Comments on: Client Version 1.1.0.0

By: Call Graph: record store, share, search, transcribe Skype calls » Blog Archive » HotFix update 1.1.0.1

Sat, 27 Sep 2008 09:50:54 +0000

[...] update fixes an issue with our last update 1.1.0.0 where the migration to Sqlite DB used to fail in cases where the call record name had Unicode [...]

By: Rajiv Poddar

Rajiv Poddar — Fri, 26 Sep 2008 20:27:40 +0000

Please uninstall the Call Graph, download a fresh copy from our website and try installing that. If it does not work drop me a mail directly at rajiv at callgraph dot in.

By: Julio Valencia

Julio Valencia — Fri, 26 Sep 2008 17:20:19 +0000

Hi, I have Windows vista Ultimate with SP1, i’d just installed Call Graph and i receive the following error message “Initialization Failed”.

Please advise.

By: Rajiv Poddar

Rajiv Poddar — Thu, 25 Sep 2008 08:52:37 +0000

We dont open up the whole computer from our embedded web server. It actually does not serve anything other than the requests that can come from our JS. You can try it out for yourself to check.

As we pointed out here, only our JS knows where to connect to the CG web server. Others will have to intercept the URL to know the port number.

The default directory where your records are stored is My Document\My Call Graphs. You can also change it to whatever you like from the config page. We are also planning to introduce a menu item which will open the folder instead of the web page. It will be added in the next release.

By: Saul

Saul — Thu, 25 Sep 2008 08:43:36 +0000

But by providing a JS interface to the CallGraph app you’re essentially letting JS access data on my computer. It doesn’t have to be your webpage it could be a rogue page running a modified version of your own JS and then passing data back to the rogue page’s server via AJAX.

And by the sounds of things you’re making your web-server able to serve the whole of MY computer to a third party website since you don’t know which directory I’m storing the .mp3 files. Normally JS is sandboxed and has no disk access except to cookies so XSS has access to cookies. Yes, Google uses XSS but to access data on ITS own computers, not on my computer. Opening up the whole of my computer to your or rogue servers via JS/Callgraph is not something that is acceptable to me.

By: Rajiv Poddar

Rajiv Poddar — Thu, 25 Sep 2008 08:24:12 +0000

http://crims.callgraph.in/blog/2008/09/the-hybrid-desktopweb-application/

Please have a look and comment.

By: Call Graph: record store, share, search, transcribe Skype calls » Blog Archive » The Hybrid Desktop/Web Application

Thu, 25 Sep 2008 08:08:15 +0000

[...] The end effect is that you seem to be browsing a page on our web server but somehow magically your local data turns up in the browser! Sounds scary right. How did my data end up being on your server? Did we steal it? [...]

By: Rajiv Poddar

Rajiv Poddar — Thu, 25 Sep 2008 06:58:46 +0000

The js only provides a presentation layer on top of the data you have on your hard disk. If you do not want the interface, you can always open your call recordings folder and access your data from there.

On the point of stealing, we do not send any data from the local computer anywhere. Not even our servers. Your private information stays private.

We’ll be putting up a more detailed post on this change and go into the reasonings, pro/cons. Please look it up once its done.

By: saul

saul — Thu, 25 Sep 2008 06:17:21 +0000

Just completely removed Call Graph. Providing a Javascript interface via your website is a security disaster for me as it effectively allows you (or an intruder stealing the JS) access to the contents of my hard disk. Sorry this is private information. Will be warning other Skype users if this doesn’t change.