Friday, October 1, 2010

Improving Google's Two-Factor Authentication

Google is rolling out two-factor authentication for Google Apps. See these posts:
Here's the Google authentication flow:

1. User: Enters a valid user name and password (something known by the user).
2. Google: Sends an SMS verification code to the user's mobile phone (something the user has).
3. User: Enters the SMS verification code (something the user has) and logs into the Google App.

In my opinion, the Google flow can be improved. I would remove step #2 because it causes a potential latency issue. The Google-to-user phone link is a third-party application that may be unreliable. Latency presents a serious problem if a user needs to access time-dependent information such as a set of medical records.

The Google authentication flow requires three steps. Each step, in my opinion, should correspond to a single authentication factor. Currently, the "what the user has" factor requires steps #2 and #3.

The solution I suggest is to send the next SMS immediately after the user logs out of the application. Under this scenario, the user actually has the SMS instead of waiting until Google sends it in real time during a login attempt.

As a backup, and in case the user misenters the verification code, the verification code screen should also contain a "Send new verification code" button that displays if the user enters a correct user name and password.

Thursday, September 9, 2010

Improving The Google Instant Feature

Google Instant is a new search feature that automatically returns pages of search results as a user types partial (e.g. "c") and complete (e.g. "cat") search keywords. See the Google blog post, Search: now faster than the speed of type.
Currently, Google Instant displays search results only for the topmost entry on the Google Suggest drop-down list. If you search for "cat" or "car" or "computer" and type "c", Google displays a results page consisting only of "craigslist" entries.

"Craigslist" is the Google search prediction for users who begin Web searches with the letter "c".

In my opinion, Google Instant could be improved by displaying the search results page in sections.

If the search results page displays 12 entries, the first 3 search results could be for "craigslist", the next 3 for "CNN", the next 3 for "chase", and the last 3 for "costco".
These sections correspond to the first 4 Google Suggest entries, instead of only to the highest Google Suggest entry.

When a user wants to view search results only
for the topmost Google Suggest entry, the user can click Search or hit Enter.

Wednesday, September 1, 2010

Several Trivial GMail Bugs

You can see these trivial bugs here: GMail Inbox -> Show search options -> Date within field. As an arbitrary example, in the "Date within" field specify "Date within 3 days" of "9/1/10". Click "Search Mail".

Note: The current date is 9/1/2010.

Google runs the query and displays this spurious message: "after:2010/8/29 before:2010/9/5".

Here are the bugs:

Bug #1: "before:2010/9/5" is a bug because Google's Gmail cannot run a search into the future side of the stated time range.

Bug #2: "after:2010/8/29" is also bug because "Date within 3 days" of "9/1/10" should include the current day and the 3 preceding days. After 2010/8/29 suggests 1) 2010/8/30 and 2) 2010/8/31 which is a 2-day, not a 3-day range.

Bug #3: Although the query message says "after:2010/8/29", the results actually include emails received on 2010/8/29. The fix would be to change the word "after" to "from". The "before" part of the message should be deleted when it involves future days.

Bug #4: The Gmail query message label: "after:2010/8/29 before:2010/9/5" uses a yyyy/m/dd date format. Though not incorrect, mm/dd/yyyy or dd/mm/yyyy formats are more typically used.

Saturday, August 14, 2010

Some Chrome Browser Bugs

These bugs are caused by Chrome setting up a dependency on Microsoft third-party software. Chrome shares the IE browser's "Internet Properties" dialog box.

In Chrome, click the wrench icon then Options -> Under the hood -> Change Proxy Settings. The IE Internet Options dialog box displays. [Hard to believe.]

Note: The Mozilla FireFox browser avoids this dependency.

  • Up to date Chrome 5.0.375.126
  • Up to date IE: 8.0.7600
  • Up to date FireFox: 3.6.8
  • Up to date Windows Pro 7
Bug #1 (security):
A malicious exploit specifically targeted at IE browsers that changes internet option parameters will also adversely affect Chrome's shared internet option parameters. For example: 1) Reducing browsing security levels, 2) Allowing active content to run, 3) Changing how the browser connects to the internet.

Countering these exploits against IE and Chrome may require an IE patch or update.

Bug #2 (security):
IE users in multiuser computer situations (cafes, classrooms, libraries) can reduce the browsing security level of Chrome users and vice-versa.

Bug #3 (security):
Chrome browsers running on Windows computers do not support SSL3.0/TLS1.x encryption.

Bug #4 (security and usability):
A Chrome user can try to change features that Chrome does not support in the internet parameters dialog box. For example: IE InPrivate browsing, SSL3.0, TLS1.x.

A user connecting with Chrome to a site requiring SSL3.0 will get an error message even though SSL3.0 is selected in Chrome.

Bug #5 (security and usability):
Under the internet properties "Advanced" tab there are several features marked with asterisks (*). A label notes that "* Takes effect after you restart Internet Explorer".

Question: Does a Chrome user who changes one or more * features need to open and close an IE browser session to activate the options in Chrome? From the Chrome GUI the required user behavior is completely unclear.

Bug #6 (security and usability)
: Chrome displays some duplicate parameters that are separately and inconsistently configurable. These duplicate parameters include configuring: 1) a start page, 2) auto-complete forms and passwords features, 3) a default browser.
  • Start page: You can set duplicate home page parameters that are different. Set the first value in Internet Properties -> General Tab -> Home page. Then set a different home page here: Options -> Basics -> Home page. Chrome will use the value you set here: Options -> Basics -> Home page, ignoring the home page value you set under internet properties. However, the value you set from Chrome under internet properties -> Home page will change the startup page for any IE users on that computer.
  • Auto-complete forms and passwords: You can set this feature inconsistently in two places. Set the first value under Internet Properties -> Content -> AutoComplete -> Forms and User Names and Passwords on Forms. Then set inconsistent values in the duplicate fields here: Options -> Personal Stuff -> Passwords and Form Autofill. Chrome will use the values you set here: Options -> Personal Stuff -> Passwords and Form Autofill, ignoring the values you set under internet properties. However, the values you set from Chrome under internet properties -> Content -> AutoComplete will take effect for IE users on the same computer.
  • Default browser: I have FireFox as my default browser. In Chrome, if I go to Basics -> Default browser it says: "Google Chrome is not currently your default browser. Make Google Chrome my default browser." In Chrome, if I go to Options -> Under the hood -> Change Proxy Settings -> Internet Properties -> Programs -> Default web browser it says: "Internet Explorer is not currently the default browser. Make default."
In my opinion, the above set of problems should be assigned the following bug severity levels:
  • Security: between medium and high
  • Usability: critical

Sunday, August 8, 2010

One Trivial, One Small, And One Large Chrome Browser Bug

A couple of days ago, I downloaded Chrome.

Bug #1 (trivial bug):

I downloaded Chrome from a Google US download page, and ran the setup file expecting the Chrome GUI to be in English. Instead, the Chrome GUI was localized by my IP address so the GUI language was non-English.

This wouldn't be a bug if changing the Chrome locale settings was user friendly. It took me a few minutes, in a foreign language, to find the language settings under this non-intuitive path: Options -> Under the Hood -> Web Content -> Change font and language settings.

The three Chrome option tab labels 1) "Basics", 2) "Personal Stuff", and 3) "Under the Hood" are not self-descriptive. Having tab labels that are not self-descriptive is a bug. In my opinion, locale settings could arguably be placed under any of those tabs.

I would make these changes:

  • Add a locale picker to the Chrome download page, or to a screen that displays the first time the Chrome browser is launched.
  • Move the "Translate" and "Language" settings from the "Under the Hood" tab to a tab called "On the Road" to make it easier for users to find those settings and to expand the car metaphor.
Bug #2 (small bug):

By default, Chrome checks spelling in user name fields. In my opinion, most user names will not exist in a spell-checker dictionary - so the spell checker will keep making errors.

For Google account users, Google could add a list of those user names to the Chrome spell-check dictionary which it hasn't.

In my opinion, Chrome should not spell-check user name fields at all. Consider this scenario: A user goes to a login screen (e.g. Google accounts), enters a user name and password, and clicks "Sign in".

Would any product developer consider displaying user name suggestions as an error message on a failed login screen? I doubt it, but that's what Chrome does now when a user enters a value in a user name field that is not in the Chrome spell-check dictionary.

Bug #3 (large bug):

If you click Options -> Under the Hood -> Change Proxy Settings a dialog box called "Internet Properties" is displayed. This dialog box contains dozens of important parameters other than for changing proxy settings which are located under the "Connections" tab.

The large bug is that as far as I can tell there is no way to display the "Internet Properties" dialog box to expose all of its important parameters other than to click: Under the Hood -> Change Proxy Settings.

Wednesday, August 4, 2010

More Google Image Search bugs

Bug #1 (trivial bug):

The bug is that for image searches the "Number of results to display per page" parameter has no effect.

Try this...

From a Google Image Search page (new or basic view), click Search Settings, change the number of results to display per page (10 to 100), then save your preferences. Regardless of the value you select, when you run a new search (e.g. snow) Google Image search displays the same number of results.

Note: Google Web and Google News search do not have this bug.

Bug #2 (medium bug):

The bug is that using the new Image Search view, a user cannot print all of the image results.

Try this...

From a Google Image Search page (new view), run an image search, then use the page down button to display all of the 20+ subpages. When you are sure all images display, go to File -> Print Preview. Try various print drivers, different scale values, and both portrait and landscape orientations.

Even when I go to landscape with 10% scale, only a fraction of the image results can be printed.

Note: Google Web, Google News, and Google Images search (basic view) do not have this bug.

Sunday, July 25, 2010

Another Large Google Image Search Bug

The bug is that Google Image search results are roughly the same irrespective of the user's locale. You can try these searches...
Search for faces

I haven't yet been to Nigeria, but it's likely folks look different in Nigeria than in the US.

Search for hamburger

I haven't yet been to India, but it's likely that because cows are sacred the search results for hamburger should be different. Perhaps, the images should be of veggie-burgers.

Search for House

I haven't yet been to South Africa, but it's likely that because of economics and climate differences houses in South Africa look different from typical houses in the US.

Google Web search is localized by language, and Google News search provides a large selection of localized Google News pages.

Not localizing Google image searches is a large bug.

Friday, July 16, 2010

A GMail Bug

A few days ago, I sent an email but it wasn't deliverable. Usually, when this happens a Postmaster failure to deliver email is returned to the GMail inbox. The bug is this time the failure to deliver email went directly into the GMail spam folder.

In GMail, spam is a couple of clicks away from the inbox. Unlike some other email clients, GMail does not have a "You have spam!" alert. Probably, GMail hides access
to spam because it presumes it can effectively detect spam from nonspam.

It would be useful if GMail could put Postmaster failure to deliver emails into the GMail inbox where users can see them.

Saturday, June 12, 2010

A Large Google Image Search Bug

Here's a large Google Image Search bug. These searches contain two keywords: 1) an instance, and 2) the exclusion of a broad including category.

Search for roses excluding flowers:

rose -flower
16 out of 20 of the images displayed are roses.

Search for ants excluding insects:

ant -insect
20 out of 20 of the images displayed are ants.

Search for circles excluding shapes:

circle -shape
18 out of 20 of the images displayed are circles.

The bug is the following: Google Image search does not understand simple semantic relationships.

The image search algorithm does not know a rose is a flower, an ant is an insect, and a circle is a shape.

Sunday, May 30, 2010

Some Large Google Image Search bugs

Here are some large Google Image Search bugs.
Bug #1: Page Rank for images

In Google Image Search, run this search:
ice cream. The first results page displays 9 out of 20 images containing ice cream cones.

In my opinion, other types of ice cream probably sh
ould have equal or higher page rank:
  • ice cream cakes
  • ice cream bars
  • ice cream sundaes
  • ice cream sandwiches
  • ice cream shakes
  • ice cream scoops
See my earlier post: Is Google Page Rank supposed to be objective?

Bug #2:
Incorrect image exclusion operator

Exclude vanilla from your ice cream search results by entering these keywords:
ice cream -vanilla.
Here are the results:

The first row incorrectly contains mainly vanilla. The exclusion operator should exclude, not include, vanilla.

A similar bug appears if you try to exclude chocolate.

Try this search: ice cream -chocolate. Here are the results which is a bug:

The results incorrectly display chocolate.

Try this search to exclude cones: ice cream -cone. Here are the results for the first two rows of images..

The bug is that 7 out of 8 of the highest ranking images contain cones. Cones are supposed to be excluded.

The image search exclusion operator bug not only fails to exclude, but it may tend to have the opposite effect by emphasizing what it is designed to exclude - at least for the images with the highest page rank.

Friday, May 21, 2010

SSL Encryption Is Now Available For Google Search Keywords

Previously, I wrote a post describing the security and privacy issues that may arise when using clear text Google queries: Cyber oppression and the problem of clear text search engine keyword requests.
A Google R&D post has now announced that Google searches can be encrypted using SSL: Extending SSL to Google search. Google's new SSL-enabled Beta site is here:

My suggestion: Currently, when a user clicks a cached snapshot link in Google's search engine results list, a URL displays that contains in clear text both the 1) website URL, and the 2) user's search keywords.


Search keywords: [ski equipment]

An example clear text URL of an arbitrary website clicked from Google's new SSL-enabled search results:

An example clear text URL of the related cached web site clicked from the same
SSL-enabled Google's search engine results:

Google's cached website versions often are not up to date, and they usually do not display an entire web site. However, some users may prefer viewing them to reduce the chance of
governments, ISPs, and other potential eavesdropping entities from tracking their website visits.
It would enhance the security and privacy of these users if Google encrypted the URLs it displays for its cached web sites.

Here is my SETI research:

Tuesday, May 11, 2010

A Small Google Web Search Options Message Bug

Here's a small Google search options bug:

Run any Google search - say, for volcano. Click Related Searches -> Nearby -> Custom Location. An empty edit field displays and under it the following message appears:

"Sorry, we couldn't understand . Please try another location."

Here are reasons this is a bug:

1. The message should display after, not before, the user enters a value, clicks Search, and Google doesn't understand it.

2. The anthropomorphic "Sorry, we" may be considered a small bug: 1) Google doesn't have to express regrets, 2) why is Google referred to as a plural "we"?

Would Microsoft Windows display a message such as: "Excuse us, but we could not open your dialog box"?

3. There's an incorrect space between the word "understand" and the period.

My suggestion is to improve the message by changing it to something like this:

"Good afternoon. This problem can only be attributable to human error. Please try another location."

Here is my SETI research:

Thursday, May 6, 2010

A Small Google Advanced News Bug

The Google Advanced News web page Author field provides this example: e.g. John Smith or "John Smith". The trivial bug is that the two suggested searches are not equivalent.

The first query runs this search
author:John author:Smith and finds news articles that have John Smith, John, or Smith as authors. The second query runs this different search author:"John Smith" and finds news articles that have John Smith as an author.

Saturday, May 1, 2010

Small Google Calculator bugs

Here are some small Google Calculator bugs.

Bug #1:

The Google Calculator results of these arbitrary calculations include a space instead of nothing or a comma:

32 * 128 = 4 096

33 * 27 * 8 = 7 128

44 + (7^4) = 2 445

The reason it's a trivial bug is that a user may copy and paste one of these results into another equation and get an error because
Google Calculator inserted an erroneous space.

Bug #2:

If you perform a Google Calculator operation, under the computational result Google displays a link asking you whether you want to search for documents containing the terms you entered in the search box.



((823^2) * 5) / 9 082 = 372.896388

Search for documents containing the terms (823^2)*5/9082.

You might expect the suggested search to return documents containing the calculation:

However, if you click the link Google Search runs this erroneous query:

823 2 * "5 9082"

Google threw away the "^" and "/" operators, probably changed the "*" multiplication operator to a string wildcard operator, and for unknown, spurious, reasons it changed 5/9082 to an exact phrase by surrounding it with quotes.

Sunday, April 18, 2010

Google Rich Snippets: Google Page Rank algorithms vs. user votes

A Google post describes Rich Snippets: "Brief annotations you see beneath search results that summarize what's on a web page."

If a Rich Snippet, say, for a recipe contains a rating property with a high value (e.g. a 5-star review) to what extent does it influence Google's page rank? At its inception, Google could have created a purely democratic "voting" format for web page relevance - however, it didn't. Instead, Google opted for using complex page rank algorithms to determine page rank.

A purely democratic search engine would work as follows: The more people who vote for a web page, the higher it is listed in search query results. All other page rank algorithms can be ignored.

Sunday, March 28, 2010

Improved Google Suggest Interface

A Google post, This week in search 3/26/10, describes a new Google Suggest feature. Now "Google Search" and "I'm Feeling Lucky" buttons display when the Google Suggest box is open.

My suggestion: Make the "I'm Feeling Lucky" button accessible from the keyboard. As far as I can tell, a user can't access it from the keyboard.

Tuesday, March 23, 2010

Search Engines Promoting Free Expression

A Google post describes a decision to stop censoring Chinese search requests. See: A new approach to China: an update.

Nations handle free expression and censorship differently within their legal structures. It shouldn't be a surprise that search engine requests fall into the constraints of the local laws.

I would like to see a website with a matrix of countries and brief descriptions of how they treat free expression and censorship. It would be nice if it also had, by country, descriptions and links to censored websites.

Here is my original SETI research.

Monday, March 15, 2010

Cyber Oppression And The Problem Of Clear Text Search Engine Keyword Requests

A Google post discusses the crucial problem of threats to online free expression. See: Securing online freedom.

In my opinion, as long as search engine keywords are sent in clear text, governments, ISPs, and other entities can easily match user IP addresses to search requests. Clear text search engine requests can be easily used to identify and eliminate political opposition and also ripoff intellectual property.

Here is an example of a typical Google clear text search query:

Suggestion: Google, Bing, and Yahoo should use SSL to encrypt search queries to help protect their users from political harassment and intellectual property theft.

Tuesday, March 2, 2010

Is Google Page Rank Supposed To Be Objective?

Web page rankings are determined by algorithms that include a large number of objective and subjective components.

I consider a search engine to be similar to a librarian or a restaurant or a movie reviewer offering a combination of objective and subjective suggestions.

Recently, there have been some Google-related antitrust issues in the news. In my opinion, the more Google claims page rank is an objective, scientific standard the easier it may be to prove its search results are noncompetitive.

Can an organization such as the US National Institute of Standards and Technology measure and standardize web page relevance? 

In my opinion, they probably could not because page relevance includes objective and subjective attributes.

Suggestion: Google should adopt a position that its page rank is similar to a 1) Michelin Guide, 2) Miss USA, or 3) Oscar Awards committee decision.

Here is my original SETI research.

Wednesday, February 3, 2010

Google Moderator, Citizen Participation, And The Wisdom Of The Crowds

Google Moderator enables organizations to receive and select questions from audiences of any size. It uses a "wisdom of the crowds" paradigm of democracy. Questions for a virtual town hall style meeting are selected based on the number of votes they receive.

However, citizen participation is illusory when thousands of questions are submitted and only a few are answered. In addition, democracy supports minority and individual rights to be heard.

In live town hall meetings, questions are not voted for instead they are usually selected randomly ("You in the second row, do you have a question?"). Follow-up questions are almost always allowed.

Monday, February 1, 2010

Google Toolbar Translation Bug

The Google toolbar enables a nice translation feature. You can hover your mouse over some text and it will translate it.

See: Google translate.

Here's a small Google translation bug: If you try to translate a Google Suggestions list entry that is partially formatted in bold, the resulting translation is only for each separate segment of the word.

For example, if you enter in Google search "resta" one Google Suggestion entry is restaurant. The translation tool attempts to translate "resta" and "urant" separately. However, they aren't actually words.

Tuesday, January 5, 2010

Google Advanced News Search bug

The Google Advanced News search page has several bugs.

Go to the Google Advanced News search page. In the with at least one of the words field enter this:

"Airedale terrier" "Tabby cat"

These keywords are designed to run a search for articles about Airedale terriers or Tabby cats. Click search. On the results page, the search box incorrectly displays this:

"Airedale OR terrier" OR "Tabby OR cat"

Google inserted the literal OR into two exact phrase match keywords. The search engine now needs to find matches for either of these highly unlikely exact literal phrases: "Airedale OR terrier" or "Tabby OR cat".

I've never seen an animal called an "Airedale OR terrier" or a
"Tabby OR cat".

On the same results page the "results" line displays a different incorrect query:

Airedale | terrier | Tabby | cat

This search would look for results with any of these kewords: Airedale or terrier or Tabby or cat.

Click the Advanced News search link to go back to the Advanced News search page.

In the with at least one of the words field a third inconsistent query is displayed:

Airedale | terrier Tabby | cat

This query has now deleted the OR between the terms Airedale | terrier and Tabby | cat and displays "|" symbols that probably should not appear in the with at least one of the words field.

In the Advanced News search page, click search. Now the search box on the results page displays this bug:

Airedale OR | OR terrier OR Tabby OR | OR cat

On the same page, the results line displays another different and incorrect query:

Airedale | OR terrier | Tabby | OR cat

The Google Advanced News has added many bugs to the original query in the with at least one of the words field which was this:

"Airedale terrier" "Tabby cat"

Note that these bugs are different from the bugs I mentioned here:

Here is my original SETI research.

Sunday, January 3, 2010

Google Advanced Web Search bug

The Google Advanced Web search page has several bugs.

Let's say you are searching for information about green peppers or red tomatoes or yellow bananas. In the ordinary Google Web search enter this query:

"green pepper" OR "red tomato" OR "yellow banana"

Click search. The results display Web sites referring to green peppers, red tomatoes, or yellow bananas.

The bug appears if on the results page you click the Advanced Search link.

The Advanced Search query builder comes up with this bug:

| red-tomato | yellow-banana "green pepper"

The leftmost space and " |" symbol do not have any meaning. The query now requires either a "red tomato" or a "yellow banana" and always requires a "green pepper".

If you click search, display the results, and again click the Advanced Search link, the Advanced Search page comes up again with another incorrect query:

| yellow-banana green-pepper "red tomato"

All of the terms have now been made exact required phrases.

Repeat the process and you get this bug:

green-pepper red-tomato "yellow banana"

The Advanced Search page has quite seriously departed from the original query:

"green pepper" OR "red tomato" OR "yellow banana"