Mark Wahlberg (+745%). Marky-Mark has come a long way: The ex-underwear model, actor, and "Entourage" producer received a star on Hollywood's Walk of Fame.
iPads (+477%). Microsoft CEO Steve Ballmer says the company is hard at work on a rival product.
Obama on "The View" (+469%). Not everyone was thrilled with the president appearing on a daytime talk show. Sarah Palin, for one.
Posted by Úlfar Erlingsson, Manager, Security Research
Thursday, July 29 was the first day of the Google North American Faculty Summit, our sixth annual event bringing together Google engineers and subject matter experts with leading computer science faculty, mostly from North America but some from as far away as Japan and China. This year’s summit is focused on three topics: cloud computing, security and privacy, and social networking. It was these first two areas that we discussed yesterday, in a series of talks by Googlers, informal meetings and small round-table discussions.
After an introduction from Alfred Spector, Google’s VP of Research and Special Initiatives, we dove right into the technical talks, covering the “arms race” of malware detection, privacy and public policy, passwords and authentication, and operations and infrastructure security at large scale. I gave a talk on the changes that cloud computing brings to security, both challenges such as privacy and authentication, as well as opportunities for security improvements, which I wanted to summarize briefly below.
Cloud services have defined a new model for end-user cloud applications that are accessed via single-user devices or browsers. Unlike software on personal computers, or on time-shared servers, cloud applications execute logically on stateless clients accessing a substrate of redundant back-end servers. While a single client may execute multiple applications, those applications are typically isolated and communicate only via the cloud, thus eliminating local dependencies and simplifying device management. As well as being isolated and stateless, clients are also provisioned with software upon use, which makes any client pretty much the same as any other and facilitates transparent access from different locations and devices.
There are many clear security benefits that accrue from this cloud application software model. To start with, it eliminates much of the complex, error-prone management traditionally required for each client. Also, because clients and servers are replicated or stateless, security policies can be enforced using simple, conservative fail-stop mechanisms. Cloud applications are also highly dynamic, with new software versions easily deployed through client restart or rolling server upgrades. Not only does this greatly simplify deploying fixes to software vulnerabilities, it also allows for the possibility of deploying specialized software versions, with custom security aspects, to different clients and servers. Such software instrumentation could be used for many diverse security purposes, especially when combined with randomization: these include artificially-induced heterogeneity as well as the large-scale construction and enforcement of models for appropriate software behavior. In short, cloud applications help with basic, but hard-to-answer security questions such as: Am I running the right software? Or, is it known to be bad? Is it behaving maliciously, and can I recover if it is?
Following my talk, faculty attendees had a variety of insightful questions—as they did for all the presenters today. Roy Campbell, from University of Illinois at Urbana-Champaign, raised the issue of zero-day attacks, and how they might be handled and prevented. My response was that while it might be impossible to eliminate all security bugs, it is possible to get strong guarantees and higher assurance about fundamental software aspects. As an example, I mentioned the Native Client open source Google project that establishes strong, verifiable guarantees about the safety of low-level software. Another question raised was whether Multics-like protection rings were relevant to today's cloud computing applications. Although the mechanisms may not be the same as in Multics, my reply was that layered security and defense in depth are more important than ever, since cloud computing by necessity makes use of deep software stacks that extend from the client through multiple, nested back-end services.
On Friday’s agenda: the technical possibilities of the social web. We’ll be back with more highlights from the summit soon—stay tuned.
Portrait of Emily Jane Brontë (Source: LIFE Magazine)
No coward soul is mine, No trembler in the world's storm-troubled sphere: I see Heaven's glories shine, And faith shines equal, arming me from fear. -- Emily Brontë
The indomitable spirit that defined the Yorkshire poet and novelist Emily Brontë also formed the very essence of the classic Wuthering Heights -- her only novel.
In an age when contemporary English society refused to take women’s contributions to literature seriously, Emily and her sisters, Charlotte and Anne, adopted ambiguous pen names to have their works published and accepted. In 1846, the Brontë sisters collaboratively published Poems by Currer, Ellis, and Acton Bell.
The Brontë sisters--Anne, Emily and Charlotte--painted by their brother Bramwell (Source: LIFE Magazine)
While Charlotte Brontë assumed the pseudonym Currer Bell and went on to write Jane Eyre, Anne Brontë settled for Acton Bell and produced Agnes Grey. Emily preferred to be called Ellis Bell in the first edition of Wuthering Heights, which was published in 1847.
And ever since, her creations of Heathcliff and Catherine have captivated audiences worldwide, making Emily Brontë not just a household name, but also a stalwart of romantic fiction. In combination, the courage and passion of her characters, the unusually innovative Gothic structure of her novel and the brilliance of her prose, enabled her to create one of the finest Romantic works.
Actors Merle Oberon and Laurence Olivier during filming of Wuthering Heights in 1939 (Source: LIFE Magazine)
Although Emily unfortunately succumbed to tuberculosis at the young age of 30, her spirit continues to live on through her works -- a tribute to her genius.
This weekend, you can choose movies about men acting like frat boys, or pets acting like people. Or just feast your eyes on a teen heartthrob acting serious. The critics are less than thrilled with this trio of summer stinkers. Maybe the best advice is to see "Inception" again. Here's a roundup of critical — highly critical — reviews …
Charlie St. Cloud This
drama starring hearththrob Zac Efron ("High School Musical") and
directed by Burr Steers ("17 Again") is about a college-age sailing
champ dealing with the death of his younger brother.
The Boston Globe's Wesley Morris
gives the movie a scant 1½-star rating and writes that the movie is
"very much dead already." Although that may not bother the teen fans of
Efron, Morris is unmoved by the young actor: "The camera watches him and
appears to nod off. That's understandable. Every medium close-up of him
squinting in a snug T-shirt at dusk is a Jockey ad."
Sean O'Connell
from Filmcritic.com gave the movie just 1 star and calls it "a
melodramatic and hopelessly disorganized feature-length episode of CBS's
'The Ghost Whisperer' that trots out an exhausted 'Sixth Sense' escape
clause after painting itself into one too many narrative corners."
Entertainment Weekly's Owen Gleiberman grades the film a weak C- and says its young star "demonstrates that looks will get you only so far."
Kirk Honeycutt
from The Hollywood Reports puts the nail in this movie's coffin: "The
film doesn't just fail, it actually gets sillier by the minute."
Cats & Dogs: The Revenge of Kitty Galore The
sequel of domesticated animals turned super-spies stars Diggs (James
Marsden) as a German shepherd owned by Chris O'Donnell (played by the
actual Chris O'Donnell). He is recruited to team up with special agent
Butch (voiced by, yes, Nick Nolte) to stop the big, bad Kitty Galore
(voiced by Bette Midler). Christina Applegate voices a feline super-spy.
Ty Burr
from the Boston Globe finds something to like with his 2-star rating:
the 3D "Road Runner" cartoon that precedes the movie. He calls the "Cats
& Dogs'' main feature "the Lolcats of movies and I'm afraid it's
the future."
Bill Gibron
from Filmcritic.com affixes 1½ stars to the flick, dismissing it as
"irritating as a case of fleas" for a sequel "nobody asked for."
Adam Markovitz
of Entertainment Weekly gives the movie a D, and complains that no
movie "has the right to be as tiresome and unoriginal as this
action-comedy mutt."
Dinner for Schmucks Directed by Jay Roach ("Meet the Parents"), the comedy stars Paul Rudd, an eager-to-please employee whose boss invites him over to a dinner where each person is tasked with finding a bizarre guest for the amusement of the host. Enter Steve Carell and Zach Galifianakis as invited twits.
Ty Burr from the Boston Globe gave the comedy a modest 2½ stars and notes that the trailers sell the movie on the dopiest jokes: "Far from a classic of precision farce, but it's funnier than the trailers make it seem."
Roger Ebert awarded the movie 3 out of 4 stars and called out Steve Carell's performance as a "transcendent idiot."
Rolling Stone's Peter Travers agrees, calling Carell "a comic wonder as the film's No. 1 schmuck." In this movie, that's a compliment.
Filmcritic.com's Bill Gibron gives the film it's best review yet, 4 out of 5 stars. Steve Carrell wins again, as he is credited with "single-handedly saving the movie from its many failings — and there are indeed quite a few."
In last week’s installment of our Google Display Network series, we showed how DoubleClick Ad Planner can help you effectively plan your display ad campaigns and reach the right audience. Today we’ll talk about creating compelling display ads and the options available on the Google Display Network (GDN). Let’s look at each category of options you have today:
Great impact through Rich Media and Video. Rich media and video formats engage users at a whole new level, drawing them in and encouraging interactivity in a way not possible with other ad formats.
Example of a great rich media ad run by Volvo and the agencies Euro RSCG New York and Media Contacts:
If you use rich media and video formats to engage your customers, here’s what we offer through our DoubleClick Rich Media and Video solutions:
Choice of a variety of rich Media formats, based on your campaign objective.
Access to DoubleClick Studio, a free rich media production and workflow tool.
Analyze data on more than 100 unique interactions in every creative unit with Audience Interaction Metrics.
Integration with DoubleClick for Advertisers, a robust ad management, serving, and reporting solution that simplifies trafficking, reporting and billing of your Rich Media campaigns.
If you’re already working with another rich media vendor, we have many approved vendors we work with.
Build display ads in minutes. Creating display ads can be resource-intensive, and for many marketers, it may not be in the budget. So we introduced Display Ad Builder in 2008, a free tool for creating professional-looking display ads in minutes. Here’s what you can do with Display Ad Builder:
Create image, video (InVideo, Click-To-Play), Flash and rich media (including expandable) ads using hundreds of fully customizable templates or templates tailored for specific industries.
Stay true to your brand with your own images, text, videos and logos.
Display Ad Builder is also great for testing different messages and creative elements, or to get insights for more complex display campaigns managed by your in-house team or agency.
Stand out by blending in. Text ads are a versatile ad format that are easy to create and edit. They’re especially effective as an extension of your existing search campaigns. Simply opt your search campaign into the GDN and your ads will show to users as they surf relevant web pages via our contextual targeting technology. Text ads also complement display campaigns by engaging users who ignore display ads (i.e. banner blindness). Further, they give your campaign wider reach since not every publisher may accept display ads, or may only accept a limited number of display ad formats and sizes on their site.
Whether your goal is to drive awareness or generate immediate sales, the robust creative toolbox available on the Google Display Network can help. We’ll see you next week when we talk about how you can reach your audience with the targeting technologies available on the GDN.
Posted by Emel Mutlu, Marketing Manager, Google Display Network
Earlier this year we launched click-to-call location extensions for search ads appearing on mobile devices with full Internet browsers. Today we’re excited to announce more ways location extensions can be used to connect with local users on the go, whether they’re using their phones to browse the mobile web or engage with their favorite mobile apps.
Many mobile consumers use maps to locate a business and get directions on their phones. With AdWords location extensions, you can now feature your business location and phone number on an expandable map ad that can appear on mobile websites and apps across the Google Display Network. The ad appears as a banner text ad with a business icon that expands to show your business location on a Google map along with your ad creative, click-to-call phone number and option to get directions. Since ads can be served based on the user’s location, a potential customer will see the phone number and map of the store location that’s nearest to them. By providing mobile consumers more options to connect with your business, you can drive more traffic to your store, visits to your website and calls to your business.
This new ad format is available on mobile devices with full Internet browsers and allows you to expand your advertising campaigns to reach highly engaged mobile users with relevant local information as they use their favorite apps or websites. Advertising with location extensions on mobile devices is also a great value because you’re only charged when a user clicks to call your business or clicks to visit your website. You’re not charged when users click to expand the map or get directions. The cost of a click to call your business is the same as the cost of a click to visit your website.
To get started using location extensions with the expandable map feature for mobile apps and websites, follow these three easy steps within your AdWords account:
2. Set up location extensions and add your business phone number and address. Be sure to also upload your business logo or icon, or choose from the set of icons available. Your ad will display a default icon if none is chosen.
That’s it! You don’t need any special programming skills to create the map, we’ll automatically generate it for you based on your business location.
We hope that you’ll take advantage of this new ad format and the power of location extensions to create mobile-specific, locally relevant ads to reach mobile users on the go!
Posted by Dai Pham, Google Mobile Ads Marketing Team
On July 31, Chelsea Clinton will marry longtime sweetheart Marc Mezvinksy. As the nuptials draw nearer and the wedding bells grow louder, the interest in Bill and Hillary's future son-in-law grows larger.
Over the past week, online lookups for "marc mezvinksy" soared nearly 80%. Those who don't know his name (but are aware of the impending event) pushed Web searches for "chelsea clinton fiancé" up 132%.
And the Mezvinsky-mania doesn't stop there. Related lookups on "marc mezvinsky photos" and "marc mezvinsky job" are also popular. (By the way, he's an investment banker and does very well for himself, thank you very much.)
Usually, the pre-wedding searches are all about the bride. However, in this case, searchers are most interested in learning about the groom's mom and dad. Indeed, theirs is an interesting story.
Edward Mezvinksy
We don't know much about Chelsea and Marc's relationship — what they like to do, whether they engage in baby-talk, etc. But we do know they have at least one thing in common: Politically connected parents.
Marc's father, Edward Mezvinsky, was a congressman from Iowa for two terms during the 1970s. That's the good part of his resumé. The bad part: He's also a convicted felon. In 2002, he pleaded guilty to defrauding investors out of $10 million, and served several years in prison.
What exactly did he do? You know those Nigerian email schemes that clog your spam folder? Well, Ed Mezvinksy got caught up in one. He didn't start it, but he did attempt to scam people into giving him money. The ruse did not end well.
People magazine reports that he is "remorseful for what happened," adding, "It was a terrible time, and I was punished for that. And I respect that and accept responsibility for what happened."
Ironically, she lost her footing after she changed her stance and began supporting then President Clinton's budget, "after months of publicly voicing her opposition to the bill because it did not contain enough spending cuts." That last-minute change was "political suicide" (her words).
According to Politics Daily, she attempted a comeback with a run for the Senate, but her husband's legal problems forced her to drop the bid. Prior to her stint in Congress, Ms. Margolies-Mezvinksy was a television reporter for NBC.
The siblings
Chelsea Clinton isn't just getting a husband. She's getting a whole bunch of brothers and sisters in the bargain. Marc Mezvinsky has 10 siblings, several of whom are adopted.
An article from House.gov explains that while a reporter in 1970, Ms. Margolies-Mezvinksy was covering a story on Korean orphans. She was apparently "so moved by the experience that she became the first single woman in the United States to adopt a foreign child, a Korean girl."
Again, according to House.gov, the family consists of "Margolies’s two children, Mezvinsky’s four children from a previous marriage, two sons born to them, and three Vietnamese boys whom they adopted together."
The WebTiming spec — proposed by Google to the W3C — is an important step forward in measuring a Web page's round-trip time (the time between a user requesting a page and the page becoming usable).
In the past, we've had to either approximate the value by putting a timer at the start of our document, or use a cookie to store the time when the previous page's onbeforeunload* event fired. Both approaches have their problems.
In the first case, the time measured tends to ignore the time it takes for the browser to do DNS lookups, open TCP connections, deal with TCP slowstart, and deal with latency introduced by the server-side application.
The second case excludes any traffic that either had no onbeforeunload event (such as bookmarks or non-web clients) or had an onbeforeunload event that we couldn't control (such as links from sites outside our domain).
When developing boomerang, we chose the latter approach. Even though we get fewer data points, the data is more representative of what users experience.
The introduction of the WebTiming API fixes the downside of this choice. If boomerang determines that it could not set t_start (the time that navigation started), then it checks to see if the user's browser supports the WebTiming API. If it does, boomerang pulls the time out of the timing object.
I'm also pleased to note that with Commit 83f776772c9604023b3, boomerang supports all of these implementations, in addition to its own cookie-based measures.
The Google Enterprise team is excited to be participating in theInternational Conference on Cyber Security (ICCS), on August 2nd-5th, at Fordham University in New York City. ICCS brings together global leaders in emerging cyber threat analysis, operations and enforcement. More than 700 IT, business and law enforcement professionals from over 50 countries will gather to discuss the most significant emerging cyber threats and how the security and law enforcement communities are responding to them.
Eric Davis, Policy Manger and Director of Anti-Malvertising at Google will be giving a talk entitled: “Welcome to Malvertising” on Thursday, August 5th at 1:30 PM. “Malvertising” is the intersection of malware and advertising, where ads install malware or redirect users to sites that install malware. Eric will discuss how malvertising occurs over ad networks. He will discuss incident response, as well as available systems, tools and best practices for preventing malware in ads.
If you'll be at the conference, please join us for our talk and stop by our booth to learn more about Google’s cyber security efforts as well as to learn more about how Google secures the data stored in our data centers. If you’re not going to be at the conference, you can find lots of information about cyber security in our Online Security Blog and information about the security of our data centers here.
Posted by Adam Swidler, Sr. Manager – Google Enterprise
It's been a few days since the amazing Open Hack day in Bangalore (Bengaluru), India, and we are still recovering from the event. As it was, it broke all the records we had from the 13 previous hack days.
The 2-day event in Bangalore's Taj Residency Hotel saw 472 hackers (plus 106 "Info Geeks" attending the presentations only) from these different parts of India: Andhra Pradesh, Chhattisgart, Delhi, Gujarat, Haryana, Kerala, Madhya Pradesh, Maharashtra, Punjab, Rajasthan, Tamil Nadu, Uttar Pradesh, Uttatakhand, West Bengal and, of course, Karnataka.
Anil Patel, YDN International program manager, adds: I knew this event was going to be different from the moment we opened registration. The fact that almost 400 people registered within the first 24 hours should have set off some alarm bells! Over the next 6 weeks, registration hit the 2,000 mark, with developers wanting to attend from all corners of the country. Using past registration data and drop-off rates as a guide, I accepted the number of registrations that would get us approximately 400 through the door. In the end, I accepted around 1,100; on the day itself, a mind-boggling 578 developers arrived at the registration desk, a much lower drop-off rate than expected. Also, for the first time, we had a high percentage of developers coming in from outside the host state of Karnataka, with some developers flying in specially. One developer came from Indonesia as he missed the one we did in Jakarta.
The presentations
Before the 24-hour hacking period we had a few presentations. One presentation introduced what a hack really is:
With the addition of Yahoos and media representatives, the total number of people at the event tallied at just about 630 people.
If we venture for a short while into the biological world and away from IT and software, I can tell you about the amount of food and drink consumed. The following items provided sustenance for the attendees:
1,200 litres of milk
4,800 cups of tea and coffee
875 kg of vegetables
275 kg rice
1,900 eggs
320 kg chicken
120 kg sugar
240 cans of Red Bull
Another first for any of the hack days is that the wireless network never went down. This is especially noteworthy as the team had set up India's first 300 connection IPV6 network, and they even managed to ramp it up to the extra 200 connections needed on demand.
The hacks
Thus fuelled, the hackers managed to finish 110 hacks in 24 hours. Having that many hacks meant that overall the judges and the audience spent almost four hours looking at all of them — although folks kept to the normal 90-seconds time to present each hack.
Anil Patel, YDN International program manager, adds: Overnight, around 350+ developers stayed at the venue (again, the highest number we’ve had stay over for any Open Hack). By around 10:00 on Sunday morning, the energy levels started rising again as people started registering hacks. At 10:30, the hack.trackr showed that 40 hacks had been registered. When I came back 30 minutes later, it was 90. Then Christian ran over 30 minutes after that and said it was over 120 — I had to grip the chair in order to fend off the very quick panic attack I could feel coming on! In the end a staggering 110 hacks were presented over a 3.5 hour period. Almost all the hacks were presented within their 90 second allotment, and not one hacker used PowerPoint! Prizes included an xBox, iPod Nanos and Shuffles, and an iPad that was bought from the US (the iPad is not as yet available in India). The winner of the iPad almost fainted when he received his prize.
Github Badges (source) by Brian Guthrie, Tejas Dinkar, and Mark Needham are a collection giving Warcraft-/xBox-style achievement badges for Github achievements.
Quizr by Prateek Dayal and Hemant Kumar is a quiz generator using Wikipedia and Flickr. The generated quizzes get pushed out to all the computers in the room live via HTML5 WebSockets.
FlickrSubz by BabuSrithar, Sudeep Nayak, and Parashuram enables realtime closed-captioning in multiple languages for videos on Flickr. The hack utilizes a speech-recognition engine (Julius for Linux, WSAPI for Windows) to display subtitles in the chosen language (translate API) for videos on Flickr via a GreaseMonkey script.
ChromYQLip (pronounced as Chromy-Clip) by Markandey Singh is a chrome extension for page scraping. Select some text on a page and click the extension icon, and it will populate the URL and XPath of the selection. Click “getmashup” to get a lightweight page that loads your content. A Sample URL and XPath for advanced mashup building is URL=”http://twitpic.com/photos/$1″ Path=”//div[@id="image-"]/div/div1/a”, which results in $1 to become a form field to enter the TwitPic user name.
Communicator by Mohan Gupta, Sri Ram, and Roshan is an API to include a real-time communication widget on any Web page. All the users viewing that page can discuss and collaborate on the content of the page in real time.
Chirpshire by Preetham Venkky, Rohit Talukdar, Puneet Jaiswal, and Mohd. Amjed allows you to gain belts and grab badges for tweeting regularly and without using automation apps. Businesses can use this service to spread a meme. This could be a # hashtag or a physical location check-in.
Shop Green by Nidhi Chaudhary and Anurag Jain is an interesting concept that allows sellers to print 2D barcodes for their products and buyers to simply scan them with their mobile phone and pay on the phone. No need for paper bills any longer. All the payments are made with PayPal.
Democracy Tools by Ankur Patel, Ankur Gupta, and Yatin Kumbhare did quite a job of scraping all kind of government sites to collect data to answer the following questions: Who is your Leader? Where is your Constituency? Is there a government Website Search Engine? What is Media’s Opinion about your Leader? Another hack that did something similar is RepMeter.
How Much Time Will This Landmark Take Me? by Susheel was a terribly clever hack that analyzed the EXIF data in Flickr photos to see how long it took people to take photos at a certain landmark. That can give you an insight into how much time to spend at that landmark on your next trip.
Nirvana – your late night path back home is a mashup that allows people to tweet where the police currently does alcohol tests – in case you want to avoid that route when driving home.
All in all, we were blown away by the energy, the hunger (both in terms of information and other) of the hackers, and how smoothly the event went (even more remarkable as we initially had planned for fewer participants).
The hackday toolbox
One personal thing I have taken away from this event is that whilst everything we release in Yahoo comes with a lot of documentation, nothing beats a good code examples to give to hackers. Which is why we assembled The Hackday Toolbox, to get people up and running faster next time.
It contains:
An introduction to installing and using PHP with MAMP/XAMPP and debugging it
All that remains is to thank everybody involved in organizing, running, and attending this event. It has been a blast — and now it is time to follow up on what can happen to the hacks built and groups formed there. Check out the photos on Flickr to get a glimpse of what happened.
Christian Heilmann (@codepo8) Yahoo! Senior Developer Evangelist
Christian Heilmann (