Archive for the 'Google' Category

Searcher browser stats

Saturday, May 28th, 2005

Even though the majority of visitors to use Gecko browsers, I can get a rough idea of general browser usage by looking at what browsers visitors are using when they find my site by searching for certain terms. Stats for some search terms that drove many users to my site between April 23 and May 27, sorted by percent Gecko:

Engine Search phrase Hits IE Gecko KHTML Opera Other
Googleburning edge87211%82%6%2%0%
Googlefirefox nightly64911%80%6%2%1%
Yahoo videoterry tate26294%5%1%0%0%
MSNfree porn1341297%2%0%0%0%

I did something similar last July.

Tools used: Analog to identify popular searches, search-uas.bat, make-search-ua-table.html, "View Selection Source" feature in Firefox, "sort table" bookmarklet.

List of security holes I’ve found

Thursday, May 5th, 2005

I have compiled a list of security holes I have found in Mozilla and Google products. Most of the holes I've found in web sites could be found without much thinking by anyone who has read my security tips for web developers. The security holes I find in Mozilla tend to be more interesting and clever.

Google Adsense doesn’t like Adbar

Tuesday, March 8th, 2005

From: Google AdSense
To: Jesse Ruderman
Subject: Google AdSense Account Status
Date: Tue, 8 Mar 2005 21:56:17 -0800

Hello Jesse,

We regularly review sites in the AdSense program for compliance with our program policies.

While reviewing your account, we noticed that you are currently displaying Google ads in a manner that is not compliant with these policies. We've noted that you are in violation of the following program policies on

- We've found that you're displaying Google ads in a manner that does not comply with our program policies. According to Google AdSense program policies, no Google ad or search box code may be pasted into any software application, even if it is modified to not show ads through your AdSense account. In order to comply with our policies, please remove the Google ad code from the software provided in your site.

Thank you for your understanding. Once you've made the necessary changes, please reply to this email so that we may review your account again.

We also suggest that you take the time to review our program policies ( and Terms and Conditions ( to ensure that all of your pages are in compliance.


The Google AdSense Team

More Google changes

Wednesday, January 26th, 2005
  • The maximum words per query has increased from 10 to 32.
  • If you click a word in your query, it now takes you to instead of shows not only dictionary definitions but also thesaurus entries, encyclopedia and Wikipedia articles, and several other sources of information.

Google expands some acronym searches

Monday, January 17th, 2005

A search for np tree turns up a lot of hits for Joshua Tree National Park, with the phrase "National Park" bolded in page titles and snippets. This doesn't work for all searches involving the term np -- for example, it doesn't work for a search for np by itself. How new is this feature? What other acronyms does Google expand?

Firefox first suggestion for “f”

Friday, December 10th, 2004

When I type "f" into Google Suggest, the first suggestion is "Firefox". Nice. Does that mean Firefox is the most common search starting with "f", or are there other factors that affect the ranking?

My impressions of Google Desktop Search

Friday, October 22nd, 2004

Google Desktop Search is useful enough for me to keep it installed, but I wouldn't say that it works well.


  • The file I'm looking for is often missing from Google Desktop Search's index. Even the filename is missing. I can't tell if it decided to skip the file because of its extension, contents, location, or changed-on date. Sometimes touching the file gets it indexed, but sometimes it doesn't.
  • It "caches" old versions of files often enough to take up disk space unnecessarily, but not often enough that I can rely on it for a revision history when I break something.
  • Since Google Desktop Search is slower than, leaving "Show Desktop Search results on Google Web Search result pages" checked makes it slow down web searches.
  • It gets much slower if I add num=100 to the URLs. A search with num=100 usually takes 3 seconds. This would be ok if it streamed the results, but I just don't see anything for 3 seconds. (There's no UI for adding num=100, so it's not really fair to complain.)


  • "Show Desktop Search results on Google Web Search result pages", which is checked by default, elevates any XSS hole in to a read-my-files hole.
  • Google Desktop Search uses an interesting scheme to mitigate XSS and CSRF holes: it includes a hash in every URL, even the root. The hash includes the path and sometimes includes the query parameters. If the hash is missing or doesn't match, it returns "Invalid Request".
  • Clicking a link to an .exe file in search results runs it without any warning.
  • The web site doesn't mention the current version number. The program doesn't have a "Check for upgrades" link, and if checks automatically, it makes no indication of that fact.
  • Any web page can detect whether you have Google Desktop Search running by loading an image (or perhaps any URL) from
  • The index is stored in a predictable location. "File upload holes", which let sites read your files if they know the filenames, are common in web browsers. File upload holes that require no user interaction are usually fixed quickly. But file upload holes that do require user interaction are not always fixed quickly. Two file upload holes requiring user interaction that I reported in 2000 are still present in IE and Firefox.

New Firefox extension: Search Keys

Friday, October 15th, 2004

Search Keys lets you go to search results by pressing the number of the search result instead of clicking. You can press 1 to go to the first result, Shift+2 to open the second result in a new window, etc. It works with Google, Google News, Google Groups, Google Desktop Search, and

Update Oct 16, 2004: The shortcut for opening in a new tab is now Alt+N on Windows and Mac, to avoid conflicting with the Ctrl+N shortcut for switching tabs. It is still Ctrl+N on Linux, which uses Alt+N for switching tabs.