Saturday, August 4, 2012

[Gd] Welcome to the Next Generation of Google Testing

| More

Google Testing Blog: Welcome to the Next Generation of Google Testing

By Anthony Vallone

Wow... it has been a long time since we’ve posted to the blog. This past year has been a whirlwind of change for many test teams as Google has restructured leadership with a focus on products. Now that the dust has settled, our teams are leaner, more focused, and more effective. We have learned quite a bit over the past year about how best to tackle and manage test problems at monumental scale. The next generation of test teams at Google are looking forward to sharing all that we have learned. Stay tuned for a revived Google Testing Blog that will provide deep insight into our latest testing technologies and strategies.

URL: http://googletesting.blogspot.com/2012/08/welcome-to-next-generation-of-google.html

[Gd] Ending mixed scripting vulnerabilities

| More

Chromium Blog: Ending mixed scripting vulnerabilities

Last year, we posted on the Google Online Security Blog about our desire to end mixed scripting vulnerabilities. A “mixed scripting” vulnerability affects HTTPS websites that are improperly implemented; these vulnerabilities are serious because they eliminate most of the security protections afforded by HTTPS. All web browsers have historically taken it upon themselves to try and work around these bugs by informing or protecting users in some way.

With the recent release of Chrome 21, we’ve taken several steps forward:
  • We continue to protect end users by blocking mixed scripting conditions by default, but we now do it in a way that is less intrusive. This change minimizes “security dialog fatigue” and reduces the likelihood that users will expose themselves to risk by clicking through the warning. 
  • We’ve improved resistance to so-called “clickjacking” attacks. Electing to run any mixed script is now a two-click process. 
  • We now silently block mixed scripting conditions for websites that opt in to the HSTS security standard. This is the strongest default protection available. 
If you visit a non-HSTS web site with a mixed scripting condition, a new shield icon in the omnibox (to the right, next to the star) indicates that Chrome’s protection has kicked in:



You can click on the shield to see the option to run the mixed script, but we don’t recommend it. Instead, if you see the shield icon, we recommend contacting the website owners to make sure they know they may have a security vulnerability.

It has been an interesting journey to get to this point. For about a year, we blocked mixed scripting by default on Chrome’s Dev and Beta channel releases. Rolling out the block to Stable was more challenging because of widespread mixed scripting across the web. To move forward, we turned blocking on for certain web sites, starting with google.com. Later, we reached out to and then collaborated with twitter.com and facebook.com to opt them into blocking, too. All these websites hold themselves to a high standard of security, so this approach worked well. We later took the additional step of opting in sites to mixed script blocking for any site using the HSTS standard.

We bit the bullet and let full mixed script blocking for all sites hit Stable back in Chrome 19. Predictably, we uncovered a range of buggy web sites, and some users were confused about the “infobar” warning displayed by the older versions of Chrome:



Fortunately—and no doubt driven by the high visibility of this warning—some prominently affected websites were able to deploy quick fixes to resolve their mixed scripting vulnerabilities. This work aligns with one of our Core Security Principles: Make the web safer for everyone. Unfortunately, the warning confused some users, which conflicts with another principle: Don’t get in the way. (We’re sorry for any temporary disruption.)

With Chrome 21, we believe we’ve achieved a good balance between top-flight protection for end users, a pleasant UI experience, and notifications that help buggy websites improve their security.

Posted by Chris Evans and Tom Sepez, Software Engineers
URL: http://blog.chromium.org/2012/08/ending-mixed-scripting-vulnerabilities.html

[Gd] Fridaygram: Space Center Street View, quick trip to orbit, Curiosity landing

| More

Google Developers Blog: Fridaygram: Space Center Street View, quick trip to orbit, Curiosity landing

Author Photo
By Scott Knaster, Google Developers Blog Editor

As regular Fridaygram readers might recall, Street View isn’t just for streets anymore. Street View Special Collections provide panoramic images of cool locations from Antarctica to World Heritage sites. This week we launched Street View images for Kennedy Space Center as it celebrates its 50th anniversary. With this collection, you can visit the enormous Vehicle Assembly Building without leaving your couch, view a Space Shuttle engine from very close range, and pretend you’re pushing the buttons as you look at Launch Firing Room #4.



In other news involving launches and space stuff, Russia’s space program this week accomplished the feat of docking a cargo ship at the International Space Station less than six hours after it launched from Earth. This technology might be expanded to future Soyuz flights, which include crews. With the fast docking, the crews would be more comfortable (or really, would be uncomfortable for shorter times) and would require fewer supplies before arriving at their destination.

It’s a good thing space is so big, because it’s a busy place. Coming up late Sunday or early Monday, depending on where on Earth you are, the Mars Rover Curiosity is scheduled to make a dramatic landing on the red planet. You can follow along on NASA's site as the landing progresses. Finally, we’ll find out how the Martians feel about our flying saucer landing on their planet.


Each week our Fridaygram presents cool things from Google and elsewhere that you might have missed. Fridaygram items aren't necessarily related to developer topics; they're just interesting to us nerds.
URL: http://googledevelopers.blogspot.com/2012/08/fridaygram-space-center-street-view.html

Friday, August 3, 2012

[Gd] Introducing Custom Search Element v2

| More

Custom Search Engine: Introducing Custom Search Element v2

Custom Search Engine (CSE) allows you to incorporate rich search functionality into your website. You do this by adding specific HTML markup - known as the Custom Search element - to web pages on your site. The Custom Search element renders a search experience (search boxes and results pages) on your site’s pages. By controlling the placement of the Custom Search element on your pages and configuring your CSE settings, you can create customized layouts that are tuned for the look-and-feel of your website.




We’re happy to announce today a new, improved version of the Custom Search element. Here are some of the key highlights and improvements of what we call Custom Search element v2.





  • Search UI is rendered based on the settings stored on the Google CSE servers. This means that any configuration changes you make in the CSE control panel will automatically be reflected on your web pages the next time they reload. You no longer need to copy-and-paste new element code into your website when you modify your CSE using the control panel.



  • All element code is loaded asynchronously for reduced page load times.



  • Client-side customization allows you to overwrite global CSE settings on a per-page basis. For example, you can enable search history, disable auto search on page load, configure different Google Analytics parameters, and more. Customization is done through an easy-to-use HTML syntax which does not require any Javascript knowledge.




To start using Custom Search element v2 on your website, go to the “Get code” section of the CSE control panel and follow the instructions shown there.




We’ll continue to support older versions of the Custom Search element for the time being but encourage you to update your CSE implementation to take advantage of the improvements.




Posted by Ying Huang, Software Engineer


URL: http://feedproxy.google.com/~r/blogspot/Syga/~3/sJXYaLajfq8/introducing-custom-search-element-v2.html

Thursday, August 2, 2012

[Gd] Turbocharging web sites with new PageSpeed Service optimizations

| More

Google Developers Blog: Turbocharging web sites with new PageSpeed Service optimizations

Kishore
Rahul
By Rahul Bansal and Kishore Simbili, PageSpeed Team

We spend a lot of time working to make the web faster. Last year, we introduced PageSpeed Service, an online service that automatically speeds up loading of web pages.

We are constantly working on new optimizations (rewriters) that can make pages load even faster. Along these lines, we are introducing a new rewriter called "Cache and Prioritize Visible Content". This rewriter enables users to start interacting with the web page and consuming the content much sooner. It accomplishes this by optimizing the page as a whole using the following web page-aware techniques and with minimal configuration needed:
  • Make HTML cacheable. Typically, most web pages are not cached because they contain small amounts of personalized information or other non-cacheable data. This rewriter separates the non-cacheable portions from the HTML and enables caching for the rest of the content on PageSpeed servers. When the page is loaded, PageSpeed servers send the cacheable parts immediately while non-cacheable parts are fetched from the origin server & patched into the browser later.
  • Prioritize visible content rendering. Rendering of a modern web page requires several network resources, but not all of them are needed right away. This rewriter automatically determines and prioritizes the content that is above the fold of the browser, so that it doesn’t have to compete with the rest of the page.
  • Defer Javascript. JavaScript execution is deferred until page load so that it doesn’t block rendering of visible content.

Early deployment of these techniques has shown significant improvements in user-perceived page load times. Below is a filmstrip view that compares the loading of pages on Power Line, a US-based political commentary website.


Joe Malchow, Publisher of Power Line says "With this rewriter the most important bytes, our content, load first and fast. To our readers, Power Line appears to be completely instantaneous, prompting deeper and lengthier reading sessions and more profound engagement with the site."

This rewriter works best when the page content is mostly generated on the server rather than via Javascript and only small portions of it are personalized. To see how this rewriter would benefit your site, you can check it out here. If you are satisfied with the results, you can sign up for PageSpeed Service here. If you already use PageSpeed Service, you can find more details about enabling this rewriter here. This rewriter will also be available to App Engine users of PageSpeed Service in the near future.


Rahul Bansal and Kishore Simbili are Software Engineers on Google’s PageSpeed Team in Bangalore, India, which is dedicated to making the web faster.

Posted by Scott Knaster, Editor
URL: http://googledevelopers.blogspot.com/2012/08/turbocharging-web-sites-with-new.html

[Gd] New Fonts, Early Access, and More

| More

Google Web Fonts: New Fonts, Early Access, and More

Over the last few months, we’ve been busy adding support for web fonts to Google documents and Google presentations. Today, we’re adding seven font families in Google Web Fonts, a new tool to compare similar fonts, and an early access program to get feedback on non-latin scripts in development.

When you choose a new font, you want it to look good for all your readers, regardless of the platform or browser they’re using. To help make fonts look better in more places, we’re starting to hint more families in Google Web Fonts, thanks to the ttfautohint project, which automates this process. Amarante, Capriola, Courgette, and Quando were hinted using this tool.

Eagle Lake expands on our existing collection of calligraphic font styles, and you can use Metal Mania to bring out your inner guitarist. We’re also very excited to be including a special contribution from our friends over at Adobe - Source Sans Pro, their first open source type family.

As the number of fonts in Google Web Fonts continues to grow, it’s becoming harder to select the right font from among many potential choices. To make this process easier, you can now easily compare two fonts side by side using the new comparison tool. Just add a few fonts to your collection, select Review, and click on the Compare tab at the top.



You can then overlay glyphs from each font on top of each other, and use the slider to transition between fonts to see the differences between them more clearly.

Non-latin fonts can be more complex than latin fonts, both as designs and as font software, which often require more time to develop and polish. The designers of these fonts may not be native readers, and we’re hoping for your feedback to help them understand where their fonts need improvement. You can try them out by downloading them from the Google Web Fonts early access page.

Posted by Ajay Surie, Product Manager
URL: http://googlewebfonts.blogspot.com/2012/08/new-fonts-early-access-and-more.html

[Gd] Domain verification using CNAME records

| More

Official Google Webmaster Central Blog: Domain verification using CNAME records

Webmaster Level: all

In order to use Google services like Webmaster Tools and Google Apps you must verify that you own the site or domain. One way you can do this is by creating a DNS TXT record to prove your ownership of the domain. Now you can also use DNS CNAME records to verify ownership of your domains. This is a new domain verification option for users that are not able to create DNS TXT records for their domains.

For example, if you own the domain example.com, you can verify your ownership of the domain by creating a DNS CNAME record as follows.

  1. Add the domain example.com to your account either in Webmaster Tools or directly on the Verification Home page.

  2. Select the Domain Name Provider method of verification, then select your domain name provider that manages your DNS records or "Other" if your provider is not on this list.

  3. Based on your selection you may either see the instructions to set a CNAME record or see a link to the option Add a CNAME record. Follow the instructions to add the specified CNAME record to your domain’s DNS configuration.

  4. Click the Verify button.

When you click Verify, Google will check for the CNAME record and if everything works you will be added as a verified owner of the domain. Using this method automatically verifies you as the owner of all websites on this domain. For example, when you verify your ownership of example.com, you are automatically verified as an owner of www.example.com as well as subdomains such as blog.example.com.

Sometimes DNS records take a while to make their way across the Internet. If we don't find the record immediately, we'll check for it periodically and when we find the record we'll make you a verified owner. To maintain your verification status don’t remove the record, even after verification succeeds.

If you don’t have access to your DNS configuration at your domain name provider you can continue to use any of the other verification methods, such as the HTML file, the meta tag or Google Analytics tag in order to verify that you own a site.

If you have any questions please let us know via our Webmaster Help forum.

Posted by Pooja Wagh, Software Engineer
URL: http://googlewebmastercentral.blogspot.com/2012/08/domain-verification-using-cname-records.html

[Gd] Beta Channel Update for Chrome OS

| More

Chrome Releases: Beta Channel Update for Chrome OS


The Beta channel has been updated to 21.0.1180.68 (Platform versions: 2465.105.0) for Chromebooks (Acer AC700, Samsung Series 5 550, Samsung Chromebook Series 3, and Cr-48) and Samsung Chromebox Series 3. This build contains a number of UI, stability & security improvements. 

Highlights of these changes are:
  • Update Adobe Flash to version 11.3.31.223
  • Wifi/3G stability fixes
  • Audio fixes
  • Suspend while streaming audio fix (32327)
  • Certificate Manager fix (136864)

Known Issues:
  • 139917 - 3G Buy plan displayed instead of View Account 
  • 137273  - Connecting to hidden networks fails when you try to connect to it for the first time
  • 31866 -  Unable to enable mobile data for locked SIM on y3300 and y3400 modems

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.

Josafat Garcia

Google Chrome

URL: http://googlechromereleases.blogspot.com/2012/08/beta-channel-update-for-chrome-os.html

[Gd] The power of places and big data for good: Google Places API Developer Challenge 2012

| More

Google Developers Blog: The power of places and big data for good: Google Places API Developer Challenge 2012

Author Picture
By Carlos Cuesta, Google Maps API Product Marketing Manager

Cross-posted with the Google Geo Developers Blog

How would you make your community or local government run better? In our first Google Places API Developer Challenge, we’re inviting developers around the world to make something that improves their communities or governments by using the Google Places API and its database of places and tools. The developers of the winning applications will receive a VIP experience at Google I/O 2013.

You might create an app or site that solves health problems, understands crime patterns, or improves commerce. You can use any platform as long as you build with the Google Places API and it benefits your community or government. We’re looking for your best and most innovative ideas.



Built on the comprehensive global database of more than 95 million places that powers Google Maps, the Google Places API enables you to search for information about a variety of nearby places such as establishments, geographic locations and prominent points of interest. You can re-rank place results based on user check-ins, and create new places specific to your app.

To help you develop your ideas and build better apps, we’ve been working with local government officials in Austin, Boston, Chicago, London, Louisville, New York City, Philadelphia, Portland, San Francisco, and Seattle along with the White House to surface a wide variety of data sets for your apps. You can find these data sets and more on the Google Places API Challenge site at http://developers.google.com/challenge and hear more about what cities have to say about the challenge here. You can also follow updates and hangouts about the challenge on +Google Maps API.

The submission window opens on August 15th and closes on October 31st, 2012.

We look forward to seeing what can happen when your imagination and the Google Places API come together!


Carlos Cuesta is the Product Marketing Manager for Google Maps API. He also enjoys travelling, photography, and collecting vinyl.

Posted by Scott Knaster, Editor
URL: http://googledevelopers.blogspot.com/2012/08/the-power-of-places-and-big-data-for.html

Wednesday, August 1, 2012

[Gd] 5 things you didn't know you could do with the Google Drive API

| More

Google Apps Developer Blog: 5 things you didn't know you could do with the Google Drive API

Have you tried using the Google Drive API? If so, you’re aware that it allows you to programmatically manage a user’s Google Drive and build applications to manipulate files stored in the user’s account. However, the API might still be capable of doing a few things you didn’t know about. Here is a list of five specific use cases and how each of them can be addressed with the API.

1) Sharing a file with the world

When a file in Google Drive is shared publicly, it can be downloaded without authentication at the URL provided by the API in the webContentLink field of the Files resource. To retrieve that value, send a GET request to retrieve the file metadata and look for the webContentLink element in the JSON response, as in the following example:


{
"kind": "drive#file",
"id": "0B8E...",
"etag": "WtRjAP...",
"selfLink": "https://www.googleapis.com/drive/v2/files/0B8E...",
"webContentLink": "https://docs.google.com/a/google.com/uc?id=0B8E...",
...
}

2) Granting comment-only access to a user

When setting permissions for a file with the Drive API, you can choose one of owner, writer and reader as the value for the role parameter. The Drive UI also lists another role, commenter, which is not allowed for that parameter.

In order to grant comment-only access to a user with the Drive API, you have to set the role parameter to reader and include the value commenter in the list of additionalRoles, as in the following example:


{
"kind": "drive#permission",
...
"role": "reader",
"additionalRoles": [
"commenter"
],

...
}

3) Listing all files in the root folder

It is possible to restrict the list of files (and folders) returned by the Drive API by specifying some search criteria in the q query parameter. Each file has a parents collection listing all folders containing it, and the root folder in Google Drive can be conveniently addressed with the alias ‘root’. All you need to do to retrieve all files in that folder is add a search query for element with ‘root’ in their parents collection, as in the following example:


GET https://www.googleapis.com/drive/v2/files?q='root' in parents

Remember to URL-encode the search query for transmission unless you are using one of the available client libraries.

4) Finding how much quota is available in the user’s account

Your application might need to know if users have enough available quota to save a file, in order to handle the case when they don’t. Quota information is available in the About feed of the Drive API:


{
"kind": "drive#about",
...
"quotaBytesTotal": "59055800320",
"quotaBytesUsed": "14547272",
"quotaBytesUsedInTrash": "511494",

...
}

The feed includes three values related to quota management: quotaBytesTotal, quotaBytesUsed and quotaBytesUsedInTrash. The first value indicates the total amount of bytes available to the user (new accounts currently get 5GB for free) while the second one tells how many of those bytes are in use. In case you need to get more free space, you can use the last value to know how many bytes are used by files that have been trashed. An application might use this value to recommend emptying the trash bin before suggesting to get additional storage.

5) Discovering if one of the user’s apps can open a file

Google Drive allows users to store any kind of file and to install applications to open file types that are not directly supported by the native Google applications. In case you need to know what applications are installed and what file types each of them can open, you can retrieve the Apps feed and look for the primaryMimeTypes and secondaryMimeTypes elements for supported MIME types or primaryFileExtensions and secondaryFileExtensions for file extensions:


{
"kind": "drive#app",
"name": "Pixlr Editor",
...
"primaryMimeTypes": [
"image/psd",
"image/pxd",
"application/vnd.google-apps.drive-sdk.419782477519"
],
"secondaryMimeTypes": [
"image/png",
"image/jpeg",
"image/gif",
"image/bmp"
],
"primaryFileExtensions": [
"pxd",
"psd"
],
"secondaryFileExtensions": [
"jpg",
"png",
"jpeg",
"bmp",
"gif"
],


}

Note: to access the Apps feed you have to request access to the https://www.googleapis.com/auth/drive.apps OAuth scope.

Claudio Cherubino   profile | twitter | blog

Claudio is an engineer in the Google Drive Developer Relations team. Prior to Google, he worked as software developer, technology evangelist, community manager, consultant, technical translator and has contributed to many open-source projects. His current interests include Google APIs, new technologies and coffee.

URL: http://googleappsdeveloper.blogspot.com/2012/08/5-things-you-didnt-know-you-could-do.html

[Gd] 450+ new ways to make your Google presentations pop

| More

Google Web Fonts: 450+ new ways to make your Google presentations pop

(Cross-posted from the Google Drive blog)

Good design is an important part of getting your point across in a presentation. Over time we’ve added a bunch of features to help you bring a little something extra to your decks, like slide transitions and animations, thousands of free stock photos, and a growing collection of templates.

Today, creating eye-catching presentations gets even easier, with more than 450 new fonts to choose from. (flip through the presentation below to see them in action)



To browse and select new fonts, click on Add fonts from the bottom of the fonts dropdown in the toolbar. This will take you to the menu of all available fonts, where you can pick the ones you want to use.


Any fonts that you select will get automatically added to your fonts list so it’s easy to find them later.


Plus, fonts that you’ve already added to Google documents will automatically appear in your presentations font list too.

So next time you're working on a presentation, jazz it up with some Calligrafitti, Indie Flower, Short Stack, or hundreds of other new choices.

Posted by Erin Rosenbaum, Software Engineer
URL: http://googlewebfonts.blogspot.com/2012/08/450-new-ways-to-make-your-google.html

[Gd] Introducing the Multi-Channel Funnels Reporting API

| More

Google Developers Blog: Introducing the Multi-Channel Funnels Reporting API

Author PhotoBy John Huang, Software Engineer

Cross-posted from the Google Analytics Blog

Measuring how marketing efforts influence conversions can be difficult, especially when your customers interact with multiple marketing channels over time before converting. Last fall, we launched Multi-Channel Funnels in Google Analytics, a new set of reports that help shed light on the full path users follow to conversion, rather than just the last click. One request we’ve had since the beginning was to make this data available via an API to allow developers to extend and automate use cases with the data. So today we’re releasing the new Google Analytics Multi-Channel Funnels Reporting API.

The API allows you to query for metrics like Assisted Conversions, First Interactions Conversions, and Last Interaction conversions, as well as Top Paths, Path Length and Time Lag, to incorporate conversion path data into your applications. Key use cases we’ve seen so far involve combining this conversion path data with other data sources, such as cost data, creating new visualizations, as well as using this data to automate processes such as bidding.

For example, Cardinal Path used the new Multi-Channel Funnels API, Analytics Canvas ETL (Extract, Transform, Load) and Tableau Software to help their client, C3 Presents, uncover how time and channels affected Lollapalooza ticket sales in an analysis dubbed “MCF DNA.” The outcome was a new visualization, similar to a DNA graph, that helped shed light on how channels appeared throughout the conversion funnel.

MCF DNA Visualization in Tableu Software


In another case, Mazeberry, an analytics company from France, helped their client 123Fleurs decrease customer acquisition costs by 20% by integrating data from the Multi-Channel Funnels API into a new reporting framework. Their application, Mazeberry Express, combines media cost and full conversion path data to provide new Cost Per Acquisition (CPA) and Return on Investment (ROI) metrics that provide a more complete understanding of how online channels are working together to influence conversions.

Mazeberry Express Screenshot - Focus on a Channel


Please note that this functionality only works with the new v3.0 API libraries, so you should upgrade now if you haven’t already (see our migration guide). We look forward to seeing how you make use of this new data source.


John Huang is a Software Engineer working on Google Analytics. John is interested in all things analytics, mobile, and photography.

Posted by Scott Knaster, Editor
URL: http://googledevelopers.blogspot.com/2012/07/introducing-multi-channel-funnels.html

[Gd] Stable Channel Release

| More

Chrome Releases: Stable Channel Release


The Chrome team is excited to announce the release of Chrome 21 to the Stable Channel. 21.0.1180.57 for Mac and Linux. 21.0.1180.60 for Windows and Chrome Frame. Chrome 21 contains a number of new features including a new API for high-quality video and audio communication. More detailed updates are available on the Chrome Blog.  


Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [Linux only] [125225] Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team (Julien Tinnes).
  • [127522] Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security.
  • [127525] Medium CVE-2012-2848: Overly broad file access granted after drag+drop. Credit to Matt Austin of Aspect Security.
  • [128163] Low CVE-2012-2849: Off-by-one read in GIF decoder. Credit to Atte Kettunen of OUSPG.
  • [130251] [130592] [130611] [131068] [131237] [131252] [131621] [131690] [132860] Medium CVE-2012-2850: Various lower severity issues in the PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [132585] [132694] [132861] High CVE-2012-2851: Integer overflows in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [134028] High CVE-2012-2852: Use-after-free with bad object linkage in PDF. Credit to Alexey Samsonov of Google.
  • [134101] Medium CVE-2012-2853: webRequest can interfere with the Chrome Web Store. Credit to Trev of Adblock.
  • [134519] Low CVE-2012-2854: Leak of pointer values to WebUI renderers. Credit to Nasko Oskov of the Chromium development community.
  • [134888] High CVE-2012-2855: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [134954] [135264] High CVE-2012-2856: Out-of-bounds writes in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [$1000] [136235] High CVE-2012-2857: Use-after-free in CSS DOM. Credit to Arthur Gerkis.
  • [$1000] [136894] High CVE-2012-2858: Buffer overflow in WebP decoder. Credit to Jüri Aedla.
  • [Linux only] [137541] Critical CVE-2012-2859: Crash in tab handling. Credit to Jeff Roberts of Google Security Team.
  • [137671] Medium CVE-2012-2860: Out-of-bounds access when clicking in date picker. Credit to Chamal de Silva.

Many of the above bugs were detected using AddressSanitizer.

We’d also like to thank Drew Yao / Braden Thomas / Jim Smith (all Apple Product Security), Kostya Serebryany of the Chromium development community, Atte Kettunen of OUSPG and Bernhard Bauer of the Chromium development community for working with us during the development cycle and preventing security regressions from ever reaching the stable channel.




Full details about what changes are in this release are available in the SVN revision log.  Interested in hopping on the stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome


URL: http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html

[Gd] Stable Channel Update for Chrome OS

| More

Chrome Releases: Stable Channel Update for Chrome OS


The Stable channel has been updated to 20.0.1132.59 (Platform version: 2268.124.0) for Chrome OS (Chromebooks Acer AC700, Samsung Series 5, Samsung Chromebook Series 5 550 and Cr-48, and Samsung Chromebox Series 3).

This build contains a number of stability improvements.

Some highlights of these changes are:

  • Fixed 133988: Network dropdown in the first screen when setting up the network may not show the entire list of networks.
  • Fixed 31651: Disabling 3G mobile data on the system would cause it to become permanently disabled.
  • Fixed issue with Enterprise customers being unable to enroll due to a timezone mismatch issue.


If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.
Danielle DrewGoogle Chrome


URL: http://googlechromereleases.blogspot.com/2012/07/stable-channel-update-for-chrome-os.html

[Gd] Beta Channel Update

| More

Chrome Releases: Beta Channel Update


The Beta channel has been updated to 21.0.1180.60 for Windows and Chrome Frame


This build should fix most of the choppy and distorted audio issues  (Issue: 136624). If you've seen these issues with the Beta, please leave us an update on the bug.


If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome
URL: http://googlechromereleases.blogspot.com/2012/07/beta-channel-update_31.html

[Gd] Dev Channel Update

| More

Chrome Releases: Dev Channel Update

The Dev channel has been updated to 22.0.1221.0 for Windows and Mac (Update: also 22.0.1221.1 for Linux).  This update has an updated version of V8 (3.12.16.0) along with other improvements.  A complete log of what changed can be found in the svn revision log.  Instructions and download links for our different release channels are available on the Chromium wiki.  If you find what you think is a new bug, please file it in our issue tracker.

Jason Kersey
Google Chrome
URL: http://googlechromereleases.blogspot.com/2012/07/dev-channel-update_30.html

[Gd] Introducing the Structured Data Dashboard

| More

Official Google Webmaster Central Blog: Introducing the Structured Data Dashboard

Webmaster level: All

Structured data is becoming an increasingly important part of the web ecosystem. Google makes use of structured data in a number of ways including rich snippets which allow websites to highlight specific types of content in search results. Websites participate by marking up their content using industry-standard formats and schemas.

To provide webmasters with greater visibility into the structured data that Google knows about for their website, we’re introducing today a new feature in Webmaster Tools - the Structured Data Dashboard. The Structured Data Dashboard has three views: site, item type and page-level.

Site-level view
At the top level, the Structured Data Dashboard, which is under Optimization, aggregates this data (by root item type and vocabulary schema).  Root item type means an item that is not an attribute of another on the same page.  For example, the site below has about 2 million Schema.Org annotations for Books (“http://schema.org/Book”)


Itemtype-level view
It also provides per-page details for each item type, as seen below:


Google parses and stores a fixed number of pages for each site and item type. They are stored in decreasing order by the time in which they were crawled. We also keep all their structured data markup. For certain item types we also provide specialized preview columns as seen in this example below (e.g. “Name” is specific to schema.org Product).


The default sort order is such that it would facilitate inspection of the most recently added Structured Data.

Page-level view
Last but not least, we have a details page showing all attributes of every item type on the given page (as well as a link to the Rich Snippet testing tool for the page in question).


Webmasters can use the Structured Data Dashboard to verify that Google is picking up new markup, as well as to detect problems with existing markup, for example monitor potential changes in instance counts during site redesigns.

Posted by Thomas Biggs & Andrei Pascovici, Webmaster Tools Team
URL: http://googlewebmastercentral.blogspot.com/2012/07/introducing-structured-data-dashboard.html

Tuesday, July 31, 2012

[Gd] Introducing Dashboards in Google Apps Script

| More

Google Apps Developer Blog: Introducing Dashboards in Google Apps Script

Charts are a great way to visualize information. They let you arrange data in meaningful ways, allow you to tell a story, and can really catch the reader's eye. But when dealing with large datasets, visualizing all the data at once can be somewhere between a tough to impossible mission. You usually need to filter the data and concentrate on a specific part that is of interest, and then when you want to see a different part of the data you'll need to filter it again and refresh the view. That's why we're happy to announce the introduction of dashboards in Apps Script, which allow you to compose multiple charts and filters into a single experience!

What is a dashboard?
A dashboard is a visual structure that lets you organize and manage multiple charts that share the same underlying data. The three building blocks of a dashboard are the data source, charts, and controls. Controls are user interface widgets (category pickers, range sliders, or autocompleting text boxes) that someone can interact with in order to drive the data managed by a dashboard to the charts that are part of it.

Dashboards in Apps Script
Because of its interactive nature, a dashboard is built in a Google Apps Script UI application. A UI application can be embedded in a Spreadsheet or a Site or served as HTML using the "Deploy as web app" option. They are perfect for creating interactive reports, where users can gain extra insight through exploring the data.

Creating a simple dashboard UI Application
Have a look at the following example dashboard where a category picker and a range slider are used to drive the data visualized by a pie chart and a table chart.

Note that a dashboard is an interactive entity. Playing with its controls will change the charts in real time. You can see exactly how this dashboard was created, and learn more about how to build dashboards in general, by reading through our new Building a Charts Dashboard tutorial.

Going further
Dashboards can of course be much more complex than the above example. Here is a video demonstrating a more complex dashboard embedded in a Spreadsheet:

To conclude, dashboards are powerful gadgets that allow you to handle and get valuable insights on complex datasets. Now made easy to build in Apps Script, try it on your data.

Roee Eilat   profile

Roee is an engineer in the Google Chart Tools team, lately he has been working on enhancing charting capabilities in Google Apps products. He finds interest in the fields of statistics, data mining, data visualization and any combination between them.

URL: http://googleappsdeveloper.blogspot.com/2012/07/introducing-dashboards-in-google-apps.html

Monday, July 30, 2012

[Gd] Measure and optimize with mod_pagespeed experiments

| More

Google Developers Blog: Measure and optimize with mod_pagespeed experiments

Author Photo
By Jeff Kaufman, Software Engineer, PageSpeed Team

Making your site fast shouldn’t require lots of manual optimization. With mod_pagespeed, an open-source Apache module, you can automatically apply web performance optimization best practices like cache extension, image optimization, and css inlining to speed up your site without a lot of hassle. As of version 0.10.22.4, mod_pagespeed now supports A/B tests integrated with Google Analytics, allowing you to measure how much it speeds up your site on live traffic and experimentally determine the best settings.

When running an experiment, mod_pagespeed randomly assigns visitors to experimental configurations based on percentages you choose. You can run an experiment on 1% of your traffic, 100%, or anywhere in between without affecting other visitors. It also injects JavaScript to report experiment assignments back to your Google Analytics account in a custom variable. Within Analytics you can track the impact of experimental configurations on page load times, bounce rates, conversions, or any other Analytics metric.

We ran an example experiment, comparing mod_pagespeed running with default settings to mod_pagespeed in pass-through mode, on a small blog. This required adding the following lines to our pagespeed.conf:
ModPagespeedRunExperiment on
ModPagespeedAnalyticsID "UA-XXXXXXXX-Y"

# half the users get the pagespeed optimizations
ModPagespeedExperimentSpec id=3;percent=50;default

# half get an unoptimized site
ModPagespeedExperimentSpec id=4;percent=50
While this site was static and contained mostly text, it did use some JavaScript and images and had not been manually optimized. We ran the experiment for a month, over which Analytics observed 11K page views, and we saw a 20% improvement in average page load time:


experiment results

Average page load time is sensitive to outliers, however, so to better understand the effects it’s helpful to check a histogram:


detailed experiment results

The clearest change is that mod_pagespeed moved about 7% of page loads from taking 1-3 seconds down to 0-1 second, but there is also an improvement in the long tail.

We encourage you to follow the experiment framework guide and start measuring the effect mod_pagespeed has on your site.


Jeff Kaufman works on mod_pagespeed, an open-source Apache module that helps make the web faster, and is interested in experiment measurement. He also plays for contra dances, organizes other dances, and blogs about dancing, giving, and tech.

Posted by Scott Knaster, Editor
URL: http://googledevelopers.blogspot.com/2012/07/measure-and-optimize-with-modpagespeed.html

[Gd] Announcing Google App Engine education awards

| More

Google App Engine Blog: Announcing Google App Engine education awards

In addition to the startups and businesses we frequently highlight on our blog, we have seen educational institutions and their students build amazing applications, using Google App Engine as a platform for teaching and groundbreaking research.



Earlier this year we announced funding for researchers looking to use App Engine for scientific discovery. Today we are introducing the Google App Engine Education Awards to foster continued innovation from educational institutions in areas outside of research. Through this program we are inviting faculty members, initially from the United States, to submit proposals for using App Engine for their course development, educational research, university tools or for student projects. A selection of the proposals we receive will receive $1,000 in App Engine credits to assist in making the proposal a reality.



App Engine allows you to build scalable applications using the same technology that powers Google’s global-scale web applications. With no hardware to setup, App Engine makes it simple to learn how to write a simple web application or to build an application that handles millions of hits a day. If you haven’t already tried App Engine, we encourage you to download the SDK, follow the Getting Started Guide and take advantage of our free tier to deploy your first application.



If you teach at an accredited college, university or community college in the United States, we encourage you to apply. You can submit a proposal by filling out this form. Applications must be received by midnight PST August 31, 2012.





- Posted by the Google App Engine Team
URL: http://googleappengine.blogspot.com/2012/07/announcing-google-app-engine-education.html