22 items tagged “gmail”
2023
Don’t trust AI to talk accurately about itself: Bard wasn’t trained on Gmail
Earlier this month I wrote about how ChatGPT can’t access the internet, even though it really looks like it can. Consider this part two in the series. Here’s another common and non-intuitive mistake people make when interacting with large language model AI systems: asking them questions about themselves.
[... 1,950 words]2010
WARNING: Google Buzz Has A Huge Privacy Flaw. Interesting one this: by default, Buzz creates a public profile for you that lists the people you follow—but your default set of followers is derived from the people you contact most frequently using Gmail. This means users of Buzz may inadvertently reveal their most frequent contacts, which is an issue for people like journalists with anonymous sources, unhappy employees seeking new work or even people having e-mail based affairs.
Fixing the Google Account problem. 3,000+ words explaining how to open a Google Doc invitation sent to an e-mail address that isn’t associated with your Google account. Worth reading just to get an idea for the enormous complexity involved in running a large scale identity system and designing an interface for managing aliases and multiple profiles. Google haven’t got it right yet—has anyone else?
2009
Introducing Closure Tools. Google have released the pure-JavaScript library, apparently used for Gmail, Google Docs and Google Maps. It comes with a powerful JavaScript optimiser tool with linting built in and an accompanying Firebug extension to ensure the obfuscated code it produces can still be debugged. There’s also a template system which precompiles down to JavaScript and can also be called from Java.
How to avoid ads in gmail. “After extensive testing I’ve discovered you need 1 catastrophic event or tragedy for every 167 words in the rest of the email.”
The Anatomy Of The Twitter Attack. Long-winded explanation of the recent Twitter break-in, but you can scroll to the bottom for a numbered list summary. The attacker first broke in to a Twitter employee’s personal Gmail account by “recovering” it against an expired Hotmail account (which the attacker could hence register themselves). They gained access to more passwords by searching for e-mails from badly implemented sites that send you your password in the clear.
2008
Yahoo could also have followed Gmail's lead, and disabled the security-question mechanism unless no logged-in user had accessed the account for five days. This clever trick prevents password "recovery" when there is evidence that somebody who knows the password is actively using the account.
Find Your Friends. Flickr have added a characteristically classy friend import feature, pulling from Gmail, Yahoo! and Hotmail address books without any unhygienic password sharing. It’s a crying shame that the Yahoo! contacts API they are using isn’t available outside the company.
2007
David Airey: Google’s Gmail security failure leaves my business sabotaged (via) Gmail had a CSRF hole a while ago that allowed attackers to add forwarding filter rules to your account. David Airey’s domain name was hijacked by an extortionist who forwarded the transfer confirmation e-mail on to themselves.
Gmail Greasemonkey API (via) The new version of Gmail includes API hooks for Greasemonkey script authors. The documentation is by Mark Pilgrim, author of Greasemonkey Hacks.
The password anti-pattern. What I don’t understand is why Google / Yahoo! / other webmail providers haven’t just deployed a simple OAuth-style API for accessing the address book. Sites have been scraping them for years anyway; surely it’s better to offer an official API than continue to see users hand out their passwords?
identity-matcher. Dopplr’s social network importing code (for Gmail, Twitter, Facebook and sites supporting Microformats), implemented as a Rails ActiveRecord plugin.
WebRunner 0.7—New and Improved. A simple application for running a site-specific browser for a service (e.g. Twitter, Gmail etc). This is a great idea: it isolates your other browser windows from crashes and also isolates your cookies, helping guard against CSRF attacks.
Google GMail E-mail Hijack Technique. Apparently Gmail has a CSRF vulnerability that lets malicious sites add new filters to your filter list—meaning an attacker could add a rule that forwards all messages to them without your knowledge.
Google To “Out Open” Facebook On November 5. “Google will announce a new set of APIs on November 5 that will allow developers to leverage Google’s social graph data. They’ll start with Orkut and iGoogle (Google’s personalized home page), and expand from there to include Gmail, Google Talk and other Google services over time.”
Never use a warning when you mean undo. The abundance of “undo” is one of my favourite things about Gmail. I wonder if there’s anything Django could do to make implementing undo functionality easier...
Gmail and Django. I’d never considered using Gmail to send e-mail from applications, but it could be a useful way of avoiding having outbound e-mail falsely flagged as spam.
Importing your social network from other sites. Dopplr now does this from GMail, Twitter, vCard or hCard and XFN. I’m convinced that contact import is a killer app for OpenID.
Gmail Atom feeds. Could be useful as a pipe for creating an e-mail interface to an existing Atom-consuming application.
Offline Gmail and Blogger Using the Dojo Offline Toolkit. These are just mockups at the moment, but they’re a useful illustration of how offline browsing modes for Web applications could work.
2005
Adding Persistent Searches to Gmail (via) Brilliant greasemonkey hack.