Noting this here in the hopes that it will be useful for somebody (or even me :)) in the future, since it took me longer than I expected to figure this out.
Scenario: you have a Google account with entries in Google Calendar that you would like to see on your iOS device (iPad / iPhone). Some (well, many) sites suggests that you need to install Google Calendar on the device. This is in fact not necessary!
All you need to do is to link your Google account with the native iOS Calendar App by going to Settings > Apps > Calendar and under “Accounts” add your Google Account. È voilà! That’s all folks! Hat tip to this article for reminding me about the procedure.
PS. You might need to do an additional step for the shared calendars, as described by Scott Hanselmann here: go to https://www.google.com/calendar/syncselect and select the calendars you want to be sync-ed to the iOS devices. I’m not sure if this is needed, since I’ve done it several years ago and it was already enabled when I recently set up a new iOS device.
PS. PS. There is now a new option for ad blocking for iOS devices that is well worth considering: uBlock Origin Lite for iOS.
Image taken from John Davey’s Flickr album with permission.
]]>To post a high quality video to Google Video you only have to do:
- Upload the video
- Wait
I kid you not :-). While initially the uploaded video is of poor quality, apparently it gets processed in the background and later on (in my experience: it takes around 30 minutes to process 1 hour of uploaded video) a high quality version will be available.
HTH
]]>
use strict;
use warnings;
use Net::SMTP::TLS;
my ($from, $password) = ('[email protected]', 'MySuperSecretPassword');
my $mailer = new Net::SMTP::TLS(
'smtp.gmail.com',
Hello => 'smtp.gmail.com',
Port => 587,
User => $from,
Password => $password);
$mailer->mail($from);
$mailer->to('[email protected]');
my $data = <<'EOF';
X-Face: "8.]Z_3ptuNK'CA~DM>M,G.T(h=1.y9"0gXW3V91E:dw2?|&G2R(?/no'F2g4%8Fv.
J1p5K-^1epKXxIG)mj4}nGWTi<=iz8n)bUVhLu}MXRFl9"J%'=-;IfMXcuPK>-%^;$uW87O/B
Subject: Hello X-Faced World!
email body.
EOF
$mailer->data();
$mailer->datasend($data);
$mailer->dataend();
$mailer->quit();
The code is largely based on this snippet: Sending Mail Through Gmail with Perl. The X-Face header was generated using the Online X-Face Converter (yes, I know that there is a Image::XFace module, but it was very cryptic – it didn’t mention supported input / output formats). One word of warning: if you are using ActivePerl under Windows, Net::SMTP::TLS isn’t available in the default module list (AFAIK, because of encryption restrictions), so you might need to experiment with alternative package sources or using Linux :-). I’ve also tested the script with an email account I control (using Thunderbird with the Mnenhy plugin – which can read but not create X-Face emails) and it worked nicely.
There you have it: how to use an old (from the 1980s according to Wikipedia) method for embedding pictures which is not supported by most of the email clients 
I migrated over the feeds from Feedburner to Google Feedburner. Everything seems to went well and hopefully there won’t be any problems. All you need is to signed into your Google Account, after which you try to sign into Feedburner and it will automatically offer to bind the Google account to your Feedburner account. Hopefully the old URL’s will all work (they seem to at the moment). Some useful links:
If you are using Feedburner, you might want to sign into your account to migrate over to Google (the deadline is AFAIK the 28th of February).
Image taken from dannysullivan’s photostream with permission.
]]>
This is rather old, but still good (originally found it via the Pat’s Daily Grind blog): a security company did some tests with the password manager included in different browsers. And of course they slapped not one but two sensationalistic titles on it (“Google Chrome Receives Lowest Password Security Score” and “Safari Ties for Last Place”). You can’t blame them, because sex Paris Hilton sells
However, there are some discrepancies between their test results and the ones reported by users. Also, the developers of Chrome responded in a very detailed and well reasoned post which pointed out that some of the assumptions would actually break websites like Facebook and still not add more than a small security barrier which can be overcome.
It is exactly because situations like this why testers should contact the vendors before they publish the results. However that seems to have become a kind of a lost art, nowadays everybody seems to want to rush out the door with “news”.
Image taken from Max (Tj)’s photostream with permission.
]]>- Google declaring all sites potentially harmful
- Firefox3 declaring all the sites “potentially harmful” and showing the “red curtain” for them
In conclusion: even though my Belgian friend thinks otherwise, Google broke the Internet for a short time. Good things it’s over.
]]>Preventing Virtual Blight complete with video and slides
- the main page
- a link to each individual entry – this was needed because the navigation system was based on javascript :-(, and HTTrack – although amazingly it was able to find all the links, it wasn’t able to modify the JS such that the navigation works.
- If you want to download all the pages at one, grab them here (the extension is .JAR, but in fact it is just a ZIP file – as all JAR files are ZIP files)
A little googling around (no pun intended :-)) lead me to this presentation: Xploiting Google Gadgets: Gmalware and beyond (warning, PDF!). After reading it and doing my own poking around, here are the conclusions:
- As with almost every gadget/widget type service, you have to include a JS snippet on your page, meaning that you have to trust the provider (Google in this case).
- This JS generates an IFRAME and the 3rd party content is hosted in the IFRAME (using the gmodules.com domain). This stops it from interacting with your page, however it does not stop gadgets from interacting with eachother. This means that one malicious gadget may compromise other gadgets on the same page.
- The Google Gadgets API gives access to some of the users information by design to promote “social” use of the gadgets.
My conclusion is: if possible avoid adding third-party JS to sites. Also, Google had the possibility to do a better job of securing the system, and they didn’t, which is a shame… One obvious thing which they could have done is to register a multitude of domains (gmodules0001.com, gmodules0002.com, …) and from the embed script give each module a separate domain, which would reduce their ability to communicate between themselves dramatically.
]]>Recently I’ve been seeing a growing number of spam which links to Google instead of the spam site. The idea is (probably) to avoid filters which check the link targets to determine if the message is spam. The links looks like the following:
http://www.google.com/search?hl=en&q=[some query unique to the site]&btnI=I=Im+Feeling+Lucky
What this does is does a query for which the spamvertized site comes in at the top of the results and simulates a click on the I’m Feeling Lucky
button, making Google act as a redirector.
IMHO Google could fix this easily by refusing to redirect from links if the Referer header doesn’t point to a Google domain. While in general basing security decisions on the Referer header is not a very secure option and it can break clients which don’t send Referer headers (for privacy concerns for example), in this case it would be a very transparent solution:
- if the users has a desktop based mail client, the Referer header will be empty, preventing the redirection
- if the user has a web-based mail client (Hotmail, Yahoo Mail, GMail, etc), the Referer header will point to that instead of a Google domain, preventing the attack (or, if the user has disabled the sending of the Referer headers, it will be blocked as in the previous case)
- if the user copy-paste’s the link (because some SPAM comes as text mail), it will have no referer link again.
There are two potential things which get broken by this: (a) people who have Referer headers turned off and (b) third party software / sites which rely on this service. For (b) the answer is pretty clear: this is a functionality provided by Google as is with no guarantees (ie. it’s not a documented interface). As for case (a), if they use the I’m Feeling Lucky
button, they are SOL. There might be the possibility to work something out by using cookies, but maybe the number of people who have both the Referer header turned off and want to use the special button
is so small, that the tradeoff (less SPAM / inconvenience a few people) is worth it.