Tuesday, March 28, 2006

A preview of Google's new results page

.. what to think of it

Over on Ars Technica is a post that gives a little trick to get a glimpse of the Google future. With just a tiny dose of JavaScript you can get a new style of results page.

How to get there?

Go to your Google page and paste the following bit of JavaScript in your address bar and hit Go..

javascript:alert(document.cookie="PREF=ID=fb7740f107311e46:TM=1142683332:LM=1142683332:S=fNSw6ljXTzvL3dWu;path=/;domain=.google.com")

Note replace the domain with the correct version you use (e.g. google.nl or google.co.uk, it is not guaranteed that it works on all domains, however.

What do you get?

In the screen shot below you can see some minor changes. (Tip Click image to open it in a new window.)

preview of the new Google Results page, click image to open it in a new window.

The most interesting is the left side bar with the bar showing the number of results in the different categories. This gives some clue to what results are available.

For the rest there does not seem to be too much changed. Which is a good thing. The overall minimal look and feel is one of the powers of the Google experience and should not suffer from too many enhancements. No bells and whistles please. Google seems to stick to that approach.

Tags:

The ultimate nothing

.. as in NO thing

I came across the following useful site. Just by chance.

It's a great parody on so many sites out there that have created yet another killer app that is must have any professional user. This is a piece of software that does nothing. NaDa™ is just the thing for those little companies who think they have reinvented and improved the wheel.

As the name suggest NaDa™ does nothing for anybody and better still, is compatible with all Operating Systems. The download is just 1 byte!

This idea can be stretched

One can hardly call this software it is much more than that. It is the ultimate, purest form of software. The Mother of all Software. I coin the new type of Noware (© 2006 Roho). Not to be mistaken with vaporware.

This almost feels like something that can be mashed together in Web 2.0.

Hmm, if only I had not so much programming skills ...

Friday, March 24, 2006

Listen to the radio

.. well the computer then

Fridays I am not at my normal daytime profession. I try to dabble a bit at home. And while happily dabbling along I like some music.

I don't like DeeJays. Well, I hate most of them. Just filling up time that could have been filled with music. There are some channels that don't have DeeJays but they not always bring the music I want.

Now there are stations slash web sites like Last.fm that do not have DeeJays and where you have a big influence on what music you hear and also through the set up of the appliaction you are pointed at similar artists and discover many hidden gems.

Here's what I have been listening to lately:

Tuesday, March 21, 2006

Google Finance launched!

.. now you can see when you should have sold on line

Yep, they have done it again! Google has launched yet another spin off: Google Finance.

With this you can easily track any stock. After entering a company name in the familiar Google Search box you get a page filled with financial information. Enough to keep you satisfied for quite some time.

You get a graph of the current standing of your stock on the NASDAQ or NYSE. This is annotated with relevant news items, so you can see why the price went up or down.

Loads and loads of financial figures, information about the management of the company and way, way more. Simply too much to tell.

To top things of you can also pull together your portfolio and see what it is worth right now and whether your at a huge loss and should hold on or sell to become a millionaire.

Go give it a spin!

Monday, March 20, 2006

Are you Web 2.0 [2]

.. or still trying to ignore it

In a recent post I showed an image with many web 2.0 logos. Web 2.0 has now become an much overhyped bubble sized phenomenon, which many believe does not exist. Even though, I dare to post a follow up.

One of the problem with this great collection of logos was that it was not clickable. You had to search for all these great apps. But not any more! Over on Sacred Cow Dung there is a listing with many many Web 2.0 applications.

I never knew there were so many.

Dilbert Principle

.. or how sad reality is

We knew this already, but it gets proven over and over again.

Scott Adams
Dilbert Principle
The most ineffective workers are systematically moved to the place where they can do the least damage: management.

For any of you who have and will never make it to become manager there is some comfort in the feeling that you are apparently not an ineffective worker.

Tuesday, March 14, 2006

Taking a stand

.. now you take an aim

So I have taken a stand at Standpoint.com. Another one of those Web 2.0 applications out there.

What is it?

Taking a stand on Standpoint.com involves stating something you believe in. Interesting examples can be found:

  • You should not go hunting with Dick Cheney
  • men are aliens and women are goddesses
  • Most people used to believe that the earth was flat
  • Firefox is better than Internet Explorer

It is very easy to then agree or disagree with these standpoints. You can easily add what you believe instead. It gives a very interesting discussion without the usual flaming you find on the Internet. You can only put forward arguments supporting your believe or that take down the standpoint of another person.

Just for fun I have put in some myself. See what happens with them. I have added a link to my believes in the sidebar on the right to keep you all informed of them. Or just click the following button.

Monday, March 13, 2006

Google Mars

.. now where are those pills?

As Neuronix pointed out in a comment on my Google Moon post Google now also offers Google Mars.

Need to find my hash pipe, LSD and sitar music.

Groovy, baby, yeah.

Tags:

Ektron: I have moved a stone

.. and got noticed

Ektron has noticed my entries about an issue I found with the standard installation of their CMS400.Net CMS.

I sent out another warning message to a number of website owners regarding the hole in their Ektron CMS. And again informed Ektron.

Yes, after a few days of wait and see. I checked my Google Analytics and saw that multiple people from New Hampshire had read my posts about the vulnerability. I now dare to say that there is at least one Tablet PC at Ektron and someone also uses IE7. So they do like to live dangerous. ;-)

And a reaction came from Ektron.

William Cava
Hi Rob,
Yes, we saw your posts and weÂ?re including a modification to the installer in our next release that will address your concerns.
Thanks for your feedback.
Bill

So, I let out a cry of success and wore a smile for the rest of the day. I have made a difference. Ektron will be more secure starting from the next release. My feet were hardly touching the floor anymore.

I think the recation from Ektron is the right thing. One can argue that the extra user account probably should never have been allowed. But hey they are human and can make mistakes. (I make them all the time.) What counts in their favor is that once they were notified of the problem they have taken action. So, hip hip hooray for Ektron!

Then I fell back to earth

Only to bad that the four website owners that I had mailed about the problem still had done nothing about the problem and are still wide open for abuse. Well maybe I need to be more patient with them.

Any ways ..

Ektron has taken my concern to heart and will fix it. Which is good news. Thank you Bill and thank you Ektron!

Friday, March 10, 2006

I may be too good

.. too good for this world

Updated

Yep, I did it. I have sent out another warning message to a number of website owners regarding the hole in their Ektron CMS. And again have informed Ektron.

Now, after a few days of wait and see. Nothing came up, no one reacted, so be it. It is their responsibility and their risk.

So, if you have received an email from me, do not fear it was the last one ...

Just checkd my Google Analytics and saw that multiple people from New Hampshire had read my posts about the vulnerability. I now dare to say that there is at least one Tablet PC at Ektron and someone also uses IE7. SO they do like to live dangerous. ;-)

Thursday, March 09, 2006

Hype is up

.. time to relax

At this time when it seems normal to create organic buzz before launching a product, there is so much buzz around that it gets annoying. Many companies are leaking information about new stuff coming our way and you get the suspicious feeling that they leak on purpose. They deny and the harder they deny it, the more we get certain that they do it on purpose.

Apple is good example of a company that uses this type of marketing. (Even when it is really unintentional leaking making the best use of it is definitely marketing.) Shortly before every launch rumors start in the blogosphere that something exciting is coming to the world. Just the announcement of another presentation with Steve Jobs is enough to get the wild speculations going. Hypes turn into overhypes. Expectations turn into disillusions with the launch of a leather pouch for your iPod.

A trend in leaked information

Creating a buzz is definitely a trend. Even if these leaks are unintentional on the current Internet there are always people who will find the document with the list of the versions of the upcoming Microsoft Windows Vista. Through these careful observers we also know of something like Google's G-Drive (supposedly an online storage for all your files) and CL2 (an on line calendar, rumored to be part of the persistently rumored web based G Office suite).

It makes me wonder how people find these hidden pieces of information in some document somewhere on web server without a little help from their friends inside.

The other trend

Apart from taking a leak the other way is claiming a domain with some interesting name some a couple of teasers and let everyone guess what it is all bout. Microsoft is at with The Origami Project a site that sounds like a new Dan Brown bestseller.

What can we learn from this?

A new channel for creating brand heat is now in full swing. The blogosphere is an important part in this. Teaser videos known from Sony Playstation and many Nike campaigns have now found there equivalent on the Internet.

This new channel is cheap and simple.

Taking a leak requires putting a document on your server and accidentally drop the link to some friend who can then blog about it. That friend can even be an insider making a blog entry about it.

Setting up a teaser web site is not too expensive. Get some Flash wizards in and set them loose to create some whirling logos and phrases and make sure it ends with return soon for more ..

It's not just the big players

Not only the big companies can play this game also the smaller companies can excel in this area. As said it is cheap and all you need is some people taking notice and blog about it.

So, it's up to you and me to create some more buzz on already buzzy Internet and maybe that little mashup Web 2.0 app your are just putting together on those long dark nights can become something everyone yearns for long before the actual launch.

Wednesday, March 08, 2006

Security: ignorance is not bliss

.. it's just plain stupid

Updated, see below.

In a previous post I talked about a security risk my colleagues and I had discovered with a relatively widespread web application. Apparently the cms is not widespread enough or the web masters, whom I notified of the problem on their sites, do not think it a problem that clever bad guys can go in and completely destroy their site.

It may be a choice for the web masters to ignore my message. (Maybe it even got trapped in an over eager spam filter.) But a decision to do nothing is a decision as well. It can be well thought about decision, but in my opinion it is plain stupid to leave your system vulnerable when the protection for that vulnerability is so simple.

What bothers me most

The thing that bothers me most that the supplier of the software, Ektron has not done anything.

So here I am thinking should I warn them again?

Update [13 March 2006]

Ektron has taken notice and is taking action, read this.

Friday, March 03, 2006

Ektron cms400.NET has an open back door

.. and most admins don't know

Updated! See below.

In my daytime job I am busy with some colleagues to put together a new website for the company we work for. An interesting job involving many exciting subjects like:

  • XHTML & CSS
  • C#, ASP.NET and the .NET Framework
  • lots of OO and Patterns
  • and the exciting Ektron cms400.NET content management system

We have had our share of struggles with this system. Getting it to work with our framework which involves talking to the web service side of the cms and finding that not all functionality from the server controls were available in the web service. On top of that we have found problems with the performance. In the mean time we have worked around these problems and are now in the finishing phases of the long running project.

Now what's with that back door?

Well, it sounds pretty harsh like accusing Ektron of some sort of crime, but that's not my point. The back door is mentioned in the manual (at page 27) and there is a warning for administrators there so any admin who reads his manuals thoroughly ..


(space left blank to count the entire two of them)


any admin who reads his manuals thoroughly can close that back door.

A quick Google around the world by two of my colleagues showed quite a few instances of the exciting Ektron cms400.NET with their login pages exposed.

Then it was simply trying the admin account with a password I will not disclose (you go and guess it) and they were in. That was simply too stupid. Every admin should at least have the brains to change the admin password.

For most of these sites the admin password was changed, but the second built in user account (you try to guess it again) was usually still wide open!

So, it's just stupid admins?

No, it's not stupid admins, they usually are not stupid. Those who didn't change the admin password can be rated stupid, but those who left the second user exposed are not. I blame Ektron for that.

I think it is quite normal to have an admin user account in a system and maybe they should force changing the password the first time the admin logs in to the system. But I do not understand why there is a second user account that there that is completely hidden in the user list so most admins will not even know of the existence unless they have read page 27 of the manual.

So, most of the companies and organizations that use the exciting Ektron cms400.NET are completely unaware of the vulnerability of their web sites. After finding that we could login we immediately logged out. Less friendly people could cause a lot of harm.

And you?

We are completely safe with our website. We have simply left out all the admin stuff from our website. We manage the content from within our safe network.

Advise to Ektron

Inform your users and leave out this second user account in your future releases.

Update [3 March 2006]

Eventhough this article has been brought to the attention of Ektron and some site owners that had their website completely open to anyone clever enough to find the open door, no action has been taken by neither Ektron nor site owners.

The Internet is a jungle but they think it is OK to leave the door open with a welcome math in front of it.

Update [13 March 2006]

Ektron has taken notice and is taking action, read this.