Just found out about GoogleUpdate, a Google service that installs itself to check for updates to local Google installations continuously. I’m not entirely certain how often it checks, but I’m the kind who thinks checking for updates while the application is running should be enough… Shouldn’t it?

It basically ninja-installs itself as soon as you install a Google application (in my case, after a Google chat trial with David) and doesn’t really have an uninstaller. It came back even after I killed the process and disabled the service, because there were some extensions still active in Firefox; it appears to have given up now.

Some useful links: The invisible GoogleUpdate.exe, How to remove Google update.

It had been a while since I tried out the Gimp, probably a couple of years. Back then, being used to Photoshop, the Gimp’s interface seemed a little too fuzzy for my taste, with a plethora of tool panes that didn’t make much sense. I vaguely remember some instability too, and in short, wasn’t impressed enough with the tool to keep it.

This past weekend, I looked at the progress update on Pixel (dead link at the moment, but a very promising product which apparently found golden angels to finance it at last), and decided to look at alternatives. I quickly stumbled across Paint.net, an Open Source project that’s grown out of necessity, and looked at the Gimp again. I downloaded both tools, but installed the Gimp first (I think I really liked Wilber’s confused look).

It takes a little while to get used to the interface, but it’s been much improved since the last time I tried it. The first immediate stumbling block is how the Gimp handles layers. They’re pasted into a “floating” layer by default, and it took me a while to understand why pasting several clipboards in a row made them all end up collated into the bottom layer. Once I found out that I needed to create a new layer after pasting clipboard content, I ran into issues with the scaling tool, which produced a blank space in the overgrown area; the default highlighting scheme isn’t quite as easy to make out as it should, but I got used to it.

All in all, I was able to get going and do all that I usually do with Photoshop in a rather short amount of time, and was happy to notice all tools are solid and compare with my usual software.

Stability-wise, I only managed to make it crash once, when scaling the color palette to an unreasonably narrow width. In other words, it’s stable enough, and intuitive. Thumbs up.

Didn’t get to Paint.net yet. I blame Wilber.

WordPress has become a standard because of its simplicity and community. With the recent improvements to page handling and permissions system, it has become my tool of choice for dual website/blog installations.

Quite a few providers nowadays offer one-click blog installs as part of their packaged services, to get you going with the least pain possible. WordPress does require you to upload files and fill in a few details during the installation process, but it is, in general, one of the easiest tools to install. I looked at Spip* recently, and was pleasantly surprised to see the installation could be done from a single, small PHP install file to upload on your server.

Of course, php install files are not an option on providers that do not allow PHP scripts to initiate FTP connections; many large hosts offer one-click installs for that reason, and also to link the script to many other services, such as statistics.

Yahoo!, for example, has a one-click install for WordPress, and a checkbox in the administration interface to update to the latest version automatically (always nice to use the latest version, it’s improved all the time). Problem is, I had a case yesterday of a WP blog hosted on Yahoo! that had remained at version 2.0.2, whereas the most recent version is 2.6.3.

In all cases, I prefer to retain control over the tools I use. While one-click installers on regular hosts typically don’t tamper with the installation process, big name providers tend to install quite a few non-standard modules and tamper with paths, which make them harder to upgrade when the time comes.

One small example with the Yahoo! Small Business one-click WordPress installation. Yahoo, for security reasons I guess, doesn’t let you change or even view the .htaccess file. The side-effect, well-known to all Yahoo! users who read the fine print, is that you lose your permalinks if you upgrade WordPress in the standard way. WordPress developers are nice enough to provide workaround modules for such cases.

One-click installs are a nice facility, and I’m sure they work as expected in most cases. As always, look around and see whether people have had issues with a host’s one-click installs. You’re usually better off in the long run if you perform a standard installation.

* By the way, Spip is a support character in Franquin’s Spirou toon albums, a slightly impatient and hazelnut-craving squirrel. Spirou and Fantasio albums were by far my favorite when I was a kid, and I still read them and marvel at the scenario, rhythm and effectiveness of the drawing.

While trying to figure out why my Mom’s iPod wouldn’t update to 1.3, I fired up Wireshark hoping to find out if iTunes was communicating with the old Win2K laptop. It turned out it wasn’t, so it looks like I’m going to have to plug it into the WinXP box to update it (worked last time, cross your fingers for me, please).

But the interesting fact is this: while looking at the updating list of requests and responses, I noticed a call to a Google domain was made, namely sb.l.google.com, in spite of the fact I wasn’t making a search, nor using GMail at the time. The request, of the form GET /safebrowsing/update?client=… came up again a few times.

It turns out Firefox makes use of the Google SafeBrowsing API (sb stands for SafeBrowsing), and calls it at intervals (in the first 5mn after browser launch, then within 15-20mn, then every 25-30mn is recommended) to update a database of domains suspected of phishing. It appears no request is made to the server while you’re browsing, Firefox stores the list locally and checks against it when you request an URL, then adds a warning just under the tabs if a domain is considered untrustworthy. It also pushes data to Google SB when it encounters a website that might be missing in the database.

This isn’t new. The inclusion of the API was introduced in Firefox’s code trunk in 2006, and back then, the Mozilla team pondered whether it would end up serving as a base for anti-phishing. Well, it did. And that’s news to me.

Personally, I have a little issue with this feature. Even if Google does the right thing and totally separates data, Firefox on all my computers essentially tells Google whenever I open and close a browser window. This information is marginal as far as privacy, but it’s yet another piece of personal information that ends up on Google servers.

Moreover, I usually can tell phishing requests rather easily on my own without requiring assistance. I disabled the tool by unchecking the “Tell me if the site I’m visiting is a forgery” option in Tools – Options – Security.

By the way, Wireshark 1.0 has just been released. A great tool to peek into the innards of your system’s communications.