Bleeding-Edge Personal News Aggregator

Cheetah News is a free web-based personal news aggregator. It helps you get the latest news and updates from your favorite sites and organize what is most relevant to you. Cheetah News is optimized for reading and managing large feed lists. Websites publish feeds with the latest news and updates to their sites. The two most popular types of feeds are RSS and Atom. Cheetah News supports them both as well as import and export of subscription list as an OPML file. To help you quickly explore your reading list, Cheetah News uses a sophisticated keyboard shortcuts system. Moreover, there is also notes and bookmarks organizer module, and more! Cheetah News is already available in Catalan, English, Esperanto, Spanish, Polish, and Ukrainian. Cheetah News works with Mozilla Firefox 1.5+ (recommended), Internet Explorer 6+ and Opera 9+.

Product News, Comments: Cheetah News Blog.

Current distractions

Richard Wright's solo album Broken China is full of Pink Floyd's atmosphere and style, in some ways similar to The Division Bell or Meddle. It even includes some nice guitar solos. So I like it very much. The album cover was designed by Storm Thorgerson (btw, check out his wonderful web page). Tracklisting:

 1. Breaking Water
 2. Night Of A Thousand Furry Toys
 3. Hidden Fear
 4. Runaway
 5. Unfair Ground
 6. Satellite
 7. Woman Of Custom
 8. Interlude
 9. Black Cloud
10. Far From The Harbour Wall
11. Drowning
12. Reaching For The Rail
13. Blue Room In Venice
14. Sweet July
15. Along The Shoreline
16. Breakthrough
[image]

Next, the Red Hot Chili Peppers's double album Stadium Arcadium with 28 new songs! I listened to it only four times and I already very enjoy it. John Frusciante rocks. Tracklisting:

Jupiter:                          Mars:
 1. Dani California                1. Desecration Smile
 2. Snow (Hey Oh)                  2. Tell Me Baby
 3. Charlie                        3. Hard to Concentrate
 4. Stadium Arcadium               4. 21st Century
 5. Hump de Bump                   5. She Looks to Me
 6. She's Only 18                  6. Readymade
 7. Slow Cheetah                   7. If
 8. Torture Me                     8. Make You Feel Better
 9. Strip My Mind                  9. Animal Bar
10. Especially in Michigan        10. So Much I
11. Warlocks                      11. Storm in a Teacup
12. C'mon Girl                    12. We Believe
13. Wet Sand                      13. Turn It Again
14. Hey                           14. Death of a Martian
[image]

Part VI

Richard Chu's China - The Middle Kingdom Photo Gallery, Marcos Garcia's Guanxi Photo Gallery, Marcos Garcia's Shanghai Photo Gallery, clr70's Hong Kong Photo Gallery, Alan Clements's Hong Kong Photo Gallery, Kevin Chan's Fantasia Photo Gallery, Marcin Krakowiak's Hangzhou Photo Gallery, Gilbert Ching's Hong Kong Photo Gallery, Jongky Kurniawan's Hong Kong Photo Gallery, Jongky Kurniawan's China Photo Gallery, Echo's Shanghai Photo Gallery, Amazing Grace Photo Gallery.

Two new album releases in only one week! Today Placebo released their fifth album entitled Meds. I luckily bought it last Friday and I can say it's really good -- well, at the same level as the previous ones. Tracklisting:

 1. Meds
 2. Infra-red
 3. Drag
 4. Space Monkey
 5. Follow The Cops Back Home
 6. Post Blue
 7. Because I Want You
 8. Blind
 9. Pierrot The Clown
10. Broken Promise
11. One Of A Kind
12. In The Cold Light Of Morning
13. Song To Say Goodbye
[image]

Will Google Calendar hit April 1st? Probably yes or close to it. But today's news is that Writely has been acquired by Google. This is interesting, because Sergey Brin recently at the Web 2.0 conference said:

I don't really think that the thing is to take a previous generation of technology and port them directly, and say can we do the minicomuter on the Web on AJAX makes sense. I'm not saying that's what [Microsoft] Office is, I'm just saying that I think the Web and Web 2.0, if that's what you want to call it, gives you the opportunity to do new and better things than the Office package and more. We don't have any plans [to do an office suite].

What will be the next Microsoft move?

...

[photo]

David Gilmour's new album On an Island... just beautiful! I love it. Tracklisting:

 1. Castellorizon
 2. On An Island
 3. The Blue
 4. Take a Breath
 5. Red Sky at Night
 6. This Heaven
 7. Then I Close My Eyes
 8. Smile
 9. A Pocketful of Stones
10. Where We Start

Today it is also David's 60th birthday and I wish him all the best.

[image]
[image]

I recently bought another great DVD, Deep Purple Live in Concert 72/73, also known as Scandinavian Nights (Live in Denmark) or Machine Head Live 1972. The picture is monochrome, but the sound has a good 5.1 quality. It is also very important to mention that this is the first and only film of the famous Mk II line-up. Tracklisting:

Copenhagen, March 1972 (90 minutes)
1. Highway Star
2. Strange Kind Of Woman
3. Child In Time
4. The Mule
5. Lazy
6. Space Truckin'
7. Fireball
8. Lucille
9. Black Night
      
New York, May 1973 (color) (27 minutes)
1. Strange Kind Of Woman
2. Smoke On The Water
3. Space Truckin'

Gmail's chat is cool. I mean nothing big. It's clean and simple (despite adding complex ~200kB of JS code) and the biggest advantage of it is that it allows to chat with friends from places without instant messaging software -- one only needs a modern web browser.

...

[photo]

Opera 9.0 Technology Preview 2 was released today, 3 months after P1, adding some useless stuff and not fixing many things more important from a web developer's point of view. For example, they claim having XSLT 1.0 support, but they're lacking of XSLTProcessor.setParameter() implementation (its call always throws NOT_SUPPORTED_ERR), being important for many complex web apps. Sigh, I really don't like this browser...

At least, these guys rock as always: Chat + Email = Crazy Delicious.

[image]

This double DVD set provides nearly five and a half hours of the band's live performance at London's Royal Albert Hall in January 1970, New York's Madison Square Garden in July 1973, London's Earl's Court in May 1975, and England's Knebworth Festival in August 1979. And it's all remastered in Dolby Digital 5.1 Surround and DTS :). Tracklisting:

Disc One:                              Disc Two:
 1. We're Gonna Groove                 1. Immigrant Song
 2. I Can't Quit You Baby              2. Black Dog
 3. Dazed And Confused                 3. Misty Mountain Hop
 4. White Summer                       4. Since I've Been Loving You
 5. What Is And What Should Never Be   5. The Ocean
 6. How Many More Times                6. Going To California
 7. Moby Dick                          7. That's The Way
 8. Whole Lotta Love                   8. Bron-Y-Aur Stomp
 9. Communication Breakdown            9. In My Time Of Dying
10. C'mon Everybody                   10. Trampled Underfoot
11. Something Else                    11. Stairway To Heaven
12. Bring It On Home                  12. Rock And Roll
                                      13. Nobody's Fault But Mine
                                      14. Sick Again
                                      15. Achilles Last Stand
                                      16. In The Evening
                                      17. Kashmir
                                      18. Whole Lotta Love

Have you ever wondered how Google tracks your search result clicks? The technique behind is relatively simple, each link is attached to the mousedown event, currently handled by the rws function. So your search result links look completely normal until you press down the mouse button on them. Google rewrites the URL and redirects through its own website so they are able to track your choices. For instance, search for Google OS returned http://www.osnews.com/story.php?news_id=10096 at the third position, but after the rewrite it became:

http://www.google.com/url?sa=t&ct=res&cd=3&url=http://www.osnews.com/story.php?news_id=10096...

I like this elegant solution which is necessary for the Search History and besides it helps Google to better rank the search results.

Netvibes is dangerous

Netvibes is a nice and well designed start page, better than Google's Personal Page and Microsoft's Windows Live. It can be a good application for one who doesn't read more than ten feeds (otherwise a real feed reader is a must-have). In addition to feed reading, they provide some interesting add-ons, like web notes, price watch, To Do list, and mail reading...

Yes, they provide a module for reading a Gmail, Yahoo! Mail, or any other POP3/IMAP4 account. And I find it to be a great danger for anyone who uses it, especially including those hundreds of unaware users.

There are two major issues about it. First of all, in order to use the mail reading module, one must provide login and password. No service should ask one for private passwords to other services. In case of Netvibes, they ask for such a password and do not explicitly state nor describe the further authentication and authorization process. The main problem here is that, at the time of this writing, they only use insecure HTTP protocol instead of encrypted HTTPS!! This means that your mail login and password are being sent over an unencrypted channel between your and Netvibes machine. The simplest solution for this is to just enable HTTPS, but instead they wrote the following in their Terms of service:

  • Your use of the Service is at your sole risk. The service is provided on an "as is" and "as available" basis.

    Oh, they just forgot to emphasize "your sole risk" ;).

  • You understand that the technical processing and transmission of the Service, including your Content, may be transfered unencrypted and involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices.

    Nope and sorry, but I don't understand why do you send people's passwords over unencrypted channels.

Here is a sample transmission, dumped using Firefox Live HTTP Headers (emphasized text shows the danger):

http://www.netvibes.com/securePassProxy.php

POST /securePassProxy.php HTTP/1.1
Host: www.netvibes.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.8,pl;q=0.5,uk;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 65
Cookie: ---CENSORED PRIVATE DATA---
Pragma: no-cache
Cache-Control: no-cache
url=https%3A//MyLogin%3AMyPassword@mail.google.com/mail/feed/atom

HTTP/1.x 200 OK
Date: Wed, 04 Jan 2006 20:55:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/xml

Secondly, I just don't trust and don't use a service which asks me for my private passwords. Besides the technical danger already explained above, there is a question do they or how they store people's passwords on their machines. This is a proprietary application, thus we don't know their server-side code, but even if we knew, it just wouldn't make much difference. At the time of writing this post, their Privacy Policy says: Netvibes will never sell, rent or share your personal information, especially your e-mail addresses, with any third parties for marketing purposes without your express permission.

Good, they emphasized especially your e-mail addresses , but no explicitly stated about mail logins and passwords. I personally find it more important than the problem of giving my e-mail address to a spammer. Spam is easy to ignore, but what about logging into people's accounts? They already have a nice collection of logins and passwords and almost all mail services do not state the last login time/IP address. So it's fairly easy to read people's mail ;). You can also imagine what could happen if somebody cracked into their machines...

Okay, perhaps I'm just exaggerating the problem and I really, really want to believe that it is not their intention to do such malicious things. I'm sure they just wanted to make people's life easier, but they simply forgot that the risk is *very* high.

Besides these serious flaws, Netvibes is still an interesting service -- just do not use its mail reading modules! :-)