I know that there's not much to do about it, but these embedded web view OAuth dialogs always make me cringe. There's no URL bar, there's no SSL indicator, no way to check the certificate of the page it was hosted from.
It would be ever so easy to present a faked Google login page.
Of course, this is just a matter of trust and the issue would be the exact same if I were to just type my Google password into a native username/password form.
Still. What good is this OAuth stuff when it practically provides no security advantage over a traditional native UI? It's as easy for a malicious app to present me with a faked Google OAuth page as it is to just log whatever I type into the native UI which would have the advantage of being easier to use and not requiring any loading time.
OAuth is wonderful between webapps, but I really don't see justification for it with locally installed client apps.
If at all possible, please, please if you are forced to do the OAuth dance, try to make it go via the system default browser! THAT would allow me to check certificates and would be a huge security advantage over any traditional method.
Provided I can trust my browser, but frankly, I trust that much mor than $someapp_i_just_downloaded.
Well $someapp_i_just_downloaded pretty much has free reign to do whatever it wants anyway since it's running locally, and probably even had admin rights at some point during the installation process. If it were malicious then it's already too late to worry about it by the time it's showing you the OAuth dialog.
True, but at this point I would worry more about unapproved access to my Google account (for example) than to my computer... given the amount of personal information Google has about me at this point.
Google search history, Gmail, Calendar, Maps history, Latitude location history from running on my Android phone, Chrome browsing history and bookmarks, ...
If it has access to your computer then it could have access to your Google account. It could for example install a firefox or chrome extension on your behalf like Skype does and that extension would scrape your gmail and google accounts and steal all your data.
The UI thread blocks on network access, and by default it tries to load every feed once per minute, leaving the app completely unresponsive about half the time. Opening article websites in-app is nice, but there's no way to pre-load those sites for faster reading.
This could be a great reader with just a little bit more network programming.
He said he's working on it for 2 years and yet he has cloned Reeder exactly. http://reederapp.com/mac/ I thought that Reeder has changed its name to Caffeinated when I saw the screenshots. This is scary, indeed.
Every time a new Google Reader client comes out I go check to see if it has the "Sort by magic" feature. It appears this app doesn't have it either.
I'm curious if this isn't exposed in the API or if coincidentally none of these apps' developers deemed it important enough to implement.
For those who haven't used it, this feature is really helpful when you don't have time to sort through everything and just want to get to the most interesting things.
The reasons there is no sort by magic is that there would be no efficient way to sync, as you cant store dates of what you currently have if its magic, as all the dates would not be relative to each other, means you would have to grab all of the items every single time you sync. Super bad.
Does sort by magic work for you after the recentish overhaul? For me (and it seems from my searches, for a lot of others) it just ran out of magic pixie dust. When I turn it on, I get a never-ending stream of engadget posts, which is normally not at all what I want nor what I used to get.
I was hoping this would have the feature I can't live without, clicking on the article in the list pane opens the actual article. No mac rss client has this and it drives me nuts ... Its the reason I'm running a 1.5GB VM Ware windows instance with Feed Demon in it.
sigh
PS: This looks and acts an awful lot like Reeder http://reederapp.com/mac/ ... I wonder if its going to cause problems with its developer
It's unfortunate that the icon designer mentions iterating on handles for the cup and how difficult it was because he still got the perpective (and color) wrong.
It does a good job at exposing how bad the B&W sidebar in Lion. The top half of Caffeinated' sidebar is B&W to match Apple apps, the bottom half is colorful as it should to provide color cues (the ones in the article's screenshot wouldn't need them though). Looks really unbalanced IMHO.
It's just the usual HN selection bias--Mac apps appear disproportionately frequently. A cool Windows or Linux only app wouldn't get the time of day from the large Mac-using HN contingent.
Also, for whatever reason, the majority of open source Linux programs are actually cross-platform, whereas Mac developers seem to have no compunctions about only supporting a single platform.
Which just underlines his point. Feed Demon is functional all right, but I would not call it cool. In fact, I usually prefer to use my smartphone instead of Feed Demon.
It would be ever so easy to present a faked Google login page.
Of course, this is just a matter of trust and the issue would be the exact same if I were to just type my Google password into a native username/password form.
Still. What good is this OAuth stuff when it practically provides no security advantage over a traditional native UI? It's as easy for a malicious app to present me with a faked Google OAuth page as it is to just log whatever I type into the native UI which would have the advantage of being easier to use and not requiring any loading time.
OAuth is wonderful between webapps, but I really don't see justification for it with locally installed client apps.
If at all possible, please, please if you are forced to do the OAuth dance, try to make it go via the system default browser! THAT would allow me to check certificates and would be a huge security advantage over any traditional method.
Provided I can trust my browser, but frankly, I trust that much mor than $someapp_i_just_downloaded.