Chrome: Back to Firefox
Posted by James | Filed under Web
After a day of using Google Chrome, I’ve gone back to using Firefox 3. My biggest complaint with Chrome is the lack of extensions (although it has been noted that these could appear in future). I find it much harder to do my job without Firebug, Web Developer Toolbar, et al.
I was perturbed by Google’s EULA for the browser, giving Google potential rights to everything posted via the browser, however they have since modified this to alleviate users’ fears.
I’ve also been put off by a couple of issues I’ve read about/discovered:
- A flaw in the version of the WebKit browser engine Chrome uses allows an attacker to use a Java carpet-bombing attack, whereby a user can be tricked into launching an executable Java file.
- Typing ‘:%’ into Chrome’s omnibar crashes the app hard, taking all tabs down with it. So much for tab process isolation!
However, I love the V8 Javascript engine:
It achieves great performance by compiling JavaScript to native machine code, rather than to a bytecode. Thus, JavaScript applications will run at the speed of a compiled binary.
photo credit: themaxsons
Tags: Browsers, Chrome, google, java
Google releases Open Source Crypto
Posted by James | Filed under Code, Open Source, Security, Web
photo credit: gruntzooki
Google has released “Keyczar”, a cryptography toolkit that supports encryption and authentication for both symmetric and public-key algorithms.
Why Keyczar?
Cryptography is easy to get wrong. Developers can choose improper cipher modes, use obsolete algorithms, compose primitives in an unsafe manner, or fail to anticipate the need for key rotation.
Cryptography is a common problem for web programmers, and Google aims to alleviate some of these issues by giving programmers a simple API for these functions.
Keyczar abstracts some of these details by choosing safe defaults, automatically tagging outputs with key version information, and providing a simple programming interface.
Keyczar is designed to be open, extensible, and cross-platform compatible. It is not intended to replace existing cryptographic libraries like OpenSSL, PyCrypto, or the Java JCE, and in fact is built on these libraries.
To download Keyczar and for more information, please visit the Google Code project and discussion group.
[Via] Google Online Security Blog
Tags: Cryptography, google, Google Code, Keyczar
The Social Graph API
Posted by James | Filed under Code, Geek, Social, Web
In "Thoughts on the Social Graph", Brad Fitzpatrick wrote:
There are an increasing number of new "social applications" as well as traditional applications which require the "social graph". What I mean by "social graph" is the global mapping of everybody and how they’re related, as Wikipedia describes and I talk about in more detail later. Unfortunately, there doesn’t exist a single social graph (or even multiple which interoperate) that’s comprehensive and decentralized. Rather, there exist hundreds of disperse social graphs, most of dubious quality and many of them walled gardens. (…) If I had to declare the problem statement succinctly, it’d be: People are getting sick of registering and re-declaring their friends on every site., but also: Developing "Social Applications" is too much work.
Five months later, Brad Fitzpatrick announced that Google will start to index FOAF files and the XFN microformats from web pages to gather publicly defined relations between people. For example, "XFN outlines the relationships between individuals by defining a small set of values that describe personal relationships. In HTML and XHTML documents, these are given as values for the rel attribute on a hyperlink. XFN allows authors to indicate which of the weblogs they read belong to friends, whom they’ve physically met, and other personal relationships."
It’s easy to edit the links from your blogroll to highlight your friends or your acquaintances:
You can also link to your other site’s or to your pages from Flickr, del.icio.us, Twitter, etc. and consolidate your online identity:
Google allows you to access these social relationships using a simple JSON API. The API could be used by social applications to discover some of your friends that already use the same application. "So you’ve just built a totally sweet new social app and you can’t wait for people to start using it, but there’s a problem: when people join they don’t have any friends on your site. They’re lonely, and the experience isn’t good because they can’t use the app with people they know. You could ask them to search for and add all their friends, but you know that every other app is asking them to do the same thing and they’re getting sick of it." Since the data is already publicly available, this API makes it easy to discover your friends and let you select the ones you want to keep in the new context.
For example, Bradfitz from LiveJournal has a friend Jane274. When Brad joins Twitter, the API could discover that he also has a LiveJournal page and his LiveJournal friend Jane274 is the same as Jane from Twitter. This way, Brad found a friend who has a Twitter account.
Of course, the problem is that few people use FOAF and XFN to declare their relationships, but Google’s new API could make them more visible and social applications could use them. Ultimately, Google could also index the relationships from social networks if people are comfortable with that.
Welcome to Jimmahdigital.com, personal blog of James Simm, Wigan/Manchester-based .Net developer.
