Friday, February 26, 2010

[Gd] Mac/Linux Beta Update: Fix package dependencies

| More

Google Chrome Releases: Mac/Linux Beta Update: Fix package dependencies

The Google Chrome Beta channel for Mac and Linux has been updated to 5.0.307.11 to fix a few more issues:
  • [Linux] Fixed the dependency problem that caused extra packages to get pulled in for installing Google Chrome. (Issue 35639)
  • [Mac, Linux] Fixed an issue where an error resolving a proxy server would not try a direct connection. (Issue 32316)
  • [Mac, Linux] Fixed an extensions bug that could crash the entire browser. (Issue 34778)
  • [Mac, Linux] Fixed an issue in the cross-site scripting auditor that could prevent Google translate from working on sites. (Issue 33115)

--Mark Larson, Google Chrome Team

[Gd] Dev Channel Update

| More

Google Chrome Releases: Dev Channel Update

The Dev channel has been updated to 5.0.336.0 for Google Chrome Frame
  • [r38145] Add support for the IE File->Save As command. (Issue: 24039)
  • [r38962] Fixed an IE7 crash caused when ChromeFrame would pass keystrokes to be processed as accelerators. (Issue: 35355)
  • [r39208] Add support for accelerators like BackSpace, Shift+Backspace to navigate back or forward. (Issue: 35629)
More details about additional changes are available in the svn log of all revision.

You can find out about getting on the Dev channel here:

If you find new issues, please let us know by filing a bug at

Anthony Laforge
Google Chrome

Thursday, February 25, 2010

[Gd] Building applications on top of Google Apps

| More

Google Apps Developer Blog: Building applications on top of Google Apps

Editor's Note: This post was written by Michael Cohn and Steve Ziegler from Cloud Sherpas, a software development and professional services company. SherpaTools™ for Google Apps extends Google Apps capabilities. We invited Cloud Sherpas to share their experiences building an application on top of Google Apps utilizing some of our APIs.

The Directory Manager module of SherpaTools allows administrators to easily manage User Profiles and Shared Contacts in the Google Apps directory. SherpaTools is built on Google App Engine (GAE) utilizing the Google Web Toolkit (GWT), and makes heavy use of the Google Apps Management and Application APIs to provide new administrator and end-user features.

Some customers have tens of thousands of member accounts in their domain. SherpaTools Directory Manager makes it easy to retrieve, edit, and manage user accounts. It also allows you to import or export data in bulk from a Google Docs spreadsheet. This post explains how Directory Manager works with Google Apps, and how we built it. 

Authentication to SherpaTools is achieved by using Google Apps as the OpenID identity provider.  If a user is already logged into Google Apps, they can access SherpaTools without ever providing SherpaTools their credentials.  This Single Sign-On experience greatly enhances user adoption and provides an added security benefit.  If the user is not already logged into Google Apps, they are routed to a Google login page.  With OpenID, SherpaTools never handles the user's credentials.

Once logged in, SherpaTools securely requests authorization from Google Apps using 2-legged OAuth (2LO) to make API service calls on behalf of the user.  Since the app has both an end-user and administrator view, it first retrieves the logged in user's information from Google Apps via a 2LO-authorized call to the UserService of the Provisioning API.  Depending on the information sent in the API response, the user is either presented with the administrator application or the end-user screen.

Two-legged OAuth (2LO) allows 3rd-party applications like SherpaTools to make authorized API calls to Google Apps on behalf of a user. Here is how we set up our Google Data API ContactsService that will be fetching User Profiles to use 2LO: 

ContactsService contactsService =
    new ContactsService(GlobalConstants.APPLICATION_NAME);
GoogleOAuthParameters parameters = new GoogleOAuthParameters();
OAuthHmacSha1Signer signer = new OAuthHmacSha1Signer();
try {
   contactsService.setOAuthCredentials(parameters, signer);
} catch (OAuthException e) {
   // not expected if secret is up-to-date
As long as our key/secret pair is correct and the Google Apps customer has entitled our OAuth key to have access to their Contacts API feed, Google authorizes SherpaTools to continue to make API calls.  There are two other settings that should be mentioned in configuring the service to work well on GAE.  First, since we are dealing with somewhat sensitive data, all calls to Google Apps are made over SSL.  To ensure this, we simply set the useSSL flag for the contacts service.  Next, the default request/response timeout on GAE for these API calls is only five seconds out of a possible ten.  Since we will be retrieving as much data as we can within that ten second window to reduce the total number of operations to complete the work, we raise our connection timeout up to just short of that maximum, 9500 milliseconds:
Cloud Sherpas embraced a number of Google Web Toolkit best practices to ensure scalability of SherpaTools.  For example, once the app determines which screen the user should see, SherpaTools employs GWT CodeSplitting to optimize and reduce the amount of javascript that needs to be downloaded by the browser client.  The app also uses the GWT RPC framework designed according to the command pattern to transparently communicate with the server, and was architected using the model-view-presenter (MVP) design pattern to allow multiple developers to work on the app simultaneously.

After a Google Apps administrator logs into SherpaTools for the first time, the app caches some key information for better performance.  For example, to populate the User Profile and Shared Contacts lists, the app retrieves the IDs and names of all contacts using the User Profiles API and Shared Contacts API respectively, and writes this information to the data store and memcache.  And for domains with large data sets, SherpaTools uses task queues to break up operations into smaller chunks. 

Since we have to scale the export to handle the contact information of tens of thousands of contact entries, there is no way we can retrieve all of those entries in one request.  Retrieval of this set of information requires breaking the operation up into smaller sub-tasks.  Fortunately, both the GAE Task Queue API and the Google Datastore APIs make it easy to divide the retrieval into smaller chunks.  

GAE Task Queues enable background queueing of HTTP operations (GET, POST, etc.) to arbitrary URLs within our application.  Each of these queued operations are subject to the same restrictions of any other GAE HTTP operation request.  Of particular note is the aforementioned 10 second window to perform our remote service call and the overall 30 second window to complete the total work within a task request. Also, since the Task Queue works from the same set of URLs as are made available to the rest of our application, we need to make sure that there is no ability for unwanted external attempts to execute tasks.  We followed the recommended way of eliminating this possibility by restricting outside access to just our application's admins. To do this we added the following to our web.xml configuration file.

This constraint restricts all urls starting with /task/ to only be accessible either from system calls such as from the Task Queue or by admins.  The NONE transport guarantee is also important to mention.  We initially attempted to encrypt our task calls using SSL with a transport guaranteed of CONFIDENTIAL, but, at the time we attempted this, execution ceased to function properly.  Since all of the traffic of all of these calls are strictly on Google's internal network we had no issue with making these calls without SSL.
Now that we have our tasks properly secured, we can create a method for sending our User Profiles fetch task request to the Task Queue: 
public void fetchUserProfilesPageTask(String spreadsheetTitle,
    String loggedInEmailAddress, String nextLink, String memcacheKey) {
  Queue queue = QueueFactory.getQueue(USER_PROFILES_QUEUE);
  TaskOptions options =
  options.param("spreadsheetTitle", spreadsheetTitle);
  options.param("loggedInEmailAddress", loggedInEmailAddress);
  options.param("nextLink", nextLink);
  options.param("memcacheKey", memcacheKey);
The url points to a Java HttpServlet that handles the task's HTTP POST, parses the sent parameters, and calls a method to perform the work:
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    String loggedInEmailAddress = req.getParameter("loggedInEmailAddress");
    String spreadsheetTitle = req.getParameter("title");
    String nextLink = req.getParameter("nextLink");
    String memcacheKey = req.getParameter("memcacheKey");
    // do the work:
    fetchUserProfilesPage(spreadsheetTitle, loggedInEmailAddress, nextLink, memcacheKey);


This post explains how SherpaTools Directory Manager uses Two Legged OAuth for authentication, and GAE Task Queue API and the Google Datastore APIs to make it easy to divide large retrievals over long intervals into smaller chunks. Other long-running, divisible operations, can use this same approach to spread work across a string of tasks queued in the GAE Task Queue. We would love to hear what you think of this approach and if you have come up with your own solution for similar issues.

Next week we will discuss how we used the User Profile API to retrieve the data sets and the Document List Data API to populate a Google Spreadsheet.

Thanks to the Cloud Sherpas team for authoring this post. Check out SherpaTools at


[Gd] GWT 2.0.3 is now available

| More

Google Web Toolkit Blog: GWT 2.0.3 is now available

GWT 2.0.3 has been released and is available for download here:

This was a minor release that includes the following fixes:

  • Using a PopupPanel in Internet Explorer without a history IFrame throws a NullPointerException (#4584)

  • Opera support for History is not working (#3956)


Wednesday, February 24, 2010

[Gd] Dev Channel Update

| More

Google Chrome Releases: Dev Channel Update

The Dev channel has been updated to 5.0.335.0 for Windows, Mac, and Linux platforms.


  • Support "cache-bypassing reload"; this is hooked to various accelerators on different platforms (e.g. shift-reload, ctrl-reload, etc.) (Issue 1906)
  • [r38877, r39018, r39040, r39133, r39346, r39524] Fix numerous issues relating to new Content Settings functionality (Issues 34633, 34668, 35011, 35775, 36021)
  • [r39285] Fix crash when alert() is called from extension popup (Issue 33698)
  • [r39365] When a single tab is open, "Close other tabs" context menu option should be grayed out (Issue 35576)
  • [r39381] Remove all infobars from a tab when its renderer crashes (Issue 36035)
  • [r39412] Fix crash adding/deleting bookmark/folder when browser sync is on and the network is not available (Issue 36200)
  • [r39670] Do not send extra blur and focus events if popup menu is showing (Issue 23499)
  • [r39682] Fix crash when dragging bookmarks (Issue 36473)


  • [r39328, r39564] Fix issues relating to new Content Settings functionality (Issue 35118, 36079)
  • [r39408] Fix a crash when installing an extension from incognito mode (Issue 36077)
  • [r39461] Fix star button theming (Issue: 35028)
  • [r39676] "Remove" and "remove all" buttons in cookie manager should not be enabled when nothing is selected (Issue 34886)


  • [r39240] Fix Mac startup theme perf regression (Issue 34775)
  • [r39389, r39467, r39485] Add client SSL certificate support for Mac (Issue 16831)
  • Enable Full Screen mode (Issue 31638)
  • [r39231] Adds grippys to the left side of the Browser Actions container to resize the container (they do not work yet) (Issue 26990)
  • [r39158] Show icon in omnibox when popups were blocked (Issue 35594)


  • Fix package dependencies in .deb package (Issue 35639)
  • [r38999] Fix crash with some extensions (Issue 35577)
  • [r39160, r39257] Fix issues relating to new Content Settings functionality (Issues 34941, 35861)
  • [r39250] Fix crash when editing a bookmark in the bookmark manager (Issue 35438)
  • [r39251] Implement the new AutoFill section of the Options dialog (Issue 33025)
  • [r39436] Failing NSS version check should not be a fatal error (Issue 33163)
  • [r39669] Add "deb" and "rpm" to dangerous extension list (Issue 31144)


Known Issues

  • Mac client SSL certificate support limitations: does not yet support server renegotiation attempts (so it doesn't work with all sites) (Issue 36207); client cert generation (the <keygen> tag) is not implemented yet (Issue 34607)
  • Mac: Blocked popups can currently not be opened (Issue 35594)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here:

If you find new issues, please let us know by filing a bug at

Anthony Laforge

Google Chrome


Tuesday, February 23, 2010

[Gd] Interview with Copeland

| More

Google Testing Blog: Interview with Copeland

I recently did an interview with Matt Johnston of uTest (a community based testing company) that talks about our philosophy and approach to testing at Google. Let me know what you think.

Part 1, Part 2, Part 3 (will update with link tomorrow)

Posted by Patrick Copeland

[Gd] Mark your calendars for Google Code Jam 2010!

| More

Google Code Blog: Mark your calendars for Google Code Jam 2010!

If you're reading this post, we know your passion is coding. You thrive when given the opportunity to tackle a challenge, and enjoy the rush of applying your knowledge and creativity to approach a problem. Once solved, there's nothing like the satisfaction that comes from knowing you've accomplished something great.

That's why we are excited to announce Google Code Jam 2010 to the true die-hard coding fans. Google Code Jam, powered by Google App Engine, is our annual programming competition, where thousands of coders around the world attack algorithmic problems in several 2.5-hour online rounds. If you make it through the first four rounds, you'll be flown to our on-site finals, to be held for the first time at the Google office in Dublin! Once there, you will compete with 24 other top coders for the $5,000 first prize -- and the coveted title of Code Jam champion.

We don't want you to miss out on any of the action, so we are announcing some important dates for Google Code Jam 2010. Mark your calendars:

Wednesday, April 7, 2010 | 19:00 UTC | Registration Begins
Friday, May 7, 2010 | 23:00 UTC | 24-hr Qualification Round Begins
Saturday, May 8, 2010 | 23:00 UTC | Registration Deadline & 24 hr Qualification Round Ends
Saturday, May 22, 2010 | 1:00 UTC | Online Round 1: Sub-Round A
Saturday, May 22, 2010 | 16:00 UTC | Online Round 1: Sub-Round B
Sunday, May 23, 2010 | 9:00 UTC | Online Round 1: Sub-Round C
Saturday, June 05, 2010 | 14:00 UTC | Online Round 2
Saturday, June 12, 2010 | 14:00 UTC | Online Round 3
Friday, July 30, 2010 | Google Office - Dublin, Ireland | Onsite FINALS

In the meantime, visit the Google Code Jam site and try out some of the practice problems so that you'll be ready to go once we kick off the qualification round. Hope to see you in Dublin on July 30th!

By Igor Naverniouk, Software Engineer

[Gd] Extended Access Controls Available via API

| More

YouTube API Blog: Extended Access Controls Available via API

One of the feature requests that we've received most frequently from developers it to have a YouTube API call that enables or disables commenting for videos. It's a logical request — videos can be automatically uploaded via the API, and having to visit from a web browser to modify the commenting settings manually doesn't make much sense.

We've taken action on this feature request, and gone one step further: the new <yt:accessControl> element lets video owners enable or disable video rating, comment voting, video responses, and off-web syndication in addition to commenting. We've also taken an existing element for controlling embedding, <yt:noembed>, and migrated its functionality to <yt:accessControl>. Existing code that uses the <yt:noembed> element will continue to work as per our API deprecation policy, but <yt:accessControl> is preferred for new development.

You can set access controls for a video when uploading or updating a video. See the Setting access controls for a video section of the Developer's Guide for more information.

With the addition of the this feature, the YouTube API now offers parity with all the settings available via the YouTube web interface. We hope that applications that support YouTube uploads take advantage of this new functionality, and we know your users will appreciate it!

-Jeff Posnick, YouTube API Team

Monday, February 22, 2010

[Gd] v2009 Hack Day Videos and Webinar

| More

AdWords API Blog: v2009 Hack Day Videos and Webinar

We recently finished the last of our AdWords API Hack Days in Europe, and it was great to see so many AdWords API developers come out for these events. We realize that not everyone could attend one of the Hack Days in person, so we've been working on new ways to get this information out to a wider audience. First, more of the presentations are now available on YouTube:
Second, we'll be holding a webinar that will include a condensed version of the topics covered in the Hack Days. This webinar is for developers, so please register only if you work with code and the API.

Migrating to the New AdWords API
Monday, March 1, 2010, 11am ET / 8am PT
Register here.
Post your questions here.

Space is limited so please register now if you plan on attending.

- Eric Koleda, AdWords API Team


[Gd] Announcing the YouTube SDK for .NET

| More

YouTube API Blog: Announcing the YouTube SDK for .NET

I am happy to announce a new resource for the .NET fans in the YouTube developer community. The YouTube Software Developer Kit for .NET contains all you need to get you started with the YouTube API using Visual Studio 2008.

The SDK includes a help file, a project template and the following sample programs:

  • An application that use the Simple Update Protocol to watch for YouTube activity from a group of users.
  • An example ASP.NET website that illustrates the use of AuthSub authentication.
  • A bulk uploader tool that uses the new ResumableUploader component to asynchronously and reliably upload video files. Multiple threads are used to process video metadata, which is read from a CSV file.

After installing the SDK, you can open Visual Studio 2008 and select the YouTube template to get started writing your own code.

This packaged SDK no longer contains any source code, but it's all available from the project's Subversion repository. The YouTubeUploader source code is of specific interest to developer who want to see the ResumableUploader component in action.

To file bug reports or make feature requests, please use the project's Issue Tracker.

—Frank Mantek, Google Data APIs Team

[Gd] Introducing Google's DoubleClick For Publishers API

| More

Google Code Blog: Introducing Google's DoubleClick For Publishers API

Today, we announced the next generation of our ad serving technology for online publishers, the new DoubleClick for Publishers (DFP) from Google. We are pleased to announce that the new version of DFP comes with a modern API that enables publishers and third-parties to customize and extend the product.

The new API is available to publishers who use DFP, as well as to third-parties and vendors who would like to build applications on top of DFP. A growing community of developers are already working on sales, order management, workflow and data visualization tools. We've incorporated feedback on the existing DART for Publishers API and believe the new API is a significant step forward. It uses SOAP, a standard and widely-adopted messaging technology that uses HTTP requests to transmit and receive XML data between your client and our servers. This means you can use it with virtually any programming language of your choice. We have a wealth of public documentation available online and there are numerous code samples and client libraries ready for you to download.

To learn more about the new API, there are a few places to get started:

We are looking forward to working with you and seeing what you build!

By Adam Rogal, DoubleClick For Publishers API Team

[Gd] 60 days left to migrate to v200909

| More

AdWords API Blog: 60 days left to migrate to v200909

Last month we reminded you that on April 22 most v13 services will be turned off. In 60 days, the following v13 services will no longer be accessible:

These three v13 services will continue to be accessible until the same functionality is available in the new AdWords API later this year:
Don't worry, we won't sunset these services until their replacements have been available for at least four months.

To help you migrate your application, we've demonstrated how your code can simultaneously use the remaining v13 services and the new v2009 services. Here are some examples: Java, .NET, Python, and Ruby.

Please continue to post your migration questions and feedback on the Developer Forum.

– Jason Shafton, Product Marketing Manager