Recently in Gmail Category

Former Novell exec (and current highly esteemed blogger) Matt Asay opines on Novell's announcing that it lost the city of L.A.'s e-mail business to Google Apps:

This isn't the Novell that I know. I used to work for Novell, and have never seen the company publicly criticize a customer, not even for defection, of which Novell has seen plenty over the last decade.

It's unclear who Novell is hoping to persuade with the announcement, or what benefit it hopes to derive from it. Is it trying to stem a tide of customers dropping GroupWise for Google Mail? If so, why has it not done the same for all the companies (and there have been plenty) leaving GroupWise for Microsoft Exchange or IBM Notes/Domino?

I've used GroupWise before in a previous job. This was more than a few years ago, when a Web-based mail client as a companion to a traditional client app was a bit more novel (no pun intended, but if you choose such intention, I won't be angry about it) than it is today.

I neither liked nor hated Novell's e-mail implementation. I did find the Web component a tad awkward (but remember, this was a bit less than 10 years ago).

And today I choose to use the "traditional" Thunderbird mail client in many instances where I could use a Web-based client, mostly because the system my company uses for Web-based mail is both slow, feature-poor ... and did I say slow? A good many of my co-workers pipe their mail through Google's Gmail, and I probably should, too. If I didn't have such a favorable impression of Thunderbird, I'd probably do just that (and I could do it anyway and keep using Thunderbird if I so chose; I'm just too lazy at present to try it).

But Gmail — and Google Apps — are very, very different from the traditional way of computing, with information stored on the local drive or on a LAN, apps on the local client/drive and possibly a Web interface as an afterthought.

It's a whole new world, and there are probably more than a few companies large and small can do most everything they need with Google Apps. There's nothing stopping said companies from using OpenOffice or even the full MS Office for as many or few desktops as they wish.

And Novell never acknowledges that L.A. city workers' opinion of its services and systems is not good. Downtime is a problem.

So now it's sink/swim time for Google in the enterprise, a place where until now it did not care to tread but also where, at present, it's turning everything we know about enterprise computing upside down (along with cloud leader Amazon ... and probably soon IBM and others).

L.A.'s the big-city Guinea pig for cloud computing; in the months ahead we'll see who thinks it cute and cuddly and who smells the proverbial rat.

More than a few institutions of higher learning (including California State University Northridge, I've learned) are in the process of transitioning from traditional e-mail services (generally Web-delivered, I believe) to Google Apps, through which students and faculty will have e-mail and documents managed by Google (thus either freeing university IT staff to "work on other things," which could mean "other things," or "you're fired"; unsure on that one).

Anyhow, it's no secret that I'm a proponent and occasional user of Google Apps (more Sites, some Docs and Mail), and the city of Los Angeles' exploration of Apps for its use has put the spotlight even more tightly on Google and its response to and resolution of problems.

So Brown University is among the schools moving to Google Apps, and recently some students discovered that through Gmail they were able to read hundreds of messages in other students' e-mail boxes.

Not terribly secure. It turns out that 22 students were able to read others' e-mail, but there has been some criticism aimed at Google for a) taking 3 days to resolve the problem and b) not communicating well (or pretty much at all) with the university's IT department after the problem was discovered.

"It was a small hiccup along the way and it's an issue we've taken extremely seriously," Google's Rajan Sheth told The New York Times. (And you know when The New York Times gets involved, there's considerable heat on your ass).

What I'll say is that these things happen, and Google should be getting better at having them not happen. I don't know how they're doing on that. I suspect we'll either hear more (especially if things don't go well at CSUN) or hear less (if things do go well).

And as I, along with scores of others, have written recently, Microsoft's own cloud-based apps are starting to roll out, although it'll be awhile before they work at all (the Word component is still read-only) and probably a longer while before they are as well integrated with each other and with a matching e-mail component, and also a long time (or even never) before documents are as easily shared and collaborated on as they are in Google Apps.

You never know, especially at this early stage. One thing I do hope is that a) Google learns from all these glitches and smooths out these transitions, and b) the competition from Microsoft pushes Google to upgrade Apps that much more quickly and start adding the missing functionality (like easily created paragraph indents and "smart" quotes) that would make using Docs more like a true MS Word-type application and less like a souped-up, HTML- and CSS-powered text editor.

This image appears in the Google Chrome browser when you try to load a Web page and something goes wrong. It has nothing to do with today's Gmail outage, but it did come up when I (appropriately) Googled "sad Google," so I present it to you in this entry ...

In case you hadn't noticed (and if so, I don't know how you managed it), Gmail is dead today.

More than a few people I work with have their various e-mail accounts feeding into Gmail, where they usually read their collected messages in Google's Gmail-reffic skin from wherever they happen to be.

Just not today.

According to the post above from Cnet's DeepTech blog, other Google services, including search, Google Docs, Sites, Calendar and a host of other Googly bits are functioning as normal (i.e. they're working).

This is one of those things that doesn't look good for those advocating the adoption of Google's Gmail and other services under the Google Apps umbrella in the enterprise, including the City of Los Angeles.

We'll see how Google pulls out of this, and how it affects the uptime stats for the Gmail service. And it'd be nice to find out exactly what happened.

One thing's true: It's a pain in the ass to lose access to your e-mail in the middle of the day.

It makes me feel pretty good at this particular moment about POP-ing my mail into Mozilla's Thunderbird ... and keeping my Yahoo Mail account going.

The Daily News has been in the thick of the fight over whether Google Apps — principally Gmail and Google Docs — should be adopted by the City of Los Angeles to replace current systems that are aging and said to be much less than reliable.

Much of the battle is over whether a Web-accessed system for e-mail and document creation (and collaboration) will be as secure as systems with traditional servers. Detractors worry about information being compromised, but others say that Google has a lot more on the ball security- and redundancy-wise than the systems currently in place.

In the past few days, a couple op-eds have run in the paper:

• "Google on Google' Gmail: Why it's good for city hall" by Dave Girouard (president of enterprise for Google)
• "Can Google really protect and serve Los Angeles?" by By Paul M. Weber (president of the Los Angeles Police Protective League)

• Google Apps can work for L.A. Just mind the passwords

I've written about Gmail and Google Docs quite a bit in the past, and regarding their use by entities such as the city of Los Angeles, I'll try to state my opinion a bit more quickly than usual. I'll bullet-point it:

• Lots of organizations are farming out their e-mail to Gmail. Google does a great job with this app. It's different enough in many useful ways from other e-mail clients, both on- and offline, to stand out of the pack. The ability to "tag" messages seems so simple yet borders on revolutionary.
• Google Docs isn't as sophisticated as Microsoft Office. Google Docs does work, and if you're willing to think outside the document-creating box for your text documents, spreadsheets and presentations, it probably handles 95 percent of the needs of 95 percent of the people 95 percent of the time. For "specialty" uses, the city can still install traditional client software such as Microsoft Office or the free OpenOffice. The great thing about Google Docs is that it makes collaboration on and sharing of documents an integral and seamless part of their creation and modification. For an organization like the city, this is a huge thing. Still, I hope the city is prepared to hire a development team to "build out" Google Docs with the many specialized templates that will be needed to make this system work.
• Having Google hold onto the data of the city means much less software and hardware needs to be purchased, maintained and managed.
• This is pretty much the future: cloud-based storage (with top-grade archiving and backup) and network-delivered applications. The city might as well go there now.

It's the announcement we've all be waiting for, one that Google at one point in the past said it wouldn't make.

But it did:

Google will release its own PC operating system, Chrome OS, to leverage the company's Web-based Google Apps and bypass Microsoft's Windows operating system entirely on not just netbooks but every PC platform from the smallest ARM ultraportable to a full Intel-based desktop.

(See CNet's Webware post on the announcement)

In a very-much related move, Google made the symbolic move of removing the "beta" tag from its core Web-based apps for Mail, Docs, Calendar and Talk. Not that anything has changed about those apps in the past day or so, but according to ZDnet, the move from "beta" to what can only be assumed is production-ready status, whether real, imagined or long overdue, makes those applications attractive to the corporate/enterprise customers Google hopes to attract to Google Apps and now the Google Chrome OS.

And while the Google Chrome OS will be based on the Linux kernel, it could very well end what little preloading of other Linux-based OSes is left in the netbook space. Nobody outside of the fanboy contingent knows what Ubuntu (or any other current Linux distribution) is, and that doesn't seem likely to change, my 1,000+ blog posts on the subject notwithstanding.

I haven't made a secret of the fact that I've never really delved into Google's Gmail, even though I automatically have an account due to my much heavier use of Google Docs and previous use of Google Groups.

All that changed in recent weeks due to my ISP DSL Extreme's decision to transfer all of its mail accounts from its own servers to Gmail.

I mainly use my DSL Extreme e-mail address for mailing lists. I have my OpenBSD and Debian mailing list traffic — which can be considerable — on that e-mail address just to keep it separate from the rest of my mail.

I never did like the DSL Extreme Web mail interface, and the fact that it's going away in a week doesn't bother me one bit.

But since DSL Extreme allowed users appropriately extreme flexibility in handling their mail, I've used it consistently, just not in a Web interface.

Instead I've used external mail clients — particularly Thunderbird in Windows — to process the mail, accessing it via IMAP and filtering it into folders that live on the server.

Since the connection to the mail servers can be fully encrypted and of the IMAP or POP variety, I've used my account fairly regularly.

My "lifestyle," whatever that means, makes IMAP work way better for me than POP, which downloads mail to a single computer, and since I'm in front of a half-dozen different computers in different places, POP doesn't work for me at all.

I was worried that the transition to Gmail for my DSL Extreme account would mean that POP and IMAP access would be gone, and I would be limited to the unfamiliar Gmail Web interface only.

But that is not the case. I can read the mail via POP or IMAP with any mail client software, and now I have a lot more space — about 7 GB, even though I can't ever see needing that much.

And I've discovered a few rudimentary things about the Gmail interface that just might have me using it more and more — and dumping traditional mail clients entirely.

Right now, the reason is organization. I've relied on the folders and filters of Thunderbird to bring some semblance of order to the heavy volume of mailing-list traffic I receive.

I'm limited only by the folders themselves. A message can only be in a single folder at a time, and that makes finding things difficult in some instances.

But Gmail uses labels instead of folders, and an individual e-mail message can have as many or as few labels as I wish. So I can, for instance have a message from the debian-user mailing list begin its life with the labels INBOX and Debian. I can delete it if I don't need it, and that's what happens most of the time. But if I want to save that e-mail, I can remove the INBOX and Debian labels and effectively archive the conversation by giving it a Debian Saved label.

The other way Gmail helps me with mailing-list messages in specific, and the rest of my e-mail in general, is by grouping messages that are replies to each other together when I read one of the messages in that particular group. I think this is what Gmail refers to as "conversations," but again, I'm so new at this that I'm unsure of the terminology.

What I am sure of is that this labeling and grouping, which at first looks more than a bit forbidding, is in fact quite useful.

Another thing Google does with Gmail is bring together all of the Google services I use (and many I don't but just might try).

I'm already using the Google Chrome browser to access Gmail, and when I click a link called Sites, I have the option to create secure Web pages, gather information on them and control who has access to them. In short, it's a great, free tool for collaboration over the Web. In that way, it's a valuable extension to Google Docs (also easily navigable to from the Gmail interface), which is already performing very well as a collaborative tool used by many of us at the Daily News.

I'm trying to use Google Docs to bring some kind of order to my own documents. I'll have to get back to you on that one. I finally do have offline access to Docs (via the Google Gears API), and I'm less than impressed with its reliability and speed on my Gateway 1.3 GHz/1 GB RAM laptop. Gears and offline Docs are both still relatively young, so there's plenty of room for improvement.

One more thing: Chat.

Since I've been guesting in the Op-Ed department for the past week and a couple days, I'm not on my own PC, and as a result all my usual apps, from Pidgin to Thunderbird to Notepad++ and Filezilla are not installed.

I did add Google Chrome after Firefox 2 started acting up on me. And on this PC, Internet Explorer 7 has actually been less of a dog than I remember. I did get the installer for FF 3, but I've yet to do the install.

I said I was going to get to chat ... and I am.

Since I didn't have Pidgin, which I use to bring my Yahoo!, AOL/AIM and Google chat accounts under one app, I switched from the "Classic" Yahoo Mail Web interface to the "All-New" version of Yahoo Mail, which is designed to look and act like a traditional local mail client, with drag-and-drop capability.

The reason I haven't been using the "new" interface until now is that its relatively large graphical load doesn't play well with some of my, ahem, older hardware, and the speed of the "old" Yahoo Mail is very much needed on those creaky laptops and desktops.

To make a long story somewhat shorter, I opted for the "new" Yahoo Mail so I could use the integrated Yahoo Messengher client. When you want to chat with one of your Yahoo contacts, all you do is click on their name, and a chat window opens in your mail interface. That way, you can use Yahoo Messenger without needing to have the application installed on your computer.

Now I'm bringing things around to my point, which is Google. Google's chat service — Google Talk — has a "gadget" that mimics a standalone IM applications but can be used on any PC with a compatible Web browser. That way you can use Google Talk from just about any Web-connected PC without worrying about individual clients or Pidgin.

I only have one person who I use Google Talk to IM, so I'm probably better off using Pidgin if I can, but it's nice to see so much innovation in chat from Google and Yahoo. For all I know, AIM has the same capability, but since I've probably checked my AOL mail ... maybe once or twice ... since I first signed up for AIM a few years ago, I know nothing about it. I also remember AOL Mail as offering IMAP and POP to its users, and for that reason alone it might be well worth investigating as a mail solution.

Note: I remember hearing that Google was "rolling out" IMAP access to Gmail users and not granting it to all at once. Since my DSL Extreme account is not part of the regular Gmail throng, I appear to have both IMAP and POP as part of the deal between DSL Extreme and Google.

Summing up: A bit long and rambly, don't you think? I'm just trying to think out loud about how deep I'm getting into the world of Google and its services.

There's been a loud, long argument in the free, open-source software community (and at LXer in particular) about what cloud computing means for open-source software, users, freedom and all of that. For me, the freedom to have my files live in the cloud and be accessed from anywhere I'm networked is trumping almost everything else.

I'd love for the Google Docs interface to get more sophisticated about things like indented paragraphs and smart quotes — two of my typographical pet peeves. The technology is there, since Docs is based on HTML and CSS and can do anything that those two sophisticated technologies allow (and that is quite a lot).

And as I've said more than a few times recently, having the option of working with my cloud-based files either through Web interfaces or via the same kinds of locally based applications we all use today is something I'm very interested in seeing happen. It's kind of ironic that the company I see buying into this concept (although their plans and offerings are presented in such a cryptic way that I can never really tell just what they're planning) is Microsoft.

Yes, Microsoft's dependence on traditional apps like MS Office and the billions it brings them has profoundly affected the company's strategy for cloud-based data and apps. At the end of the day, a melding of local client apps that are not necessarily Web browsers could very well be more efficient than doing everything through the browser. (Or not; it's too early to tell at this point).

The more data we have, from text files to images, audio and video, is increasingly hard to get a handle on. We need help storing, backing up, categorizing and utilizing all of this data. In my mind, it all points to the cloud.

Depending on how you look at it, it's a little "Matrix"-y, "HAL 9000"-ish, "Neuromancer"-like

All I know is that Sun's "The Network Is the Computer" mantra is becoming more true every day. Some of that will be good, some not. And that goodness/other will differ from person to person, application to application and entity to entity.

We won't be limited to the huge cloud providers. There will still be traditional servers everywhere, along with clients in more shapes, sizes and guises than you could imagine. And the lone-PC-in-the-wilderness won't go away, just as paper itself has survived in this most computer-infused of ages.

But the cloud model is real. And it's growing.

Companies that understand this will prosper, others not so much.

Rick Coca of the Daily News had a story on the cover today concerning an FBI warning about hackers who set up their own WiFi router with the same SSID name as the public WiFi router you wish to connect to, with the purpose being to steal vital passwords and other information during your wireless Internet session.

While the article was short and didn't go very deep into the security issues surrounding WiFi and Internet networking in general, and laptop computers in particular, users of WiFi in general and public WiFi in particular need to be aware of what they should and shouldn't do.

The article did say that it's a good idea to have your computer configured to CHOOSE the WiFi router to which you wish to connect, because the consequences could be, for lack of a better word, bad:

Once in, a hacker can steal passwords and credit-card information and install viruses, worms and other malware — malicious software — on a computer that can spread to other systems you run.

(FBI cybercrimes supervisor Bryan) Duchene recommends that Wi-Fi users change their settings so they have to manually input the Service Set Identifier (SSID) they want to log on to.

While free-access seekers spawned the "wardriving" phenomenon — Wi-Fi users drove around with GPS systems and Wi-Fi-seeking laptops, marking locations of unsecured, free Wi-Fi sites — that practice eventually piqued the interest of criminals, Duchene said.

While WiFi does increase the risk of "bad" things happening, and the lack of encryption on almost all public WiFi connections doesn't help matters, I'm pretty confident in saying that if you are entering logins, passwords and other "sensitive" information over a secure connection — one with https:// in the Web address instead of just plain http:// — you are pretty safe, even over public WiFi.

But in cases where your login or password is NOT sent via a secure, encrypted connection, or for regular Web browsing on non-secure connection, it's quite possible that others can see what you're doing on the Internet.

That may bother you, or it may not.

But especially when it comes to e-mail, make sure you are using a secure, encrypted connection, either through a Web-browser interface, or via the settings in your e-mail client, be it Microsoft Outlook, Mozilla Thunderbird, the Apple Mail program or whatever else you're running.

The worst thing you can do is send sensitive information -- or any personal or private information -- via unencrypted e-mail over an unencrypted WiFi connection. That's just too much of a risk.

I've often said that I wish all Internet traffic — e-mail, Web browsing, file transfers, etc. — took place over secure connections. I think we're headed in that direction.

So here's my quick guide on what to do and not do over a public WiFi connection:

E-mail: Only read and send e-mail via a secure encrypted connection. That means if you're using a Web interface, make sure the ENTIRE session, from login and password to composing and sending the e-mail and logging out -- takes place in a secure environment with the https:// in the address box.

For Gmail, you can choose a secure connection with https://gmail.com ... BUT the last time I read about it, your Google login and password is stored as a cookie on your computer for easy access, and it can be easily stolen over a public WiFi connection.

For Yahoo! Mail, your login and password is entered in a secure environment, but the rest of your e-mail session is unencrypted, so don't use Yahoo! Mail over a public WiFi connection.

If you have an office-provided e-mail service via a Web browser, look for the https:// instead of http:// and ask your system administrator about whether your connection is secure the whole way through.

If you use an e-mail client like Outlook or Thunderbird, make sure your e-mail server allows secure connections -- and make sure your client software is set up properly to use it.

There are e-mail services that offer more security. For the extremely paranoid, there's HushMail, but my favorite is Fastmail.fm. Just make sure you use the secure version. I'll also put in a plug for my ISP, DSL Extreme, which offers Web-accessible e-mail in a completely secure session.

Antivirus, antispyware, firewall protection: Whatever you do, and especially if you're using Microsoft Windows, make sure you have up-to-date antivirus and firewall programs. This excellent though aging Washington Post page has links to many vendors of these programs, some of which are available free. For the PC, I prefer Avast. Avast also runs on Linux, although with that operating system you're only likely to pass along a virus, because almost all malicious code is aimed at Windows computers, which are much easier targets.

Web: For Web browsing, if you are on an unsecured connection, it's easy for snoops to figure out the URLs of the Web pages you're visiting. And from there those snoops can see what's on those pages, too.

While it's not conducive to privacy, this might not be a problem, depending on where you're browsing.

But ... if you're entering any logins, passwords or other sensitive information, make sure you're on a secure connection before beginning. AND make sure your computer is NOT set up for file sharing.

To be more clear, if your computer is free of malicious software -- key-loggers that record every keystroke, spyware, etc. -- an encrypted connection should give you enough security over WiFi.

IM is a problem: Most instant-messaging traffic is unencrypted, so don't IM anything you don't want others to potentially see. The last time I checked, Yahoo! Instant Messenger, AOL's AIM and Microsoft's MSN Messenger are all unencrypted.

And do yourself a favor: NEVER, EVER, EVER NEVER, install any kind of software from an untrusted source, over WiFi or a wired Internet connection. That's when the bad stuff happens -- when malicious software makes its way onto your computer. It's easier by orders of magnitude to attack from the inside than from the outside.

WiFi at home and work: Wireless routers that you control at your home or workplace can be set up for encrypted connections only. Don't use WEP encryption because it can be easily cracked. Instead, use WPA or WPA2, which are much, much more secure and robust.

And like it says in the Daily News article, make sure you change the SSID name of your router to something other than the default (usually something like Linksys, Netgear, or the name of whatever company made the router), and also make sure you have your computers set to only connect with YOUR router.

For more on this subject, here are a few links:

• USA Today's Complete Guide to Wi-Fi Security (make sure you read ALL the pages)
• Ask Metafilter discussion on encrypted WiFi
• Coffeeshop WiFi for Dummies
• Using Public Wireless Networks More Safely (from Microsoft)

You think? That's one of the stories out there right now. Makes sense to me: Amazon could definitely use Yahoo as both partner and source of revenue. Amazon could also conceivably tap Yahoo's pool of developers to help bolster the Amazon cloud computing initiative.

And tamping down any mojo that Microsoft might gain in the SAAS (software as a service) and overall cloud computing sector only helps Amazon's own foray into what many people think is the future of computing (though others think it's much ado about little).

Clearly it's good business for Microsoft to buy Yahoo and entrench itself as a firm No. 2 in search advertising. And ... while I'm touting the alleged skills of Yahoo's developers, Yahoo itself is way behind Google when it comes to Web-based applications. Yahoo has nothing like Google Docs and Spreadsheets, nor does it seem to have a Google-like plan to leverage Docs, Gmail and network storage as a fee-based service for the enterprise.

I still think Yahoo Mail has an edge over Gmail, excepting the fact that Gmail can run a totally secure session (which, nevertheless can be hacked into through unencrypted cookies) and Yahoo Mail cannot, but to me Yahoo Mail keeps that edge with usability and functionality ... but ... Gmail offers free POP mail, Yahoo charges for it, and Gmail is also rolling out IMAP, with no similar plan for Yahoo that I know about.

On the other hand, the latest rendition of Yahoo Mail, if run on fast-enough hardware, does an admirable job of mimicking a stand-alone e-mail client. It's the kind of app that makes me think Yahoo can develop a credible alternative to Google Docs if they wanted to do so.

Anyhow, back to business. One of the perils of being a publicly traded company without huge mounds of cash on hand is that somebody like Microsoft can swoop in and buy you when your stock is tanking.

Yahoo is a valuable brand with good core technologies. Given the time, they can manage their way out of this mess. But in today's world, time is scarce.

There are two kinds of tech companies out there: those who would love to be bought by Microsoft, and those who loathe it. OK, there's a third kind: those likely to be threatened with legal action by Microsoft, but I'm getting off-track here.

Remember this, Yahooligans: The Web isn't set in stone. If Yahoo is assimilated, you can always cash out and start something newer and better.

As for Microsoft, the company has never been shy about acquiring the technology and market share it needs in order to survive and grow. They've got the money, so this acquisition is a no-brainer for them. The clash-of-culture thing could be a problem, but for most people, if the checks keep coming (and they don't make people move to Seattle) and they see some kind of mission in their work, many will keep going. If it doesn't go so well, Microsoft parts with cash to crush the No. 2 player in search advertising and effectively assumes that mantle itself.

But letting anybody else -- especially someone with the scale and ambition of Amazon -- get Yahoo, that would only hurt Microsoft's search-ad, networked-application and plain-craven-moneymaking mojo. What's a big load of cash good for when you can't use it to crush your rivals?

Unless Yahoo can somehow find someone, somewhere with a bigger load of ready money or pricey stock, it looks like Redmond will win this round.

And whether the merger succeeds or fails, if it happens at all, it's huge-upside time for the folks in Redmond.

I've blogged before on how Gmail has an advantage over Yahoo Mail -- and most other Web-based e-mail services -- because you can choose to run a totally secure session (by entering the URL https://gmail.com instead of plain ol' http://gmail.com) and feel safe when reading and writing e-mail over public WiFi connections.

Seems it isn't so. According the Zero Day blog at ZDNet, somebody monitoring the radio traffic of your wireless connection can figure out your password through the use of unencrypted cookies with a technique called "sidejacking":

Sidejacking is a term (Robert) Graham uses to describe his session hijacking hack that can compromise nearly all Web 2.0 applications that rely on saved cookie information to seamlessly log people back in to an account without the need to reenter the password. By listening to and storing radio signals from the airwaves with any laptop, an attacker can harvest cookies from multiple users and go in to their Web 2.0 application. Even though the password wasn’t actually cracked or stolen, possession of the cookies acts as a temporary key to gain access to Web 2.0 applications such as Gmail, Hotmail, and Yahoo. The attacker can even find out what books you ordered on Amazon, where you live from Google maps, acquire digital certificates with your email account in the subject line, and much more.

Gmail in SSL https mode was thought to be safe because it encrypted everything, but it turns out that Gmail’s JavaScript code will fall back to non-encrypted http mode if https isn’t available. This is actually a very common scenario anytime a laptop connects to a hotspot before the user signs in where the laptop will attempt to connect to Gmail if the application is opened but it won’t be able to connect to anything. At that point in time Gmail’s JavaScripts will attempt to communicate via unencrypted http mode and it’s game over if someone is capturing the data.

What’s really sad is the fact that Google Gmail is one of the “better” Web 2.0 applications out there and it still can’t get security right even when a user actually chooses to use SSL mode. Other applications like Microsoft’s MSN/Hotmail and Yahoo don’t even have SSL modes. The fact that they use SSL mode for first time authentication and sign-in is irrelevant because they all drop down to unencrypted mode right after the user authenticates.

I don't use my DSL Extreme Web mail as often as I should. It has a secure connection the whole time, and it's primitive enough -- I hope -- not to have these same vulnerabilities. Fastmail.fm, on which I also have a free account, will also do a secure session if you choose "secure login" when signing on.

I'm far from a security expert, but it seems to me that we'd be in better shape if we had the option of running a Web browser in secure-server mode all the time.