Comments on: Google: Oh No You Didn’t!

By: Bret

Bret — Sun, 08 Oct 2006 04:56:31 +0000

Security thru obscurity is no security at all… but, yeah - a heads-up would have probbably been a good idea too… OTOH, how would you know if something private of yours was on there, if you couldn’t access the index?

By: Jack

Jack — Fri, 06 Oct 2006 23:45:49 +0000

Bob makes an interesting point. Along the lines of, “If it’s on the internet, it’s inevitable people will find it. Having Google index it just means you need to be even more cautious.”

Although I think right now, I tend to side a little bit more with you, Daniel. I think search engines are at least partly responsible for exposing information that wasn’t meant for the world to see.

By: Bob

Bob — Fri, 06 Oct 2006 16:09:43 +0000

This problem is not just limited to code search. Run Google searches on “For Internal Use Only” or “Company Confidential” or “Not for Distribution” on the main google site.

Lots of people have improperly configured web sites where this stuff is just left out in the open for Google to find. And it’s not limited to HTML pages. Google can search Word docs, PowerPoint files, and PDFs as well.

Personally, I think it’s up to the owner of proprietary information to make that information secure. Google gives people an easy tool to find out if their information is available when it shouldn’t be. Better I find the security flaws through Google, than for a hacker to find them and me be none the wiser.

Bob

By: Scott Stevenson

Scott Stevenson — Fri, 06 Oct 2006 07:59:49 +0000

I learned of several new “thanks to Daniel Jalkut” type comments in source code and readme files

Seriously. I found out that I unknowingly contributed to Cocolicious.

By: bjkeefe

bjkeefe — Fri, 06 Oct 2006 07:20:28 +0000

I think you’re completely right about this one, Daniel.

I’m a big fan of open source, and freely available information in general. But there *are* limits. Cliff Stohl put it nicely in “Cuckoo’s Egg,” when he came up with the analogy of a small town in which few people lock their front doors. He then asks, should we be thankful to someone who comes into this town and starts testing all the doorknobs, and publishes a list of all the ones that turn?

Being able to Google the world’s code base will be a great resource. But you’re right: Google should not have launched this new technology without more fully considering the ramifications.

By: Bob

Bob — Fri, 06 Oct 2006 02:54:40 +0000

Also: http://koders.com/

By: alexr

alexr — Fri, 06 Oct 2006 00:34:02 +0000

It would be better if it kept a cookie with my licensing preferences. e.g. no GPL code — it’s not really free.

By: Pete Clark

Pete Clark — Thu, 05 Oct 2006 22:41:12 +0000

Also worth looking at Krugle (http://www.krugle.com) - does the same thing, somewhat nicer UI (if you like web-2.0-y stuff)

By: Erik J. Barzeski

Erik J. Barzeski — Thu, 05 Oct 2006 20:23:40 +0000

Google can only index files that are otherwise linked to from somewhere, though, right? How did Google figure out to look at a .bz2 file inside of “http://www.anaisabel.net/” for example?

Unless all of these folks also had directory listings on, of course.

By: Zac White

Zac White — Thu, 05 Oct 2006 19:31:40 +0000

Not to mention they dig into zip, gz, and tar files. People could have purposefully compressed their source code so they could keep it from being indexed…