jump to navigation

Why I hate the new Google Maps 17 Apr 2014

Posted by Tony Law in Impact of IT, IT marketplace, ITasITis, Social issues, Tech Watch, Technorati, Uncategorized.
Tags: , , ,
add a comment

I finally allowed myself to be pushed into using the new Google Maps instead of the old familiar one.

Here are all the things that I cannot do as easily as previously.

1 – have it open by default with my own location rather than the blanket map of the USA

2 – immediately find my own list of custom maps. It’s an extra click and I have to know that it appears as a drop down from the search bar. Custom maps have become a lot more complicated to create and manage, too, with “layers” and so on. And there’s a different set of marker icons, differently styled from the old ones. So modifying an existing map, such as the one I maintain for Brighton Early Music Festival, won’t be straightforward if I want to maintain consistent styling.

3 – sharing has changed. It used to be simple: create a map, and embed the HTML provided. Now, for example, the Brighton Early Music Festival map doesn’t properly display the venue markers. Never had a problem before. Still working on this one!

4 – “search nearby” was a simple click from the pin marker on the old version. These pin markers have got “smart” which means that if I search for Victoria Coach Station, when I click or hover on the pin what I get is a list of all the coach services which leave from there. If I right click, I get three options: Directions to here; Directions from here; and What’s here, which doesn’t seem to do anything. If I search for Ebury Street (essentially the same location) I get a pin with no smart hover at all. But the marker does not now pop up nearby information, Directions, Save and Search Nearby options.

5 – no accessible help without going out to separate web pages; and even then the instructions don’t make sense. For example, Google says that “Search nearby” is on a drop down you find by clicking the search box. No, it doesn’t. Not in Firefox. It does, though, appear to work in Chrome. I don’t like being pushed to a different browser.

6 – having found Search nearby, I get given (of course) a set of strange, supposedly related, links. Well I suppose this is what Google does. But for me, it gets in the way.

7 – extra panels and drop-downs obscure parts of the map I’m trying to look at

Now all this, and more, is partly the natural response to changing a familiar application. Let’s assume that overall the product is fuller-featured and more flexible than the old version, and its links to the rest of Google’s information are more capable. But software vendors in general are not always good at user-oriented upgrades. Keep the backward compatibility unless there’s a really, really good reason not to. Icon redesigns, and added complexity in the user interface, are not good reasons.

I’m exploring alternatives. Apple’s new map application doesn’t have near the same level of functionality, and older offerings such as Streetmap haven’t really moved on either. But for (UK) route planning, for example, I’m now using either AA or RAC route planner – which still have the simple, straightforward A-to-B interface.

Links:
• Google Maps (new version)
• How to search “nearby” in new Google Maps? Google Forum, 11 Jun 2013
• Google Removes “Search Nearby” Function From Updated Google Maps, contributor to Slashdot, 16 Jan 2014
• Route planners from the AA and RAC
Streetmap (UK)

Link: Heartbleed update 15 Apr 2014

Posted by Tony Law in Impact of IT, ITasITis, Managing IT, Tech Watch, Technorati, Uncategorized.
Tags: , ,
add a comment

A quick follow up, back from a few days away.

Huffington Post have a recent update which notes that the Open SSL vulnerability applies in major products from Cisco and Juniper Networks. They also repeat what’s becoming the consensus on passwords: change your passwords for services which you know were vulnerable but have now been patched. There’s no point in changing a password which might still be at risk.

They reference the Mashable resource on what’s been patched a,md copy the patchable list: Google (and Gmail), Yahoo (and Yahoo Mail), Facebook, Pinterest, Instagram, Tumblr, Etsy, GoDaddy, Intuit, USAA, Box, Dropbox, GitHub, IFTTT, Minecraft, OKCupid, SoundCloud and Wunderlist.  A quick look, though, suggests that the Mashable article was a one-off and the list is not being kept updated.

The article also recommends turning off external access to your home network: the sort of capability, for example, that you might use for remote access through LogMeIn, TeamViewer or similar. If you’re not using this kind of facility, disable it. Your firewall should already be holding the line on this.

And check what your Internet provider is doing and the status of your wireless router. Being a BT user. with a BT Home Hub, I tried searching the bt.com website for information on Heartbleed but nothing surfaced. It would be nice to know.

Huffington suggests that, at the moment, public WiFi has to be treated as an unknown quantity since you can’t tell what infrastructure they use or whether it’s been patched. BT again doesn’t have any information on the impact of Heartbleed on BT Wifi (Openzone, as was) but it does say that user details are encrypted when you log in to their service. It’s perhaps ironic that they offer free Cisco VPN software, which you can download when connected to one of their hotspots. I didn’t know this. I’ll take it up for my laptop.

I also have an O2 Wifi locator app on my phone. There’s nothing about security on their website. Anyone with other Wifi-finder apps? Please check their sites and post a comment here about what you find.

Links:
• The Heartbleed Bug Goes Even Deeper Than We Realized – Here’s What You Should Do, Alexis Kleinman, The Huffington Post, 11 Apr 2014
• Security when using BT’s Wi-fi hotspots, BTWifi.com, with link to the Cisco offer
• The Heartbleed Hit List, Mashable, 9 Apr 2014
• What to make of Heartbleed? ITasITis, 4 Apr 2014

What to make of Heartbleed? 10 Apr 2014

Posted by Tony Law in Impact of IT, IT is business, IT marketplace, ITasITis, Social media, Tech Watch, Technorati.
Tags: ,
1 comment so far

I watched the BBC News report last night about the security hole in Open SSL. With its conclusion that everyone should change all their passwords, now … and the old chestnut that you should keep separate passwords for every service you use, never write them down, and so on. Thankfully by this morning common sense is beginning to prevail. The Guardian passes on advice to check if services have been patched first; and offer a link to a tool that will check a site for you.

First, as they say, other Secure Socket Layer implementations are available. While a lot of secure web connections do rely on Open SSL, it’s not by any means universal.

Second, as always, dig behind the news. As Techcrunch did. This is the first vulnerability to have its own website and “cool logo”; this was launched by Codenomicon in Finland which started by creating notes for its own internal use and then took what it calls a “Bugs 2.0″ approach to put their information out there. I remember doing something similar way back in Year 2000 days. Incidentally, the Open SSL report (very brief) credits Google Security for discovering the bug. It also identifies the versions which are vulnerable. (There’s a note there that says that if users can’t upgrade to the fixed version, they can recompile Open SSL with -DOPENSSL_NO_HEARTBEATS which, I’m guessing, gives a clue as to the naming of the bug.)

If you want real information, then, go to Heartbleed.com. The Codenomicon Q&A is posted there. In brief: this is not a problem with the specification of SSL/TLS; it’s an implementation bug in OpenSSL. It has been around a long time, but there’s no evidence of significant exploitation. A fix is already available, but needs to be rolled out.

What was clear, too, is that the BBC reporter (and some others) don’t understand the Open Source process. The Guardian asserts that “anyone can update” the code, and leads readers to suppose that someone can maliciously insert a vulnerability. Conspiracy theories suggest that this might even be part of the NSA’s attack on internet security. But of course that ain’t the case. Yes, anyone can join an Open Source project: but code updates don’t automatically get put out there. Bugs can get through, just as they can in commercial software: but testing and versioning is a pretty rigorous process.

Also, this is a server-side problem not an end-user issue. So yes, change your passwords on key services that handle your critical resources  if you’re worried but it might be worth, first, checking whether they’re likely to be using Open SSL. Your bank probably isn’t. There’s a useful list of possibly vulnerable services on Mashable (Facebook: change it; LinkedIn: no need; and so on)

And what do you do about passwords? We use so many online services and accounts that unless you have a systematic approach to passwords you’ll never cope. Personally, I have a standard, hopefully unguessable password I use for all low-criticality services; another, much stronger, for a small handful of critical and really personal ones; and a system which makes it fairly easy to recover passwords for a range of intermediate sites (rely on their Reset Password facility and keep a record of when this has been last used). But also, for online purchases, I use a separate credit card with a deliberately low credit limit. Don’t just rely on technology!

Links:
• Heartbleed, The First Security Bug With A Cool Logo, TechCrunch, 9 Apr 2014
• Heartbleed bug, website from Codenomicon (Finland) – use this site for onward references to official vulnerability reports and other sources
• OpenSSL project
• The Heartbleed Hit List, Mashable, 9 Apr 2014
Heartbleed: don’t rush to update passwords, security experts warn, Alex Hearn, The Guardian, 9 Apr 2014
• Heartbleed bug: Public urged to reset all passwords, Rory Cellan-Jones (main report), BBC, 9 Apr 2014
Test (your) server for Heartbleed, service from Filippo Valsorda as referenced in The Guardian. I’m unclear why this service is registered in the British Indian Ocean Territory (.io domain) since Filippo’s bio says he is currently attending “hacker school in NYC”. On your own head be it.

Follow

Get every new post delivered to your Inbox.

Join 120 other followers