Google Reader

By now, anyone using Google Reader should probably know that it’s going to shutdown on July 1 this year. Personally, I think it’s a shame, but not entirely unexpected.

I use Google Reader daily and in fact it’s the only Google service I still have need for (although I’ve kept Gmail as a backup mail service – it’s good to have a secondary address that can be used for temporary communication, particularly with one use web sites). Once the decision was taken to let the feedburner service run down I always assumed Reader wouldn’t be far behind.

I think there are some issues with the concept of RSS as a “consumer” technology – these implementations never quite gained the popularity I think they should have. I’ve introduced other people to the idea and seen how it can help ease the way that updates are retrieved from web sites. Anyone working online should have least have tried it, but I think the perception was always that it’s a geeky tool and little used. Hopefully the outcry around the web about Google’s decision will contradict that.

One of the comments I was most interested in around this decision was from Dave Winer. Dave makes two points that are worth mentioning; Firstly around his favoured “River of News” approach, I think this is personal preference. One of the reasons I like the Reader style RSS approach (or inbox style, as he refers to it) is that I don’t miss the stories – rivers mean that much is missed, if I don’t see the story when it’s still onscreen I may never see it (this incidentally is my biggest complaint with Twitter as well). The way that I, and in my experience, most other people use RSS is to have that collection of stories that I can come back to when *I* want. If I’m out for a few days I can skim over the list and read as much or as little as I like. I also find the Inbox metaphor constricting – these are not messages to me and no-one is expecting a response; if I mark all as read, no-one is going to chase me for a response!

Dave’s second interesting point is also, to me, somewhat ingenuous.

Next time, please pay a fair price for the services you depend on.

I, like most people are happy to pay for a good service and there are paid for services out there, unfortunately they are, from what I’ve seen just not as good (for various definitions of good) as Google Reader. Quite frankly, everything else I’ve tried to use so far has fallen short. I have paid for apps that provide a front-end to Google Reader (on both iPhone and Mac) that ultimately use the service as a back end. These add value to the experience.

I’ll obviously be checking out alternatives to Google Reader from now. Any suggestions would be welcome!

Addendum: The Ars Technica story and discussion

Password Security

Sony hack reveals password security is even worse than feared • The Register

I was going to comment on something similar to this after my previous posts highlighting the generally poor user security awareness across the enterprise AND consumer spaces. The article is useful as an indicator of where the problem lies, but gives me chance to makes a couple of additional comments.

The common advice regarding passwords is to:

  • keep them complex;
  • change them regularly;
  • use a unique one for each application/system;
  • don’t write them down.

The obvious problem is that the more we follow the first three of those points, the more likely people are to need some easy way of remembering their passwords – writing them down, or otherwise documenting them can be a good way of doing that.

There are better solutions – SSO (‘simplified sign on’), or password lockers (typically with a master password) that can help with this – even the options to remember a password in a browser can help (note that, conceptually, this is no different from writing it down, but is likely to be less obvious or otherwise protected).

Attacks against password stores, as mentioned, provide some very interesting points of analysis – the way that breaches of stores at different sites/hosts can be used for comparison of the commonality of password reuse is obviously of particular interest and provides a good case to argue against such practices. This is a good example that anyone can see of why it’s a bad idea.

On the other hand, it’s perfectly reasonable to argue that it shouldn’t matter – if user credentials were stored securely then we wouldn’t have the information to even begin this analysis. Attempting to educate users of a system in security is pointless if the admins and owners of that system can’t do the basics. Add to that the sometimes conflicting messages and the lack of sense shown by some security wonks and it’s not a wonder that users are the weak link in the process.

Security teams would do well to get the basics right in systems as well as demanding more from people. Humans are the problem, but focusing on technical restrictions on passwords is not the place to start. No matter how simple, or oft-used a password is the simplest attacks are against those that are told to someone, either electronically (such as phishing), or through bribery such as with a bar of chocolate.

Of course, even aside from bribery there are other ways of getting a password, no matter what security is put in place.

xkcd security

(from the always excellent xkcd comic). This concept is tradionally known as a rubber hose attack and is the best indication of the weakness of the flesh in security.

Linking

Feds Really Do Seem To Think That Linking To Infringing Content Can Be A Jailable Offense | Techdirt

The story reminded me of a point I made a while ago – regardless of anything else, you (my reader), or me (as the author) has absolutely no idea what will be displayed if you click on the link. At the time of writing, using the particular DNS servers currently provided on the wireless network I am using it is an interesting story about how linking to infringing content shouldn’t really be an offence. Of course, given the way the Internet works, that may not be true for you (your own hosts file may resolve that name to a completely different address) and I guess the people at Techdirt could also change the story at any time which would make this post somewhat non-sensical.

There’s a current trend of using URL shorteners, which seems to be related to the stupid and arbitrary 140 character limit on twitter (which is derived from the limit on SMS message length, despite the fact that every modern phone can concatenate messages into one, making the whole thing even more absurd, but I digress…), which introduce another level of abstraction and make it utterly impossible to know what will happen if a link is clicked. Here’s an example, just to drive the point home…

http://bit.ly/f1dzwo

For a start… notice the CTLD is .ly. That means that this service is controlled by Libya, so obviously nothing wrong there. Secondly, you don’t know what site that links to. Thirdly, you don’t know how the people who control your DNS servers will resolve that name to an address. Fourthly, you don’t know what the http server at that address actually serves as content (malware, porn, movies, live sport). Yet, people click these things all the time.

There’s a major disconnect between the way the law wants to work and the way that things actually do work.