I know that when I think world has few screws loose it is more about me. Sometimes it is clearly about world.
Few days ago I got effectively anonymous email, that suggested I review gmail notifier – small app to check multiply gmail accounts. From there situation played out interesting.
[Updated 2009-09-27 with additional info from developer]
Photo by Lars Plougmann
Post at ghacks
Bit later Martin had posted about it at ghacks. By then I had browsed site and I really disliked some development decisions that went into app:
- reads remote configuration file for compatibility;
- some kind of web-templates (again – remote as far I understand);
mandatorysilent updates.
That was about what I wrote in comment under ghacks post.
Feedback on feedback
Aside from edgy comment from another ghacks reader I also got follow-up email from developer. I can’t claim I got mood right (he doesn’t seem to be native English speaker, neither am I) but it was hardly positive.
His main points were:
- web-based apps are legit development technique;
- he rescinds his desire to get app reviewed by me.
Development side
Ok, I see no reason to go web with tiny notifier app, but if that works for developer let it be.
I have huge trouble with remote configuration and mandatory silent updates. Of course updates are nice. As long as user has choice to confirm or decline and get accurate information on update content.
[Update] Developer had cleared up that updates will be downloaded automatically but can be declined by user. Remote configuration controls:
- Imap server address + port + expunge thresholds
- Max Email length
- Max password length
- Window size
- Google search URL
- Polling interval
- UI margins
- Latest version
Seriously, hadn’t we had enough stories of updates breaking stuff? To allow another person to make mandatory, silent and remote changes to your PC configuration is insane (unless it is admin at your work :).
Security side
It seems people have issues with interpreting online situations. So while cooling off I had thought out decent real life analogy. Someone comes to you and says:
Give me your credit card and car keys so I can go buy groceries for you. And by the way tell all your friends to do the same.
From there you have a choice – do it or not. Naturally your decision would be greatly influenced by who that man is:
- maybe friend;
- maybe employee of company that specializes in buying groceries, that is authorized by your favorite store;
- maybe nobody to you.
Somehow people online are happy to throw accounts (that are often keys to highly important personal and financial data) to anyone who asks. And this is also very insane.
There are many factors that can make such trust justified:
- companies and developers with established reputation;
- software with millions of users;
- open source code that anyone can audit.
On other hand if you ask for trust with nothing to prove yourself – don’t be offended by lack of trust because you had done nothing to earn it.
Overall
I don’t and won’t trust my account to developer that puts his convenience before my security.
Would you?
kelltic #
Rarst #
Transcontinental #
Rarst #
Transcontinental #