Friday, August 28, 2009

[Gd] Dev Channel Update: Linux true 64 bit, Crash and Bug Fixes

| More

Google Chrome Releases: Dev Channel Update: Linux true 64 bit, Crash and Bug Fixes

The dev channels for Windows and Linux have been updated to 4.0.203.2.

  • All Platforms
    • [r23666r23790r23988] Fix some hangs/crashes. (Issue: 165121687118217185211971019860)
    • [r23668] Fix hang with video and audio tags. (Issue: 19276)
    • [r23670] When SafeBrowsing alerts for a page, don't allow that page to redirect until after the user has dealt with the alert. (Issue: 6442)
    • [r23754r23937] Prevent time/slider from jumping around during and after seeking in video and audio tag content. (Issue: 19396)
    • [r23859] Reduce Omnibox flicker. (Issue: 18369)
    • [r23965] Unicode text could sometimes produce garbled Omnibox dropdown entries. (Issue: 5490)
    • [r23967] Fix problems with plugin z-order. (Issue: 15840)
    • [r24033] Fix a crash on Windows and Linux. (Issue: 17569)
    • [r24151] Fix regression (since Chrome 2.0.172.1) where some gzipped files (e.g. script) were not unzipped before evaluation, making them unusable. (Issue: 16430)
    • [r24170] Faster startup with custom themes. (Issue: 18768)
    • [r24179] Graphical errors with some themes. (Issue: 20139)
    • [r24189] Problems with video/audio tag playback and looping at rates other than 1.0. (Issues: 1985619105)
    • [r24192] Properly align cursors used for middle-mouse-autoscroll with the original click location. (Issue: 6173)
  • Windows
    • [r23915] During uninstall, if Chrome was the default browser, prompt user to choose a new default. (Issue: 14023)
    • [r23849] Fix clicking/noise when playing video/audio tag content with 48 or 96 kHz audio. (Issue: 17940)
    • [r24198] Remove "Clear browsing data" and "Import bookmarks & settings" from Tools menu since they are now available in the Options. (Issue: 20137)
  • Linux
  • Extensions
    • [r23675] Fix some issues around re-enabling disabled extensions. (Issue: 12140)
    • [r23676] Async extension callbacks now always fire and set chrome.extension.lastError on error. (Issue: 17381)
    • [r23739] Beginnings of localization support. (Issue: 12131)
    • [r24223] Unconditionally enable HTML5 Database and Local Storage support for chrome-extension:// pages. (Issue: 19511)
    • [r24231] Crash fix. (Issue: 15888)
  • Known Issues
    • WebInspector's Elements Panel is blank for some sites. (Issue: 19850)
    • Control key misbehaves in omnibox on Linux (Issue: 20166)
    • Chrome for Linux not fully themed with GTK+ theming.
    • Moving a tab in Chrome 64 bit for Linux always detaches the tab.  (Issue 20513


More details about additional changes are available in the svn log of all revisions.


You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt
Engineering Program Manager

URL: http://googlechromereleases.blogspot.com/2009/08/dev-channel-update-linux-true-64-bit.html

[Gd] PDFs, Revisions, Folder Sharing in the DocList API

| More

Official Google Data APIs Blog: PDFs, Revisions, Folder Sharing in the DocList API


You filed features...we listened!

Today, we're pleased to announce Version 3.0 of the Documents List Data API, which includes PDF upload/download (the most requested feature on our issue tracker). V3 also introduces a slew of new features, such as folder sharing, domain and group level ACLs, document revision history, and feed URIs that are more user friendly and RESTful. For example:

Fetch ACLs: GET /feeds/default/private/full/<resource_id>/acl
Fetch revision history: GET /feeds/default/private/full/<resource_id>/revisions
Fetch folder contents: GET /feeds/default/private/full/<folder_resource_id>/contents

We've also made improvements to the API's latency and stability -- a major request by users over the past several months. We're hoping this latest version will allow developers to create even better and more interesting integrations with "The Cloud".

For the full list of features and deprecations, check out the documentation and API release notes. If you're a Java developer, there's an updated Java Developer's Guide and sample app . A new version of the Objective-C library is also available. Look for updates to the other client libraries and developer guides in the coming weeks. If you have questions, please visit us in our new developer forum.

Version 3.0 resolves the following issues: 591, 1132, 923, 1099, 1368

Posted by Eric Bidelman, Google Docs Team
URL: http://googledataapis.blogspot.com/2009/08/pdfs-revisions-folder-sharing-in.html

[Gd] New features in 1.2.4

| More

Google App Engine Blog: New features in 1.2.4

When we released version 1.2.4 of the SDK earlier this month, a couple of new features were released that didn't quite make it into the release notes. We think they're really cool features, so we wanted to take the time to highlight them.

The first feature is that when logged into your app as an administrator, App Engine will include a couple of extra headers in all the HTTP responses it sends you. As an example, here's what I see in Firefox's Live HTTP headers plugin when I load my blog:


X-AppEngine-Resource-Usage: ms=293 cpu_ms=500 api_cpu_ms=236
X-AppEngine-Estimated-CPM-US-Dollars: $0.012320

The first header tells me that it took 293 milliseconds to generate the page, and 500 CPU milliseconds were consumed, of which 236 milliseconds were spent doing API calls - such as accessing memcache or the datastore. The second header tells me that App Engine estimates that serving 1000 requests like this one would cost about $0.01 if I was above my free quota - not bad!

You can view these headers using plugins such as Firefox's Live HTTP Headers or Firebug. Note that only logged in administrators see these figures - ordinary users, and users who aren't logged in, won't see them at all.

The second new feature is that we've enabled 'wildcard' domains for App Engine apps serving off appspot.com. What this means is that you can now create multiple subdomains for your App Engine app, and have them all served by the same application. Thus, your users can access 'myapp.appspot.com', or 'developer.myapp.appspot.com', or 'news.myapp.appspot.com', with your app deciding how to handle each request. No setup is required to use the wildcard domains - simply configure your app to serve up requests to these subdomains however you wish. You can detect which domain a user requested by looking at the 'Host' header in the incoming request - for example, in Python's webapp framework you can access this with self.request.headers['Host'].


Posted by Nick Johnson, App Engine Team
URL: http://googleappengine.blogspot.com/2009/08/new-features-in-124.html

Thursday, August 27, 2009

[Gd] Beta Channel Update

| More

Google Chrome Releases: Beta Channel Update


The Windows Beta channel has been updated to 3.0.195.10.  

In addition to stability fixes, this release contains updates for the new tab page, the omnibox, and themes support.

You can install the current Beta channel release from 
http://www.google.com/intl/en/landing/chrome/beta/.

Known Issues:
  • There is a known issue, 20452, that the themes gallery does not recognize the new version of Chrome.  This issue is purely aesthetic and in no way affects a users ability to download themes from the gallery.

Anthony Laforge
Google Chrome Program Manager
URL: http://googlechromereleases.blogspot.com/2009/08/beta-channel-update.html

[Gd] AdWords API v2009 (beta) now available to all advertisers

| More

AdWords API Blog: AdWords API v2009 (beta) now available to all advertisers

Today, we are pleased to announce that AdWords API v2009, which we released to a limited whitelist in June, is now available to all API users! Compared to previous versions of the AdWords API, v2009 offers you new features and greater speed at a lower cost. 


Because it offers nearly all of the campaign management functionality you're used to from the AdWords API, along with a new rate sheet representing lower costs, now is a great time to start developing for v2009. Over the next couple of months, we'll be releasing more functionality like asynchronous calls, partial failure acceptance, keyword optimization tools, and reporting.

To get started writing code for v2009, check out the developer documentation on the v2009 homepage. Additionally, we have a v2009 sandbox available to all users for experimentation and testing. The sandbox doesn't charge for API units, and all you need to access it is your current Google Account username and password. Beforehand, read up on sandbox best practices.


Because there are significant changes between v13 and v2009, we've extended the length of time that we'll support both versions. Our plan is to retire v13 in early 2010, and we'll share exact dates within the next couple of months. In anticipation of retiring v13, we strongly encourage you to begin development for v2009 as soon as possible. We're still working on making v2009 better, so this is also a great opportunity to provide us your early feedback.

Best,

John Fitzpatrick, AdWords API Team
URL: http://adwordsapi.blogspot.com/2009/08/adwords-api-v2009-beta-now-available-to.html

Wednesday, August 26, 2009

[Gd] Final Results for our Fifth Google Summer of Code

| More

Google Code Blog: Final Results for our Fifth Google Summer of Code

We've just finished collecting final evaluations for our fifth Google Summer of Code, our flagship program to introduce college and university students to Open Source development practices. With nearly 3,000 mentor and student participants this year alone, this global initiative has brought together thousands of developers worldwide for the past five years, all for the love of code. For more details about the final results of Google Summer of Code 2009 and information on when to find the source code produced by this year's crop of students, check out the Google Open Source Blog.

By Leslie Hawthorn, Open Source Team
URL: http://googlecode.blogspot.com/2009/08/final-results-for-our-fifth-google.html

Tuesday, August 25, 2009

[Gd] Stable Update: Security fixes

| More

Google Chrome Releases: Stable Update: Security fixes


Google Chrome 2.0.172.43 has been released to the Stable channel to fix the security issues listed below.

CVE-2009-2935 Unauthorized memory read from Javascript

A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code.

More infohttp://code.google.com/p/chromium/issues/detail?id=18639 (This issue will be made public once a majority of users are up to date with the fix.)

SeverityHigh.  An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: This issue was found by Mozilla Security.

Mitigations:
  • A victim would need to visit a page under an attacker's control.
  • Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.

Security Fix: Treat weak signatures as invalid


Google Chrome no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site. 

More infohttp://code.google.com/p/chromium/issues/detail?id=18725 (This issue will be made public once a majority of users are up to date with the fix.)

Severity: Medium Further advances in attacks against weak hashing algorithms may eventually permit attacks to forge certificates.

Credit:  Dan Kaminsky, Director of Penetration Testing, IOActive Inc., Meredith Patterson and Len Sassaman. See their paper at http://www.ioactive.com/pdfs/PKILayerCake.pdf


CVE-2009-2414  Stack consumption vulnerability in libxml2


Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected.

More info: See the CVE entries noted in this report.

SeverityHigh An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: Original discovery by Rauli Kaksonen and Jukka Taimisto from the CROSS project at Codenomicon Ltd. The Google Chrome security team determined that Chrome was affected.

Mitigations:
  • A victim would need to visit a page under an attacker's control.
  • Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.
Jonathan Conradt
Engineering Program Manager

URL: http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html

Monday, August 24, 2009

[Gd] Google Wave API Hackathon & Federation Day: Videos Available Now!

| More

Google Wave Developer Blog: Google Wave API Hackathon & Federation Day: Videos Available Now!

Over two days in July, we flew in members of the Wave engineering team to go deep on various aspects of federation and the APIs, and we taped all the talks so that remote developers can hear what they had to say. The slides are linked from the API media gallery and the protocol site, but we've also embedded links and a player below for you here. Enjoy!




Posted by Pamela Fox, Developer Relations
URL: http://googlewavedev.blogspot.com/2009/08/google-wave-api-hackathon-federation.html

[Gd] Android Developer Challenge 2 open for submissions

| More

Android Developers Blog: Android Developer Challenge 2 open for submissions

Android Developer ChallengeThe time has come! The submission site for Android Developer Challenge 2 is now open. You can now submit applications for the Challenge at http://market.android.com/adc. Full instructions are also available on the site.

The key thing to remember is that all submissions must be entered by 11:59:59pm Pacific Time in the United States on August 31, 2009. If your applications are not submitted by that time, they won't be eligible for participation. Please carefully note what time that is in your local time zone.

It's very important that your apps only use published APIs. Some users might be judging your submissions on new phones you haven't seen or tested. If your apps depend on unpublished APIs, they might not work on some of these phones. Please note that you won't be able to submit new versions of your apps after the deadline!

Since you'll be competing against developers around the world for users' attention, it is important to focus on the fit and finish of your app. Your apps will be judged by users as a final product and not just a cool demo.

As a final note, if you've uploaded a version of your app to Android Market, you'll need to use a different Android package name for the version you submit to the Challenge.

I look forward to see all the great apps and innovations from you all.

URL: http://android-developers.blogspot.com/2009/08/android-developer-challenge-2-open-for.html

[Gd] Get Your SVG On: The SVG Open 2009 Conference At Google

| More

Google Code Blog: Get Your SVG On: The SVG Open 2009 Conference At Google


At Google we're excited about Scalable Vector Graphics (SVG). SVG is an open, browser-based standard that makes it easy to create interactive web graphics with new HTML-like tags such as the CIRCLE tag. We like it because it's part of the HTML 5 family of technologies while being search engine friendly; easy for JavaScript and HTML developers to adopt; exportable from your favorite drawing tools like Adobe IllustratorTM; and straightforward to emit from server-side systems like PHP and Google App Engine. It's also available in all modern browsers.

As part of our commitment to the Open Web and SVG we are helping to host the SVG Open 2009 conference this fall at our Mountain View campus. The theme this year is SVG Coming of Age. It will be held at the Google Crittenden Campus in Mountain View, California on October 2nd through 4th 2009, with additional workshops on October 5.

Co-sponsored by W3C, the SVG Open conference series is the premier forum for SVG designers, developers, and implementors to share ideas, experiences, products, and strategies. Over 60 presentations will be delivered by SVG experts from all over the world, tackling topics such as design workflows, mobile SVG, Web application development, Web mapping, geo-location based services, and much more.

Two panel discussions will allow the audience to discuss ideas and issues with the W3C SVG Working Group and implementors. Many W3C Members will be participating, including Google, IBM, Mozilla, Opera, Oracle, Quickoffice and Vodafone. The conference schedule and confirmed keynote speakers are now available.

The deadline for early-bird registration is August 31st, so get your registrations in soon! Full-price registration will remain available until October 1, and limited on-site registration may also be available at the registration desk during the conference. The W3C SVG Working Group and W3C's Chris Lilley and Doug Schepers will participate.

A wide range of exciting talks are on the docket. Here's a small sample:

* Ajax Toolkits supporting SVG graphics: Raphaƫl, dojo, Ample SDK, SVG
Web Project, JSXGraph
* SVG in Internet Explorer and at Google
* Beyond XHTML
* Progress in Opera and Mozilla
* Using Canvas with SVG
* Progress in Inkscape
* Implementors and Panel Sessions
* SVG and OpenStreetmap
* SVG in Wikipedia/Wikimedia
* SVG and ODF
* SVG for Scientific Visualization
* SVG for Webmapping
* SVG for Games
* SVG for Mobile Applications
* SVG Wow - demonstrations of great SVG demos

See you there!

By Brad Neuberg, Google Developer Team
URL: http://googlecode.blogspot.com/2009/08/get-your-svg-on-svg-open-2009.html