Saturday, February 23, 2013

[Gd] Fridaygram: I/O registration, SpaceX launch, calendar history

| More

Google Developers Blog: Fridaygram: I/O registration, SpaceX launch, calendar history

Author PictureBy Ashleigh Rentz, Google Developers Blog Editor Emerita

As Spring draws nearer in the northern hemisphere, so too does this year’s Google I/O. Earlier today, we announced that registration for this year’s event will open on March 13th at 7:00 AM PDT. Tickets are in high demand, so be sure to mark your calendar!  Of course, we’ll continue to offer live streaming and recordings of many sessions as we’ve done in the past for those who can’t join us at Moscone Center (and for attendees who can’t be in two sessions at once).

Another thing to mark on your calendar is the upcoming launch of the SpaceX Dragon spacecraft next Friday, March 1st. In the early hours of the morning (much earlier than Fridaygrams get posted), SpaceX will host a live webcast covering the launch. What’s more, they might just answer your question! Head over to their Google+ page for details on how to submit that burning question via YouTube.

If you find yourself scratching your head after looking at your calendar and wondering where this bizarre time-telling scheme ever came from, fear not! One YouTube user offers us “A Short History of the Modern Calendar”. It’s still annoying to deal with this mess of dates when coding, but at least it wasn’t devised purely to torment us. Why isn’t there an SI unit of month?





Once per 7-day week, Fridaygram puts away the compiler and brings you the latest in fun science and other nerd stuff. Occasionally, we meander through recorded history as well. “Those who cannot remember the past are condemned to GOTO 10.”

URL: http://googledevelopers.blogspot.com/2013/02/fridaygram-io-registration-spacex.html

[Gd] Chrome OS Management Console Update

| More

Chrome Releases: Chrome OS Management Console Update


The Chrome OS Management Console in the administrator control panel has been updated. This update brings new user policies including:
  • Safe Browsing
  • Google Drive syncing
  • Google Drive syncing over cellular
  • Bookmark editing
  • Spell check service
Known issues are available here. Enterprise customers can report an issue by contacting support.

Lawrence Lui
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/02/chrome-os-management-console-update_22.html

Friday, February 22, 2013

[Gd] A reminder about selling links that pass PageRank

| More

Official Google Webmaster Central Blog: A reminder about selling links that pass PageRank

Webmaster level: all

Google has said for years that selling links that pass PageRank violates our quality guidelines. We continue to reiterate that guidance periodically to help remind site owners and webmasters of that policy.

Please be wary if someone approaches you and wants to pay you for links or "advertorial" pages on your site that pass PageRank. Selling links (or entire advertorial pages with embedded links) that pass PageRank violates our quality guidelines, and Google does take action on such violations. The consequences for a linkselling site start with losing trust in Google's search results, as well as reduction of the site's visible PageRank in the Google Toolbar. The consequences can also include lower rankings for that site in Google's search results.

If you receive a warning for selling links that pass PageRank in Google's Webmaster Tools, you'll see a notification message to look for "possibly artificial or unnatural links on your site pointing to other sites that could be intended to manipulate PageRank." That's an indication that your site has lost trust in Google's index.

To address the issue, make sure that any paid links on your site don't pass PageRank. You can remove any paid links or advertorial pages, or make sure that any paid hyperlinks have the rel="nofollow" attribute. After ensuring that no paid links on your site pass PageRank, you can submit a reconsideration request and if you had a manual webspam action on your site, someone at Google will review the request. After the request has been reviewed, you'll get a notification back about whether the reconsideration request was granted or not.

We do take this issue very seriously, so we recommend you avoid selling (and buying) links that pass PageRank in order to prevent loss of trust, lower PageRank in the Google Toolbar, lower rankings, or in an extreme case, removal from Google's search results.

Posted by Matt Cutts, Distinguished Engineer
URL: http://googlewebmastercentral.blogspot.com/2013/02/a-reminder-about-selling-links.html

[Gd] Dev Channel Update for Chrome OS

| More

Chrome Releases: Dev Channel Update for Chrome OS

The Dev channel has been updated to 26.0.1410.12 (Platform version: 3701.23.0) for all Chrome OS devices except CR-48. In addition to increased stability, this build also has some notable improvements.

Updates:
  • YouTube tearing issue has been fixed.
  • Updated Pepper Flash to 11.6.602.171
Known Issues:
  • Hangout is not working on the new Samsung Chromebook (fix coming soon).
If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Ben Henry
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/02/dev-channel-update-for-chrome-os_21.html

Thursday, February 21, 2013

[Gd] Google Cloud Platform introduces new support packages

| More

Google Developers Blog: Google Cloud Platform introduces new support packages

Author PictureBy Brett McCully, Google Cloud Platform Team

(Cross-posted with the App Engine and Enterprise Blogs)

Support is as important as product features when choosing a platform for your applications. And let’s face it, sometimes we all need a bit of help. No matter which Google Cloud Platform services you are using — App Engine, Compute Engine, Cloud Storage, Cloud SQL, BigQuery, etc. — or what time of day, you should be able to get the answers you need. While you can go to Stack Overflow or Google Groups, we realize some of you may need 24x7 coverage, phone support or direct access to a Technical Account Manager team.

To meet your support requirements, we’re introducing a comprehensive collection of support packages for services on Google Cloud Platform, so you can decide what level best fits your needs:

  • Bronze: All customers get access to online documentation, community forums, and billing support. (Free)
  • Silver: In addition to Bronze, you can email our support team for questions related to product functionality, best practices, and service errors. ($150/month)
  • Gold: In addition to Silver, you'll receive 24x7 phone support and consultation on application development, best practices or architecture for your specific use case. (Starts at $400/month)
  • Platinum: The most comprehensive and personalized support. In addition to Gold, you’ll get direct access to a Technical Account Manager team. (Contact Sales for more information)

Sign up or click here to find out more information about the new Google Cloud Platform support options.


Brett McCully is the Manager of the Google Cloud Platform Support team and is currently based in Seattle.

Posted by Ashleigh Rentz, Editor Emerita

URL: http://googledevelopers.blogspot.com/2013/02/google-cloud-platform-introduces-new.html

[Gd] Java 7 Runtime and Cloud Endpoints Preview

| More

Google Developers Blog: Java 7 Runtime and Cloud Endpoints Preview

Author PictureBy Brad Abrams, Google Cloud Platform Team

(Cross-posted with the Google App Engine Blog)

Today we are announcing two new preview features: App Engine Java 7 runtime support and Google Cloud Endpoints.   Preview features are ‘experimental’ features on a path towards general availability.



Java 7 Runtime Support for App Engine

The App Engine Java 7 runtime allows App Engine developers to keep pace with innovations in the Java language and runtime. It is important that you begin testing your applications with the new Java 7 runtime before the complete rollout in a few months.

Some of the language features you now have access to include:

invokedynamic support, which allows developers, tools providers, and language implementations to take advantage of a new bytecode, invokedynamic, to handle method invocations efficiently even when there is no static type information. For example:



public static void invokeExample() {
  String s;
  MethodType mt;
  MethodHandle mh;
  
  MethodHandles.Lookup lookup = MethodHandles.lookup();
  MethodType mt = MethodType.methodType(String.class, char.class,
         char.class);
  MethodHandle mh = lookup.findVirtual(String.class, "replace", mt);
  s = (String) mh.invokeExact("App Engine Java 6 runtime",'6','7');
  System.out.println(s);
}

Try-with-resources, which helps avoid memory leaks and related bugs by automatically closing resources that are used in a try-catch statement.


public static void viewTable(Connection con, String query) throws SQLException {

  try (
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery(query)
) {
     while (rs.next()) {
    // process results
    //
     }
  } catch (SQLException e) {
     // con resource is auto-closed, no need to do anything here!
     //
  }
}

Flexible Type Creation when using generics, enabling you to create parameterized types more succinctly. For example, you can write:


Map<String, List<String>> myMap = new HashMap<>();

instead of:


Map<String, List<String>> myMap = new HashMap<String, List<String>>();

In addition to the language features listed above, the App Engine Java 7 runtime also includes:

  • Use of String class in Switch statements.
  • Expression of binary literals using simple prefixes 0b or 0B.
  • Single catch blocks that can handle multiple exceptions.
  • Simplified varargs method invocation.

Want to get started now? Download the latest App Engine Java SDK and then check out the docs here.



Cloud Endpoints Preview

Have you ever wanted a simple way to get a cloud backend for that Android or iPhone app you are working on?  Wish it was easier to expose RESTful APIs from your web application?  Google Cloud Endpoints simplifies building highly scalable and flexible backends for your web and mobile applications. Use Cloud Endpoints to store application data in the cloud that spans both devices and users. You can now easily expose your own authenticated, reliable, REST-based APIs hosted from an App Engine application and consume them in your Android, iOS, or web clients. Deeply integrated authentication support allows your users to have a transparent yet secure experience accessing your services. You have access to strongly typed client libraries for your custom service optimized for Android and iOS.

To use Cloud Endpoints, you simply write a Java or Python class with methods you want to expose to web or mobile clients. You then annotate the methods with attributes that control exactly how they are represented in REST interfaces on the wire. Finally, use Cloud Endpoints to generate your strongly-typed client libraries for Android, iOS and a lightweight JavaScript library.

For example, you can create a simple class to list some important data:


public class SuperHeroes {

   public List listSuperHeroes() {

List list = new ArrayList();
list.add(new SuperHero ("Champion of the Obvious", "Brad Abrams"));
list.add(new SuperHero ("Mr. Justice", "Chris Ramsdale"));

return list;

}
}

Then, expose it over a standard REST interface with a simple attribute and a versioning pattern.


@Api(name = "superheroes", version = "v1")
public class SuperHeroesV1 {
...
}

Now you have a simple REST interface.


$ curl http://localhost:8888/_ah/api/superheroes/v1/superheroes
{
"items": [
 {
  "knownAs" : "Champion of the Obvious",
  "realName" : "Brad Abrams"
 },
 {
  "knownAs" : "Mr. Justice",
  "realName" : "Chris Ramsdale"
 }

And you can make strongly typed calls from your Android clients:


Real result = superheroes.list().execute();

Or Objective-C iOS client:


GTLQuerySuperHeroesV1 *query = [GTLQuerySuperHeroesV1 queryForSuperHeroesList];
[service executeQuery:query completionHandler:^(GTLServiceTicket *ticket,
GTLSuperHeroes *object, NSError *error) {
 NSArray *items = [object items];
}];

Or the web client in JavaScript:


// ...
var ROOT = 'https://' + window.location.host + '/_ah/api';
gapi.client.load('superheroes', 'v1',
                loadSuperheroesCallback, ROOT);

// Get the list of superheroes
gapi.client.superheroes.superheroes.list().execute(function(resp) {
 displaySuperheroesList(resp);
});

Read the documentation for Java or Python to discover how you can build a simple tic-tac-toe game using Cloud Endpoints.

To get started with Cloud Endpoints, download the App Engine 1.7.5 SDK and the latest Google Plugin for Eclipse. Be sure to look at the docs and follow along in the discussion forums on Stack Overflow.

For more on using Cloud Endpoints with Python, check out +Danny Hermes and +Dan Holevoet on Google Developers Live.



Brad Abrams is a Product Manager on the Google Cloud Platform where he looks after the developer experience. Brad is currently learning to ride the unicycle, so far with no broken bones!

Posted by Ashleigh Rentz, Editor Emerita

URL: http://googledevelopers.blogspot.com/2013/02/java-7-runtime-and-cloud-endpoints.html

[Gd] Dev Channel Update

| More

Chrome Releases: Dev Channel Update

The Dev channel has been updated to 26.0.1410.12 for Windows, Mac, Linux, and Chrome Frame. This build contains the following:
  • Hosted apps in Chrome will always be opened from app launcher. [Issue: 176267]
  • Added modal confirmation dialog to the enterprise profile sign-in flow. [Issue: 171236]
  • Fixed a crash with autofill. [Issue: 175454176576]
  • Fixed issues with sign-in. [Issue: 175672, 175819, 175541, 176190]
  • Fixed spurious profile shortcuts created with a system-level install. [Issue: 177047]
  • Fixed the background tab flashing with certain themes. [Issue: 175426]
  • [Mac] Fixed background apps dock menu. [Issue: 175113]
  • [Mac] Fixed the hang when clicking on extensions' permission link. [Issue: 175071]
  • [Linux] Fixed broken command line to create extensions with locale info. [Issue: 176187]
  • [Linux] Fixed crash after clicking through malware warning. [Issue: 173986]
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/02/dev-channel-update_21.html

[Gd] Stable Channel Update for Chrome OS

| More

Chrome Releases: Stable Channel Update for Chrome OS

The Stable channel has been updated to 25.0.1364.87 (Platform version: 3428.149.2) for Samsung Chromebooks. This build contains a number of new features, bug fixes and security improvements. Machines will be receiving updates over the next several days.

Release Highlights:

  • Updated Flash to 11.6.602.169
  • HTML5 Content Decryption Module (CDM) with WebM support
  • Fix to Samsung Chromebook device freezes or crashes on some systems when trying to resume after suspend
  • Extended Desktop Mode (multi-monitors) now supported
  • App Launcher now supports re-ordering
  • Intelligent Window positioning (if you don't manually move your windows, we will arrange them to show you more at all times)
  • Tap dragging is now a user preference.
  • Encrypted Media Extensions are enabled by default
  • Modifications to the system tray to display accessibility options.
  • Improved power consumption on ARM devices
  • Numerous UI improvements and crash fixes
  • Improved accessibility controls in the status area, out of box experience, and login page

Known Issues:
  • When connecting to a wifi captive portal, logging out and adding a new user will show the captive portal overlay but never hide it. Workaround: Logout and login again.

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Danielle Drew
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/02/stable-channel-update-for-chrome-os_21.html

[Gd] Chrome Beta for Android

| More

Chrome Releases: Chrome Beta for Android

Chrome Beta for Android has been updated to 25.0.1364.108 on Google Play. This build will be rolling out over the next few hours. This update contains a number of fixes, including:
  • [174665] Text selection and text input handles appear at incorrect positions
  • Tilt scrolling now works on tab switcher mode
  • Login to LinkedIn desktop site works
  • Some frequently occurring crashes have been fixed
  • More improvements to scrolling performance and fling speed
Known Issues:
  • Chrome not responding on cold start after changing language to RTL
  • Swype keyboard does not automatically insert space between words in omnibox
  • Disambiguation popup sometimes doesn't show entire link
  • Text autosizing may break formatting on some sites
A partial list of changes in this build is available in the SVN revision log. If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

Jason Kersey
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/02/chrome-beta-for-android.html

[Gd] Stable Channel Update

| More

Chrome Releases: Stable Channel Update

The Chrome team is excited to announce the promotion of Chrome 25 to the Stable Channel. Chrome 25.0.1364.97 for Windows and Linux, and 25.0.1364.99 for Mac contain a number of new items including:
Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [$1000] [172243] High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG.
  • [$1000] [171951] High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva.
  • [$500] [167069] Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG.
  • [$500] [165432] High CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan.
  • [$500] [142169] Medium CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG.
  • [172984] Low CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans).
  • [172369] Medium CVE-2013-0885: Too many API permissions granted to web store.
  • [Mac only] [171569] Medium CVE-2013-0886: Incorrect NaCl signal handling. Credit to Mark Seaborn of the Chromium development community.
  • [171065] [170836] Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.
  • [170666] Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
  • [170569] Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
  • [169973] [169966] High CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
  • [169685] High CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Jüri Aedla).
  • [169295] [168710] [166493] [165836] [165747] [164958] [164946] Medium CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
  • [168570] Medium CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community.
  • [168473] High CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno).
  • [Linux / Mac] [167840] High CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Jüri Aedla).
  • [166708] High CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar).
  • [165537] Low CVE-2013-0897: Off-by-one read in PDF. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.
  • [164643] High CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community.
  • [160480] Low CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Jüri Aedla).
  • [152442] Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno).
We’ve also resolved a high severity security issue by disabling MathML in this release. The WebKit MathML implementation isn’t quite ready for prime time yet but we are excited to enable it again in a future release once the security issues have been addressed.

Many of the above bugs were detected using AddressSanitizer.

We’d also like to thank Christian Holler, miaubiz and Atte Kettunen for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. Rewards were issued.

A full list of changes in this build is available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html

[Gd] Google Cloud Platform introduces new support packages

| More

Google App Engine Blog: Google Cloud Platform introduces new support packages



Support is as important as product features when choosing a platform for your applications. And let’s face it, sometimes we all need a bit of help. No matter which Google Cloud Platform services you are using—App Engine, Compute Engine, Cloud Storage, Cloud SQL, BigQuery, etc.—or what time of day, you should be able to get the answers you need. While you can go to Stack Overflow or Google Groups, we realize some of you may need 24x7 coverage, phone support or direct access to a Technical Account Manager team.

To meet your support requirements, we’re introducing a comprehensive collection of support packages for services on Google Cloud Platform, so you can decide what level best fits your needs:



  • Bronze: All customers get access to online documentation, community forums, and billing support. (Free)

  • Silver: In addition to Bronze, you can email our support team for questions related to product functionality, best practices, and service errors. ($150/month)

  • Gold: In addition to Silver, you'll receive 24x7 phone support and consultation on application development, best practices or architecture for your specific use case. (Starts at $400/month)

  • Platinum: The most comprehensive and personalized support. In addition to Gold, you’ll get direct access to a Technical Account Manager team. (Contact Sales for more information)



Sign up or click here to find out more information about the new Google Cloud Platform support options.




Posted by Brett McCully, Google Cloud Platform team
URL: http://googleappengine.blogspot.com/2013/02/google-cloud-platform-introduces-new.html

[Gd] Java 7 and Cloud Endpoints Preview

| More

Google App Engine Blog: Java 7 and Cloud Endpoints Preview



Today we are announcing two new preview features: Google App Engine Java 7 runtime support and Google Cloud Endpoints. Preview features are ‘experimental’ features on a path towards general availability.




Java 7 Runtime Support for App Engine




The App Engine Java 7 runtime allows App Engine developers to keep pace with innovations in the Java language and runtime. It is important that you begin testing your applications with the new Java 7 runtime before the complete rollout in a few months.



Some of the language features you now have access to include:



invokedynamic support, which allows developers, tools providers, and language implementations to take advantage of a new bytecode, invokedynamic, to handle method invocations efficiently even when there is no static type information. For example:





public static void invokeExample() {
String s;
MethodType mt;
MethodHandle mh;

MethodHandles.Lookup lookup = MethodHandles.lookup();
MethodType mt = MethodType.methodType(String.class, char.class,
char.class);
MethodHandle mh = lookup.findVirtual(String.class, "replace", mt);
s = (String) mh.invokeExact("App Engine Java 6 runtime",'6','7');
System.out.println(s);
}



Try-with-resources, which helps avoid memory leaks and related bugs by automatically closing resources that are used in a try-catch statement.





public static void viewTable(Connection con, String query) throws SQLException {

try (
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery(query)
) {
while (rs.next()) {
// process results
//
}
} catch (SQLException e) {
// con resource is auto-closed, no need to do anything here!
//
}
}



Flexible Type Creation when using generics, enabling you to create parameterized types more succinctly. For example, you can write:





Map<String, List<String>> myMap = new HashMap<>();



instead of:





Map<String, List<String>> myMap = new HashMap<String, List<String>>();



In addition to the language features listed above, the App Engine Java 7 runtime also includes:


  • Use of String class in Switch statements.


  • Expression of binary literals using simple prefixes 0b or 0B.


  • Single catch blocks that can handle multiple exceptions.


  • Simplified varargs method invocation.



Want to get started now? Download the latest App Engine Java SDK and then check out the docs here.






Cloud Endpoints Preview




Have you ever wanted a simple way to get a cloud backend for that Android or iPhone app you are working on? Wish it was easier to expose RESTful APIs from your web application? Google Cloud Endpoints simplifies building highly scalable and flexible backends for your web and mobile applications. Use Cloud Endpoints to store application data in the cloud that spans both devices and users. You can now easily expose your own authenticated, reliable, REST-based APIs hosted from an App Engine application and consume them in your Android, iOS, or web clients. Deeply integrated authentication support allows your users to have a transparent yet secure experience accessing your services. You have access to strongly typed client libraries for your custom service optimized for Android and iOS.






To use Cloud Endpoints, you simply write a Java or Python class with methods you want to expose to web or mobile clients. You then annotate the methods with attributes that control exactly how they are represented in REST interfaces on the wire. Finally, use Cloud Endpoints to generate your strongly-typed client libraries for Android, iOS and a lightweight JavaScript library.

For example, you can create a simple class to list some important data:

public class SuperHeroes {

public List listSuperHeroes() {

List list = new ArrayList();
list.add(new SuperHero ("Champion of the Obvious", "Brad Abrams"));
list.add(new SuperHero ("Mr. Justice", "Chris Ramsdale"));

return list;

}
}



Then, expose it over a standard REST interface with a simple attribute and a versioning pattern.





@Api(name = "superheroes", version = "v1")
public class SuperHeroesV1 {
...
}

Now you have a simple REST interface.





$ curl http://localhost:8888/_ah/api/superheroes/v1/superheroes
{
"items": [
{
"knownAs" : "Champion of the Obvious",
"realName" : "Brad Abrams"
},
{
"knownAs" : "Mr. Justice",
"realName" : "Chris Ramsdale"
}

And you can make strongly typed calls from your Android clients:





Real result = superheroes.list().execute();

Or Objective-C iOS client:

GTLQuerySuperHeroesV1 *query = [GTLQuerySuperHeroesV1 queryForSuperHeroesList];
[service executeQuery:query completionHandler:^(GTLServiceTicket *ticket,
GTLSuperHeroes *object, NSError *error) {
NSArray *items = [object items];
}];

Or the web client in JavaScript:





// ...
var ROOT = 'https://' + window.location.host + '/_ah/api';
gapi.client.load('superheroes', 'v1',
loadSuperheroesCallback, ROOT);

// Get the list of superheroes
gapi.client.superheroes.superheroes.list().execute(function(resp) {
displaySuperheroesList(resp);
});



Read the documentation for Java or Python to discover how you can build a simple tic-tac-toe game using Cloud Endpoints.



To get started with Cloud Endpoints, download the App Engine 1.7.5 SDK and the latest Google Plugin for Eclipse. Be sure to look at the docs and follow along in the discussion forums on Stack Overflow.



For more on using Cloud Endpoints with Python, check out +Danny Hermes and +Dan Holevoet on Google Developers Live.



-Posted by Brad Abrams, Product Manager, and Chris Ramsdale, Product Manager
URL: http://googleappengine.blogspot.com/2013/02/java-7-and-cloud-endpoints-preview.html

Wednesday, February 20, 2013

[Gd] Chrome app launcher developer preview

| More

Chromium Blog: Chrome app launcher developer preview

Today, on the Chrome dev channel for Windows, you can try the Chrome app launcher--a dedicated home for your apps which makes them easy to open outside the browser. This is the same experience as the app launcher on Chromebooks, but for other platforms. It’s available on Windows now, and will be coming to Mac OS X and Linux soon.

You’ll need to install a Chrome packaged app, such as IRC client CIRC or Text Drive, in order to try out the Chrome app launcher. Chrome packaged apps deliver a native-like experience across multiple platforms with the security properties of a web page. Just like web apps, packaged apps are written in HTML, JavaScript, and CSS. But packaged apps launch outside the browser, work offline by default, and have access to powerful APIs not available to web apps.

 

You’ll get the app launcher as an icon on your Windows taskbar the first time you install a packaged app. Chrome packaged apps are not yet searchable on the Chrome Web Store - but you can build your own packaged app, upload it to the Chrome Web Store and access it via its direct link.

Try out the app launcher and let us know what you think. If you have any questions or comments, you can use Stack Overflow or chromium-apps. File your bugs and feature requests here.

Posted by Sriram Saroop, Product Manager
URL: http://blog.chromium.org/2013/02/chrome-app-launcher-developer-preview.html

[Gd] Beta Channel Update for Chrome OS

| More

Chrome Releases: Beta Channel Update for Chrome OS


The Beta channel has been updated to  25.0.1364.87 (Platform version: 3428.149.2) for Samsung Chromebooks. This build contains a wifi fix.

Change in this version:


  • Fixed an issue where, when connecting to wifi using some 5GHz access points on Samsung Chromebooks, the system was unable to reconnect to the wifi access point after suspend/resume.

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Danielle Drew
Google Chrome

URL: http://googlechromereleases.blogspot.com/2013/02/beta-channel-update-for-chrome-os_20.html

[Gd] Stable Channel Update for Chrome OS

| More

Chrome Releases: Stable Channel Update for Chrome OS

The Stable channel has been updated to 25.0.1364.87 (Platform version: 3428.149.0 for all Chrome OS Devices except for Samsung Chromebooks. This build contains a number of new features, bug fixes and security improvements. Machines will be receiving updates over the next several days.

Release Highlights:

  • Updated Flash to 11.6.602.169
  • HTML5 Content Decryption Module (CDM) with WebM support
  • Extended Desktop Mode (multi-monitors) now supported
  • App Launcher now supports re-ordering
  • Intelligent Window positioning (if you don't manually move your windows, we will arrange them to show you more at all times)
  • Tap dragging is now a user preference.
  • Encrypted Media Extensions are enabled by default
  • Modifications to the system tray to display accessibility options.
  • Improved accessibility controls in the status area, out of box experience, and login page
  • Numerous crash fixes, stability improvements, security enhancements, and more

Known Issues:

  • When connecting to a wifi captive portal, logging out and adding a new user will show the captive portal overlay but never hide it. Workaround: Logout and login again.

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Danielle Drew
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/02/stable-channel-update-for-chrome-os.html

[Gd] Make the most of Search Queries in Webmaster Tools

| More

Official Google Webmaster Central Blog: Make the most of Search Queries in Webmaster Tools

Level: Beginner to Intermediate

If you’re intrigued by the Search Queries feature in Webmaster Tools but aren’t sure how to make it actionable, we have a video that we hope will help!


Maile shares her approach to Search Queries in Webmaster Tools

This video explains the vocabulary of Search Queries, such as:
  • Impressions
  • Average position (only the top-ranking URL for the user’s query is factored in our calculation)
  • Click
  • CTR
The video also reviews an approach to investigating Top queries and Top pages:
  1. Prepare by understanding your website’s goals and your target audience (then using Search Queries “filters” to support your knowledge)
  2. Sort by clicks in Top queries to understand the top queries bringing searchers to your site (for the given time period)
  3. Sort by CTR to notice any missed opportunities
  4. Categorize queries into logical buckets that simplify tracking your progress and staying in touch with users’ needs
  5. Sort Top pages by clicks to find the URLs on your site most visited by searchers (for the given time period)
  6. Sort Top pages by impressions to find valuable pages that can be used to help feature your related, high-quality, but lower-ranking pages
After you’ve watched the video and applied the knowledge of your site with the findings from Search Queries, you’ll likely have several improvement ideas to help searchers find your site. If you’re up for it, let us know in the comments what Search Queries information you find useful (and why!), and of course, as always, feel free to share any tips or feedback.

Written by Maile Ohye, Developer Programs Tech Lead
URL: http://googlewebmastercentral.blogspot.com/2013/02/make-most-of-search-queries-in.html

Tuesday, February 19, 2013

[Gd] Dev Channel Update

| More

Chrome Releases: Dev Channel Update


The Dev channel has been updated to 26.0.1410.10 for Windows, Mac, Linux, and Chrome Frame. This build contains the following:

  • Fixed cookie jar transfer regression. [Issue: 176513]
  • Fixed enable bad language translation detection reports for secure pages. [Issue: 176457]
  • [Linux] Fixed a crash while printing a pdf. [Issue: 175514]
  • Fixed crash while closing tab during tab capture. [Issue: 175275]
  • [Linux] Fixed the panel issue which does not accept keyboard input when it is minimized and expanded. [Issue: 175858]
  • Fixed issue in allowing extension permissions to be viewed from extension settings page. [Issue: 170742]
  • Fixed display of CSS3 transformed area which doesn't line up with hit-testing area. [Issue: 157961]
  • Fixed scroll bar and combo box UI issue. [Issue: 175335]
  • Fixed alternate NTP which overlap dev tools with bookmark bar. [Issue: 173205]

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/02/the-dev-channel-has-been-updated-to-26_19.html

[Gd] Using Cryptography to Store Credentials Safely

| More

Android Developers Blog: Using Cryptography to Store Credentials Safely

Posted by Trevor Johns, Android Developer Relations team

random_droid


Following our talk "Security and Privacy in Android Apps" at Google I/O last year, many people had specific questions about how to use cryptography in Android. Many of those revolved around which APIs to use for a specific purpose. Let's look at how to use cryptography to safely store user credentials, such as passwords and auth tokens, on local storage.



An anti-pattern



A common (but incorrect) pattern that we've recently become aware of is to use SecureRandom as a means of generating deterministic key material, which would then be used to encrypt local credential caches. Examples are not hard to find, such as here, here, here, and elsewhere.



In this pattern, rather than storing an encryption key directly as a string inside an APK, the code uses a proxy string to generate the key instead — similar to a passphrase. This essentially obfuscates the key so that it's not readily visible to attackers. However, a skilled attacker would be able to easily see around this strategy. We don't recommend it.



The fact is, Android's existing security model already provides plenty of protection for this kind of data. User credentials should be stored with the MODE_PRIVATE flag set and stored in internal storage, rather than on an SD card, since permissions aren't enforced on external storage. Combined with device encryption, this provides protection from most types of attacks targeting credentials.



However, there's another problem with using SecureRandom in the way described above. Starting with Android 4.2, the default
SecureRandom provider is OpenSSL, and a developer can no longer override SecureRandom’s internal state. Consider the following code:




SecureRandom secureRandom = new SecureRandom();
byte[] b = new byte[] { (byte) 1 };
secureRandom.setSeed(b);
// Prior to Android 4.2, the next line would always return the same number!
System.out.println(secureRandom.nextInt());


The old Bouncy Castle-based implementation allowed overriding the internally generated, /dev/urandom based key for each SecureRandom instance. Developers which attempted to explicitly seed the random number generator would find that their seed replaces, not supplements, the existing seed (contrary to the reference implementation’s documentation). Under OpenSSL, this error-prone behavior is no longer possible.



Unfortunately, applications who relied on the old behavior will find that the output from SecureRandom changes randomly every time their application starts up. (This is actually a very desirable trait for a random number generator!) Attempting to obfuscate encryption keys in this manner will no longer work.



The right way



A more reasonable approach is simply to generate a truly random AES key when an application is first launched:



public static SecretKey generateKey() throws NoSuchAlgorithmException {
// Generate a 256-bit key
final int outputKeyLength = 256;

SecureRandom secureRandom = new SecureRandom();
// Do *not* seed secureRandom! Automatically seeded from system entropy.
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(outputKeyLength, secureRandom);
SecretKey key = keyGenerator.generateKey();
return key;
}


Note that the security of this approach relies on safeguarding the generated key, which is is predicated on the security of the internal storage. Leaving the target file unencrypted (but set to MODE_PRIVATE) would provide similar security.



Even more security



If your app needs additional encryption, a recommended approach is to require a passphase or PIN to access your application. This passphrase could be fed into PBKDF2 to generate the encryption key. (PBKDF2 is a commonly used algorithm for deriving key material from a passphrase, using a technique known as "key stretching".) Android provides an implementation of this algorithm inside SecretKeyFactory as PBKDF2WithHmacSHA1:



public static SecretKey generateKey(char[] passphraseOrPin, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException {
// Number of PBKDF2 hardening rounds to use. Larger values increase
// computation time. You should select a value that causes computation
// to take >100ms.
final int iterations = 1000;

// Generate a 256-bit key
final int outputKeyLength = 256;

SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec keySpec = new PBEKeySpec(passphraseOrPin, salt, iterations, outputKeyLength);
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
return secretKey;
}


The salt should be a random string, again generated using SecureRandom and persisted on internal storage alongside any encrypted data. This is important to mitigate the risk of attackers using a rainbow table to precompute password hashes.



Check your apps for proper use of SecureRandom



As mentioned above and in the New Security Features in Jelly Bean, the default implementation of SecureRandom is changed in Android 4.2. Using it to deterministically generate keys is no longer possible.



If you're one of the developers who's been generating keys the wrong way, we recommend upgrading your app today to prevent subtle problems as more users upgrade to devices running Android 4.2 or later.


URL: http://android-developers.blogspot.com/2013/02/using-cryptography-to-store-credentials.html