Google Chrome EULA update

In an earlier post about the Google Chrome EULA I mentioned how the French version had yet to be amended.

Well, I checked yesterday and all's well that ends well :-).

In French...

11.1 Vous conservez les droits d'auteur et tous les autres droits en votre possession vis-à-vis du Contenu que vous fournissez, publiez ou affichez sur les Services ou par le biais de ces derniers.

... and Dutch

11.1 U behoudt de auteursrechten en enige andere rechten die u al bezit over de inhoud die u op of via de Services inzendt, plaatst of weergeeft.

Thoughts?

Google Chrome - user-agent (UA)

For anyone interested in browser detection, here is Google Chrome's "useragent" string:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13

You can get it by simply typing "about:" in the omnibox ("address" bar)
or alternatively by adding the following to your <head> section.

<script language="javascript">
function showUA()
{
 userAgent = navigator.userAgent;
 alert("UserAgent: " + userAgent);
}

window.onload=showUA;
</script>

So something similar to the following could be used to detect which browser you are using:

<html>
<head>
  <script language="javascript">
    function setBrowser()
    {
      var browser="unknown";
      var userAgent = navigator.userAgent.toLowerCase();
      if (userAgent.indexOf("opera") > -1)
        browser="Opera";
      else if (userAgent.indexOf("konqueror") > -1)
        browser="Konqueror";
      else if (userAgent.indexOf("firefox") > -1)
        browser="Firefox";
      else if (userAgent.indexOf("netscape") > -1)
        browser="Netscape";
      else if (userAgent.indexOf("msie") > -1)
        browser="Internet Explorer";
      else if (userAgent.indexOf("chrome") > -1)
        browser="Chrome";
      else if (userAgent.indexOf("safari") > -1)
        browser="Safari";

      var brDiv=document.getElementById("browser");
      brDiv.innerHTML="<b>" + browser + "</b>";
    }

    window.onload=setBrowser;
  </script>
</head>
<body>
  You are using: 
  <div id="browser"></div>
</body>
</html>

If you are using one of those popular browsers its name should show up in the empty "browser" div in the body section. Note that the order of the tests is critical. For instance, both Opera and Netscape useragent strings contain "msie" so it is necessary to test for those browsers before testing for Internet Explorer.

Of course the above script is certainly very basic and we could take things a step further and not only retrieve browser name but also browser version for instance, or test for other things like whether the browser is Java-enabled, which Javascript version is available, which Flash Player version is installed or which operating system is being used.

Let me just share a couple of links which cover this more comprehensive approach to Javascript browser sniffing:
- Browser sniffing: takes an in-depth look at how to sniff all major and lots of minor browsers.
- JavaScript Browser Sniffer: the "ultimate" mainstream browser detection script.

Have fun!

Google Chrome EULA

As you have probably already heard, there has been huge concern that the Google Chrome EULA was too invasive with regard to intellectual property rights. Google has since changed the English version at: http://www.google.com/chrome/eula.html?hl=en

Google apparently blamed a hasty copy/paste for the mistake but it is a little worrying to think this may have been intentional, and how many people have actually already agreed to the EULA in question.

[EDIT: I take it the change will have retro-active effect.]

Here is the Ars Technica article describing the whole chain of events:
http://arstechnica.com/news.ars/post/20080903-google-on-chrome-eula-controversy-our-bad-well-change-it.html,
and how Google has promised to change its terms and conditions for the new browser.

The French version (http://www.google.com/chrome/eula.html?hl=fr) doesn't seem to have been amended at the time of writing:

En fournissant, publiant ou affichant le contenu, vous accordez à Google une licence permanente, irrévocable, mondiale, gratuite et non exclusive permettant de reproduire, adapter, modifier, traduire, publier, présenter en public et distribuer tout Contenu que vous avez fourni, publié ou affiché sur les Services ou par le biais de ces derniers.

Something to keep an eye on...

Thoughts?

[Update: Check out the follow-up post regarding the Google Chrome EULA]

Experimenting with Google Chrome

(Thank God for work and the XP box there!)

I have downloaded, installed and survived the Google Chrome experience.

As far as I can tell it really lives up to expectations: on first impression its user interface is very nice and crisp, the browser is fast and renders nicely.

It's definitely usable "as-is" and despite being beta could probably replace any browser for day-to-day browsing except perhaps in some rather specific cases which some have been reporting.

Feature-wise, you can seamlessly extract a tab to a new window or reassemble tabs located in separate windows into a single window.

The developer tools are another cool feature. It would be really nice if you could snap them into your current tab though (or have the "snap-in" appear in every tab once you open it). For the moment, the tools open in an new window which stays on top of everything you are doing in the browser and I found it was a major distraction (compared to using Firebug in Firefox for instance).

Last but not least, the "omnibox" in every tab is a really nice feature which I shall probably learn to miss in other browsers.

Well, that's it for now. As you can tell I didn't really have the chance to take it for an in-depth test run and look at security features for instance.

It will be interesting to see whether Google's new approach actually causes any disruption on the browser market.

What do you think?

Aaaaaaaaaargh

Just one simple question... (*sobs despairingly*)

When (if ever) will Google Chrome become available to Win2k users?

Google Chrome

So Google has been at it again with this new very engaging project: Google Chrome, an open source web-browser with lots of impressive ideas with regard to stability, speed, security, standards and much, much more.

I have heard the site to keep an eye on today for a fresh copy is:
http://www.google.com/chrome

If you are interested, there is an nifty explanatory comic book by Scott McCloud at:
http://blogoscoped.com/google-chrome/

In it, the Google Chrome project is detailed from several angles, plus you get to 'meet' lots of people who are working on the project. Their take was basically to create a browser which would be more in line with today's web applications (coming at it from a very different angle than when browsers were used to process plain web pages, with little or no: DOM manipulation, AJAX scripts, etc.).

1. Stability, testing and multi-process architecture:
   Using processes instead of threads to improve stability and prevent memory bloat as well as building on other Google tools to improve test efficiency.
   


2. Speed: Webkit and V8:
   Increasing speed and efficiency by using Webkit and a high-performance javascript virtual machine called V8.
   


3. Search and user experience:
   Changing the tab controls and their uses; introducing the omnibox, elegant inline completion and improved popup handling; improving user experience with a compelling "new tab" page which holds the most visited pages and search sites.
   


4. Security, sandboxing and safe browsing:
   Preventing attacks by sandboxing (jailing) each separate process and helping users to avoid phishing scams using up-to-date blacklists of harmful sites.
   


5. Gears, standards and open source:
   Using gears to improve developer experience, complying with standards (and perhaps setting new ones?), and of course sharing.
   

All of this really sounds very impressive, it seems Google is simply always that one step ahead of everyone else!

More news about whether this was all too good to be true, once I actually get to try it out, which I hope will be very soon :-)

Thoughts for now?

KeyCzar quickfix fixed

Some of you might recall my using a batch 'quickfix' in a previous post about Google KeyCzar: creating the RSA public and private keys using batch, to work around a small issue whereby filenames ended up being concatenated to the folder name (e.g. rsakeysmeta instead of rsakeys\meta).

A few hours after posting, I eureka-d that adding \ to the folder variables would probably fix it much more neatly - and now I have found the time to verify this, it does :-).

I fixed the previous post accordingly and here is the uninterrupted simplified version of the batch for anyone interested:

@echo off
setlocal enabledelayedexpansion

:init
set java=java
if exist "C:\Program Files\Java\jre1.6.0_05\bin\java.exe" set java="C:\Program Files\Java\jre1.6.0_05\bin\java.exe"
if exist "C:\Program Files\Java\jre1.6.0_07\bin\java.exe" set java="C:\Program Files\Java\jre1.6.0_07\bin\java.exe"
if not exist %java% goto java_nf

set parent=..
set keyczar=keyczar05b.jar
set gson=gson-1.1.1.jar
set log4j=log4j-1.2.15.jar

if not exist %parent%\%keyczar% goto keyczar_jar_nf
if not exist %parent%\%gson% goto gson_jar_nf
if not exist %parent%\%log4j% goto log4j_jar_nf

goto create_keys

:create_keys
set location=rsakeys\
set public=publickeys\

if not exist %location%%public% mkdir %location%%public%

echo Creating key set
%java% -classpath %parent%/%keyczar%;%parent%/%gson%;%parent%/%log4j% org.keyczar.KeyczarTool create --location=%location% --purpose=crypt --asymmetric=rsa
echo Creating private decryption key
%java% -classpath %parent%/%keyczar%;%parent%/%gson%;%parent%/%log4j% org.keyczar.KeyczarTool addkey --location=%location% --status=primary
echo Creating public encryption (primary) key
%java% -classpath %parent%/%keyczar%;%parent%/%gson%;%parent%/%log4j% org.keyczar.KeyczarTool pubkey --location=%location% --status=active --destination=%location%%public%
goto eof

:java_nf
echo Cannot find java
goto eof

:keyczar_jar_nf
echo Cannot find keyczar jar
goto eof

:gson_jar_nf
echo Cannot find gson jar
goto eof

:log4j_jar_nf
echo Cannot find log4j jar
goto eof

:eof
echo Press any key to quit
pause > NUL
goto blackhole

:blackhole

Well, that's it. Much neater and quite as functional!

Please refer to the previous post for more information on what is actually happening here.

You can also read the second part of the post which covers how to use the KeyCzar library in Java for asymmetric RSA encryption/decryption (using the keys we just created with the above batch file).

Thoughts?

Cuil, not that cool

So perhaps Cuil isn't as cool as they had made out when it was launched.

I was really enthusiastic about the Cuil search engine when it was first publicized but have returned to my 100% Google searching as it comes up with the results I am expecting, and thus increases my productivity. The Cuil features like drill-down and its well thought-out philosophy are great but get completely overshadowed by the engine's poor search results.

So how do I measure how good the results are? Well, really the way I do this is by comparing the results from Cuil to those that Google would give me. Which is probably very bad practice, but I guess that just highlights the fact Google really has become the de facto "best" search engine for most people. How many times have you heard "Google it", and how many times have you heard "Yahoo it"? See, that's what I thought.

It does leave me wondering whether in some cases it's the search engine giving poor results or me using poor search words. Perhaps the way I pick search words has changed to accomodate the way Google references its pages and that's what makes it easier for me to use Google than Cuil, for instance.

Still, Cuil does on occasion undoubtedly return disastrous results.
For instance, if I search for the following three words:
e-learning technologies karrer
I expect the first link to be the eLearning Technology blog by Tony Karrer.
Well although Cuil actually will provide a link to the blog (and not the main page at that!), it does so with the wrong picture and in fact places the correct picture under someone else's name! Ouch.

So it seems Google really does just go that extra mile... :-)

Thoughts?

Google Keyczar - now available for Java 1.5

This is a quick update regarding a sidenote in yesterday's post:

... if you get a message like "incorrect class version, 50 should be 49" or something along those lines, it means you are not running the correct version of java (i.e. the KeyCzar classes were compiled with a later version).

Steve Weis, who originally developed keyCzar, very kindly confirmed this information this morning.

The class version error is indeed due to the fact that we're using Java 1.6. Unfortunately, that's not supported by some (all?) Mac users, so we're going to post a Java 1.5 Jar soon.

Well, for anyone interested the 1.5 Jar is already available at the KeyCzar website: http://www.keyczar.org/.

Have fun!

Google Keyczar - a Java encryption/decryption example

Google Keyczar is a new Google toolkit for data encryption. We saw in a previous post how to create the private and public key files for RSA encryption.

Let's now see how to use them by integrating the Keyczar library in a Java project.
It's actually extremely simple.

First, let's see the code from Bob's perspective. Bob encrypts the data using a public key which Alice has given him (and maybe other people). To do this we will use a class called BobsApp which will specifically handle encryption using the public key folder (you'll want to check its location: it should be rsakeys\publickeys\ and the rsakeys folder should be located at the same level as the BobsApp class file).


package keyczartest;

import org.keyczar.Encrypter;
import org.keyczar.exceptions.KeyczarException;

public class BobsApp
{
private Encrypter encrypter; // used to crypt

public BobsApp() throws KeyczarException
{
String publickey=this.getClass().getResource("rsakeys/publickeys").
getFile();
this.encrypter=new Encrypter(publickey);
}

public String process(String data) throws KeyczarException
{
if (data==null) return null;
return this.encrypter.encrypt(data);
}
}


Now, let's do the same thing from Alice's perspective. She will receive Bob's (and maybe other people's) encrypted messages, but she alone can decrypt them using her private key. (You'll want to check the private key folder location: it should be rsakeys and the rsakeys folder should be located at the same level as the BobsApp and AlicesApp class files).

This is the Java utility class which specifically handles decryption:

package keyczartest;

import org.keyczar.Crypter;
import org.keyczar.exceptions.KeyczarException;

public class AlicesApp
{

private Crypter crypter; // used to decrypt

public AlicesApp() throws KeyczarException
{
String privatekey=this.getClass().getResource("rsakeys").
getFile();
this.crypter=new Crypter(privatekey);
}

public String process(String data) throws KeyczarException
{
if (data==null) return null;
return this.crypter.decrypt(data);
}
}


Now, let's create our main method which we can use to run the project:

import keyczartest.AlicesApp;
import keyczartest.BobsApp;

public class Keyczarette
{
public static void main(String[] args)
{
try
{
String secretText="For Alice's eyes only. Signed: Bob";
String bobsMessage=new BobsApp().process(secretText);
System.out.println("Bob sends: " + bobsMessage);
AlicesApp app=new AlicesApp();
String alicesMessage=new AlicesApp().process(bobsMessage);
System.out.println("What Alice reads: " + alicesMessage);
}
catch (Exception e)
{
e.printStackTrace();
}
}
}


Just one last note, if you get a message like "incorrect class version, 50 should be 49" or something along those lines, it means you are not running the correct version of java (i.e. the KeyCzar classes were compiled with a later version).

Straight to the point! =D

Could it get any simpler than that?

Google Keyczar - creating the RSA public and private keys using batch

Google Keyczar made headline news on geek planet recently and I couldn't help but give it a go. It's a cryptographic toolkit for Python and Java and here is a quick look at how you can get it to work for Java on Windows.

You can use it to encrypt/decrypt using public/private keys or to sign content. What really interested me was to use the RSA asymmetric method as it has always really appealed to me. Just to recap' on how this works, the idea is that Alice uses two keys: a public key (which anyone and everyone can know) and a private key that only she knows. Anyone can send her an encrypted message using the public key. To decrypt the message you need the private key, so only Alice can read the message. Excellent.

For starters, here's a link to where you can get the keyczar jar library: http://www.keyczar.org/.

You will also need two dependencies:
- the gson jar from Google code:
http://code.google.com/p/google-gson/
- the apache log4j jar:
http://logging.apache.org/log4j/1.2/download.html

Also note: I think JRE 1.6 or more is required to run the jar properly.

There are several steps to getting this up and running:
1. We need to create the public and private key files. The keyczar toolkit provides command line utilities to do this.
2. We need to create the Java code which will encrypt Bob's message to Alice (using the public key), and decrypt Bob's message when it reaches Alice (using the private key) so that Alice, and only Alice, can read it.

This first post will cover how to create the public and private key files using the batch file shown below.

I will add a couple of notes as we go along to explain the various parts of the batch file.


@echo off
setlocal enabledelayedexpansion


We need to set up Java properly, so point this to a JRE on your machine.

:init
set java=java
if exist "C:\Program Files\Java\jre1.6.0_05\bin\java.exe" set java="C:\Program Files\Java\jre1.6.0_05\bin\java.exe"
if exist "C:\Program Files\Java\jre1.6.0_07\bin\java.exe" set java="C:\Program Files\Java\jre1.6.0_07\bin\java.exe"
if not exist %java% goto java_nf


Here we are defining the directory structure to be able to find the jar files which will be passed to the Java command. In my case the batch file is located in a script directory. The 3 jars (keyczar, gson and log4j) are all located on the same level as the script directory i.e. a level above the .bat file. This is why I set the parent variable to ..


set parent=..


Obviously check the exact jar names...


set keyczar=keyczar05b.jar
set gson=gson-1.1.1.jar
set log4j=log4j-1.2.15.jar

if not exist %parent%\%keyczar% goto keyczar_jar_nf
if not exist %parent%\%gson% goto gson_jar_nf
if not exist %parent%\%log4j% goto log4j_jar_nf

goto create_keys


Now we'll be calling the commands to create the keys.


:create_keys
set location=rsakeys\
set public=publickeys\

if not exist %location%%public% mkdir %location%%public%


You will want to make sure each of the following three %java% commands are actually on one line and not cut up as they are here.

Right, first command, create the key set. Note that we'll be using asymmetric RSA.

echo Creating key set
%java% -classpath %parent%/%keyczar%;%parent%/%gson%;%parent%/%log4j% org.keyczar.KeyczarTool create --location=%location% --purpose=crypt --asymmetric=rsa


Second java command: create a key. This will be the secret key. Its status must be set to primary because that means it can be used for decrypting.

echo Creating private decryption key
%java% -classpath %parent%/%keyczar%;%parent%/%gson%;%parent%/%log4j% org.keyczar.KeyczarTool addkey --location=%location% --status=primary


Finally, we create the public key and use a "public" destination for it.

echo Creating public encryption key
%java% -classpath %parent%/%keyczar%;%parent%/%gson%;%parent%/%log4j% org.keyczar.KeyczarTool pubkey --location=%location% --status=active --destination=%location%%public%
goto eof

:java_nf
echo Cannot find java
goto eof

:keyczar_jar_nf
echo Cannot find keyczar jar
goto eof

:gson_jar_nf
echo Cannot find gson jar
goto eof

:log4j_jar_nf
echo Cannot find log4j jar
goto eof

:eof
echo Press any key to quit
pause > NUL
goto blackhole

:blackhole


That's it. Once you run this, you should get the following results:

rsakeys\
    publickeys\
        1
        meta
    1
    meta

Basically two files for each key: a meta file which describes the key and another file which contains the key itself.

If you're interested there is some excellent documentation on the keyczar wiki at:
http://code.google.com/p/keyczar/w/list

It gives real insight into the key metadata, the various possible values and what they actually mean.

Thoughts for now?

[EDIT: For the second part of this post follow the link: Google KeyCzar Java encryption/decryption]

Cuil - Search Engine

It seems to have been a long long while since any new search engine has actually surfaced on the web and made Google look anything different to Goliath (OK, I know that's a bad example because Goliath lost and Google just keeps winning :-)).

But look out for this new rising star: http://www.cuil.com/

Co-founded by ex-Google employees, Cuil has already crawled more pages than the Search Engine Giant itself! With a name from the Gaelic word for Knowledge, it looks like you may not be able to ignore this site for too long!

Among some of its really neat features are:
- two or three-column presentation of search results
- context-driven results with a drilldown feature which allows you to easily get to other pages in the same context by using an "Explore by category" link box located at the right-hand side of the screen (for instance, try typing "e-learning technologies")
- search tabs: in some cases search tabs will appear at the top(-ish) of the page with "sub-searches" (for instance, try searching for "insects" and you will get tabs relating to "Flying insects", "Beneficial insects", "Harmful insects" and many more)

Add to that an excellent FAQ, clear an meaningful explanations, cool web design, plus lots of things I probably missed, and you must be on to a winner!

This afternoon (by GMT+1 standards), they were already adding capacity, with their search page sporting the message:

We’ll be back soon...
Due to overwhelming interest, our Cuil servers are running a bit hot right now. The search engine is momentarily unavailable as we add more capacity.
Thanks for your patience.

It's a hit! =D

What do you think? Can Cuil unsettle Google on the search engine market?

Increasing Flash searchability

One of the main concerns when building a website (blogs, wikis, ... included) is of course to make sure all data on it is readily available. Which basically means the search engines need to be able to crawl the data in a way that makes it possible to extract content and relevant keywords.

If you're using plain HTML for instance, this is pretty easy.

It does get more complicated if you're using Flash but that may be about to change.
The following article (dated: 2006) describes what you can do (or had to do in the past) to make sure your Flash-enabled website pages get (got) the correct (or increased) search rankings:
http://www.adobe.com/devnet/flash/articles/flash_searchability.html

However, there have been several reports this week that Google, Yahoo and Adobe are teaming up to make Flash (SWF) files easier to crawl in-depth - more like an HTML page crawl basically.

In eWeek's article, Bill Hunt (president of Global Strategies International) is quoted as saying:

[The most significant aspect of the announcement] "is that this is not a change the site owners have to implement but that Google, and soon Yahoo, have this baked into their crawl systems and can interact with the SWF format just as a visitor to the site would, allowing them to get deep into the content discovering links and content that have previously been hidden from search engines."

This is a win-win-win situation where both the search engines and Adobe will benefit from an enhanced user experience (thus the third 'win'). And Adobe will subsequently be edging nearer to a position where it could claim to be more than a de facto standard for rich internet applications.

So, will this make the RIA era boom? And should Adobe Flash applications become an official web standard?

Google Webmaster Tools

As you probably guessed the use of the words 'sex' and 'drugs' in my previous post title were not quite as innocent as I tried to make out. I have always wondered the effect using these words could have on a blog's popularity and have now decided to experiment.

Today, time for the grand news! I decide to connect to my Google Analytics account, expecting the zillions of visits I so truely deserve for this pathetic attempt, and low and behold... nothing has changed. Same flimsy statistics.

But my eye did catch on to one thing: Google is now offering a set of tools for webmasters. They are absolutely free, easy to 'plug into' using a simple meta tag in your page headers, and can be added to your iGoogle page.

For instance, you can list top search queries, crawl errors, problems with content (meta tags, ...) and so on and so forth. You can also submit a site map to make sure Googlebot visits all the pages you want referenced.

Other interesting fact, the last time Googlebot successfully crawled my index page was May 22. So my dismay is now tempered by the fact that there is still a tiny gleam of hope for the sex and drugs effect.

Any ideas for better words?