January 24th, 2004

disbelief

Yep, certainly not Google.

So I recently posted about Orkut, the new Friendster clone that people are attributing to Google, but which I think is just the private project of one Google employee.

A couple of people on #unix joined with fake names to take a look around and generally get in the way. (One was Jesus Christ.) To no-one's surprise both were suspended, but it turns out that their UIDs were both later reused for new users! As if this weren't enough -- what if you suspend someone accidentally? -- it turns out their deletion doesn't work deeply, and those new users who inherited the suspended accounts' UIDs also now have the (offensive!) communities that the #unix guys created attached permanently to their accounts!

Not a chance that this stuff is directly Google-run.

Also, I just checked the owner of the network that Orkut is located on -- it's on the /28 Cogent has allocated to Weather Underground, and not in the /19 directly allocated to Google.

Even better: You can see in their Netcraft entry that the server, which now only returns "orkut", originally returned "Orkut's Palace of Love". Well, colour me disturbed.

Edit: Some other findings thanks to #unix:

 
  <cstone> fans, interestingly, are tied to username, not uid
  <cstone> when i created another account with my original username, 
                 i got 16 fans instantly

  <Mennonite> I already tested making new accounts with dodgeit
  <Mennonite> You can "recycle" the same invite URL over and over

  <cstone> i'm certainly not going to bother refriending 50 people again
  <cstone> when they reset it briefly all of that state was lost in the 
                 account i took back [from the reused UID]

  <mr_bill> BOFH community (-6 members)
And cstone still has a session open as the UID that was deleted and then recreated, and can change the new user's password out from under her.
  • Current Music
    Belle and Sebastian -- Dear Catastrophe Waitress