it’s too late. The obvious fact that leaked information can’t be unleaked should be taken into account.

Also, one of the core problems, clearly separating contacts vs friends, apparently remains. I’ll need to retry Buzz someday to see how it feels after this update.

Update: see also Google Buzz – anatomy of a slow motion train wreck, a very good analysis of what happened and things to expect. I share the feeling about the shift in privacy habits that Google (or should I say, some people at Google, but from where I stand that is irrelevant) are trying to shove down our throats.

Update: the mainstream press is getting angry, too. Furious John Naughton article in The Guardian, quoting:

In the real world, the devil is in the details. In cyberspace, it’s in the defaults. And the default settings in Buzz are so crass that one cannot imagine they are the product of corporate carelessness.

The Google boys are smart and know exactly what they’re doing. They’ve been enviously watching the stupendous growth of Twitter and Facebook and wondering how Google can cut them off at the knees before they become really unstoppable – which brings us back to Microsoft.

Update: another article, Buzz: Google Needs Better ‘People Skills’: (this one I find slightly unfair, albeit not totally undeserved)

Given the option, Google’s choice for default settings were what benefited Google the most, not what best protected its consumers.[…]

Privacy, however, impacts everything Google does. That the company could get Buzz privacy so terribly wrong is reason for serious concern.

Google needs to learn when to put people first and technology second.pdate:

Continue reading Google Buzz start-up requesters update

Google Buzz privacy debacle

So… as I said just 2 days ago, I tried Buzz.

And as I also said, « certainly missed a boatload of things and got some wrong ». Famous last words. How right I was !

I tried Buzz just like half the planet actually, which I didn’t realize until yesterday, when I found my Gmail account spammed by people I never heard about before, replying on my buzzes or writing buzzes I received or subscribing to my stuff.

I was panic-struck, just like the rest of the planet. That was the main theme of the comments I saw: « I’m panicking, are you? » « Oh yes I am, but who are you and how come you write this in my Buzz? ».

It somehow found the feed to this blog. I still haven’t quite figured out how; maybe that’s my fault, maybe not; anyway I validated it. I’m glad I wasn’t using Blogger, sorry but I’ve got enough knives planted in my back at the moment.

I did what everybody did yesterday evening: shut down all the incoming feeds, deleted posts and/or comments (“did I write something to my contacts that’s not for public consumption?”), tried to shut down everything outgoing, checked out all my subscribers, and tried to figure out how the damn thing decides that something should be visible or not visible, by others from me or by me from others. I’m still freaked out.

I still think this stuff makes Facebook look like amateur privacy violators by comparison. Even the quote by Eric Schmidt about privacy looks like a detail now (even though it was right-on).

The major, enormous psychological (not technical) error is that this was placed in the Gmail account; something you typically expect to be private. Putting there stuff that’s geared to be broadcast all over the place, in a opt-out way (second major error: everything is public by default, and you can’t ever revert to private after publishing, your only bet is to delete), is a tragically bad, bad, bad idea. Third error, fuzzy rules (recommendations? I’m not even sure) allowing buzzes to skip over contact boundaries.

By putting Buzz inside of Gmail, Google probably wanted to drive up adoption. Well done, it’s adopted all over the place with posts and comments and blog posts and tweet guts spilled everywhere, aggregated, resent, accessible without your knowledge. What a sorry mess. Evil? Still not sure about that. Ill-considered, that’s for sure.

Fourth, but not least, error — but is that really an error? Looks like a strategy, really –, Google confuses public availability with right-to-broadcast. My buzzes or blog posts being public does not mean that I want Google to spam these to contacts of contacts of contacts.

I’ll have to wait until the dust settles in my mind to know whether I really want to use this stuff. It’ll remain anyway as one of my most creepy experiences of late.

Already we see blog posts everywhere flowing about people who’ve unknowingly leaked private information to bosses, ex-husbands and so on. Too many to mention.

Update: Sixth error, the blocking of followers is not real security over leakage. It’s cleaning up after the fact (see the blog post linked-to above).

Update (21h41): Seventh error, and now (since when? since Buzz? No idea whatsoever, seems new since it also appears on my buzzes now) my Orkut photograph has been imported to my Gmail profile and appears to all my chat contacts. I never asked for that… it’s a photograph of me at the age of 3 months! Never meant to be visible in Gmail.

Eight error: so obvious I missed it… the followers/followee list is public by default “Display the list of people I’m following and people following me”. Which means you have a privacy leak in your contact list, since that’s where the followers come from.

This is insane. I think Google really has jumped the shark, this time. I’m out of Buzz for the foreseeable future.

Update (23h38): additional thoughts in relation to the above… Google apparently doesn’t realize that mail contacts (many kinds of people) are very different from friends in a social network; the contact or chat list may look like a friends list functionally, but they do not contain the same kind of people and do not serve the same purpose. It’s obvious if you look at  who’s in your own respective lists. A lot of confusion stems from that. Google is trying to “Facebookize” the Gmail ecosystem and the fit just can’t be good. Maybe that’s a cultural problem.

Update (0h06): an idea I just got. If the Buzz follower/followee lists actually were new lists, treated like real friends lists starting from zero (i.e. not based on any contact list, not even with a pre-filled checkbox list), with a reciprocal acknowledge just like in social networks, the user would really be more in control, with the actual feeling of starting up his own, separate network.

Google Buzz

Okay. I’ve just learned I’m the proud and lucky (thanks to my guardian angel) owner of a Google Buzz account.

What is it? Actually, I’m still trying to figure that out exactly.

Try to imagine Google Talk (chat) extended with bits of Twitter (followers and followees, but that’s not how they’re called) and geolocation, integrated within Google Mail with an interface that’s slightly reminiscent of Google Wave presented in a blogpost-like format (there has to be a RSS feed somewhere underneath, but I didn’t find it); with possible post upvoting as in Digg or Reddit (but no downvoting).

And you can also mix in stuff from Picasa, Google Reader, Twitter itself, Flickr or blogs.

The above looks like a web 2.0 keyword soup; this is a good reflection of my first impression 🙂

That’s what I was able to gather after using it for 5 minutes. I certainly missed a boatload of things and got some wrong.

Android pattern locking: a horror story

45 seconds of play, ~5 hours of desperate hacking.

A few days ago, my 4 year old daughter was playing with my mobile phone running Android 1.6. To let her play with the screen while avoiding any mishap, I locked the phone. It was obviously not enough, she instantly found the MENU key to unlock it.

So I had the brilliant idea to put on a locking pattern, the pretty method used on Android to really lock the screen.

After 5 unsuccessful tries, which my daughter reached in about 15 seconds, the pattern unlocking incurs a 30-second guard delay. I decided that the game was too risky (I found out later there’s also a 20-try hard limit, but we didn’t reach it) and took my phone back.

There, I had another brilliantly fatal idea: I clicked on the “forgot the unlock pattern” button which just appeared, just out of curiosity to see what would happen next. The phone asked for my Gmail account and password. I filled the requested information, but it didn’t unlock the phone; apparently this is a known Android bug that I didn’t know about. And, contrary to what I naively assumed, there was no way to get back to the unlock pattern screen. I rebooted the phone. No change, no escape.

Then it dawned on me that I was 600 kilometers away from home, for almost a full week, without all my computer tools. And I was locked out of my own phone.

Continue reading Android pattern locking: a horror story

The Google Toolbar and the Russian mafia

It can sometimes be fun to do computer support for your close family (or similar life-having, non-technical people):

– can you have a look at my computer ? It says something new about Sidevski… or some similar polish/russian name.

Sidevski ? Don’t know what that is. Maybe you mean Kaspersky ? Perhaps an antivirus warning… or ad, or spyware?

– No, that was more like Sidevski. Here, look.

– Oh, the Google Toolbar in your browser. Holly crap, you meant THAT and THAT?!

A good laugh.

Accessing the IPv6 web with squid 3.1

That’s it, Squid 3.1 is in the FreeBSD ports. Squid 3.1 is still a beta but it’s nearing a release.

This means I can now access ipv6.google.com (and obviously other IPv6 sites), through my local proxy. Unfortunately I’m redirected to the French version, which seems to lack the dancing “Google” letters. The good old Kame turtle works, on the other end. How’s that for a killer-app?

IPv6 is the unleaded gas (or the organic food) of IP: it doesn’t seem to bring anything concrete, unless you look at the bigger picture.

IPv6 connectivity survey

A request from CAIDA and WIDE to (hopefully) happy Unix IPv6 users for IPv6 connectivity data gathering:

http://www.caida.org/data/how-to/scamper/ipv6-collection-2007/

In March 2005 CAIDA and WIDE coordinated a global collection of IPv6 topology measurement in order to generate a IPv6 AS core map. We would like to repeat this experiment with probe runs between Tuesday 27 November and 4 December 2007. Please help us measure the IPv6 Internet! Instructions below.

[From my friend Philippe]

IPv6 at RIPE-55 and an upcoming communication

The RIPE-55 meeting takes place this week in Amsterdam. The hot matter currently is the expected death-by-[address-]exhaustion of IPv4.

So, on Monday, the main matter was IPv6 deployment (a lot of interesting stuff, most presentations are accessible as PDF files).

IPv4 address depletion was on the agenda Tuesday afternoon:

IPv4 Depletion Session

  • ETNO Common Position on IPv4 Exhaustion – Mark McFadden, BT – pdf [ 29 KB ]
  • Changing IPv4 Allocation Policy – Remco van Mook, VIRTU – pdf [ 76 KB ]
  • IPv4 Depletion and the Afterworld – Geoff Huston, APNIC – pdf [ 2.25 MB ]
  • Open Microphone / Discussion

Tuesday’s first two presentations reflect on future IPv4 address allocation policies. They don’t agree on what needs to be done; the first one, from ETNO (European Telecommunications Network Operators Association), is firmly opposed to a would-be “IP address marketplace”. The second document, from VIRTU (a Netherland-based hosting provider) holds almost the opposite view, saying that the various regional RIRs should be able to exchange address blocks to adapt to local needs, and leave LIRs invent and apply their own policies regarding address trading.

My personal conclusion is that a lot of wrestling over IPv4 addresses is to be expected in the coming years, and it will only get worse and worse with time.

The third document is a must-read, an updated version of the Geoff Huston presentation I already wrote about [fr] . I liked the train crash illustrations :-). The conclusion obviously remains: we’ll need to transition to IPv6 no matter what, and the sooner the better.

In that spirit, RIPE is discussing a Community Resolution (draft) on its IPv6 and Address-allocation mailing lists. Such a communication is desperately needed: most professionals (network administrators, network consultants) I spoke with about the Geoff Huston documents had a skeptical reaction along the lines of “Transition? Yeah right, I’ve been hearing that for 8 years now, so maybe one day”.