Opinion
URL Shorteners Should be Banished
Aug 21st
In response to social networking sites like Twitter, URL shortening services have been springing up on the web like unsavory fungus on a cheese sandwich, without the prospect of slowing down any time soon. Services like Bit.ly were inspired by the need for compact links when sharing websites in character-limited status updates on Twitter and its Laconica-like counterparts.
While short URLs are extremely useful in these specific contexts, they also pose a serious security threat and are a bad omen of exploits to come. As Twitter-like social networks become more mainstream, regular folk will become (and presumably already are) conditioned to click on any link they come across, with the risk of landing on malicious websites that take advantage of web-based exploits like XSS (Cross-site Scripting).
In my opinion, links should be treated more like e-mail attachments. They are only to be opened when from a trusted domain. While everyone knows random link-clicking is bad web-behavior, it is being encouraged by the uprising of short-form social networks.
Unarguably, something has to change, as the bad guys have already taken the opportunity to start exploiting this phenomenon. Of course, who am I to suggest that services like Bit.ly and compatriots should be yanked from the interwebs if 140-character status updates gain traction on the net.
So, we can’t banish them. But there are things we can do to make URL shortening safer.
Site Specific Shortening URLs
Bit.ly in particular has proven its immense usefulness because of its way-advanced statistical capabilities. So it is in our own interest to keep such services alive. But..
A safer way to go about URL shortening would be to create a federated system. A possible architecture for this could be accomplished by means of a small web application (possibly coming from a third party like TinyURL or Bit.ly) installed onto the sites to which the short URLs will be linking, which in turn would do the redirecting.
For example:
http://arstechnica.com/Do5s would link to an article on Ars Technica.
http://aceontech.com/f5g would link to a post on this blog.
http://aceontech.com/f5g would link to a post on this blog.
If the shortening app on the given site would only allow short URLs within its own domain, individual networks of short URLs would be created and doing so would allow the user to exactly know where he’s being led to, thus eliminating the risk of contracting WTDs entirely (Web Transmittable Disease 
).
Increasingly, I’ve been seeing site which have started doing something similar, but I don’t think they’re actively limiting their URLs to their own domains only. Also, I’m of the opinion that there is a need for a standard in this space. Such a standard could consolidate the matter entirely, making it safer and more uniform in the process.
The technical side of this shouldn’t be too hard, either. It’s just a matter of realizing the danger of having hyperlinks to arbitrary sites and getting some shortening providers assembled to work together to create a standard process for issuing short URLs.
Current third-party URL shorteners could integrate with the federated system to provide a higher user-friendliness. One could still use a service like Bit.ly, but it would go out and check with the domain’s URL-shortener first and return that to the requesting user, first. If not supported or available it could go ahead and generate it anyway.
Click confirmation
Another thought would be to enforce confirmation upon the clicking of a shortened URL. The hyperlink would be intercepted by a page showing information about the domain buried below. It could surface the name, the full URL and other important identifying information. Maybe a database of certified domains could even be established.
Additionally, blacklists like those behind Phishing filters could be employed to heed visitors of suspicious sites. Naturally, these databases would need some kind of governing. Perhaps a web authority like VeriSign could take this responsibility on and possibly wire it to its current SSL-verification process/database…
It’s hard to imagine for me that we’ll all just keep on clicking on links left and right without considering the significant hazard it implies. The web browser is becoming the primary vector for exploits against Internet users. No longer does the the stress lie on the avoidance of e-mail attachments. The threat actually lies within the chrome around each web page you visit.
Security-conscious users [like me] would undoubtedly like to be more cautious with short URLs, but for the lacking of a secure alternative there is nothing else to do but go with the flow for now.
Help. Someone?
Opinion: Google Chrome OS. Will it take over?
Aug 19th
Google to venture into creating its own operating system, it was only a matter of time. The day Google released this blurb of news, the whole Internet / Tech community went berserk over the possibility of ‘Goodie Two Shoes’ Google innovating in the operating system space, which is currently dominated by Microsoft. As far as Google’s own announcement goes: it was very low-calorie on substantial technical facts. All of the excitement – of course – was inspired by them voicing that their OS would essentially be extremely browser-centric. Like the name suggests, it will be based on Google’s recent entry into the browser market, being Google Chrome.
Browser = OS ?
Many vocal techies have been shouting this out for quite a while now. After all, the browser has become an operating system in its own right, no? Similar to desktop operating systems, like Microsoft Windows and Mac OS, the browser serves as a platform for other software to live on. In this case, that software just happens to be web-based. These web apps often employ server-side scripting technologies [like Ruby on Rails, ASP.NET, PHP, etc.] as well as client-side ones, with the main protagonist being JavaScript.
But can scripting languages genuinely be classified as real software? This is a tough question. Maybe si, maybe no.Cite from Duma Key, written by Stephen King. Fact is that web apps are more and more turning into fully fledged desktop-esque applications. They are taking over the tasks that traditional desktop software used to do so well.
Web-based e-mail is the most popular example of traditional software being ‘webified’. While webmail has been around since the nineties, the true cloud-based e-mail technology was inspired and primarily architected by Google. Gmail – especially in the light of recent developments – has become increasingly more of a program you download every time you point your browser to mail.google.com, rather than just a static listing of your inbox.
Other milestone initiatives have also risen to the occasion to shed some light on the cloud-centered future that may be ahead of us. To me, the most iconic example of this future just has to be Aviary, the online Photoshop replacement. It loads fast, does most of Photoshop’s basic graphical editing, it’s free and it integrates social networking into the digital art creation process. This is what a cloud-oriented world could look like if multiplied. Exciting indeed.
Back to Chrome OS
I started this post by introducing Chrome OS and the exasperation that surrounds it. But what do we really know about this [currently fictional] operating system? It turns out we’ve picked up painfully little in the intervening weeks between announcement and the present.
A quick rundown of its [alleged] feature-set:
- It will be Linux-based: Chrome OS will build off open source code – not a real shocker. Google will not architect the OS’ underpinnings from scratch.
- It will boast Google’s own, proprietary window management front-end, instead of adopting existing window management systems under Linux, such as KDE, Gnome, etc.
- It will incorporate instant-on booting technology, meaning it should start up within a few seconds, much like some existing ‘instant-on’ Linux distributions work today.
- It will be based on the Google Chrome browser. From what has been disclosed, it looks like native software might not even be supported. Web applications will surely be preferred, with Google’s own products naturally being pushed to the forefront.
- Its release is due in 2010 (!). Any excitement generated now is actually uncalled for. The tech community should reserve judgment until someone actually gets some hands-on experience with it.
It’s safe to speculate that Chrome OS will not embrace [taking advantage of] advanced hardware capabilities like 3D hardware acceleration, and nor will it encourage the development [native] third-party software. Google’s take on their operating system is clean and simple: it must be lean on features and fully dedicated to the web.
A big step for Google?
All things considered, I think we all agree it’s a big thing for Google to take on software giant Microsoft – and niche computer maker Apple – at their own game. Google is no longer a small and insignificant competitor: it has spread its business to a multitude of markets. It seems as if it has made a sport out of nipping away at other companies’ core businesses.
But will Google actually know success with this [hopefully] innovative OS? Or, more likely, will it merely serve as a role-model for Microsoft and Apple to build off, an example for ushering their own OSes into the cloudy future?
Once more, no-one should close their eyes to the fact that Chrome OS will be extremely sparse-featured. Google has a history of taking their spartan concepts just a tick too far. A testament to this would have to be the Chrome browser. If it’s to be any indication of what’s in store for us, one doesn’t need a lot of imagination to envision what Chrome OS will look like. It’s not because it’s branded Google, that it’ll necessarily become a good product…
However, there is no doubt in my mind that Google will leave a big impression on the OS industry, which in turn will cause matters to change significantly. I don’t believe, though, that Google will be the one reaping successes from it left and right. In the long run, Microsoft, which is already slowly adopting the cloud-religion, will eventually migrate Windows to a more cloud-based paradigm. It will undoubtedly take them an extended period of time, but in the end I’m sure they’ll nail it.
Although I still strongly believe in Microsoft’s adeptness, it has become a disproportionately big corporation which is inherently slower at maneuvering into new markets / business models than rivals like Google. So inevitably the question to be raised here is whether Microsoft will get there in time…
A world of change is ahead
Either way, no matter who seizes the crown jewels, a world of change is impending. The future is cloud-computing – we all realize it – and everyone is making a jump at it. There is one problem though: nobody really knows exactly what they’re jumping at. Will everything move to the cloud in the end? Or will things remain to be more hybrid, like where we’re at today?
I’m leaving it open.
It’ll be an interesting case to see where we’ll stand in 5 to 10 years.
Please, let me rant about Microsoft's ballot screen and the EU
Aug 3rd
First off, let me say one thing before I initiate my disgust-laden rant: Aaaaaaaaaaaaaaaaaarggggggggggggh. It may not be as relieving as actually screaming it out loud, but what the bleep’s going on with the EU?! Before I continue my mile-high rant, it may be interesting to sketch the background of this story, especially for those who haven’t been following the happenings leading up to this outright farce…
Microsoft vs. EU: A short history
The EU has developed a disliking to the Redmond-based software giant and has sued Microsoft over numerous of its anti-competitive strategies, mainly related to the bundling of Internet Explorer and Windows. Microsoft is also currently being held liable for several other anti-trust cases. The EU’s antipathy for Microsoft spiked after Microsoft reached a complete monopoly in the browser market. Because bundling is illegal in Europe, Microsoft was forced to pay a big fine to the EU some time ago and sell ‘N’ (nitwit?) editions of Windows. These N-versions are regular versions of Windows bereft of Windows Media Player — and never sold a single copy.
The whole issue flared up once more in recent events when Opera – a EU-based browser company sporting a pathetically low market-share – called on Microsoft for “being unfair” and stifling competition in the web browser market by its own browser with Windows.
Microsoft’s reaction to this was to remove Internet Explorer entirely from its upcoming operating system ‘Windows 7’. Initially, this would only be applied to EU-territory and consequentially, the Windows 7 E edition was born. This was a harsh measure, decidedly put in place to taunt the EU into dismissing the whole thing.
Shortly thereafter, the E-edition was yanked because — no kidding — it would cause unnecessary complications to Microsoft’s partners and would incur too much confusion to Microsoft’s European customers (said the EU).
Thus, in response, Opera “proposed” to introduce the “browser ballot screen” to Windows 7.
Ballot screen?
Ballot as in voting, yes. Microsoft has confirmed it would pursue this proposal to satisfy the EU’s demands:
Unless Opera acts up again, this will likely be the final design of the ballot screen. Microsoft specified that as many as eight browsers are to be displayed, sorted by market share. Yes Opera, you’re fifth down the list. Bummer.
In addition, Microsoft will retroactively be pushing this screen to Windows XP and Vista via Windows Update. A far reaching measure. Way too far if you ask me.
This is bad for the end user
While Opera argues that this is beneficial for the end user because it ensues the freedom of choice, I simply say it’s bull.
Opera, to its credit, got to market first with technology that is now mainstream in almost all browsers (tabs, etc.), but has failed miserably to grab an honorable spot in the browser market. Opera has been around far longer than most of the other browser makers, but still, after so many years pretty much no one would be caught dead using the darn thing. Firefox – for obvious enough reasons – made humongous strides in nipping away at IE’s market share. In a complimentary fashion both Apple’s Safari and Google’s Chrome rose above Opera without ghastly efforts.
This ‘bullshit screen’ will only confuse [normal] people since many won’t even know what a browser really is (it’s the Internet, Ma!). They just want to surf the web and go about their daily business. How does the average Joe even distinguish whether one browser is better than the other, anyway?
I just don’t think Microsoft should have caved to the likes of an insignificant player like Opera. After all, an operating system should come with a browser in order to get your hands on another one, right (in the light of the E-editions)? Besides, those who are techie enough are up to speed on browsers and will get Firefox if they are so inclined. Others shouldn’t be bothered and get the best browser the market has to offer novice users (read: Internet Explorer or Firefox, NOT Opera).
Anyhow, it’s not like Microsoft holds 90% of the market anymore. A product or service is only monopolistic if it’s the only viable thing to choose from. The mere fact that there are eight browser to display in the ballot screen shows anyone with an ounce of brains that there’s enough diversity to choose from in the browser space.
Bottom line:
Up yours, Opera
Perhaps there’s something wrong with Opera itself. Perhaps? No, I’ll tell you what’s wrong with Opera: their product isn’t in the least compelling and nor is it very impressive. It’s competent – sure – but that’s where their story ends. Maybe they should try [positive] marketing..?
So Opera – in my opinion the most childish company of late – tries to gain market share by forcing Microsoft into a stranglehold by leveraging the EU’s preconceived aversion toward Microsoft. And they’re winning. Microsoft should have fought back on this one.
It’s easy to predict what will happen once Mr. End User sees this. He’ll pick one of the first two icons. And no one will go for Opera’s little icon, no matter how loud a raucous Opera causes. And it’ll be what Opera’s got coming to them. I’m already looking forward to it.
As much as I want to continue on, I’d better stop here. I got my point across 
.
P.S.: Opera’s logo looks like a big zero, it really does.