Googland

[G] Introducing DOM Snitch, our passive in-the-browser reconnaissance tool
[G] 10 Gmail gadgets to try
[G] Applauding the 2011 Knight News Challenge winners
[G] Introducing Native Driver
[G] 10 Gmail gadgets to try
[G] New Interface Wednesdays: Analyzing earnings by page views vs. ad requests
[G] Wyoming has officially gone Google

[G] Introducing DOM Snitch, our passive in-the-browser reconnaissance tool

Posted: 23 Jun 2011 01:09 AM PDT

Google Online Security Blog: Introducing DOM Snitch, our passive in-the-browser reconnaissance tool

Posted by Radoslav Vasilev, Security Test Engineer

(Cross-posted from the Google Testing Blog)

Every day modern web applications are becoming increasingly sophisticated, and as their complexity grows so does their attack surface. Previously we introduced open source tools such as Skipfish and Ratproxy to assist developers in understanding and securing these applications.

As existing tools focus mostly on testingserver-side code, today we are happy to introduce DOM Snitch — an experimental* Chrome extension that enables developers and testers to identify insecure practices commonly found in client-side code. To do this, we have adopted several approaches to intercepting JavaScript calls to key and potentially dangerous browser infrastructure such as document.write or HTMLElement.innerHTML (among others). Once a JavaScript call has been intercepted, DOM Snitch records the document URL and a complete stack trace that will help assess if the intercepted call can lead to cross-site scripting, mixed content, insecure modifications to the same-origin policy for DOM access, or other client-side issues.

Here are the benefits of DOM Snitch:

Real-time: Developers can observe DOM modifications as they happen inside the browser without the need to step through JavaScript code with a debugger or pause the execution of their application.
Easy to use: With built-in security heuristics and nested views, both advanced and less experienced developers and testers can quickly spot areas of the application being tested that need more attention.
Easier collaboration: Enables developers to easily export and share captured DOM modifications while troubleshooting an issue with their peers.

DOM Snitch is intended for use by developers, testers, and security researchers alike. Click here to download DOM Snitch. To read the documentation, please visit this page.

*Developers and testers should be aware that DOM Snitch is currently experimental. We do not guarantee that it will work flawlessly for all web applications. More details on known issues can be found here or in the project's issues tracker.

URL: http://googleonlinesecurity.blogspot.com/2011/06/introducing-dom-snitch-our-passive-in.html

[G] 10 Gmail gadgets to try

Posted: 22 Jun 2011 09:55 PM PDT

The Google Apps Blog: 10 Gmail gadgets to try

Posted by Martin Gruau, Consumer Operations

There is a powerful but little known Gmail feature that lives in Labs called "Add any gadget by URL." Once you turn it on, you can add iGoogle gadgets (or any gadget specified by an .xml file) to the side of your Gmail account. While most of these gadgets are built by third-parties and not owned or maintained by Google, they can be super handy.

To install any of these gadgets, follow those steps:
1) From your Gmail account, go to the Labs tab of Gmail Settings.
2) Look for the Lab "Add any gadget by URL." Enable it, then click "Save changes."
3) Go to the new "Gadgets" tab under "Settings" and add the relevant .xml address.

Here's a list of a ten I've found worth trying out:

Wikipedia
Look for a specific query right from Gmail.
http://www.google.com/ig/modules/wikipedia.xml

Google Calculator
Make some quick calculations while typing an email.
http://calebegg.com/calc.xml

Note
Add a sticky note to the corner of your Gmail account.
http://www.google.com/ig/modules/sticky.xml

Remember the Milk
If you're a fan of this task management system, accessing all your "Remember the milk" notes from right within Gmail can be super handy.
http://www.rememberthemilk.com/services/modules/gmail/rtm.xml

PolyClock
Gives you the time of day for any place in the world.
http://gad.getpla.net/poly/clock.xml

Currency Converter
A real time currency converter.
http://helloworld123---.googlecode.com/svn/trunk/currency-converter.xml

bit.ly URL shortener
Lets you shorten URLs in a single click.
http://hosting.gmodules.com/ig/gadgets/file/107368512201818821991/bitly-shortener.xml

Chuck Norris fact generator
Displays a different "Chuck Norris fact" every day of the year. http://marsupialmusic.net/stu/scripts/chucknorris.xml

Finally, you might be familiar with the last two gadgets, since they are also available as individual Gmail Labs:

Google Calendar
Displays your Google Calendar agenda right from Gmail.
http://www.google.com/ig/modules/calendar.xml

Google Docs
Gives you quick access to your most recent documents.
www.google.com/ig/modules/docs.xml

You can find lots of other gadgets optimized for iGoogle on this page, and many of them work well in Gmail, too.

URL: http://feedproxy.google.com/~r/GoogleAppsBlog/~3/Q0ovIyltdnk/10-gmail-gadgets-to-try.html

[G] Applauding the 2011 Knight News Challenge winners

Posted: 22 Jun 2011 02:53 PM PDT

Official Google Blog: Applauding the 2011 Knight News Challenge winners

(Cross-posted on the Google News Blog and the Google Public Policy Blog)

Over the past few months, we've announced $5 million in grants to be distributed by the John S. and James L. Knight Foundation and the International Press Institute—two non-profit organizations developing new approaches to journalism in the digital age—and we're pleased to congratulate the first initiatives that have been selected as part of that funding.

Today at M.I.T., the Knight Foundation showcased 16 projects selected as the winners of the 2011 Knight News Challenge. Now in its fifth year, this media-innovation contest included $1 million in support from Google. As you'll see in the full list of winners, these initiatives come from organizations large and small and are reminders that entrepreneurship can be sparked anywhere. Here are just a few examples of the creative ways the journalism community around the world is merging traditional skills with an online landscape:

At the University of North Carolina at Chapel Hill, OpenBlock Rural will use its seed money to work with local governments and community newspapers across the state to collect, aggregate and publish data.
In Virginia, the Miller Center Foundation's State Decoded will serve as a platform to display state codes, court decisions and information from legislative tracking services to make government more understandable to the average citizen.
The Chicago Tribune will collaborate with the Investigative Editors & Reporters organization and The Spokesman-Review on a set of open-source, web-based tools that make it easier for journalists to use and analyze data.
Liverpool, U.K.-based ScraperWiki will bring its experiences with public data to journalism camps in 12 U.S. states.
Chile's El Mostrador will develop an editorial and crowdsourced database to bring greater transparency to potential conflicts of interest.
Ushahidi will build off its past crisis efforts to improve information-verification across email, Twitter, web feeds and text messages.

Other winning proposals tell rich multimedia stories, bridge the gap between traditional and citizen media and further improve the utility of data to journalists. Our sister program in partnership with the International Press Institute is also well underway. The entries in that competition are now in and the winners will be announced later this summer. We look forward to seeing the impacts these initiatives have on digital journalism and hope they encourage continued experimentation and innovation at the grassroots level.

Posted by Jim Gerber, Director, Strategic Partnerships, News

URL: http://googleblog.blogspot.com/2011/06/applauding-2011-knight-news-challenge.html

[G] Introducing Native Driver

Posted: 22 Jun 2011 10:53 AM PDT

Google Open Source Blog: Introducing Native Driver

NativeDriver is an implementation of the WebDriver API which drives the UI of a native application rather than a web application. I am happy to announce that the Android version is available for download and we are welcoming all users and contributors. We are hosting on Google Code (http://nativedriver.googlecode.com/). An iPhone (iOS) version is under development and will be available soon.

WebDriver exposes browser functionality as a clean, object-oriented API, and Google uses WebDriver to test web applications on many platforms. (For an introduction to WebDriver, see this blog post.)

You are probably wondering why anyone would use the WebDriver API to test native applications. Our reasoning is:

user interactions with a native application and a web application are essentially the same: click, type, switch window, read text
test writers will have to write the same test for each platform they want to support
no one wants to learn yet another API
WebDriver already has a user base and a tool ecosystem that can migrate easily to a new API if it is WebDriver-like
therefore: let's re-use our favorite UI testing API

NativeDriver is our attempt to apply WebDriver's simplicity and success to native applications. It extends the WebDriver API in a few key places, and re-interprets the existing API for native applications.

Here is some code from a NativeDriver test against the Google Maps Android app (the test can be seen in action in this video):

AndroidNativeDriver driver = new AndroidNativeDriverBuilder()
.withDefaultServer()
.build();
driver.startActivity("com.google.android.maps.MapsActivity");

// Open the Places activity by clicking the places button
// (to the right of the search box)
AndroidNativeDriver btn
= driver.findElement(By.id("btn_header_places"));
btn.click();

// Dismiss the Places window
// Equivalent to pressing the Android Back button
driver.navigate().back();

// Rotate the device to show the UI in landscape mode
driver.rotate(ScreenOrientation.LANDSCAPE);

Except for the startActivity method, and the use of a builder object to create the driver, all the API calls made are standard WebDriver API calls. Creating the driver with a builder is necessary because the driver can also be set up with an Android Debug Bridge (ADB) connection.

Android NativeDriver uses Instrumentation to monitor and manipulate the application under test. Instrumentation is a standard feature of Android but it has some limitations. For instance, it cannot drive UI which is part of another process. (If it could a malicious application could hijack the device.) This is where ADB saves the day. The ADB is a connection from outside the device and is not tied to a particular application, so with it we can inject events across applications. ADB also made it possible to add screenshot support, and we plan to utilize it in new ways as NativeDriver matures. This is one way Android NativeDriver tests are more powerful than standard Instrumentation tests.

You can try out Android NativeDriver right away with the tutorials for running a sample test or instrumenting your own application. You may also want to join the users or developers mailing list.

Good luck and happy native testing!

Matt DeVore, Engineering Productivity Team

URL: http://feedproxy.google.com/~r/GoogleOpenSourceBlog/~3/HxzoOWDYMDo/introducing-native-driver.html

[G] 10 Gmail gadgets to try

Posted: 22 Jun 2011 10:16 AM PDT

Official Gmail Blog: 10 Gmail gadgets to try