Saturday, 5 December 2009

Twenty-Two (OMG) Google Wave Invites [UPDATED]

I've got 6 22 invites for Google Wave.
Google Wave is a infrastucture allowing users to communicate and collaborate, in real-time.
Down here a very loooooooooong video of the last Google IO, in which some engineers are showing the wave technology capabilities.

Google Wave is particularly suitable for:

  • Organizing events
  • Brainstorming with other people
  • Sharing photos
  • Taking meeting notes (ensuring all people have all the details, for example)
  • Playing interactive games
The features can be expanded, writing plug-ins and now supports spell-checking and translation in different languages.
All communications are based on the Google Wave Federation Protocol. This protocol aims to become a standard element to be used by different implementations of "Wave" applications.
For the invites, please leave comment this post.
The first 6 (remember to place your email in the post form, a gmail one is required) users will receive an invite.
Tell me how did you reach my blog and if you were following me in some way (feed, visiting the website, etc...).
As Dr.Google Wave adverts:
Invitations will not be sent immediately. We have a lot of stamps to lick.

Wednesday, 2 December 2009

Chrome OS - What is Google doing?

Well... Chromium OS is out!
As usual, it has been released by Google in the classic "Beta" style.
As they did with Google Android, but having a different target: trying to get experience in a field  in which the company has never landed.
They're also trying to obtain some percentage of market, to annoy main competitors, getting published in a lot of newspapers and so on (read it as free advertising).
I had no time to test it, but all I can see is an increasingly interest of developers on checking it out, rebuilding and trying it in a virtualized machine.

It surely lacks in hardware support and configuration.
BUT a lot of people are remarking one thing: if the operating system is a safe and secured environment, nowadays all the activities can be performed via browser, in the cloud.
Better if Google switches users in the
Google made ChromiumOS (the correct way to say it should be: "placed together different open source projects and glued them by using their IP and ideas") announcing a secure operating system.
Schneier in this article said it was an "idiotic claim". Well... Maybe they wanted to say that the newborn OS, being Linux derived, will have less problems than Microsoft counterpart.
There's a page in the ChromiumOS Project website, in which Google tries to explain how security is implemented.
I'm quoting a part of it:

The perfect is the enemy of the good.  No security solution is ever perfect.  Mistakes will be made, there will be unforeseen interactions between multiple complex systems that create security holes, and there will be vulnerabilities that aren't caught by pre-release testing.  Thus, we must not allow our search for some mythical perfect system to stop us from shipping something that is still very good.
Deploy defenses in depth.  In light of our first principle, we will deploy a variety of defenses to act as a series of stumbling blocks for the attacker.  We will make it hard to get into the system, but assume that the attacker will.  We'll put another layer of defenses in place to make it difficult to turn a user account compromise into root or a kernel exploit.  Then, we'll also make it difficult for an attacker to persist his presence on the system by preventing him from adding an account, installing services, or re-compromising the system after reboot.
Make it secure by default.  Being safe is not an advanced or optional feature.  Until now, the security community has had to deploy solutions that cope with arbitrary software running on users' machines; as a result, these solutions have often cost the user in terms of system performance or ease-of-use.  Since we have the advantage of knowing which software should be running on the device at all times, we should be better able to deploy solutions that leave the user's machine humming along nicely.
Don't scapegoat our users.  In real life, people assess their risk all the time.  The Web is really a huge set of intertwined, semi-compatible implementations of overlapping standards.  Unsurprisingly, it is difficult to make accurate judgments about one's level of risk in the face of such complexity, and that is not our users' fault.  We're working to figure out the right signals to send our users, so that we can keep them informed, ask fewer questions, require them to make decisions only about things they comprehend, and be sure that we fail-safe if they don't understand a choice and just want to click and make it go away.

They are using sandboxing techniques and they will try to apply it even at lower operating system layers (such as drivers).