PING ghs.l.google.com (220.127.116.11) 56(84) bytes of data.
When you use federated login, google appengine is behaving as if request came from the same google assets. This is a major hole. However it is recommended you use following login method.
EDIT: Just reported the bug with appengine groups. http://groups.google.com/group/google-appengine-python/brows...
>>> They rolled out a fix at 12:30PT. <<<
Ok will read up on that, thanks for confirming. We still cannot repro the exact issue, however.
Here are our repro steps:
- Inside an Incognito Window in Chrome, created a new Gmail account, signed out, signed in and checked "remember me".
- In another tab, visited wattvision. Clicking my house brings up "wattvision uses google accounts for sign in" log-in window which asks for password.
Thanks for your help and support here!
Incognito mode is not the one you should test with.
UPDATE: We definitely want to fix this, we do not want to surprise or inadvertently sign up users. That's not our intention and we're not that kind of company!
UPDATE 2: Ok it looks like Google has updated their "federated login" http://code.google.com/apis/accounts/docs/OpenID.html since we implemented our login system, so we'll check against that and see what's up?
If anyone from Google is reading this and can comment/help, please email us at firstname.lastname@example.org.
- home page
I went to the last page because I was curious that you had to register _before_ buying.
At this last page I saw my gmail username pre-populated in the form automatically which freaked me out (I didn't even know grabbing a visitor's google account name was possible) and I closed the page, I did not submit (voluntarily) any info. Then within a couple of minutes I got in my gmail account a welcome email.
I think this is way worse than spam, fix asap.
(I didn't even know grabbing a visitor's google account
name was possible)
DTEVMCX16p4&Email=<your gmail address>&Passwd=<your_password>
I am not sure if you wanna do federated login on appengine.
Edit: As of 12:30PM PST, we are now rolling out the fix. This should be relatively instantaneous.
Seriously guys how have you managed to get around Google's protections here? ;)
I think this was just discussed on HN too. There may be better input on that thread.
I'm speculating, of course, but it seems like a real risk to me.
I can only imagine the look on my meter reader's face if he saw a device like that attached to the meter.
One would hope that Wattvision launched(s) an education campaign aimed at the power companies to let them know of this device.
The reference to specific manufacturers is for informational purposes only and does not represent that the Power Monitor has been approved or endorsed by the manufacturer or your local power company.
1) Do not know how large that particular candy bar is. It could be a tiny one or it could be a huge one.
2) I have no idea how large that Reddit toy is.
Wind chill is the effect of cool air passing by a warm object taking away it's heat energy more rapidly than stagnant cool air surrounding the object.
Wind does not cause an object to get colder than the air around it.
$239 for hardware sensor
$8.99/mo for historical data
This is a great product. I'm delighted for you that you've launched it as a shipable unit after what I'm sure was epic work. But you just cannot sell to consumers on a website that look like that. Your homepage consists of a graph, for crying out loud.