>Are you really trying to imply that Google does shitty software?
I'm happy to make that argument. We are talking about a site with user comments that allowed unescaped HTML [1].
One of the frustrating things about using Google services is that over the years it has become apparent what a mess the user accounts backend is. There must be a dozen or more different 'types' of youtube accounts (depending on age, if they opted in or out of various levels of gmail/g+ integration over the years etc), so it's no wonder the attempts to consolidate and merge that mess has been so buggy (although I can see why they are desperate to simplify the situation). With the high staff turnover at Google, who at Youtube still remembers the difference between an account that opted to be tied to a gmail account in 2009 and one that didn't? (I think at some point that latter became impossible; I seem to remember that I lost access to my oldest YouTube account because I kept refusing to provide email and/or phone number information and in the end they just killed that type of account).
It says a lot. It's a fundamental mistake of such egregious proportions that it indicates a complete failure of processes. How did the hiring process accept people that don't understand the basics of web security? How did the management allocate them in a position to write frontend code for one of the largest sites on the web? How did the code review, security audits and static analysis fail to catch such a basic mistake?
I'm sorry if you work at Google and feel personally insulted by this, but Google have put out a lot of crappy software. Good software too, but your original argument seemed to be that Google is so magnificent that they don't have any shoddy products at all, and the very idea was unthinkable. That is clearly false.
1. I never stated that Google software is magnificent. I stated that it is ridiculous to judge a corporate giant with thousands of engineers by pointing to a bad bug created by one team.
2. I do not work at Google anymore. And my view of the company is worse after my employment there. But I reserve my criticism for issues that I consider to be really important like NSA spying or limiting keyword search data to website owners.
3. I feel personally offended with all the emotional FUD that is going on what is assumed to be one of the best discussion forums on the internet.
I'm happy to make that argument. We are talking about a site with user comments that allowed unescaped HTML [1].
One of the frustrating things about using Google services is that over the years it has become apparent what a mess the user accounts backend is. There must be a dozen or more different 'types' of youtube accounts (depending on age, if they opted in or out of various levels of gmail/g+ integration over the years etc), so it's no wonder the attempts to consolidate and merge that mess has been so buggy (although I can see why they are desperate to simplify the situation). With the high staff turnover at Google, who at Youtube still remembers the difference between an account that opted to be tied to a gmail account in 2009 and one that didn't? (I think at some point that latter became impossible; I seem to remember that I lost access to my oldest YouTube account because I kept refusing to provide email and/or phone number information and in the end they just killed that type of account).
[1] http://arstechnica.com/tech-policy/2010/07/pranksters-have-a...