A grateful season

The holidays are a time for giving, and Googlers across the globe have found some creative ways to give back to their communities this season. From raising money and crafting greeting cards to building gingerbread houses and giving blood, Googlers from east to west have been busy spreading good cheer. We've highlighted just a few of these efforts here, and we're looking forward to many more opportunities to give back in the new year.

London
The UK engineering recruitment team started to plan its annual Secret Santa gift exchange. But as they began thinking about last year, they realized that hardly anyone on the team could remember what they'd received, let alone given. Instead of spending 10 pounds on gag gifts, they decided to use the money to make a difference. After discovering that a local children's hospital was in desperate need of gifts, they quickly raised enough money to buy a Nintendo Wii gaming console for one of the wards.


Mexico City
In the past, Google has held a "Doodle 4 Google" contest in the US, the UK, and Australia, inviting kids K-12 to submit a homepage doodle inspired by a particular theme. This year Mexico held its first such contest (theme: "the Mexico we want"). For each doodle submitted, Google donated to a non-profit that works to eradicate childhood malnutrition in Mexico. In total, more than 70,000 kilos (154,000 pounds) of food and aid were donated. Winner, Ana Karen Villagómez, was recently recognized in a ceremony in Mexico City; her doodle (pictured below) will appear on the Google homepage on January 6.


Boston and beyond
Boston Googlers delivered gifts to some very grateful students at a local school and spent the morning reading and playing with the children. The Chicago office held its first-ever holiday blood drive, donating 36 units of blood. And the Ann Arbor office held a "CANstruction" competition, creating sculptures out of canned food, personal items and baby items, which were all later donated.



We hope that your holiday season is filled with plenty of time to slow down and reflect on what's important to you, and that you too feel inspired to find ways to give back to your own community in the new year.

Posted by Eileen Duffy and Sarah Falck, AdWords Account Associates

Tracking Santa: the backstory

When I look back on four years of tracking Old St. Nick on Christmas Eve, I can't help but smile. The Santa tracker has really come a long way. I always thought NORAD's Santa Tracker was a great holiday tradition, but I felt like it could have been even better if people could visualize exactly where Santa was on Christmas Eve. So in 2004, shortly after Keyhole was acquired by Google, we followed Santa in the "Keyhole Earth Viewer" — Google Earth's original name — and we called it the "Keyhole Santa Radar." The audience was relatively small since Keyhole was still a for-pay service at that point, and we hosted everything on a single machine shared with the Keyhole Community BBS server. We probably should have had three separate servers to host the Santa tracker — that first year, we had only a portion of a single machine. That night, about 25,000 people kept tabs on Santa and, needless to say, wreaked some havoc on our servers!

Over the next two years, our Santa-tracking efforts improved dramatically. By December 2005, Keyhole had become Google Earth and our audience had become much, much larger. Our "Santa Radar" team also grew: we used greatly improved icons from Dennis Hwang, the Google Doodler, and set up 20 machines to serve the tracking information. My colleague Michael Ashbridge took over the software and more than 250,000 people tracked Santa on Google Earth that Christmas Eve. In 2006, Google acquired SketchUp, a 3D modeling software that enabled us to include models of Santa's North Pole workshop and sleigh. We also incorporated a tracking feed directly from NORAD's headquarters, and we were now displaying NORAD's information in Google Earth. That year, more than a million people tracked Santa.

In 2007, Google became NORAD's official Santa Tracking technology partner and hosted www.noradsanta.org. In addition to tracking Santa in Google Earth, we added a Google Maps tracker and integrated YouTube videos into the journey as well. Now, we had Santa on the map and on "Santa Cam" arriving in several different locations around the world, with commentary in six different languages. The heavy traffic — several millions of users — put Google's infrastructure to the test, but with some heroic work by our system reliability engineers, the Santa Tracker worked continuously.

This year, Googler Bruno Bowden is in charge of the Santa software, and we have further upgraded our server capacity. We're hoping this version of the tracker will be the best yet. In addition to our "Santa Cam" footage, geo-located photos from Panoramio will be viewable in Google Maps for each of Santa's stops that don't include video. We've also included a few new ways to track Santa. With Google Maps for mobile, anyone can keep tabs on him from their mobile phones (just activate GMM and search for "norad santa"). You can also receive updates from "Bitz the Elf" on Twitter by following @noradsanta. And of course, be sure to visit www.noradsanta.org tomorrow morning starting at 6:00 am EST when Santa's journey begins. Enjoy, and see you in 2009!

Posted by Brian McClendon, Original Google Engineering Elf

New search-by-style options for Google Image Search

Many of us use Google Image Search to find imagery of people, clip art for presentations, diagrams for reports, and of course symbols and patterns for artistic inspiration. Unfortunately, searching for the perfect image can be challenging if the search results match the meaning of your query but aren't in a style that's useful to you. So some time ago we launched face search, which lets you limit your search results to only images containing faces (see a search without and with this option). More recently we also rolled out photo search, which limits results to images that contain photographic elements, ignoring many cartoons and drawings which may not be useful to you (see a search without and with this option).

Today we're pleased to extend this capability to clip art and line drawings. To see the effect of these new options, let's take a look at the first few results for "Christmas," one of our most popular queries on Image Search right now.

Photo content

Clip art

Line drawing


All of these options can be selected from the "Any content" drop down in the blue title bar on any search results page, or by selecting one of the "Content types" on the Advanced Image Search page. The good news: no extra typing! In all these examples our query remained exactly the same, we just restricted our results to different visual styles. So whether you're interested holiday wreaths, Celtic patterns, or office clip art, it just became a lot easier to find the images you're looking for.

Posted by Sean O'Malley, Software Engineer, Google Image Search

Black Googlers Network: building community

We believe great ideas can come from anywhere and everyone. And we aspire to be an organization that reflects global diversity, because we know that a world's worth of perspectives, ideas and cultures leads to the creation of better products and services. We have more than a dozen employee-driven resource groups, from Gayglers to GWE (Google Women Engineers), that actively participate around the world in building community and driving policy at Google. This is the next post in our Interface series, which takes a look at valuing people's similarities and differences in the workplace. For more information on how Google fosters an inclusive work environment, visit Life at Google on our Jobs site. – Ed.

It's been a busy few months for the Black Googlers Network (BGN). One of our group's core goals is to build a community that keeps us connected, facilitates the sharing of ideas, and participates in community outreach. We sponsored a variety of events this fall across many of our offices, giving us the opportunity to give back and have some fun while doing it.

To kick things off, a group of us from the Mountain View, New York, Ann Arbor, Chicago and Atlanta offices, to name a few, rolled up our sleeves for our first annual service trip. We headed to New Orleans in September to aid in the Hurricane Katrina rebuilding efforts. Undeterred by Hurricane Gustav, which unexpectedly hit the coast the week before we arrived, we managed to make some adjustments to flights and itineraries and were some of the first volunteers back into the city.

We partnered with the St. Bernard Project, learning everything from how to lay flooring to installing drywall as we worked on three homes. Additionally, we joined a strategy session with The Idea Village, helping them kick off their newest initiative, the 504ward Project. The opportunity to serve the community in such a meaningful way while getting to know BGN members was unique. We each put our minds, bodies, and souls into the city and the experience.



Next, BGN participated in the United Negro College Fund's annual Walk-a-thon in Oakland, CA. Our Google-UNCF partnership also includes an annual scholarship for college students pursing a degree in engineering or computer science, and we're continuing to explore different ways to support and encourage underrepresented students.

This month, we're coming together in many of our offices for the holidays, giving ourselves a chance to catch up and take stock of the work we've done over the past year. Not to be slowed down for too long, though, as we will soon begin the exciting process of planning our new initiatives for 2009.

Posted by Alexa Bush, University Programs Team

Blog gadget 2.0

Back in September we introduced an iGoogle gadget that makes it possible to read recent posts from all of our corporate blogs, right on your dashboard. With the help of developer Ben Lisbakken, we're ready to roll out the next version of the gadget, which translates posts into 34 languages. Using Google Translate, the gadget gives people all over the world access to posts they might otherwise be unable to read. The default setting translates posts into the language in which your browser is set, but you can also choose from any of our supported languages by going into the "Edit" setting (found in the "Menu" arrow in the right-hand corner). If you want to learn more about Google in Latin America or AdWords in Russia, for example, but haven't had the chance to learn Spanish or Russian, give the gadget a spin. While machine translation is not exact, and we're constantly working to improve the quality, hopefully this new feature lets you get the gist of the post.

Here's a list of the supported languages:
Arabic, Bulgarian, Catalan, Chinese, Chinese (simplified), Chinese (traditional), Croatian, Czech, Danish, Dutch, English, Finnish, French, German, Greek, Hebrew, Hindi, Indonesian, Italian, Japanese, Korean, Latvian, Lithuanian, Norwegian, Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Ukrainian, Vietnamese


Just choose the category of blogs you would like to read and click the "Translate" button.


The gadget will translate the posts and give you the option to "Revert" back to the original language. And to read the entire blog in translation, just click on the blog title beneath the post.


We hope you have fun exploring the entire Google blogosphere.

Posted by Jordan Newman, Google Blog Team

Jean Bartik: the untold story of a remarkable ENIAC programmer

This guest post was written by Kathy Kleiman, who discovered the ENIAC Programmers 20 years ago and founded the ENIAC Programmers Project to record their stories and produce the first feature documentary about their work. More at www.eniacprogrammers.org. – Ed.

"For many years in the computing industry, the hardware was it, the software was considered an auxiliary thing."
– Jean Bartik

For more than 50 years, the women of Electronic Numerical Integrator And Computer (ENIAC) were forgotten, and their role in programming the first all-electronic programmable computer and creating the software industry lost. But this fall, old met young, and a great computer pioneer met today's Internet pioneers. It happened in Silicon Valley and it happened at Google.

A little over a month ago, the Computer History Museum (CHM) in Mountain View honored Jean Bartik with its Fellows Award. This lifetime achievement award recognized her work as a programmer of the ENIAC and leader of the team to convert ENIAC to a stored program machine.

The Fellows Award was a rousing celebration of Bartik, Bob Metcalfe and Linus Torvalds. The next night, Bartik returned to CHM to discuss her life story in An Evening with Jean Jennings Bartik, ENIAC Pioneer. More than 400 people attended. They laughed at Bartik's descriptions of the ENIAC Programmers' exploits and enjoyed her stories of “Technical Camelot,” Bartik's description of her days at Eckert and Mauchly Computer Corporation in the 1950s. This video captures the evening:





During the Q&A session, one audience member asked: “If you were working today, where would you want to work?” Without hesitation, Bartik replied “Google!” with a huge smile. Googlers in the audience cheered.

Two days later, Bartik and I went to Google. We were met by our hosts, Ellen Spertus, Robin Jeffries, Peter Toole and Stephanie Williams, and whisked onto the campus past scrolling screens of Google searches and beach volleyball courts.

In the cafeteria, two dozen Google Women Engineers joined us. They pushed their chairs close to Bartik and leaned in to catch every word. Bartik regaled them with stories of computing's pioneers – the genius of John Mauchly and J. Presper Eckert, co-inventors of the computer, and the ingenuity of Betty Holberton and Kay Mauchly Antonelli, fellow programmers and software creators. She shared the joys and struggles of those who created the computer industry.



After lunch we toured the campus. Bartik enjoyed seeing where Googlers program work and the videoconferencing equipment they use to talk with colleagues around the world.

It is a visit we will never forget, and for me, its own moment in history. Twenty years ago, I discovered the ENIAC Programmers and learned their untold story. I founded the ENIAC Programmers Project to record their histories, seek recognition for them and produce the first feature documentary of their story. Our website provides more information about the documentary, WWII-era pictures and an opportunity to help change history. The stories Bartik shared with Googlers that day belong to the world.

Posted by Kathy Kleiman, Founder, ENIAC Programmers Project

Picasa 3 (and name tags) go global

A few months back, we announced some pretty big upgrades to Picasa and Picasa Web Albums for English-speaking users in the U.S. On the PC side, we rolled out a brand-new version of Picasa, with a slew of new tools like effortless web sync, movie editing, and photo-retouching capabilities. On the web, we launched "name tags," a new feature that automatically helps organize your photo collection based on who's in each of your pictures.

Today, just in time for your holiday snapshots, these changes (and more!) are available in all of the 38 languages we currently support. If you've been waiting to try the new photo-collage feature in Picasa, or been curious to see how clustering technology can automatically find similar faces across your photo collection, now's the time to download Picasa 3.1 or opt in to name tags on Picasa Web Albums.

Of course, having a truly global audience sharing and commenting on photos is one of the things that makes Picasa special. The people and places you'll spot on our Explore page attest to this, as do the multilingual comments users receive on their most popular public albums. That's why we just launched automatic comment translation on Picasa Web Albums, which harnesses Google Translate to make sure you know that "美麗的落日" means "Beautiful sunset!"

In fact, if you look closely, you'll see that we've recently rolled out a number of other small but meaningful changes across Picasa Web Albums, in all 38 languages -- ranging from improved sharing to better video playback. Swing by the Google Photos blog to learn more about what's new.

(Or, if you speak British or American English, Dutch, French, German, Italian, Japanese, Korean, Polish, Brazilian or European Portuguese, Russian, Spanish, Simplified Chinese, Traditional Chinese, Turkish, Danish , Finnish, Norwegian, Swedish, Bulgarian, Catalan, Croatian, Czech, Greek, Hindi, Hungarian, Indonesian, Latvian, Lithuanian, Romanian, Serbian, Slovakian, Slovenian, Tagolog, Thai, Vietnamese, or Ukrainian, just visit Picasa Web Albums and see for yourself!)



Posted by Jason Cook, Product Marketing Manager

Gingerbread architecture for all

(Cross-posted from the Google SketchUp Blog)

Chilly weather, hot chocolate, holiday celebrations... I'm proud to kick off our sweetest SketchUp modeling challenge ever: the first annual Google SketchUp Gingerbread House Design Competition. To make it a little easier to design the gingerbread house of your dreams, I modeled a blank house to get you started. Go ahead and download it from the 3D Warehouse, then follow the instructions in the file.



I also built a selection of decorations (candy canes, gumdrops, wafer roof tiles) that you can use to spiff up your model. Of course, you're welcome to do anything you like; it's your masterpiece. When you're finished, don't forget to label your gingerbread house with the tag "gingerbread2009" and upload it to the 3D Warehouse. The competition deadline is January 4th at midnight, Pacific Standard Time.

This undertaking is all about having fun with SketchUp, so the prizes will be glory based. (What did you expect: a gingerbread flat-screen TV?) We'll award the following prizes, and announce the winners here and on the SketchUpdate about a week after the competition closes on January 4th.

• 1st, 2nd and 3rd place – for the best overall gingerbread houses in the collection
• The 'Sprinkles' Prize – for the best additions to the base model (the crazier, the better)
• The 'Swirl' Prize – for the best use of Dynamic Components in the model
• The 'Sweet-tooth' Prize – for the most creative use of a single candy ingredient in a model

If you're looking for inspiration, take a gander at what folks did with Santa's sleigh last year. Have fun, and happy holidays.

Posted by Aidan Chopra, Product Evangelist

Net neutrality and the benefits of caching

(Cross-posted from the Google Public Policy Blog)

One of the first posts I wrote for this blog last summer tried to define what we at Google mean when we talk about the concept of net neutrality.

Broadband providers -- the on-ramps to the Internet -- should not be allowed to prioritize traffic based on the source, ownership or destination of the content. As I noted in that post, broadband providers should have the flexibility to employ network upgrades, such as edge caching. However, they shouldn't be able to leverage their unilateral control over consumers' broadband connections to hamper user choice, competition, and innovation. Our commitment to that principle of net neutrality remains as strong as ever.

Some critics have questioned whether improving Web performance through edge caching -- temporary storage of frequently accessed data on servers that are located close to end users -- violates the concept of network neutrality. As I said last summer, this myth -- which unfortunately underlies a confused story in Monday's Wall Street Journal -- is based on a misunderstanding of the way in which the open Internet works.

Edge caching is a common practice used by ISPs and application and content providers in order to improve the end user experience. Companies like Akamai, Limelight, and Amazon's Cloudfront provide local caching services, and broadband providers typically utilize caching as part of what are known as content distribution networks (CDNs). Google and many other Internet companies also deploy servers of their own around the world.

By bringing YouTube videos and other content physically closer to end users, site operators can improve page load times for videos and Web pages. In addition, these solutions help broadband providers by minimizing the need to send traffic outside of their networks and reducing congestion on the Internet's backbones. In fact, caching represents one type of innovative network practice encouraged by the open Internet.

Google has offered to "colocate" caching servers within broadband providers' own facilities; this reduces the provider's bandwidth costs since the same video wouldn't have to be transmitted multiple times. We've always said that broadband providers can engage in activities like colocation and caching, so long as they do so on a non-discriminatory basis.

All of Google's colocation agreements with ISPs -- which we've done through projects called OpenEdge and Google Global Cache -- are non-exclusive, meaning any other entity could employ similar arrangements. Also, none of them require (or encourage) that Google traffic be treated with higher priority than other traffic. In contrast, if broadband providers were to leverage their unilateral control over consumers' connections and offer colocation or caching services in an anti-competitive fashion, that would threaten the open Internet and the innovation it enables.

Despite the hyperbolic tone and confused claims in Monday's Journal story, I want to be perfectly clear about one thing: Google remains strongly committed to the principle of net neutrality, and we will continue to work with policymakers in the years ahead to keep the Internet free and open.

P.S.: The Journal story also quoted me as characterizing President-elect Obama's net neutrality policies as "much less specific than they were before." For what it's worth, I don't recall making such a comment, and it seems especially odd given that President-elect Obama's supportive stance on network neutrality hasn't changed at all.

Update: Larry Lessig, Save the Internet, Public Knowledge, David Isenberg, Wired and others all found fault with today's piece too.

Posted by Richard Whitt, Washington Telecom and Media Counsel

@Twitter: Welcome to Google Friend Connect

We know many of you enjoy using Twitter to see what people are talking about and to let others know what you've been up to, whether it's sharing a YouTube video or checking in on your friend's tweets. To help you and your Twitter network stay connected no matter where you are on the web, we're excited to announce that Google Friend Connect has integrated with Twitter. This means that when you join a friend connected site, you can choose to use your Twitter profile, discover people you follow on Twitter who are also members of the site, and quickly tweet that you have found a cool website.



To send a tweet about a site you have joined, click the invite link in the members gadget, then click the Twitter icon on the share tab. The next time your followers sign in to Twitter, they'll see your tweet containing a link to the interesting site you've found.

This integration with Twitter is an example of how we want to continue improving Friend Connect, extending the open social web and bringing social features to more places on the web.

Posted by Mussie Shore, Product Manager

Announcing "Browser Security Handbook"

Posted by Michael Zalewski, Security Team.

Many people view the task of writing secure web applications as a very complex challenge - in part because of the inherent shortcomings of technologies such as HTTP, HTML, or Javascript, and in part because of the subtle differences and unexpected interactions between various browser security mechanisms.

Through the years, we found that having a full understanding of browser-specific quirks is critical to making sound security design decisions in modern Web 2.0 applications. For example, the same user-supplied link may appear to one browser as a harmless relative address, while another could interpret it as a potentially malicious Javascript payload. In another case, an application may rely on a particular HTTP request that is impossible to spoof from within the browser in order to defend the security of its users. However, an attacker might easily subvert the safeguard by crafting the same request from within commonly installed browser extensions. If not accounted for, these differences can lead to trouble.

In hopes of helping to make the Web a safer place, we decided to release our Browser Security Handbook to the general public. This 60-page document provides a comprehensive comparison of a broad set of security features and characteristics in commonly used browsers, along with (hopefully) useful commentary and implementation tips for application developers who need to rely on these mechanisms, as well as engineering teams working on future browser-side security enhancements.

Please note that given the sheer number of characteristics covered, we expect some kinks in the initial version of the handbook; feedback from browser vendors and security researchers is greatly appreciated.

Native Client: A Technology for Running Native Code on the Web

Posted by Brad Chen, Native Client Team.

Most native applications can access everything on your computer – including your files. This access means that you have to make decisions about which apps you trust enough to install, because a malicious or buggy application might harm your machine. Here at Google we believe you shouldn't have to choose between powerful applications and security. That's why we're working on Native Client, a technology that seeks to give Web developers the opportunity to make safer and more dynamic applications that can run on any OS and any browser. Today, we're sharing our technology with the research and security communities for their feedback to help make this technology more useful and more secure.

Our approach is built around a software containment system called the inner-sandbox that is designed to prevent unintended interactions between a native code module and the host system. The inner-sandbox uses static analysis to detect security defects in untrusted x86 code. Previously, such analysis has been challenging due to such practices as self-modifying code and overlapping instructions. In our work, we disallow such practices through a set of alignment and structural rules that, when observed, enable the native code module to be disassembled reliably and all reachable instructions to be identified during disassembly. With reliable disassembly as a tool, it's then feasible for the validator to determine whether the executable includes unsafe x86 instructions. For example, the validator can determine whether the executable includes instructions that directly invoke the operating system that could read or write files or subvert the containment system itself.

To learn more and help test Native Client, check out our post on the Google Code blog as well as our developer site. Our developer site includes our research paper and of course the source for the project under the BSD license.

We look forward to hearing what you think!

User Experience in the Identity Community

Eric Sachs & Ben Laurie, Google Security

One of the major conferences on Internet identity standards is the Internet Identity Workshop (IIW), a semiannual 'un-conference' where the sessions are not determined ahead of time. It is attended by a large set of people who work on Internet security and identity standards such as OAuth, OpenID, SAML, InfoCards, etc.  A major theme within the identity community this year has been about improving the user experience and growing the adoption of these technologies.  The OpenID community is making great progress on user experience, with Yahoo, AOL, and Google quickly improving the support they provide (read a summary from Joseph Smarr of Plaxo).  Similarly, the InfoCard community has been working on simplifying the user experience of InfoCard technology, including the updated CardSpace selector from Microsoft.

Another hot topic at IIW centered around how to improve the user experience when testing alternatives and enhancements to passwords to make them less susceptible to phishing attacks.  Many websites and enterprises have tried these password enhancements/alternatives, but they found that people complained that they were hard to use, or that they weren't portable enough for people who use multiple computers, including web cafes and smart phones.  We have published an article summarizing some of the community's current ideas for how to deploy these new authentication mechanisms using a multi-layered approach that minimizes additional work required by users.  We have also pulled together a set of videos showing how a number of these different approaches work with both web-based and desktop applications.  We hope this information will be helpful to other websites and enterprises who are concerned about phishing.