Google I/O follow-up

Wasn’t that fun?! :)


I love the opening of Google I/O, seeing people talking about products they’re proud of is always entertaining. On to the follow-up, how did I do?

Yey! I was right!

A game center, called Play Game Services. Leaderboards, Cloud save along with Multiplayer and Achievements (Multiplayer demo didn’t work out during the keynote though, lack of Internet if I understood correctly). Looking good and very important considering there are at least two gaming consoles coming soon (Ouya and Nvidia Shield).

A new phone, this could be placed in the wrong section as well. I guessed we would get a bigger tablet or a phone, but I also said that it would probably not be a Samsung S4 Google edition. As you know…S4 it is. Interesting move and hard to predict what this could mean for the Android community at large. I’m surprised since I would have guessed that Samsung would want to “cash in” on all the extra features they added to the S4.

New messenger service, called Hangout. Rolling out immediately, replacing talk and Google+ messenger. It looks nice and synchronizes well between devices (been experimenting with N4/N7/Laptop) but why oh why no sms support from the beginning?! It’s probably on it’s way as Google Employee Dori Storbeck accidently outed “..and yes, SMS integration is coming soon…” on G+ (updated later with “Ooops! …we actually have nothing to announce at this time. My apologies.”).

Google Music gets an option for streaming subscription called All Access. Can’t say much more about it, the new Google Music interface is very nice though. Both on my Androids and my laptop (nope, no official Music support in Sweden but come on, I have to have some fun :) the update is a good step forward. Pricing seems reasonable but it’s (I told you so) US only and the range of Swedish music is not good as I hear it.

And correct on the no talk about Nexus Q or new Chromebook hardware (some Chrome OS talk though, and more in the sessions).

Ouch, not even remotely correct

New Android version. Instead of presenting a new version we got updated services, which in my opinion is probably wise. Doesn’t change the fact that I was sure, and as we now know – wrong.

Samsung S4 Google Edition, I was actually very sceptical about this rumour that felt very far fetched. We know better now :)

Somewhat of target

A lot less Glass than expected, especially in the keynote. Sessions are still there though.

No clock this year, which as no one remember was what I said. But I had a maybe in there so…

US only. Everything wasn’t US only (we get Hangouts, Maps update and so on) but still…S4 Google Edition – US only. Music All Access – US Only. Attach money in GMail – US Only. I’ll give myself half a point for my rant being more or less correct.

Cool things not mentioned by me

Things I didn’t mention before or in this post…

Maps update. I use maps quite a bit but wouldn’t consider myself anything other than ordinary user. New update looks nice but I haven’t looked much further than that.

E-mail money with GMail! Sound a bit like that old April fools joke about sending snailmail through GMail but this one is true. Seem to be a very neat solution, albeit US only.

Android studio. New developer environment. I’m no developer so I have just about nothing to add here except that the developers I follow on Twitter that are active on Android seem to think it’s cool. That’s good for them, and what’s good for developers will in the end be good for us users :)

Google+ update. Quite a major update actually. Both with the new Hangouts (beautiful, I can’t stop mentioning that), the streams and photo editing. I especially like the new photo handler. Sorting and so on got a big update, go have a look in your G+->Photos instead of reading about it.

Overall I think I did ok :-)

As a help to my memory and the parts I didn’t watch live I read some of the news over at

Facebook goes fbmail

As everyone already figured out, Facebook is launching their own webmail service.
Haven’t tried it yet but the funny part is that I made some comments in discussions around the rumoured “Google Me” that what Google need is a decent dashboard/homepage, iGoogle just isn’t enough. I compared it to FB. Different services, one entrypoint. That’s what Facebook is good at, and Google simply isn’t.

Google obviously didn’t listen to me and I still use my different Google services very much separated from each other. Sure, I can connect everything with Buzz and that’s a small step in the right direction. Now facebook are taking a huge stab at one of Google’s user driving services. Where that will end up…I still have troubles seeing FB creating a better mailservice than Google given what they achieved so far but who knows?

For me its simple, no matter how big and powerful Google are/get, I still prefer trusting them with my data over Facebook any day. Trackrecords mean a lot and FB doesn’t have a cute one. We’ll see if I changed my mind in a year or so!

>Vulnerability in Gmail


Security experts have revealed a vulnerability in Googles mail service, Gmail.
This is not my area of expertise so if I make any mistakes they are mine and not the original authors.

The reason for publishing the details is according to the author that Google was informed of the risk in August 2007 and they have decided not to take any action.
The vulnerability lies in the “Change password” function, and the problem is that the authorization for changing password is stored in a session cookie and could be collected by other sites. This is called “Cross-Site Request Forgery” or CSRF (and this is fun, you read this as Sea-Surf).

A website with this malicious code could under the right circumstances (i.e. the visitor has logged in to Gmail during the same session, and stay on the “evil” website during the whole procedure) use the cookie to change the password for the visitor.
Even worse in my opinion, they can by trying to change to a simple password (that Gmail won’t accept) confirm that the password analysis is correct. That way an attacker could get access to your Gmail account without you knowing it. The difference to if they would change your password is that you would of course notice it when not being able to log in.

Google have no records of any use of this vulnerability and say that it is unlikely that it will be used since the circumstances are so precise. I don’t know about you but I stay logged in to Gmail and other Google services all the time while browsing (Gmail Chat anyone?). I just don’t see why they don’t change it, as far as I understand it would be enough to add an extra authentication (i.e. ask for password again) to render the exploit useless, so why not Google?

“Proof-of-Concept” – Seclists

Article (in Swedish) – IDG