Tuesday, December 3, 2013

Boycott Google Plus.

(via Google Plus, ironically)

Alright, time to walk back from the inflammatory title. But only kind of.

Here's the deal. I think 2012 made it apparent that Google Plus is not just a once-good idea that failed to gain traction, but a true nuisance. And 2013 is making it apparent that it's not just a nuisance, but a corroding influence that is destroying Google from within.

Let's look at the evidence.

The poster child for victims of Google Plus is Google Reader, which was sacrificed to fuel Google's Sisyphean effort to force people into using its failed social network (not because of declining use).

The second incident that comes to mind for me is Youtube, which recently fell victim to another Google Plus ploy. Ars Technica has a pretty good explanation of how — and why — Google managed to actually make Youtube's notorious comments worse. And it's a bigger deal than you might think, since many Youtube channels (usually the more thoughtful and worthwhile ones) relied on comments for their videos. They served as a communication channel to an actually useful and interesting community (SmarterEveryDay), or as high quality fodder for the videos themselves (PBS Idea Channel). Now, they're so worthless they're essentially gone.

Another example that hasn't been talked about as much is Picasa. As Nick Mokey of Digital Trends points out in his own "Downfall of Google" post, Google Plus took over Picasa and ironically made it harder to share photos. And it's the Google Plus-ification of Picasa that broke all the images on my blog recently.

It's downhill from here.

Combine these direct attacks on once-useful Google services with a general trend in Google's recent changes, and the picture is becoming clear: abandon ship. I've been noticing that all the recent redesigns of Google products tend to be worse than before, like the move from GChat to Hangouts. And it's actively taking back good things it did before: Ars presents a pretty definitive case that Google is trying to lock down and close-source Android.

This actually isn't a rally for some outraged boycott of Google Plus. It would be silly to get that indignant at something like this. But I am a bit exasperated that Google is taking a slew of excellent products and cannibalizing them in a desperate attempt to transform into something we never wanted: a locked-down social network. These products were good because they were designed with one top priority: make them useful for users. The more users, the more eyeballs for Google ads. But now it's apparent that their primary priority is to cash in on those useful products to railroad people into one they never wanted.

So my thinking is, let's consider pushing back. The harder they push, the more good services they wreck to force us to Google Plus, the more we should say "I refuse to use it for that reason." I'm not sure I'll even be able to leave it, but I can certainly reduce my involvement.

I'm also thinking of exit strategies from other Google products, just in the interest of self-preservation. The house isn't burning yet, but I smell smoke. Time to eye the exits.

Hiatus?

Of course, the most immediately relevant product that I might leave is Blogspot. A look at the archives shows I haven't had much time to post recently. I've been getting pretty busy with other things going on in my life. Plus, I've been pondering other styles of blogs and other hosting solutions for a while. The incident with my images struck me as just another nice boot out the door. Apparently Google doesn't want me here, so I see no reason to stay.

Sunday, October 13, 2013

How many IP addresses does Google have?

This will be a very technical post, but I wanted to note this somewhere (and even make it useful for others!). Still, even if you're no command line whiz-kid but you're curious in the answer I got, skip to the end!

Let's start at the beginning. What is Google's IP address, you might have wondered at some point. Domain names are ways of referring you to an IP address, so google.com must lead you to one, right? Well yes, except it leads you to many. Each time you go to google.com, your computer looks up its IP address and it often gets a different answer each time. Google has so much traffic that it has many IP addresses for its servers, and gives you the address of the closest (or least busy) one whenever you ask.

So how many does it have in total, and what are they? Well, you can try asking a bunch of times and writing them down. I actually wrote a wrote a script to do that, before I realized maybe I should, say, Google for an answer. (To be fair, I'd done that before but came up short.) What I found was a page from Google's own help documents titled "Google IP address ranges." This page points out a useful trick: SPF records.

Wednesday, September 25, 2013

Google Plus broke my blog



Just an FYI, I know that my images seem to all be broken. Guess why? Google Plus.

So I ended up on my Picasa photos page, which I don't pay much attention to, and I realized since Google Plus happened, it seemed a lot of my photos were being linked to my public profile when I'd never intended that. So I tried fixing the privacy settings, which made them private again. But all the images I upload to my blog are hosted on Picasa. That's Google's choice. It's what automatically happens when you upload images to Blogger. So they're all in this special Picasa album. But when I turned up my Picasa privacy, it made my Blogger images private so no one can see them (even from here). And I can't figure out how to change them back. It might require me re-uploading everything.

tl;dr Google Plus ruins everything. Modern-day Google is not a place I want to live anymore.

Wednesday, April 24, 2013

Yes, the government is spying on everyone's Internet traffic

Welp, looks like, yes, the NSA has an untargeted, mass surveillance program snooping on domestic Internet traffic. I like how the White House granted this extraordinary, likely unconstitutional, legal immunity just for a "pilot project." So basically, that's the level of justification they require (jack).

Soooo I'd like to take this opportunity to remind everyone about HTTPS Everywhere. This Firefox/Chrome extension checks whether each site you're visiting has an encrypted connection option, and if it does, it makes sure to use it. That means no one listening in-between will be able to see anything you do on the site, except you and the site owner. Not even the NSA, in all likelihood.



This little extension has come a long way in the past few years. It started out with a list of only a few dozen sites whose secure connection option it knew how to use. Now there are thousands in the list, including most big-name destinations like Google and Facebook. Think about it. You enable this, and no one except you and Google will see anything you do on any of their sites. No one at the NSA, Comcast, the airport WiFi service, or the dude sitting next to you at Starbucks.

Now, I only wish there was a mobile version. I've been thinking it'd be nice, since you're using your phone all the time on insecure WiFi networks run by random parties. But now that AT&T is a specific company they mention participating in this spying, it'd be pretty great to black out my phone traffic to them too. Well, luckily both Android and the iPhone support VPN connections, so all you gotta do is run OpenVPN at home (or, if you're a human, sign up for a VPN service) and do your part in saying "screw you, AT&T."

Saturday, April 20, 2013

Evolution, in a sentence

Most teachers and biologists like to gum up the theory of evolution with lots of preconditions and caveats. Instead, I see it as something so simple, it's basically built in to the logic of the universe.

Maybe I'll expand on this in another post, but right now I just wanted to note the best, simplest way of explaining it I've stumbled upon so far:

If a thing makes more things, then there will be more of that thing.

It really boils down to that. There aren't really any more complicated "rules" or mystical workings to evolution. Instead, it's beautifully simple and automatic.

That's it for now.

Wednesday, April 3, 2013

CSS



All you web developers, you know what I'm talking about.

I've never seen it summed up so well.

Sunday, March 17, 2013

Google Reader killed in its prime?

Okay, so maybe not exactly its prime. But I noticed that in their announcement, Google noted Reader's years of declining usage as the reason for ending it. Now, I have no sense of its popularity; I don't even use it myself. So out of curiosity I went to Google Trends to check interest in Reader:


Now, Google Trends is a pretty rough indicator of the actual number of users of something. But I found it interesting that there's absolutely no sign of a decline until just last year. In fact, the last couple years seem to be the strongest in Google Reader's history.

So either Google Trends is way off, or lack of interest isn't the main reason Google is shutting it down. Perhaps it's a slightly more conniving move to shore up Google Plus. Ars has the details, but Hitler might have put it even better:

Monday, February 25, 2013

Expand short urls with one bash command

Warning: This post is pretty much for techies/programmers only. Sorry, but I just had to share this cause it ended up being pretty cool.

The rise of url shorteners, while useful, has made it kinda uncertain where any particular click will take you. Even if you're not as security-conscious as I am, sometimes you might be wondering whether some link will take you to some annoying spam page.

There are wonderful services like LongURL and Long URL Please, which try to make it possible to see where you're going before you click, but sometimes they're tripped up by unknown url shorteners or multiple levels of redirection. Plus, it takes a few clicks to get to those services in the first place.

Thing is, I know that it's possible to make a generalized service that simply looks for any HTTP redirects and follows them until the end of the chain. For the longest time I've meant to make this, probably as a web tool. But then I started messing with curl's -I option (which prints just the HTTP response header), and realized I could make it much more simply. Eventually I ended up fitting it into 6 lines of bash! So I thought I'd share:
longurl () {
  url="$1"
  while [ "$url" ]; do
    echo "$url"
    line=$(curl -sI "$url" | grep -P '^[Ll]ocation:\s' | head -n 1)
    url=$(echo "$line" | sed -r 's/^[Ll]ocation:\s+(\S.*\S)\s*$/\1/g')
  done
}
Just paste the url after the command "longurl" and it'll follow the redirect chain, printing each url. For example:
$ longurl http://t.co/8VzDpOP0Xz
http://t.co/8VzDpOP0Xz
http://ow.ly/hU93Q
http://www.quora.com/Lincoln-2012-movie/How-historically-accurate-is-Lincoln-the-movie
Note: As an optional feature, you can add the line "echo -n "$url" | xclip -selection clipboard" at the top of the loop to use xclip to automatically paste the final url into your clipboard*. But it only works on Linux systems and xclip isn't a default package, so I left that line out. Oh, and a disclaimer while we're at it: I really should be checking the HTTP response code, yadda yadda yadda, didn't read the relevant RFC's, etc. But this is simple, it should work in most cases, and when it doesn't, you'll know.

Anyway, if you're the kind of person who usually has a terminal sitting open, this might prove pretty convenient. Just paste the function into your .bashrc file to have the command available in every session. Oh, and make sure you have curl installed. But you should already have that, shouldn't you?

If you need any more convincing, here's an example I just ran into of a nice, long redirect chain that did indeed end up at a spammer site. Glad I checked it first:
$ longurl http://t.co/oZ2IWUfW9m
http://t.co/oZ2IWUfW9m
http://is.gd/5TIIkF/ubeldynl
http://steve.omeuemail.com.br/7voxe1rz0m1hwcrsOmngucq/Qznqh4x-Ninlkk0yiq7kdmlyx-Rje1ieyqgkmbtqxhswaxmcl/5rwc6eyhfxqbp/Sw0yazi5lqmew5fxszvte0/Nvefuwsqe9q3zbjvvlsiswyv0Kmbbqpmgawedcrtkhv/Rdwoy5iwkfxigllbuqzvxfyw-D3qvi1z7f
http://gift-card-rewards.com/?r=y


*Now, I actually have a modified version that uses sed to paste just the domain name into my clipboard because my most common use case is to immediately paste the domain into Web of Trust to see if the link actually goes somewhere nasty. So as an FYI, here's my version of the line:
echo -n "$url" | sed -r 's/^https?:\/\/([^/]+).*\/.*$/\1/g' | xclip -selection clipboard

Update: If you're looking for some interesting links to try it on, I suggest using any of the links in the weekly Ars Technica "Dealmaster" posts. These seem to always go through incredible numbers of redirects via various tracking, advertising, and analytics companies. For example, http://bit.ly/1b5KFTr gets you a total of 14 redirects! It actually fails on the last one because it's a relative URL, but you can just use the one before it. I don't have a problem with these links, since I believe the redirects give credit to Ars and helps support them. Still, it shows how this little tool can shed light on a lot of stuff going on behind your back that you wouldn't have ever noticed otherwise.

Wednesday, January 16, 2013

Uninstall Java.

(source: codemonkeyx.net)
(coincidentally in a story about getting viruses from Java)

Just as a PSA, if you have Java on your system, you need to either uninstall it, or at the very least, make sure it's disconnected from your web browser. Skip to the bottom for instructions or read on for the full story.

The past six months have shown Java to be the biggest security disaster in personal computing right now. Really, though, we've known this for a while now. A 2010 report by Microsoft showed that having Java was by far the most common reason users got malware on their computers:

(via Ars Technica)

Thursday, January 3, 2013

Fraudulent Google Certificate Issued by TURKTRUST - a CA you can safely delete

Firefox's default list of trusted certificate authorities

I'll point you here for the full story, and add my two cents below.

Sadly I don't have time to get into the rabbit hole of explaining certificates and SSL, so this will have to be directed at those already in the know.

Here's the overview. A root certificate authority, TURKTRUST (yes, they're Turkish), somehow issued two certificates in 2011 that allowed their owners to impersonate any *.google.com site. And I'm here to let you know you can go right ahead and delete TURKTRUST from your browser without worrying you'll ever need it.

This useful bit of information is courtesy of "Nasko" at netsekure.org, who did a survey in 2010 of the most commonly used certificate authorities on the web. This was in order to reduce his attack surface, since we've seen a steady stream of CA (certificate authority) compromises over the years, and if you don't trust a CA in the first place, you can't be fooled by their fraudulent certificates.

His surprising results were that you only need about 25 CA's out of the hundreds that browsers trust by default. His survey queried the top 1 million most popular sites according to Alexa, so you can be pretty sure he didn't miss much of the web.

What's more, I actually implemented his findings, deleting all but the those 25 from my own browser. And after several months of (heavy) browsing, I can tell you I've never once run into a problem.

After the jump, my revelations on the bigger picture I learned through this experiment.