Comments on: Collaborative word processing online with Writely

By: Make You Go Hmm: » Google Writelys a check

Make You Go Hmm: » Google Writelys a check — Fri, 10 Mar 2006 15:17:14 +0000

[…] Writely an online wordprocessor with some collaboration features, which we reviewed back in September 2005 has become Google’s newest acquisition. […]

By: Sam

Sam — Sun, 18 Sep 2005 19:00:12 +0000

Actually, re-reading this, I think I’m being a dope…we don’t put the user name in the URL, that would be stupid. I must be tired. You mean, you don’t want your user email in the RSS feed itself, right? Easier said than done.

By: Sam

Sam — Sun, 18 Sep 2005 18:29:01 +0000

Ah, that abuse hadn’t occurred to me, that someone would get your email addr out of the RSS feed URL itself. You’re right, that’s lame, we should encrypt the user name. We do care a great deal about user security, of course. This was just me missing a spot.

The reason it’s there is so I can tell which user’s feed to send back out…I didn’t want to do authentication in the RSS request itself, becuase that seems incompletely supported by the RSS readers out there, and it makes it hard to validate the feed, etc.

The deal with the beta being open and closed just has to do with scaling - we want to make sure the server scales smoothly, so every time we double in size, we pause for a bit to look at the load profile and re-tune. I’d rather have a few folks impatiently waiting, than a lot of folks unhappy.

I’ll look at that JS issue, I hadn’t seen it before. Ink would be cool, I agree, we just can’t do it all at once.

By: TDavid

TDavid — Sun, 18 Sep 2005 05:48:40 +0000

Oh and it is IE version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519, 128-bit

The JavaScript popup for the new document name appeared just fine it was only when I hit Ok that it would return that “javascript must be enabled” error message. You guys could capture the USER AGENT on that error message, BTW.

By: TDavid

TDavid — Sun, 18 Sep 2005 05:46:21 +0000

Hi Sam - thanks for stopping by, reading and replying.

User salting aside, I still don’t care for my email address being in that feed, and since I’m the author of the document I already know my email address, so what’s the point? Additionally, *I* should have control over what information goes there, not Writely. If your system gets hacked then that becomes a virtual spam haven waiting to be picked. It’s putting user’s information at risk and it’s darn sure something I wouldn’t pay for unless I could have much more control over what shows up in that RSS feed.

Hopefully you won’t need that many users to tell you how important security is with the information they share across your service.

For that matter, I can use OneNote sessions to share documents securely across the web (with other OneNote users) and in ink! Ink support would be very cool for Writely, but it’s probably a very small percentage of users that would like that … but still!

Glad to see that you lifted the whole invite a friend deal though as far as beta invites go.

Best of luck with Writely

By: Sam Schillace

Sam Schillace — Sun, 18 Sep 2005 05:30:35 +0000

Hi,

It’s Sam from Writely.

Thanks for the nice review, despite the issues you found!

I haven’t heard the IE/JS issue - if you could let me know the version and OS, that would help me track it down.

As for the RSS feed, it’s not quite as open as it seems - we put in a bit of “user salt” into the URL. This is a random number that we only show to you when you’re logged in. So, it’s not possible for someone to guess your feed url and see your documents. It’s as safe as having the password in cleartext would be. The next step up from here would be something like WSSE, which we might do in the future if people ask for it.

Thanks for using Writely!

Sam