FWIW

As an exercise in feasibility, I tried to see whether it was possible to set up a news feed (RSS) without installing an actual (RSS) news reader program *and* also to avoid having to use javascript in the news feed.

I used http://blogsearch.google.com to "find" the feeds and http://my.yahoo.com to set up the feed reader. Turned out to be fairly easy to do. I tested the end result with my LYNX browser, just to make sure that absolutely no scripting was needed in the browser. (However SSL encryption is apparently needed to login to Yahoo, but that is nothing out of the ordinary.)

Since blogging and instant mesaging (and voice chat) are becoming increasingly popular, it's likely that these types of software will come under increasing attack from malware and hackers. So I thought it would be a useful test to see if RSS news reading could easily be done without installing additional specialized software and without using scripting in the browser, which, of course, is relatively insecure compared to pure HTML.

Maybe I've done this before and forgotten about it and this is just a "senior moment", but I hope this may be of some practical use to someone.

David H.

P.S. Of course there may be some privacy concerns in using yahoo and google or any other web portals and search engines, but as far as actual damage to one's data on one's personal computer, this approach to reading of RSS news feeds should be quite safe, at least compared to installing specialized software for the purpose.

Of course, Firefox, Thunderbird, etc. will read RSS news feeds but I think I prefer "dead" links instead of "live" links, I don't want to be "too up-to-date".

David H.

FWIW

As an exercise in feasibility, I tried to see whether it was possible to set up a news feed (RSS) without installing an actual (RSS) news reader program *and* also to avoid having to use javascript in the news feed.

David,

What are the potential problems with running either a standalone RSS reader or an XUL XPI extension (such as Sage or Aggreg8)?

Tks,

David,

What are the potential problems with running either a standalone RSS reader or an XUL XPI extension (such as Sage or Aggreg8)?

Tks,

1. Security-wise: problems probably not big at this time. I don't know if there is a single reader with a big enough market share to make a valuable target for malware/hackers. (It might be instructive to set up a google blog search on this topic, RSS news reader security, just to see what's happening?)

2. By 'extension' , I assume that refers to browser extensions. I assume that as with some other browser extensions one would be susceptible to such problems as incompatibility between different versions of the extensions and different versions of the given browser.

3. Offline reading: I am only dabbling with RSS. If I were serious, I might like to have offline reading capability. Two such offline RSS readers for Windows that I have heard of are Feed Demon and Omea. I have not tried these because 1. Feed Demon is shareware 2. Omea won't run on Win 98.

4. Some of the freeware standalone readers give an objectionable amount of screen space to ads.

I don't really know how well the Google blog search covers blogs and news feeds. For me, it's sort of a lazy man's way to find feeds. Just set up a query in Google blog search and let Google blog search actually become the news feed. I suppose you could consider google blog search's being aggregated by whatever reader (e.g. my yahoo) as a sort of 'meta aggregator'.

There's always the possibility that google's blog search results don't have adequate coverage or are biased. I don't know how to evaulate this. If one knows of individual blogs/feeds of interest, one could always add them individually to whatever aggregator/reader that one is using, just to guarantee coverage of those individual feeds. Then if it turns out that google blog search consistently duplicates them then one could trim either a particular blog search query from one's list of "synthesized" feeds generated by google blog queries or trim individual feeds from particular blogs one had added to the list of blogs to be read with one's news aggregator.

One potential advantage that I could see for using my.yahoo.com web portal as a news feed aggregator is that it would allow me to see other yahoo features that I use on the same web page. As far as I can tell google does not yet have a web portal with an optional built-in RSS news aggregator. I have not really studied this (does google have something like a "my google"?).

If one does a lot of news reading, perhaps it would be good to have an aggregator that can cover a whole range of protocols:

1. RSS

2. NNTP (USENET)

3. Yahoo groups

4. Google groups

etc.?

If one were doing serious research, offline capability would be good, esp. because some online sources might disappear or be intermittent or transient.

My first test run with the google/yahoo combo, I tried with a vietnamese query but it got screwed up because UNICODE is required to represent and query Vietnamese accurately. Which side google or yahoo messed up, I'm not sure. Maybe I'll get that straightened out later.

David H.

BTW, just for test purposes I picked a google blog query of "quantum thermodynamics" (one of marijke's specialties). Came up with some "weird science" in addition to the real stuff :)

David,

Three types then: websites, like Yahoo, standalone readers or extensions designed for one browser or another. I skip the online ones, but I do use three readers. With FireFox, I use Sage. With K-Meleon, I use Aggreg8 and as a standalone, I use FeedReader (v 2.9) which is open source and works with W98.

I've not looked to hard into malware issues except to note that I don't willy nilly add feeds, I manually choose feed sites and then load them up into one or the other of the programs that I use. Have to say I don't use it all that much (yet).

David,

Three types then: websites, like Yahoo, standalone readers or extensions designed for one browser or another. I skip the online ones, but I do use three readers. With FireFox, I use Sage. With K-Meleon, I use Aggreg8 and as a standalone, I use FeedReader (v 2.9) which is open source and works with W98.

I've not looked to hard into malware issues except to note that I don't willy nilly add feeds, I manually choose feed sites and then load them up into one or the other of the programs that I use. Have to say I don't use it all that much (yet).

My assumption is that RSS browser extensions might have as much of a chance of having exploitable security holes as other types of browser extensions (based either on EXE/DLL? or Java?). If so, web portal based readers might have less risk of having security holes.

Of course, using google blog search does make somewhat of a security risk because in that case there may be no human person, such as me or you, doing any evaluation of the trustworthiness of the feed w.r.t. security. So it's a trade-off, my lazy-man way (google blog search) introduces extra risk to myself. Hadn't really thought about it, but that gives me extra motive not to use standalone or extension, at least for my googlized technique.

David H.

I had forgotten that I had tried the web based Google RSS news reader. But to me the Google personalized web start page / portal seems to me to waste screen space and I could not figure out very well how to use the Google web based RSS news reader.

David H.

My assumption is that RSS browser extensions might have as much of a chance of having exploitable security holes as other types of browser extensions (based either on EXE/DLL? or Java?). If so, web portal based readers might have less risk of having security holes.

David H.

My laziness factor doesn't come into play with using online rss websites, like Google or Yahoo. I just don't use them in that fashion. I do, however, look for browsers that don't lie to me about the URLs they connnect to, so I can crosscheck in my head what I'm seeing in the address window with what I know to be the correct URL for a particular site. I've loaded up a relatively small proportion of RSS feeds into my 3 programs. I found the more manual the updating process the better I like it which is contrary to standard procedure out there which seemingly likes having your RSS reader auto update everything. A practice I'm not enamored with.

I found the more manual the updating process the better I like it which is contrary to standard procedure out there which seemingly likes having your RSS reader auto update everything. A practice I'm not enamored with.I don't understand "manual update". Your RSS link is to an XML document which may be static or may be dynamically generated by the site to which the RSS link points. The XML document contains one or more page URL and description pairings. When you "open" the RSS link your browser/reader should check whether or not the document is more recent than the cached version (just like HTML).

Truth be told I have made little use of RSS links to date; was looking at showing a local coffee house how to do one for their live music schedule.

According to the way I understand it, the main additional security risk would come into play when a standalone RSS reader actually renders an article in a blog, as opposed to one of the widely used browsers doing the rendering. That is, there would be the possibility that the standalone reader would have additional security holes above and beyond those holes which may or may not exist in some browser. But if the particular blogs one is subscribed to are really trustworthy then this would be less of a risk.

The additional risk from using google blog search is that the xml list of articles generated by google will include ANY articles from any feeds anywhere that happen to match the search criteria. So if one of those articles was on a news feed on a server that was infected with bad things, then whatever software that attempted to display an article from that server could be attacked. For example, a zero-day exploit of a security hole in IE or FF that had not yet been patched.

Of course, pretty much the same risk is involved whenever clicking a link that goes off the site that one is currently browsing (with a regular browser for example).

So really, about the only advantage security-wise of using a 100% browser based approach is that there is only one piece of software to keep patched, namely the browser itself. (Of course, the OS and plug-ins are another story.)

David H.

David,

Security issues not found in standalone RSS readers is of course a potential problem, since if I understand your argument properly, that big-name browsers would have less security holes since they are being watched more closely by organizations like Secunia.

Not using Google to do RSS, I didn't know that it would pull RSS stories from just about everwhere. My RSS feeds come from less omnibus collections I guess!

Anyhow, I figure that FeedReader, being open source, has the advantage of being under the scrutiny of the "masses" and hence is potentially less vulnerable or at least, subject to faster scrutiny than some of the commercial products out there.

Not using Google to do RSS, I didn't know that it would pull RSS stories from just about everwhere. My RSS feeds come from less omnibus collections I guess!

Anyhow, I figure that FeedReader, being open source, has the advantage of being under the scrutiny of the "masses" and hence is potentially less vulnerable or at least, subject to faster scrutiny than some of the commercial products out there.

Google blog search is beta. Not surprising from Google. It seems to me that for this product to be widely used, they would have to have some way to make sure that it did not serve up article URL's from "bad" servers, at least not often.

I don't have any idea what selection criteria Google uses to choose feeds to scan, presumably the criteria are more or less reasonable in such a way as not to pose large risks.

I tried feedreader once, but I have not used any reader long enough to be really familiar with any. I noticed that a significant portion of the standalone readers seemed to use MS IE to display the articles (which could be a plus OR a minus, depending on how you look at it).

I have not used USENET much for a long time. Depending on the field one is following and upon the rigorousness of the research one is doing, one might want to use a reader that supports both RSS and USENET/NNTP *and* allows offline reading (and archiving). That list of requirement would severely limit the suitable candidates. If I remember right, Omea might do the job, but I'm definitely not doing serious enough blog reading to look into the available so-qualified selection seriously. Perhaps one would want to look into integrating searches of un-blogged online newspapers into such a research system.

Maybe for my next career I'll go back to college and study library science, ho ho ho.

David H.

David,

FeedReader doesn't use IE and it is open source which I like to support where possible. As for UseNet, I use T-Mobile's data cell connection and they block UseNet altogether, so I don't use it anymore at all. <sigh>

David,

FeedReader doesn't use IE and it is open source which I like to support where possible. As for UseNet, I use T-Mobile's data cell connection and they block UseNet altogether, so I don't use it anymore at all. <sigh>

You can "subscribe" by email to USENET groups thru Google groups and get an abridgement or digest each day.

Or you can set up / subscribe to Google alerts by email by specifying the search terms you desire and then picking one of the following areas to search in 1. News, 2. Web, 3. News & Web, 4. Groups. Of course, these 4 terms imply searching in such areas using the respective Google search function.

Of course, there certainly are groups that Google doesn't cover. For example, non-public groups on Yahoo or TAPCIS dungeon.

To give a more specific example, the WATTCP (Waterloo MS-DOS TCP/IP stack development and application) news used to be concentrated on USENET but now that USENET groups is pretty much dead and probably is only getting spam currently. However, WATTCP does have a group on Yahoo.

All the public groups (and groups that may not be public to join to post but nevertheless have public archives to read) on Yahoo can be read as RSS feeds. However, I do not know whether Google blog search covers them.

So even tho' there is no absolutely global source of Internet news, the choice available is still almost bewildering.

David H.