Saturday, March 3, 2012

[Gd] We are underway! Next rev of the specs are officially under development!

| More

OpenSocial API Blog: We are underway! Next rev of the specs are officially under development!

On Tuesday, February 28, the OpenSocial community came together to officially kick off the next round of development on the specification. It was a long, but very productive day. You can read the minutes of the meeting on the wiki

I would like to thank all of those who travelled in from out of town to attend the meeting in person, as well as those that joined via video conference. Especially the folks from Europe that stayed late into their evening.  I would be remiss if I also did not thank Rajat Paharia from Bunchball for giving a great talk about gamification and how an open, community driven standard could be used as an accelerator for the adoption of game mechanics in enterprise.

There are three other individuals that deserve a big round of "Thanks".  James Snell (IBM) and Matt Franklin (Mitre) graciously volunteered their time and stepped up to the plate as spec editors. I will tell you from past experience this is no easy task. There are a tremendous number of areas in the spec that need to be cleaned up, where proper diction and examples will be paramount to ensuring clarity and consumeability. This is on top of the hundreds of other little details that will come up requiring their attention and consuming their time. And finally, Matt "the Hun" Marum (IBM) has agreed to continue his work as Release Manager. We affectionately gave him this nickname because he's the guy who will kick us into shape and make sure we make our dates.

There's a lot to do between now and May, and that's just for 2.5! We'll be starting the 3.0 work right after that. Given the creativity, passion, and dedication that I saw over the last few weeks that culminated in the kickoff, I've got no doubt we are in for another fantastic release of the spec.

--Mark Weitzel
President, OpenSocial Foundation

[Gd] Fridaygram: open source mentors, robotic fish, cooperative children

| More

Google Developers Blog: Fridaygram: open source mentors, robotic fish, cooperative children

Author Photo
By Scott Knaster, Google Developers Blog Editor

Google Summer of Code, now in its eighth year, is a wonderful program that releases eager university students onto open source projects. To help participants succeed, the program connects students with mentors to guide them on their open source way.

Google Summer of Code wouldn’t work without a great bunch of mentors, and the program is now accepting applications from open source projects that want to provide mentors to participants. If you’re involved in an open source project, this is an excellent way for you to find and teach new developers, and of course to get them interested in your project in particular. The deadline for mentor applications is March 9, which is next Friday, so if you’re interested, don’t delay.

All Google Summer of Code mentors are required to be human for now. But experimenters are looking into what it takes for a robot to be a leader – of fish. To test their ideas, researchers at Polytechnic Institute of New York University built a robotic fish. By varying the way its tail moved and the speed of its swimming, the scientists were able to get their robot to assume a leadership role, with other fish swimming behind.

Finally, if science fiction movies have you concerned that humans might someday lose their leadership status to other primates, you can take comfort in a study that showed human children working together, while chimps and monkeys didn’t share tasks at all. In fact, adult non-humans didn’t even help their young: one of the study’s authors said that parents simply stole their offspring’s food. So, go humans!

On Fridays we (mostly) take a break from the real news and do a Fridaygram post just for fun. Each Fridaygram item must pass only one test: it has to be interesting to us nerds. We’re happy to have you reading Fridaygram, whether you’re human, ape, robotic fish, or other.

Friday, March 2, 2012

[Gd] Beta Channel Update for Chromebooks

| More

Chrome Releases: Beta Channel Update for Chromebooks

The Beta channel has been updated to 18.0.1025.46 (Platform versions: 1660.57.0) for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).

This build contains a number of stability improvements. Some highlights of these changes are:
  • Shortcut key for submitting Feedback is set as Shift + Alt + i
  • 23743 - Fixes issue where cursor focus is lost on the sign-in screen.
  • Various fixes to File Manager
If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.

Danielle Drew
Google Chrome

[Gd] Making it even easier to monetize your games

| More

Google Developers Blog: Making it even easier to monetize your games

By Peng Ying, Developer Advocate

(Cross-posted on the Google Commerce Blog)

As any merchant knows, the easier the path to purchase, the more likely the sale. That’s why the In-App Payments team is dedicated to developing a simple, yet intuitive API that makes the in-app purchase experience effortless for your customers -- leading to a higher conversion rate for you. Over the last few weeks, we’ve made some improvements to the API that we wanted to share:

Additional Currencies Accepted
With the recent international expansion of In-App Payments, we’ve expanded the types of currencies accepted so you can sell your goods in your customer’s native currency. If you’ve set up shop in the United Kingdom but your customer base is mostly in Japan, you can specify prices for your good in Japanese Yen and Google automatically handles currency conversion for you.

As of today, the supported currencies for In-App Payments are:

To use a different buyer currency, just specify the currency code in the JWT request:

   "request" => {
      "name" => "Piece of Cake",
      "description" => "Virtual chocolate cake to fill your virtual tummy",
      "price" => "1000",
      "currencyCode" => "JPY",
      "sellerData" => "user_id:1224245,offer_code:3098576987,affiliate:aksdfbovu9j"

Card Details Minimized
In order to purchase through In-App Payments customers must first create a Google Wallet account, but entering payment information can be cumbersome. So, we’ve cut the amount of information that your customer has to enter when adding a new credit card to their Google Wallet. Now customers in many countries only need to specify their postal code instead of a full address, making the experience of creating or updating a Google Wallet quick and painless.

Terms of Service in Context
We’ve incorporated the Terms of Service into the purchase confirmation page to reduce the number of pages a new Google Wallet user sees before completing a purchase. This means that your new customers can easily review the Terms of Service and get to enjoying their items faster.

If you have any questions about Google In-App Payments, please reach out to us in the forum. We’ll also be hosting a regularly scheduled Google+ Hangout the first and third Thursday of every month at 9 a.m. PST to answer any technical questions about implementation of the API or about these new updates.

Stay tuned as we have plenty of new features to be released in 2012. Happy monetizing!

Posted by Scott Knaster, Editor

[Gd] See you at GDC, PyCon and SXSW

| More

YouTube API Blog: See you at GDC, PyCon and SXSW

YouTube Developer Advocates and Engineers will be presenting next week at GDC, PyCon and SXSW. If you’re coming to any of those conferences, we’d love to meet you. Here is what’s in store at each conference:

Games Developers Conference, San Francisco, March 5-9
PYCON 2012, Santa Clara, March 7-15
SXSW Interactive, Austin, March 9-13


Amanda Surya, YouTube Developer Relations Team


[Gd] More secure extensions, by default

| More

Chromium Blog: More secure extensions, by default

Security is one of our core values, alongside speed, stability and simplicity. From day one, we’ve designed Chrome’s extension system with security in mind. Since we launched the extension system, the state of the art in web security has advanced with technologies like Content-Security-Policy (CSP). Extension developers have been able to opt into these features, and now we’re enabling these security features by default.

Unfortunately, securing extensions with CSP by default is incompatible with the legacy extension system. We’re passionate about extension compatibility, so we’re going to make this change gradually to minimize pain for users and developers.

Users can continue to install extensions that are available in the store regardless of whether they are secured with CSP or not. This means they will not lose any of the functionality they've added to Chrome.

Developers will be able to choose when to enable the new behavior. To ease the transition, we've introduced a new manifest version attribute in the extension manifest in Chrome 18 (currently in beta). When a developer updates his or her extension to use manifest_version 2, Chrome will enforce the following CSP policy by default:

script-src 'self'; object-src 'self' 

This policy imposes the following restrictions on extensions:

  1. Extensions can no longer use inline scripts, such as <script> ... </script>. Instead, extensions must use out-of-line scripts loaded from within their package, such as <script src="foo.js"></script>. 
  2. Extensions can no longer use eval(). Note: If you’re using eval to parse JSON today, we suggest using JSON.parse instead. 
  3. Extensions can load plug-ins, such as SWF files, only from within their package or from a whitelist of HTTPS hosts. 
A recent study from researchers at UC Berkeley suggested that these restrictions, taken together, would substantially improve the security of the extension system:

These defenses are extremely effective: adopting one of the recommended CSPs would prevent 96% (49 out of 51) of the core extension vulnerabilities we found. 

For most extensions, updating them to manifest_version 2 will require the developer to move inline scripts out-of-line and to move scripts loaded from the network into the extension package. Developers are not required to update their extensions to manifest_version 2 immediately, but, over time, more of the extension ecosystem will encourage developers to update their extensions. For example, at some point, we’ll likely start requiring new extensions uploaded to the web store to use manifest_version 2. You can find a complete list of changes and more details about CSP in the extension documentation.

We expect these changes will make the security of Chrome’s extension system even better. If you have any feedback, please feel encouraged to email the extension developers mailing list.

Posted by Adam Barth, Chrome Security Engineer

Thursday, March 1, 2012

[Gd] New debugging dashboard for the Google Content API for Shopping

| More

Google Developers Blog: New debugging dashboard for the Google Content API for Shopping

By Thomas Kotzmann and Paul Brauner, Google Content API for Shopping Team

Cross-posted from the Google Commerce Blog

Today we're announcing the API dashboard in Google Merchant Center, which makes it easier for online merchants who use the Google Content API for Shopping to debug their API requests.

If you’re an API user, you can now view a comprehensive timeline and list of errors that occurred while making requests to the API, sorted by the number of times the errors occurred for faster prioritization. For each error, the dashboard also displays example request and response pairs, making it easier to locate and fix errors in your requests.

API dashboard screen shot

To access the new API dashboard, log into your Google Merchant Center account and click the API Dashboard tab.

Posted by Scott Knaster, Editor

[Gd] Android Design V2: Now with stencils

| More

Android Developers Blog: Android Design V2: Now with stencils

[This post is by Android designer Alex Faaborg, on behalf of the entire User Experience team. —Tim Bray]

When we initially released Android Design, by far the number one request we received was for us to release stencils as well. The fine folks on the Android User Experience team are pleased today to release some official Android Design stencils for your mockup-creating pleasure.

With these stencils you can now drag and drop your way to beautifully designed Ice Cream Sandwich (Android 4.0) applications, with grace and ease. The stencils feature the rich typography, colors, interactive controls, and icons found throughout Ice Cream Sandwich, along with some phone and tablet outlines to frame your meticulously crafted creations.

Currently we have stencils available for those venerable interactive design powerhouses Adobe® Fireworks®, and Omni® OmniGraffle® and we may expand to other applications® in the future. The source files for the various icons and controls are also available, created in Adobe® Photoshop®, and Adobe® Illustrator®. Here are the downloads.

We’ll be updating these stencils over time so, as always, please send in your feedback!

Happy mockup making,
— Your friendly Android Design Droids


Wednesday, February 29, 2012

[Gd] Beta Channel Update

| More

Chrome Releases: Beta Channel Update

The Beta channel has been updated to 18.0.1025.45 for Windows, Mac, Linux and Chrome Frame platforms 

  • Fixed NTP signed in state is missing (Issue: 112676)
  • Fixed gmail seems to redraw itself (all white) occasionally (Issue: 111263)
  • Focus "OK" button on Javascript dialogs (Issue: 111015)
  • Fixed Back button frequently hangs (Issue: 93427)
  • Increase the buffer size to fix muted playback rate (Issue: 108239)
  • Fixed Empty span with line-height renders with non-zero height (Issue: 109811)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome


[Gd] Dev Channel Update

| More

Chrome Releases: Dev Channel Update

The Dev channel has been updated to 19.0.1055.1 for Windows, Mac, Linux and Chrome Frame.  This build contains stability fixes and updated V8 to Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels?  Find out how.  If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

[Gd] New App Stats for Publishers on Android Market

| More

Android Developers Blog: New App Stats for Publishers on Android Market

If you've published an app on Android Market, you’ve probably used Application Statistics to help tune your development and marketing efforts. Application Statistics is a set of dashboards in the Developer Console that shows your app’s installation performance across key dimensions such as countries, platform versions, device models, and others. Today we are making Application Statistics even more powerful for publishers, adding new metrics, new ways to analyze your data, and a redesigned UI that’s much easier to use.

First, we are adding important new installation metrics to the dashboards. You can now see your installations measured by unique users, as well as by unique devices. For user installations, you can view active installs, total installs, and daily installs and uninstalls. For devices, you can see active installs as well as daily installs, uninstalls, and upgrades.

Along with the new metrics, we’re also introducing two new data dimensions — Carrier and App Version. You can use them to track your app’s installation trends across mobile operators or monitor the launch metrics of specific app updates.

To give you visibility over your installation data over time, we’re adding timeline charts for all metrics and dimensions. At a glance, these charts highlight your app’s installation peaks and longer-term trends, which you can correlate to promotions, app improvements, or other factors. You can even focus in on data inside a dimension by adding specific points (such as individual platform versions or languages) to the timeline.

Finally, we’re bringing you all of the new metrics, dimensions, and timelines in a completely redesigned UI that is faster, more compact, and easier to use. Each dimension is now displayed in dedicated tab, making it easier to click through your stats daily or as often as needed. If you track your stats in another tool, we’re also adding an export capability that lets you download your stats in a single CSV file.

Check out the new Application Statistics next time you visit the Android Market Developer Console. We hope they’ll give you new insight into your app’s user base and installation performance. Watch for related announcements soon — we are continuing to work on bringing you the reporting features you need to manage your products successfully on Android Market.

Please feel free to share any new insights or tips on +Android Developers!

[Gd] Introducing Technitone: Showcasing the Web Audio API, multiplayer and live in WebGL

| More

Google Developers Blog: Introducing Technitone: Showcasing the Web Audio API, multiplayer and live in WebGL

Author Photo
By Paul Irish, Chrome Developer Relations

The Web Audio API, currently available in Chrome, provides a considerable amount of aural power to developers interested in integrating audio into their apps and games. Low latency audio playback, audio generation and realtime effects are available with a sensible API in Chrome stable.

We worked with to develop Technitone, a web audio experience that lets you join other players to plot tones on a grid, construct melodies and modify the output with a robust toolset of effects.

technitone logo

Click on over and poke around.
  • Your tone samples can come from your own recordings, or any of the available samples.
  • The left side Tools panel offers realtime audio filters, like echo reverb and pitch shift.
  • We keep you connected to other players in realtime using WebSockets and Node.js.
  • You can drop into solo mode or invite your friends to join you in a session.
  • Get inspired by others’ audio creations in the gallery.
If you’re interested in the techniques and software behind the project, take a look at the case study with plenty of sample code and demos on HTML5 Rocks:

Paul Irish helps developers build compelling apps for the web on the Chrome Team. He also works on HTML5 Boilerplate, Modernizr, and many bits and bobs of open source code.

Posted by Scott Knaster, Editor

[Gd] Google Developers House at SXSW

| More

Google Developers Blog: Google Developers House at SXSW

Author Photo
By Amy Walgenbach, Developer Marketing Team

This year at SXSW our developer team is putting together an action-packed two days of lightning talks, code labs, developer hangouts, a LEGO Mindstorm hackathon, a mixology event, and fun surprises. Our Google Developers House (#googlesxsw) will be open on March 10th - 11th and is part of the Google Village at SXSW, which is free to all conference attendees.

Come hang out with Google Developer Advocates, Engineers, Product Managers, and other Googlers from across the company. Come for major hacking or just to chill at the Google TV lounge or roast s'mores by the GTUG firepit. If you can’t make it, don’t worry. Our partners at NewTek will be live streaming our lightning talks and the LEGO Mindstorm Rumble on our YouTube channel.

SXSW Google Village logo

Here are a few of the activities you can look forward to at our Google Developers House at SXSW:

Lightning talks

From 11am to 2pm on March 10th we’ll be serving up lunch and fun, demo-loaded, 25-minute lightning talks to learn more about what you can build and design with the latest Google developer products. Check out the schedule to see which talks you won’t want to miss.

Code labs

Following the lightning talks on March 10th, from 3pm to 6pm we are holding interactive programming classes. Choose a code lab, roll up your sleeves, and get waist-deep in code. Learn how to build Google+ hangout apps, upgrade your Android app for tablets, or incorporate high-quality YouTube video playback in your product. Both Google+ and Android code labs are on a first come, first serve basis, but due to space constraints please fill in this form if you’d like to attend the YouTube code lab.

Mixology event co-hosted by Startup Weekend

Love science and cocktails? We do too. That’s why we’re hosting an event combining the artistry of master mixologists shaken with the science behind the craft. Be guided through various techniques, tricks and tastes. This event is co-hosted by Startup Weekend and will take place from 6pm to 8pm on March 10th.

Google Developers LEGO Mindstorm hackathon

The Google Developers LEGO Mindstorm Hackathon returns to SXSW on March 11th in even more epic proportions. Spend the day with a team building LEGO race bots controlled by Android leading up to the ultimate rumble that evening.

Developer Hangouts In Real Life

Need to debug your code? Wondering about the latest SDK release? Sign up for 15 minutes of one-on-one time on March 11th with product experts from the Google Developer Relations teams. Come armed with your code snippets, questions, curiosity, and hang out with the Googlers who know the products best.

Amy Walgenbach leads marketing for the Google+ Platform and developer marketing for games at Google.

Posted by Scott Knaster, Editor

[Gd] App Engine 1.6.3 Released

| More

Google App Engine Blog: App Engine 1.6.3 Released

Our second release of this year will have you leaping into action to start using the new features immediately. What could be more exciting than a feature to support A/B testing on your app? Or DKIM signing when you send email from your Google Apps domain? This release has plenty of exciting changes to keep you busy on your extra day this year.

1.6.3 Platform Changes:

  • A new Experimental feature called Traffic Splitting lets you send a percentage of your traffic to different versions of your app. Traffic can be split based either on IP or on cookie.

  • When an email is sent either from a user of a Google Apps domain from a request originating on that domain, or from an app administrator with an account on a Google Apps domain, a DKIM signature will be automatically applied to the email.

1.6.3 Admin Console Changes

  • Billed applications can now specify the amount of storage used for logs and the duration of time these logs are stored (default is 90 days) as well as view the currently stored amount in the Admin Console. The first gigabyte of logs storage is free and additional storage will be charged at $0.24/G/month. These settings are now available, but additional storage will not be charged for at least 4 weeks, at that point any logs beyond the configured amount will be deleted.

  • You can now manually shut down an instance in the Instances view of the Admin Console.

  • The Logs Viewer for each request now provides a link to the instance that served that request (as long as the instance is still active).

These are just some of the highlights in 1.6.3. As usual, our release notes for Python® and Java® contain the full list of all the new features and bug fixes, so be sure to check out all the exciting things we’ve been working hard to release this past month.

Posted by the App Engine Team 

Tuesday, February 28, 2012

[Gd] Pwnium: rewards for exploits

| More

Chromium Blog: Pwnium: rewards for exploits

This year at the CanSecWest security conference, we will once again sponsor rewards for Google Chrome exploits. This complements and extends our Chromium Security Rewards program by recognizing that developing a fully functional exploit is significantly more work than finding and reporting a potential security bug.

The aim of our sponsorship is simple: we have a big learning opportunity when we receive full end-to-end exploits. Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users.

While we’re proud of Chrome’s leading track record in past competitions, the fact is that not receiving exploits means that it’s harder to learn and improve. To maximize our chances of receiving exploits this year, we’ve upped the ante. We will directly sponsor up to $1 million worth of rewards in the following categories:

$60,000 - “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.

$40,000 - “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.

$20,000 - “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.

All winners will also receive a Chromebook.

We will issue multiple rewards per category, up to the $1 million limit, on a first-come-first served basis. There is no splitting of winnings or “winner takes all.” We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely “0-day,” i.e. not known to us or previously shared with third parties. Contestant’s exploits must be submitted to and judged by Google before being submitted anywhere else.

Originally, our plan was to sponsor as part of this year’s Pwn2Own competition. Unfortunately, we decided to withdraw our sponsorship when we discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors. Full exploits have been handed over in previous years, but it’s an explicit non-requirement in this year’s contest, and that’s worrisome. We will therefore be running this alternative Chrome-specific reward program. It is designed to be attractive -- not least because it stays aligned with user safety by requiring the full exploit to be submitted to us. We guarantee to send non-Chrome bugs to the appropriate vendor immediately.

Drop by our table at CanSecWest to participate and check the latest news.

Posted by Chris Evans and Justin Schuh, Google Chrome Security Team

Monday, February 27, 2012

[Gd] Announcing the General Availability of the Python 2.7 Runtime for App Engine

| More

Google App Engine Blog: Announcing the General Availability of the Python 2.7 Runtime for App Engine

A few months ago we announced an experimental version of the the Python® 2.7 runtime for App Engine. Since then we’ve been hard at work fixing bugs and adding optimizations. Today we’re happy to announce that this runtime has graduated from Experimental status and is a fully supported feature of App Engine. To get started, download the latest App Engine SDK for Python and check out the Getting Started Guide.

We think the Python 2.7 runtime for App Engine is a great step forward for our developers.  First, it allows applications to take advantage of concurrent requests, allowing you to build more performant and efficient applications. If your application wasn't fully utilizing the CPU, chances are that you'll be able to use concurrent requests to reduce the total number of instances and serve more with less.

We've also added some of the most highly requested libraries: PIL, NumPy, and lxml are all part of the Python 2.7 runtime. These three libraries alone have been requested nearly 2,000 times. Check out our updated list of supported libraries and let us know what libraries you would like us to add (be sure to add the tag ‘[Python Library]’ to the summary).

Whether you’re looking to migrate an existing application or build a new application, the Python 2.7 runtime is ready to go.

If you have any questions or comments send them to the App Engine group. We'd love to hear from you.

The Python 2.7 launch cake

Posted by Chris Ramsdale, PM Python 2.7 Runtime for App Engine

(Python and the Python logos are trademarks of the Python Software Foundation)