The problem with Google accounts

My last post was a rant. I posted it quickly without reviewing to get the problem out there (I’m sure there’s some terrible grammar in it, I really don’t want to reread it). It was also much more focused on CNET than Google. I’ve decided to write the problem up again, focusing on the bigger problem, not just the particular instance.

My last post was about two tiny words on the Google Accounts Authorisation page – Google Contacts.

image

What these words mean is to comment on this blog, I had to give the website access to every email address, phone number, and actual address for every friend I had in my contacts.

Before I go any further, CNET was not aware of this, and when I pointed it out to them they very promptly fixed it (There comment is in the previous post).

So I no longer have CNET in my sights, now I have Google. It’s one thing to let us share our information with sites, it’s quite another to let us share other people’s. In my opinion, here’s what Google has done wrong.

  1. If a website claims to require this data you can only let them have it or not login at all. This is an option (and there are probably others) which Google should FORCE to be optional.
  2. They describe it in two words and draw little attention to it. It should have in red next to it exactly what information will be shared with the site and point out the dangers.

So what should this look like? How about something along these lines…

image

As we’ve talked about, it provides a clear warning. Next it forces you to opt in to that permission. And finally there’s an option we haven’t talked about – send them fake data.

Why fake the data? Well to have Google force the option as optional is good but when the website gets the data back, there is nothing stopping them from saying, “Hey, you didn’t give us this permission, give to us or we’ll block you.”

Now it could definitely be argued that a website which behaves like this is one you should stay away from. But it could also just be a lazy coder – Look at what happened to .NET’s security system. By letting us send them fake data they cannot guarantee it is accurate, and thus any use of the data which does not benefit us, becomes useless (or at least less useful).

You might think you’re smart enough to always read these dialogs so this is a problem that won’t affect you. But remember, if you have any less technical friends, they may not only be unknowingly giving away their private data, but yours as well.

Please tweet/contact Google about this, blog about it yourself or just share this page to spread the word and get this problem fixed.

Third party authentication

I’m a huge fan of things such as OpenID and Gmail Accounts. Instead of having to deal with creating a new username and password for every website I want to comment on I just need the one. It’s safer, faster & less annoying.

However, yesterday I came across an abuse of this process, one which, unless the authenticators find a solution for could destroy all confidence in this system. I wanted to post a comment to cnet, a site that’s been around as long as I’ve been using the internet, but they required an account to comment.

I was glad though that I saw they allowed sign in through Google, Yahoo or Facebook (no plain OpenId option). So I clicked the Google button and the following screen popped up.

image

So to sign into the website to COMMENT, I was required to give them access to all my google contacts – email addresses, phone numbers, actual addresses of my friends! Wow! That’s about the most evil thing I’ve ever heard.

Now in cnet’s defence, there might have been a legitimate use for this information in another part of their site – which I didn’t want to use. And although I’m not an expert in google accounts, I’ve never seen “Optional Permissions” where the site says, I require this, and if you want giving me this other information you can do more.

And even if Optional Permissions exist and cnet refused to use them, why should they have the power? Google could force certain information, like Google contacts, to be optional. And to protect further from people who deny on their side if you don’t give them that data, Google could have a “Fake it” option. I would think that not knowing if the data was accurate would be a good  deterrent against requesting such data unless it actually did benefit the end user.

UPDATE:

The cnet team got in touch with me, informing me that this has now been changed (you can read their response in the comments)

It’s great that cnet was willing to fix this so quickly, but I think the fact that Google lets this be possible is a huge problem. To share your details with a site is one thing, to share other people’s details is another. Google needs to change this so the danger is absolutely clear and to make sure no site can force a user to give away this data.

Windows Phone Mango Beta impressions

I’ve had the mango beta on my phone for a few days now and here’s my impressions.

What to love:

  • Multitasking – integrated well, fast and it’s not the stupid Android design that has the potential to kill your battery life.
  • Conversations in the mail client – Very gmail-ish. If I could archive from the client it would be perfect.
  • Facebook chat – Treated as a First class citizen. Given absolute equality as SMS, from what I’ve seen of Android’s, Mango’s puts it to shame.
  • Internet Explorer 9 – Fast, renders better but I don’t like the new UI. Too stream lined. so you don’t get fast enough access to tabs or favourites. Before they had buttons on the page, now you have to click expand and choose them from a list.
  • Calendars – Much better than before, integration with Facebook’s events and birthdays is perfect, don’t know why this wasn’t from the start.
  • Maps – Recommends restaurants/events. Haven’t tried out turn by turn but from what I’ve heard it’s average.
  • Groups – When you first install Mango it makes a Family group and puts suggestions based on people sharing your surname. Very cool, but could be extended so it makes suggestions as you make other groups, like gmail’s recommendations when sending emails.
  • Animations are really nice. They were great before but there are very small improvements which are pretty cool

What needs to be improved:

  • Facebook check in: Using the integrated option you can only check yourself in, which makes it pretty useless. Of course the Facebook app supports check in with others and now that IE is location aware, you can do it on Facebook’s touch website too.
  • Facebook notifications: Not "glance and go enough" instead of telling you how many notifications you’ve got, the tile will *sometimes* pop down and give you the start of the notification. I’d much prefer a number which always is on the tile.
  • Call history screen still sucks. Instead of providing a distinct list of recently contacted people it repeats the person for every call to or from them. Simplest screen to fix and they haven’t done it.
  • The tile colours still aren’t fully customisable you can only pick from its limited list.
  • Groups are made by adding one person at a time. It’s a bit annoying. Suggestions and restoring the selection list to where you left off would help
  • Facebook chat setup sucks. Spent ages trying to figure it out, gave up and then it just started to work hours later. From what I’ve read online lots of people have had problems setting it up, if they want people to use this feature they must make it easier setup.
  • There’s a few cool things they showed off that are US only. Unfair.

Website hacking

Just before Easter last month, I was watching Everton vs Manchester United with a mate when I got a tweet from Dave Brotherstone from the Notepad++ community. He informed me that my website was hacked. (Luckily the language I used at that point was appropriate when watching a football match) I can’t thank Dave enough cause it wasn’t for another week until my host informed me of it.

I admit I wasn’t the best at backing up the website. Which is strange for me considering for most things I have strong backup plans – one of my favourite things about the PSP was it stored saved games on a memory stick, so it was easy to backup.

However, my limited backups were enough to bring the site backup without any data loss.

What annoyed me most was how meaningless the hacker was. It seems like he (or she) simply wanted to say, “I hacked you! Ha ha!”

Now sure that’s better than, “I’m trying to steal your identity” but why do it? You don’t get any gain out of it, It annoys me, there’s no benefit to anyone.

Proposal for improved Unit Testing “Less Than”, “Greater Than”

One thing that annoys me about Unit Testing frameworks is how you assert less than or greater than. For instance, here’s the definition for Nunit…

public static void Less(IComparable arg1, IComparable arg2);

arg1 and arg2 are horrible names. Does that mean it passes if arg1 is less than arg2, or the other way around? It’s confusing. Admittedly they have added a comment that explains it but looking at my code doesn’t explain what I’m doing, looking at the definition doesn’t say what my code is doing. That’s a few steps away from meaningful information.

MbUnit isn’t any better. They call the parameters left and right. Ok, this clarifies that they mean left & right side of the “x < y” equation, but my code still doesn’t read nice, and I still have to think what the hell does left and right mean? Also there comment actually adds confusion, and I would argue wrong. they say “left” is the expected value and “right” is the actual value.

Left and right implies

left < right

But actual and expected implies value to test and value to compare to, so that comment implies…

right < left

 

In short both suck. Now some people say a fluent API is the solution…

Assert.That(x).IsLessThan(5);

That is quite nice, it’s absolutely clear what the test is.

However I’ve come up with an even simpler approach that takes advantage of .NET 4’s optional & named parameters.

Assert.Is(x, lessThan:y);

It’s simple and clear. What’s the implementation?

public static void Is(IComparable actual, IComparable lessThan    = null, IComparable lessOrEqualTo    = null,
                                          IComparable greaterThan = null, IComparable greaterOrEqualTo = null)
{
    if (lessThan != null)
        Assert.Less(actual, lessThan);

    if (lessOrEqualTo != null)
        Assert.LessOrEqual(actual, lessOrEqualTo);

    if (greaterThan != null)
        Assert.Greater(actual, greaterThan);

    if (greaterOrEqualTo != null)
        Assert.GreaterOrEqual(actual, greaterOrEqualTo);
}

Simple. And Powerful, not only can you do simple compares like the one above you can also do

Assert.Is(x, lessThan:y, greaterThan:z);

Wallop! Clean simple code!

Porting code alignment to Notepad++

Before I start, Code alignment for Notepad++ can be downloaded through Notepad++’s Plugin Manager.

Also the Visual Studio version can be downloaded from http://tinyurl.com/alignby

Visual Studio has 3 problems.

  1. There’s a lot of languages it doesn’t do syntax highlighting for.
  2. It can take a while to load.
  3. It’s so good that when you use another editor you get annoyed that you can’t use your favourite Visual Studio feature.

Because of the first two visual studio problems I quite often use Notepad++. It’s a great little program, loads instantly, supports syntax highlighting for an insane amount of languages, and it has some pretty advanced features.

However problem 3 remained. A few things I could do in studio it just didn’t have. And the top of my list – my precious Code alignment extension. I got so sick of it I decided I would port it to Notepad++.

I was expecting I would have to rewrite it in C++, and I was a bit excited about it. It had been a while since I had used C++ and it was always a language I enjoyed. I was a bit worried – no Linq was sure to frustrate me and had used a lot of Linq in this project.

And then I saw that someone had created a nice easy way to write Notepad++ extensions in c#. And I instantly changed my mind. As much as I liked the idea of using C++ again, C# would let me have a common code base, which meant I could port it faster and when I added new features it wouldn’t require much to add them to the other. Also, like many people I have a large to do list, and time saved on this could be used to work on another project.

The port turned out to be very easy, Notepad++ has an excellent extension API, very different from Visual Studio though. However, I was able to wrap calls to both Visual Studio and Notepad++ up in classes that implemented a common interface, which let the core alignment logic be identical.

One problem I came across was that Notepad++ doesn’t allow 2 stage shortcuts (e.g ctrl + =, ctrl + space). I didn’t like the idea of using different shortcuts which had no relation to each other, so instead I created a quick code alignment bar. It attaches itself to the bottom of Notepad++ and responds to a key press. So you can press ctrl + = to bring it up and then = again to align by equals – just like in visual studio.

This is actually a really powerful thing because it lets me respond to any input after it’s been brought up. As such, I do plan to bring that feature back to the Visual Studio version.

So here is the current state of features for each version

Note: I will try to keep this chart up to date.

Feature Visual Studio Notepad++
Align selected lines Yes Yes
If nothing selected, work out the current block Yes Yes
Shortcuts Yes Yes
Can change shortcuts Yes Yes
Toolbar icons Yes No
Delimiter in dialog is saved and is the default on next use Yes Yes
Align by position Yes Yes
Align by space Yes Yes
Tabs handled correctly Yes Yes
Tabs inserted if “Use tabs” Yes Yes
Align by = should ignore = which have a suffix of a symbol. Yes Yes
New bar to handle second stage of shortcut No Yes
Align by space rule is "align the last space in the first block of spaces" Yes Yes

 

I plan to get them on feature parity (except maybe Toolbar icons, manual toolbar customisation seems a bit limited and I don’t want to add a bunch of shortcuts which people can’t opt out of). And extend the behaviour of the bar. There’s a few other minor things but after that I think it’ll be a while until I look at the source again.

Thoughts on Firefox 4

During the beta stage I had some quick plays with Firefox 4, but I really waited until the RC to thoroughly try it out.

Overall, I love it. I was sceptical about the new minimised UI, I loved the look but I feared that it would come at to higher cost. I’m glad to say that hasn’t happen.

Pinned App tabs

Love these. Could be my favourite feature, It’s amazing how much cleaner your UI is when those few tab you always keep open are compressed. I do have 3 problems with them though.

Let’s say one of your pinned tabs is Facebook. And you get a new notification, traditionally you can see this because the title changes to “Facebook (1)” however, you can’t see the title anymore. Firefox implemented the simplest solution of highlighting the tab. Great idea – except the chose to highlight with blue on blue tabs. It doesn’t stick out enough. They should have copied windows and used orange (or at least made the colour customisable)

 

That blue definitely contrasts with blue!

That blue definitely contrasts with blue!

 

My second problem is I wish that pinned tabs were a separate control from tabs. I have shortcuts on my screen but to save space I just show icon, It’s really quite similar to the idea of pinned tabs. I would love to put pinned tabs up with them. In my mind they are more “active shortcuts” than tabs.

And finally, middle clicking them close them, I love my middle click but these are tabs which I want to stay open. Closing them shouldn’t be easy. I would much prefer middle click to reset them – reload the page they were on when you pinned them as well as the back/forward state.

Panoramas

Panoramas suck. Simple as that. I really don’t get why everyone was going on about these things. Despite functional problems the entire idea is stupid. I accept that having a way to visualise you’re tabs using a 2D plane instead of 1D is useful. However, they’re expecting me to manually manage my groupings? Come on! I’m not going to do that, and neither are the majority of people.

It’s a lot like using a filing cabinet. Most people are unwilling to put in the work, and the benefit comes later when you’re looking for things. Except files have long lifespans. Things you file you want to keep for years. Tabs may be open only for a few minutes, and rarely longer than a day. The amount of work you need to do is not justified by nicely organised tabs you’re going to throw out in a few minutes.

What would be useful is if Firefox automatically grouped my tabs. It’s not hard. For example, how hard would it be to create a bread trail from where my tabs open?

257973873[1]

 

See? This has sorted the information without me having to do anything. And there’s heaps of useful views – show me the tabs from the on I view most recently to least recent, show me the tabs I still haven’t viewed, order them by popularity. All this is simple and useful – and I don’t have to waste time managing it myself.

Speed

Below is a complete summary of everything you need to know about the speed of current browsers…

Browser Speed
Firefox 4 Fast
Internet Explorer 9 Fast
Chrome Fast

Updating

Updating sucks again.

After finally getting there act together and handling updates properly for limited accounts, it’s reverted back to their old ways.

Going from RC to final, Firefox refused to update in a limited account. There’s an Apply update button in the About screen, but all that does is restart Firefox without updating anything.

After running as administrator and applying the update, running under a limited account makes Firefox claim there’s still an update, meaning that I’ve also lost the mechanism for know if there’s a new update.

This really needs to get fixed.

Why should I use Firefox 4?

To be honest all the nice new features just keep it up to date with the other browsers. The 2 reasons to use Firefox 4 hasn’t changed since Firefox 3 came out.

  1. Extension – Chrome may be getting better, but it just feels a more natural part of Firefox
  2. The Awesome bar – the Awesome bar is just awesome. It’s the number 1 feature to use Firefox. I’ve tried out other browsers, but their location bars just aren’t awesome. I won’t even consider another browser unless it has something that is truly on par with the Awesome bar.

Windows phone a few months on

I’ve had my windows phone now for a couple of months so I think it’s about time a share some thoughts on it.

First of am I happy with my windows phone? Definitely. Would I recommend it to others? Yes, and I do. And it seems I’m not alone. 93% Of customers are happy with the windows phone and 9 out of 10 would recommend it to friends and family. Putting aside the obvious mislead in the data (satisfaction they’re willing to go to 2 significant figures while they only go to 1 for recommendation, my guess is the real figure is more like 87%) these figures are amazing. Word of mouth is probably the most effective way to make people buy your phone.

So what do I like the most?

First the UI. It really is the most important thing to get right and Microsoft nailed it. It’s beautiful and usable.

Second, social networking integration. It really integrates the phone in our lives. I’d still like to see more, for instance, it grabs people’s birthdays from Facebook but it does put them in the calendar.

Third, the development tools, for a boys trip away I quickly made an app for it. Took less than half an hour and yet everyone thought it looked great. These tools and standard templates have lead to some incredible apps. Everyone is always jealous of cocktail flow and the imdb app is amazing.

What don’t I like about it.

My major complaint is the lack of updates from Microsoft. It’s not really that I want anything in a particular update, I just wants commitment from Microsoft to an agile schedule. I would love a monthly update.

Next, the Zune music player has this cool feature where the background become one of the last band you played – in America. Dispute using it on ads it’s not yet available here.

Thirdly, turn by turn navigation.

Fourthly, universal sound level. This idea is stupid my ringtone volume should have nothing to do with music volume.

 

To be honest, while copy and paste would be nice I haven’t really missed it, and again, although multitasking would be nice, I don’t want android’s model – One badly behaved app kills your battery life.

Thoughts on paying for Reflector

If you haven’t already hear .NET Reflector, one of the most popular tools for .NET developers will no longer have a free version, Instead you have to pay $35.

Now first off Reflector is a great and high quality, so why shouldn’t they get to charge for it?

I have two objections the first is they have always stated it will continue to be free. It was pretty much a promise to the community which is now broken.

Secondly, since they bought ownership of the product they really haven’t added any features I care about. How I use reflector today is exactly the same as when Lutz Roeder owned it.

But really, end of the day it really comes down to paying for something which we use to get for free. Let’s face it $35 isn’t much and Reflector is a great piece of software, sure I’d prefer it to be free but I don’t think $35 is unreasonable.

Why bother using a fixed width font?

This is a question for people who don’t align anything in their code. Why do you bother to use a fixed width font?

I would be willing to say over 90% of developers use fixed width fonts yet under 10% will do any kind of alignment (Again, just to be clear, I’m guessing and have no evidence of these figures). The advantage of a fixed width font is that you can align by a column and it will line up. There is no other advantage.

So why bother? Indenting still works without it, and let’s face it as nice as Consolas and Bitstream Vera Sans Mono are, there are much nicer fonts which aren’t fixed width. Evidence: the fact that nobody uses a fixed width font as their computer default font.

Aligning your code makes it more readable, so stop being lazy, download the Align by extension and get in there!

Return top

INFORMATION

The occasionally interesting thoughts & insights of a software developer