Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Collections, a fast multiple-account Google Docs client for Mac (collections.me)
196 points by jordanlee on July 13, 2012 | hide | past | web | favorite | 96 comments

A desktop client for a web app that replaced a desktop client. Amazing!

He should use this exact phrase on the website. Sarcastic marketing FTW.

I won't pretend I'm not tempted.

A few years from now, you'll be bought by microsoft to replace Office.

Reminds me very much of javelin.js's tone. If Facebook engineers can do it, why can't you? https://github.com/facebook/javelin/

do it!


This is a great example of a Minimum Viable Product. It has just enough features to be useful (multiple accounts, search, editing) and no more. From the website, they have plans to iterate quickly, with the help of what I'm sure will be a lot of feedback from the initial release. This kind of discipline in feature selection is admirable, and something we should all strive for in app development.

My only critique is that in the new user dialog, the app showed a screenshot of adding an account _before_ the screen where you could actually add an account. I found this a little confusing (why can't I click to add my account now?). I wouldn't mind seeing that screenshot after adding my first account to let me know how to add another.

psql -h ec2-107-22-171-68.compute-1.amazonaws.com -p 5732 -U u1npugarlguimh -d ddbs2kvmqeieon

Since DEBUG=True, finding the password is left as a trivial exercise for the reader. I wouldn't trust the service until they fix the issue.

Hi thomas-st, thanks a lot for bring this up. we just fixed the issue and changed credentials on the server as well. All transmission also happen securely through HTTPS and contents are only stored on Google's server, not ours.

Actually, your Postgres credentials still work. I am currently able to connect to the database and I can still view people in the role I grabbed.

I'm not sure how to validate that this is still timely, though... oh, I created a table:

public | hacker_news_1342216769 | table | ruwdncbzdkulsh

With the current timestamp. So, if you changed anything, it hasn't actually taken effect in the part that matters -- the exposed database.

thanks xb95, it took a minute to take effect, but issue is now fixed.

As of right now, 3:16 PM PDT, I can still connect to (one of) your Postgres databases.

    # psql --host=ec2-23-21-85-231.compute-1.amazonaws.com --port=5432 -U ruwdncbzdkulsh dc6jnvg2ce8qim
    Password for user ruwdncbzdkulsh: 
    psql (9.1.4)
    SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
    Type "help" for help.
    dc6jnvg2ce8qim=> SELECT NOW();
     2012-07-13 22:17:51.821052+00
    (1 row)

Hi Xb95, we first removed the heroku add-on and thought that it would automatically destroy the database, but that turned out not to be the case. So what we did to fix the issue was purge all of the tables from the database. Now the credentials still work, but they reach an empty database without any content. We're working on revoking the access token for all affected users right now. Thanks for helping us through this.

I have confirmed that there is no longer any data in the database I can connect to. Thank you for taking care of this.

/xb95 rides off into the sunset.

You should also notify any users who already signed up and stored their access token in the database.

Hi Thomas, just following up on this. After fixing the security issue, we revoked access for all of the potentially affected user accounts and emailed users individually to apprise them of the situation and the steps we took to address it.

Since you store the Google auth_token couldn't anyone with access to the database also gain access to sessions?

We've turned off debug mode and reset our database credentials. We are looking through the database server access log right now and going to make sure that 1) all connections were made from our own servers and 2) users in the timeframe affected will be notified of the issue and guided to resolve it as soon as possible

It's also good practice to disallow all public traffic to your db instances on your firewall. AWS's security groups make this really easy to manage.

Dur.... everybody should revoke their OAuth tokens immediately if you've used this app

How did you get that info and how would I prevent this from happening?

Don't deploy Django apps with DEBUG=True in production. Or more generally, don't let your production environment spit our error messages with debug information that reveals internals of your app.

Hi --

I suggest you not use this app right now. It is currently throwing up debug pages that include information that allows someone to connect to Postgres and dump the database containing information about your documents.

App developers -- please update your Heroku settings and/or turn this off immediately. You are exposing confidential company information to the wild.


Hi xb95, thanks for alerting us to the issue we've turned off debug mode and reset our database credentials. We are looking through the database server access log right now and going to make sure that 1) all connections were made from our own servers and 2) users in the timeframe affected will be notified of the issue access token revoked immediately.

This is fantastic and solves a huge pain point. Google docs is a crutch for most people, but the interface and accessing it is generally terrible. The onboarding was simple. This is a good start, I'm looking forward to what you guys do next. As for feature requests, I'd like to see collapsible sidebars, the real estate on the editing is a bit small. Good luck guys!

This is awesome. Navigating Google Docs is the worst. But PLEASE do away with the preview mode. I don't want to have to click edit all the time, and I don't really lose anything by just always having the web view.

That and get a nicer app icon :p (seriously)

At least for spreadsheets get rid of it. I could see it being nice to remove all the junk chrome that Google puts around docs though. But if I'm viewing a spreadsheet, not being able to add to cells is useless.

Try double clicking on either the preview or the list of documents. That will get you into the edit mode right away without having to click on the edit button

awesome thanks!

also, if anyone wants a nicer icon i made @mattrossi's dribble shot (http://dribbble.com/shots/530208-Google-Drive-FREE-PSD?list=...) into an .icns file you can easily replace: http://dl.dropbox.com/u/8875810/google-drive-icon.icns

One small criticism... Calling your app "Collections" leads to some ominous looking emails when you contact customers: "This is Mike from Collections" makes me immediately feel like I've forgotten to pay a bill.

Kind of confused by this heroku error message I received? Are you storing my gmail credentials on heroku? When I tried again I have a google /looking/ login screen?


I haven't used this so I'm not sure what's going on, but I believe OAuth involves a redirect back to servers controlled by the third party to actually do something with the authentication token. This doesn't strike me as necessarily fishy.

I guess I don't understand why they even need to store anything on their servers?

Hi bdittmer, we don't store any of your content, nor any of your passwords. We only store meta data that describes the organization of your documents and do so server-side so that we can add features in an upcoming release that we otherwise wouldn't be unable to add.

Storing stuff? Isn't that what my hard disk is for? If I wanted a cloud solution, I'd just log into Google Docs directly.

I would have thought the whole point of an app like this is to take advantage of the benefits of native UI, not to add yet another point of failure.

Got it. You guys should read up on iCloud :)

You need to be way more transparent about what you're storing and why - a native client app implies nothing in the middle.

I think they are mimicking the Google Login page and just saving your username/password. Seems damn fishy to me.

no. these guys are legit. they work in our sandhill office. They're not out to steal your login credentials.

If they're legit, why are they not using oAuth?

We are using Google's oauth2 protocol. No user password is stored or even ever transmitted to our server.

Well I'm not at a Mac so I can't confirm but it's unfortunate to see such misinformation in this thread. I apologize for repeating it, I was too trusting of other comments.

Since you are framing in the login with webkit, why not show the URL as well? User's need to see htts://google.com or they'll assume it's a phishing attack.

How is this actually any more secure? It's pretty easy to display a legit (but "fake") URL while your phishing form is displayed in the webview.

Offline editing would be a killer feature.

Super nice, but I worry about the slower webkit in webview. If it is much slower, you would get a better experience in the browser, despite the nice UI additions in this app.

Why would an embedded web view be slower than Safari on a Mac? Mac OS doesn't have the restrictions on generated code that iOS does.

This is the case at least with apps from Mac App Store. Safari uses WebKit2 which is a private framework. If you want to ship your app on Mac App Store you have to use WebKit1 which does not support split-process model. Flags that enable GPU accelerated compositing are also private on Lion.

Plus he could always embed WebKit or Chromium.

I know that this isn't really related to the application, but anyway... Please, don't let the browser scale the images for you. I don't like opening a site, and seeing something like this (http://sadpanda.us/images/1078451-DUYING8.png).

Beside that, this client seems something really awesome, especially the ability to easily edit docs from different accounts.

What browser are you using? I thought modern browsers did a better job of scaling. Chrome does, at least.

Firefox. Yes, it's a know problem and there is already a patch, but as always is taking forever to get approved. And yes, Chrome do a better job, but still it doesn't look totally right.

Firefox uses a faster(worse) scaling algorithm than Chrome. Besides, it consumes extra bandwidth for 97% of users.

Hmm. Dunno if it was syncing, or what, but it just sat there consuming CPU (170% across both cores) for a while. Finally killed it.

Last semester I did a big group project using Google Docs but we kept running into an issue where the spacing was different on everyone's computers. The title page would look perfect on one computer and overflow to the next page on another. This was in Chrome on OS X and Ubuntu. It really made me pine for native apps.

I recently did a small group project in which we shared a .doc on dropbox between users on Windows and Ubuntu. We had the same issue, as well as disappearing page numbers and other spooky trivia. Multi-user document editing is hand-wavy art at best.

One of my favorite things about this is its presentation. You've placed your app in something that people lust after (a macbookair) and then something 'cool' inside of that (x-men).

Probably more compelling than a screen shot of a spreadsheet or a table, I bet it triggered an "I WANT THIS" reflex that I wasn't consciously aware of.

I love it. I have three different Google accounts I use for docs and being able to not have to open up a new tab just to see the other docs is worth the download. The only thing I'd want is a little bit less agnosticism about which docs belong to which accounts.

Curious, why did you use a bit.ly url for the app? Shortened urlsm have their places, but I'm a little leery of them,. (http://bit.ly/MlUfJm)

Awesome! Now I don't have to switch accounts! Sparrow for Google Docs. Now make an app for iphone! It's annoying to open webpage to access google docs on iphone :/

An error occurred in the application and your page could not be served. Please try again in a few moments.

If you are the application owner, check your logs for details.

I think this is brilliant. There may be concerns about speed, but I think that for now the convenience and features should overcome that.

Looks like this app is getting lots of traffic. FATAL errors abound.

Looking forward to this. Anyone know a reason it can't support offline editing?

Great idea, just wish it wasn't crashing on me. Also the security issues which the others have are a bit of a worry.

I should add the error I'm getting is:

"An error occurred in the application and your page could not be served. Please try again in a few moments.

If you are the application owner, check your logs for details."

This happens when I clicking allow on the oauth permission screen.

They use Google Docs for the bug/feature submission pages. For some reason, that tickles my funny bone.

Great! All I felt was lacking were some options on how to sort the documents in the sidebar.

Right click in the list of documents and you'll see the option to sort by title, date created and date last modified. Let me know if this is helpful.

An icon to access the sort menu would make the interface a little easier to use. Context meus are nice, but they should be a shortcut to an action rather than the only way to trigger it.

I also noticed that the search box only searches document titles. It would be nice to have it filter document titles as you type, and then perform a full-text search when the user hits enter (like Google's online Drive search).

Awesome app, keep up the good work!

Ah. Yes, that was precisely what I was looking for. It wasn't very obvious though, so you might want to add some more visual ways to make the user aware that the option exists.

Couldn't get past clicking next.

Application Error An error occurred in the application and your page could not be served. Please try again in a few moments.

If you are the application owner, check your logs for details.

FATAL: too many connections for role "ruwdncbzdkulsh"

Django DEBUG = True

Yep, same here... Appears that the app is getting limited on it's connections to google.

Yes I get the Heroku error page too. I believe this can be crowdfunded very well.

The quotes might seem like a good idea but they're actually just obtrusive.

This is awesome. Are there any plans to port this to other platforms?

Thanks! There certainly are, but not for a little while. Which would you prefer we support first?

Personally, I would love a native Linux version. Especially since there's no official Google Drive client currently available for Linux.

You might want to try out GWOffice. Does nearly the same, I guess.

I second that.


Windows, obviously.

ignore if you're still using snow leopard. requires 10.7. (boo)

Oh and Thank You!

love it!


Why is it free? Take money for it.

Probably not a good idea for a beta release...

It's still beta. I guess he would charge for it when it reaches 1.0 (and he should).

Good work guys, i tried it but...I don't really understand why do we need a desktop client. With google drive all the documents/colelction are available offline and accessible with one click from spotlight "cmd+space -> name of the document - et voilĂ "

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact