New Google Contacts

The new Google Contacts management features look nice. Unfortunately the part with the biggest impact for me came at the very end:

P.S. The new Contacts isn’t yet available for Google Apps customers, but we’re working on it.

Not exactly the first time that Google Apps users have been left out of new features. I’m starting to regret running my main account though Google Apps.

Google Giving Weight to HTTPS in Search Results


Maybe not everything, but certainly more than we are doing now.

So how do you encourage more sites to use HTTPS? Well, if you are Google, you tweak the SEO black box:

we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

From HTTPS as a ranking signal on the Google Webmaster Central Blog.

The call to have more sites use HTTPS has been out for some time. It is hard to be motivated enough to over come the technical and financial hurdles to make the move ( and for some sites those hurdles are non-trivial ). The SEO approach that Google is taking is the equivalent of hitting sites in the wallet ( in some cases that might be the literal result ). When the possibility of loosing money is involved then it is easier to get people’s attention.

This might be the single best use of the crazy Google SEO situation I’ve ever seen.

Earlier this summer Automattic talked about working towards providing all * sites with HTTPS by the end of 2014. This is something that I’m really excited to see happen.

If you still aren’t supporting HTTPS for your site, I’d encourage you to map out a plan to get there. Tim Bray posted a simple outline of the why and how of switching to HTTPS. If you are looking for a more technical view of how HTTPS works check out the TLS chapter of “High Performance Browser Networking”, which is free to read online.

Casting Out Google+?

Signs have been increasing that perhaps Google is no longer all in on Google+.

Just a few days ago there was the shift in Google Hangout no longer requiring Google Apps users to have a Google+ account. Now comes the rumor that photos will be usable without a Google+ account.

My personal preference would be for Google+ integration to be an option, instead of a requirement, on all Google services.

Awkward Moment For Google And Feedly

The Google Cloud Platform blog recently had a rather awkward moment posting about the success of Feedly, emphasis is mine:

In the middle of last year, our servers were overwhelmed with hundreds of thousands of new signups, and we experienced our first service outage. The first thing we did was move all of our static content to App Engine. Within an hour we were up and running again with 10 times the capacity we had before. This turned out to be a good thing – we added millions more users over the next few months and more than doubled in size.

I seem to recall Google telling millions of users to pack up their stuff and leave around the middle of last year. Feels strange to see Google excited to brag about their ability to send millions of users to a competitor. At least they used to be competitors, before Google decided to get out of the reader space.

Read Access on Google Servers with XXE

Detectify explains how they gained read access to production servers at Google:

One system caught our eyes. The Google Toolbar button gallery. We looked at each other and jokingly said “this looks vuln!”, not knowing how right we were.


They were able to leverage XML External Entity ( XXE ) processing to read local files on Google’s production servers. If you haven’t read up on XXE go watch Mike Adams talk at WordCamp SF 2013, the video is only 30 minutes.

Be very careful when processing XML, it can come back to bite you in very bad ways.

Export Gmail and Google Calendar Data

Great to see this news yesterday:

Starting today we’re rolling out the ability to export a copy of your Gmail and Google Calendar data, making it easy to back up your data or move to another service.

From Official Gmail Blog: Download a copy of your Gmail and Google Calendar data.

I’m not sure how well downloading 7GB of email is going to do in mbox format, exporting Gmail data hasn’t been enabled for my account yet. I like that Google is taking this step though, it is the right thing to do.

Opt Out Of Google’s Shared Endorsement Ads

Google recently announced that their ads are going Facebook style by including the image and name for your account as an endorsement on ads. This came as part of an update to their terms of service.

To opt out of this go to

Make sure that box stays unchecked.
Make sure that box stays unchecked.

You will need to make sure that the checkbox towards the bottom of that page remains unchecked.

I wonder how long until Google starts showing derived endorsements on ads. If you carry an Android device around they’ll be able to see what places your visit most frequently, which they might want to use as an implied endorsement. That could make Google Now a huge source of ad related data.

PageSpeed Online

Unfortunately the Chrome PageSpeed plugin hasn’t worked for me in a long time. appears to no longer include PageSpeed analysis in reports either.

That leaves PageSpeed Online has the only option for running a PageSpeed analysis on a site.

I really liked using the Chrome plugin (back when I could still get it to work), but I’m happy to see there is at least one place where you can still run a PageSpeed analysis.