By Scott Knaster, Google Developers Blog Editor


“Google I/O is an annual developer conference featuring highly technical, in-depth sessions, and showcasing the latest from Google's product teams and partners.”
   – official description

Google I/O 2013 has just ended, and even more than usual, this one was for you, our developers. This year, we focused on providing new tools and services you’ve been asking for, plus a few surprises that we hope inspired and delighted you.

• Android gets its own IDE: Android Studio, based on IntelliJ IDEA Community Edition.
• Google Play Services 3.1 brings game services, location APIs, Google Cloud Messaging enhancements, and Cross-Platform Single Sign On.
• An updated Google Play Developer Console adds a very cool app translation service, revenue graphs, alpha and beta testing and staged rollouts, optimization tips, and referral tracking.
• We showed off a whole new look for Google Maps and Maps APIs, featuring new base map tiles, a new default marker, a new info window style, and a style refresh for controls.
• In Google Cloud Platform news, we announced that Google Compute Engine is now open to everyone and has sub-hour billing, we’ve added a PHP runtime to App Engine, and we introduced Google Cloud Datastore.
• We showed new Google Wallet features: the Instant Buy Android API, which makes buying in native Android apps fast and easy, and the Wallet Objects API, which lets you connect your loyalty programs, offers and more to Google Wallet.

Although we put developer announcements first this year, we didn’t skimp on the cool stuff for everyone: we refreshed the look of the Google+ stream, launched expanded Hangouts, totally revamped Google+ photos, announced Google Play Music All Access, showed off conversational search, and demoed some amazing Chrome Experiments.

Of course, Google I/O isn’t just about announcements. It’s our chance to share what’s new with you in those highly technical, in-depth sessions and for you to meet and interact with our engineers and other Googlers, in person and via the Internet. Once again this year, all sessions were recorded and are being posted to Google Developers Live (GDL) for you to peruse whenever it’s convenient for you.

We love putting on Google I/O, and that’s one reason we created GDL. With GDL, we don’t have to pack all our presentations into a 3-day conference. You’ll find new programs on GDL every week, from the same people who present at Google I/O. Just like during I/O, you can watch live or see recordings whenever you want. You can subscribe to the Google Developers channel on YouTube to be notified when new programs are posted.

Whether you came to San Francisco, participated in I/O Extended, or watched our live streams, we thank you for your attention and dedication. Here’s to Google I/O 2014!

By Andrew Jessup, Product Manager

Cross-posted from the Google Cloud Platform Blog

At Google I/O, we announced PHP as the latest supported runtime for Google App Engine in Limited Preview. PHP is one of the world's most popular programming languages, used by developers to power everything from simple web forms to complex enterprise applications.

Now PHP developers can take advantage of the scale, reliability and security features of App Engine. In addition, PHP runs well with other parts of Google Cloud Platform. Let's look at how this works.

Connecting to Google Cloud SQL from App Engine for PHP

Many PHP developers start with MySQL when choosing a database to store critical information, and a wide variety of products and frameworks such as WordPress make extensive use of MySQL’s rich feature set. Google Cloud SQL provides a reliable, managed database service that is MySQL 5.5 compatible and works well with App Engine.

To set up a Cloud SQL database, sign into Google Cloud Console - create a new project, choose Cloud SQL and create a new instance.



After you create the instance, it's automatically associated with your App Engine app.


You will notice Cloud SQL instances don’t need an IP address. Instead they can be accessed via a compound identifier made up of their project name and instance name, such as hello-php-gae:my-cloudsql-instance.

From within PHP, you can access Cloud SQL directly using the standard PHP MySQL libraries - mysql, mysqli or PDO_MySQL. Just specify your Cloud SQL database with its identifier, such as:

<?php

$db = new PDO(
  'mysql:unix_socket=/cloudsql/hello-php-gae:my-cloudsql-instance;dbname=demo_db;charset=utf8',
  'demo_user',
  'demo_password'
);

foreach($db->query('SELECT * FROM users') as $row) {
  echo $row['username'].' '.$row['first_name']; //etc...
}

Methods such as query() work just as you’d expect with any MySQL database. This example uses the popular PDO library, although other libraries such as mysql and mysqli work just as well.

Storing files with PHP and Google Cloud Storage

Reading and writing files is a common task in many PHP projects, whether you are reading stored application state, or generating formatted output (e.g., writing PDF files). The challenge is to find a storage system that is as scalable and secure as Google App Engine itself. Fortunately, we have exactly this in Google Cloud Storage (GCS).

The first step in setting up Google Cloud Storage is to create a bucket:


With the PHP runtime, we’ve implemented native support for GCS. In particular, we’ve made it possible for PHP’s native filesystem functions to read and write to a GCS bucket.

This code writes all prime numbers less than 2000 into a file on GCS:

<?php

$handle = fopen('gs://hello-php-gae-files/prime_numbers.txt','w');

fwrite($handle, "2");
for($i = 3; $i <= 2000; $i = $i + 2) {
  $j = 2;
  while($i % $j != 0) {
    if($j > sqrt($i)) {
      fwrite($handle, ", ".$i);
      break;
    }
    $j++;
  }
}

fclose($handle);

The same fopen() and fwrite() commands are used just as if you were writing to a local file. The difference is we’ve specified a Google Cloud Storage URL instead of a local filepath.

And this code reads the same file back into memory and pulls out the 100th prime number, using file_get_contents():

<?php

$primes = explode(",",
  file_get_contents('gs://hello-php-gae-files/prime_numbers.txt')
);

if(isset($primes[100]))
  echo "The 100th prime number is ".$primes[100];

And more features supported in PHP

Many of our most popular App Engine APIs are now supported in PHP, including our zero-configuration Memcache, Task Queues for asynchronous processing, Users API, Mail API and more. The standard features you’d expect from App Engine, including SSL support, Page Speed Service, versioning and traffic splitting are all available as well.

Open today in Limited Preview

Today we’re making App Engine for PHP available in Limited Preview. Read more about the runtime in our online documentation, download an early developer SDK, and sign up to deploy applications at https://cloud.google.com/appengine/php.


Andrew Jessup is a Product Manager at Google, working on languages and runtimes for Google App Engine.

Posted by Scott Knaster, Editor

By Chris Ramsdale, Product Manager

Cross-posted from the Google Cloud Platform Blog

At Google I/O, we announced Google Cloud Datastore, a fully managed solution for storing non-relational data. Based on the popular Google App Engine High Replication Datastore (HRD), Cloud Datastore provides a schemaless, non-relational datastore with the same accessibility of Google Cloud Storage and Google Cloud SQL.

Cloud Datastore builds off the strong growth and performance of HRD, which has over 1PB of data stored, 4.5 trillion transactions per month and a 99.95% uptime. It also comes with the following features:

• Built-in query support: near SQL functionality that allows you to search, sort and filter across multiple indexes that are automatically maintained 
• ACID transactions: data consistency (both Strong and Eventual) that spans multiple replicas and requests 
• Automatic scaling: built on top of Google’s BigTable infrastructure, the Cloud Datastore will automatically scale with your data 
• High availability: by utilizing Google’s underlying Megastore service, the Cloud Datastore ensures that data is replicated across multiple datacenters and is highly available 
• Local development environment: the Cloud Datastore SDK provides a full-featured local environment that allows you to develop, iterate and manage your Cloud Datastore instances efficiently 
• Free to get started: 50k read & write operations, 200 indexes, and 1GB of stored data for free per month  

Getting started with Cloud Datastore 

To get started, head over to the Google Cloud Console and create a new project. After supplying a few pieces of information you will have a Cloud Project that has the Cloud Datastore enabled by default. For this post we’ll use the project ID cloud-demo.

With the project created and the Cloud Datastore enabled, we’ll need to download the Cloud Datastore client library. Once installed, it’s time to start writing some code. For the sake of this post, we’ll focus on accessing the Cloud Datastore from a Python application running on a Compute Engine VM (which is also now in Preview). We’ll assume that you’ve already created a new VM instance.'

import googledatastore as datastore

def main()
  writeEntity()
  readEntity()

Next include writeEntity() and readEntity() functions:

def WriteEntity():
  req = datastore.BlindWriteRequest()
  entity = req.mutation.upsert.add()
  path = entity.key.path_element.add()
  path.kind = 'Greeting'
  path.name = 'foo'
  message = entity.property.add()
  message.name = 'message'
  value = message.value.add()
  value.string_value = 'to the cloud and beyond!'
  try:
    datastore.blind_write(req)
  except datastore.RPCError as e:
    # remember to do something useful with the exception pass

def ReadEntity(): 
  req = datastore.LookupRequest()
  key = req.key.add()
  path = key.path_element.add()
  path.kind = 'Greeting0'
  path.name = 'foo0'
  try:
    resp = datastore.lookup(req)
    return resp
  except datastore.RPCError as e:
    # remember to do something useful with the exception pass

First create a new file called “demo.py”. Inside demo.py, we’ll add code to write and then read an entity from the Cloud Datastore.  Finally we can update main() to print out the property values within the fetched entity:

def main()
  writeEntity();
  resp = readEntity();

  entity = resp.found[0].entity
  for p in entity.property:
    print 'Entity property name: %s', p.name
    v = p.value[0]
    print 'Entity property value: %s', v.string_value

Before we can run this code we need to tell the SDK which Cloud Datastore instance we would like to use. This is done by exporting the following environment variable:

~$ export DATASTORE_DATASET cloud-datastore-demo

Finally we’re able to run the application by simply issuing the following:

~$ python demo.py

Besides the output that we see in console window, we’re also able to monitor our interactions within the Cloud Console. By navigating back to Cloud Console, selecting our cloud-datastore-demo project, and then selecting the Cloud Datastore we’re taken to our instance’s dashboard page that includes number of entities, properties, and property types, as well as index management, ad-hoc query support and breakdown of stored data.

And that’s really just the beginning. To fully harness the features and functionality that the Cloud Datastore offers, be sure to check out the larger Getting Started Guide and the Cloud Datastore documentation.

Cloud Datastore is the latest addition to the Cloud Platform storage family, joining Cloud Storage for storing blob data, Cloud SQL for storing relational data, and Persistent Disk for storing block data. All fully managed so that you can focus on creating amazing solutions and leave the rest to us.

And while this is a Preview Release, the team is off to a great start. As we move the service towards General Availability we’re looking forward to improving JSON support, more deeply integrating with the Cloud Console, streamlining our billing and driving every bit of performance that we can out of the API and underlying service.

Happy coding!


Chris Ramsdale has worked extensively in the mobile space, starting as a Software Engineer at Motorola in 1997, and then joining local start ups as a Tech Lead and Product Manager. Chris is currently a Product Manager for Google Cloud Platform focused on developer tools and platform services like Google App Engine and Google Cloud Datastore.

Posted by Scott Knaster, Editor

By Navneet Joneja, Product Manager

Cross-posted from the Google Cloud Platform Blog

Last year we announced Google Compute Engine to enable any business or developer to use Google’s infrastructure for their applications. Now we’re taking the next step: Google Compute Engine is open to everyone in preview, and you can sign up online now.

Over the past year, we’ve launched several features and made significant improvements behind the scenes. We’re now announcing several new capabilities that make it easier and more economical to use Compute Engine for a broader set of applications.

• Sub-Hour Billing: We heard feedback from our early users who wanted more granular billing increments so they could run short-lived workloads. Now all instances are charged for in one-minute increments with a ten-minute minimum, so you don’t pay for compute minutes that you don’t use.
• New shared-core instance types: Compute Engine’s new micro and small instance types are designed as a cost-effective option for running small workloads that don’t need a lot of CPU power, like development and test workloads.
• Larger Persistent Disks: We’re increasing the size of Persistent Disks that can be attached to instances by up to 8,000%. You can now attach up to 10 terabytes of persistent disk to a Compute Engine virtual machine, giving you plenty of persistent storage for a wide variety of applications.
• Advanced Routing Capabilities: Compute Engine now supports software-defined routing capabilities based on our broad SDN innovation. These capabilities are designed to handle your advanced network routing needs like configuring instances to function as gateways, configuring VPN servers and building applications that span your local network and Google’s cloud.
• ISO 27001 Certification: We’ve also completed ISO 27001:2005 certification for Compute Engine, App Engine, and Cloud Storage to demonstrate that these products meet the international standard for managing information security.

To get started, go to the Google Cloud Console, select Compute Engine and click the “New Instance” button.

Fill out the required information and click “Create” on the right hand side. Your new virtual machine will be ready to use in about a minute.

To all of our customers who helped us evolve the product over the past months, thank you; your feedback has helped shape Compute Engine. To those of you who have been eager to try Compute Engine, the wait is over and you can sign up for Compute Engine online today.


Navneet Joneja loves being at the forefront of the next generation of simple and reliable software infrastructure, the foundation on which next-generation technology is being built. When not working, he can usually be found dreaming up new ways to entertain his intensely curious three-year-old.

Posted by Scott Knaster, Editor

By Tim Bray, Google Identity Team

During the Android portion of the Google I/O keynote, we showed Cross-Platform Single Sign-On; the effect was that for Wallet and Google+ users, signing in to a Web browser resulted in automatic download of, and sign-in to, an Android app.

To support this, we have introduced general-purpose API tools which allow developers to achieve cross-client authentication and authorization, in particular between Android and Web apps.

Not having to sign in repeatedly feels so natural for users that they don’t even notice it. But as more and more apps deploy this sort of magic, you don’t want to be the hold-out that’s pestering users for passwords on Web sites or, worse, on tiny mobile-device keyboards.

On the Android side, client libraries like PlusClient, GamesClient, and WalletClient have “connect” methods that take care of this as automatically as possible; they check whether any of the accounts on the phone have already been authorized for access to the service in question, conduct sign-in if necessary but avoid it if possible, and when they return to your code, everything’s all set up.

If you’re writing server-side code and using libraries like Google+ Sign-In, once again, all the right things happen automatically; when you start accessing the service, the software imposes the minimum necessary pain on the user, ideally zero, and lets you get to work.

Of course, some people want less automation, and finer control over how things work. If you want to access our services at the HTTP level rather than via a library, or to deal with multiple accounts on an Android device in a customized way, you can do these things and in most cases still deliver the no-sign-in magic.

Of course, this involves working with HTTP message flows, validating tokens, and securing shared secrets. This may sound intimidating but will be straightforward for one well-versed in HTTP-level Web programming. If you’re one of those, check out the low-level protocols and APIs that support this, in “Cross-Client Identity”.

The time is now to start moving your apps towards a sign-in-free future.


Tim says: By day, I help in the struggle against passwords on the Internet.
The rest of my life is fully documented on my blog.

Posted by Scott Knaster, Editor

By Urs Hölzle, Senior Vice President, Technical Infrastructure, and Google Fellow

Cross-posted from the Google Cloud Platform Blog

LIVE - Watch the stream of the Cloud track kickoff now

Over the last fourteen years we have been developing some of the best infrastructure in the world to power Google’s global-scale services. With Google Cloud Platform, our goal is to open that infrastructure and make it available to any business or developer anywhere. Today, we are introducing improvements to the platform and making Google Compute Engine available for anyone to use.

Google Compute Engine - now available for everyone

Google Compute Engine provides a fast, consistently high-performance environment for running virtual machines. Later today, you’ll be able to go online to cloud.google.com and start using Compute Engine.

In addition, we’re introducing new Compute Engine features:

• Sub-hour billing charges for instances in one-minute increments with a ten-minute minimum, so you don’t pay for compute minutes that you don’t use
• Shared-core instances provide smaller instance shapes for low-intensity workloads
• Advanced Routing features help you create gateways and VPN servers, and enable you to build applications that span your local network and Google’s cloud
• Large persistent disks support up to 10 terabytes per volume, which translates to 10X the industry standard

We’ve also completed ISO 27001:2005 international security certification for Compute Engine, Google App Engine, and Google Cloud Storage.

Google App Engine adds the PHP runtime

App Engine 1.8.0 is now available and includes a Limited Preview of the PHP runtime - your top requested feature. We’re bringing one of the most popular web programming languages to App Engine so that you can run open source apps like WordPress. It also offers deep integration with other parts of Cloud Platform including Google Cloud SQL and Cloud Storage.

We’ve also heard that we need to make building modularized applications on App Engine easier. We are introducing the ability to partition apps into components with separate scaling, deployments, versioning and performance settings.

Introducing Google Cloud Datastore

Google Cloud Datastore is a fully managed and schemaless solution for storing non-relational data. Based on the popular App Engine High Replication Datastore, Cloud Datastore is a standalone service that features automatic scalability and high availability while still providing powerful capabilities such as ACID transactions, SQL-like queries, indexes and more.

Over the last year we have continued our focus on feature enhancement and developer experience across App Engine, Compute Engine, Google BigQuery, Cloud Storage and Cloud SQL. We also introduced Google Cloud Endpoints and Google Cloud Console.

With these improvements, we have seen increased usage with over 3 million applications and over 300,000 unique developers using Cloud Platform in a given month. Our developers inspire us everyday, and we can’t wait to see what you build next.


Urs Hölzle is Senior Vice President of Technical Infrastructure and Google Fellow. As one of Google's first ten employees and its first VP of Engineering, he has shaped much of Google's development processes and infrastructure.

Posted by Scott Knaster, Editor

By Greg Hartrell, Lead Product Manager

We love to talk about games at Google. Especially the old ones, like Pac-man, Pitfall and Frogger. Since those classics, games have changed a lot. They’ve moved from that clunky box in your living room to the screen that you carry with you in your pocket wherever you go. They’re mobile, they’re social, and they’re an important part of Google Play.

Today, we’re launching Google Play game services, a core part of building a gaming platform for the next generation of games. These services help you make your games more social, with achievements, leaderboards, and multiplayer, as well as more powerful, storing game saves and settings in the cloud. They are available on Android, and many on iOS or any other connected device. By building on Google’s strengths in mobile and cloud services, you can focus on what you’re good at as game developers: creating great gaming experiences for your users.

With game services, you can incorporate:

• Achievements that increase engagement and promote different styles of play.
• Social and public leaderboards that seamlessly use Google+ circles to track high scores across friends and across the world.
• Cloud saves that provide a simple and streamlined storage API to store game saves and settings. Now players never have to replay Level 1 again.
• Real-time multiplayer for easy addition of cooperative or competitive game play on Android devices. Using Google+ Circles, a game can have up to 4 simultaneous friends or auto-matched players in a game session together with support for additional players coming soon.

Several great Android games are already using these new game services, including World of Goo, Super Stickman Golf 2, Beach Buggy Blitz, Kingdom Rush, Eternity Warriors 2, and Osmos.

And many more titles launch today as well:



Google Play game services are available today through an SDK for Android, and a native iOS SDK for iPhone and iPad games. Web and other platform developers will also find corresponding REST APIs, with libraries for JavaScript, Java, Python, Go, Dart, PHP, and more.

We’re excited to see what games will do with these new services and experiences, and this is only the beginning. Wait until you get to the boss battle... er.. Check out our developer site to get started: https://developers.google.com/games/.


Greg Hartrell is Lead Product Manager on Google Play game services, devoted to helping developers make incredible games through Google Play. In his spare time, he enjoys jumping from platform to platform, boss battles and matching objects in threes.

Posted by Scott Knaster, Editor

By Michael Manoochehri, Developer Programs Engineer, Google Cloud Platform

Cross-posted with the Google Cloud Platform Blog

After last year's Google I/O conference, the Google Cloud Platform Developer Relations team started to think about how attendees experienced the event. We wanted to help attendees gain more insight about the conference space and the environment itself. Which developer Sandboxes were the busiest? Which were the loudest locations, and which were the best places to take a quick nap? We think about data problems all the time, and this looked like an interesting big data challenge that we could try to solve. So this year, we decided to try to answer our questions with a project that's a bit different, kind of futuristic, and maybe a little crazy.

Since we love open source hardware hacking as much as we love to share open source code, we decided to team up with the O'Reilly Data Sensing Lab to deploy hundreds of Arduino-based environmental sensors at Google I/O 2013. Using software built with the Google Cloud Platform, we'll be collecting and visualizing ambient data about the conference, such as temperature, humidity, air quality, in real time! Altogether, the sensors network will provide over 4,000 continuous data streams over a ZigBee mesh network managed by Device Cloud by Etherios.


In addition, our motes will be able to detect fluctuations in noise level, and some will be attached to footstep counters, to understand collective movement around the conference floor. Of course, since a key goal of Google I/O is to promote innovation in the open, the project's Cloud Platform code, the Arduino hardware designs, and even the data collected, will be open source and available online after the conference.

Google Cloud Platform, which provides the software backend for this project, has a variety of features for building applications that collect and process data from a large number of client devices - without having to spend time managing hardware or infrastructure. Google App Engine Datastore, along with Cloud Endpoints, provides a scalable front end API for collecting data from devices. Google Compute Engine is used to process and analyse data with software tools you may already be familiar with, such as R and Hadoop. Google BigQuery provides fast aggregate analysis of terabyte datasets. Finally, App Engine's web application framework is able to surface interactive visualizations to users.

Networked sensor technology is in the early stages of revolutionizing business logistics, city planning, and consumer products. We are looking forward to sharing the Data Sensing Lab with Google I/O attendees, because we want to show how using open hardware together with the Google Cloud Platform can make this technology accessible to anyone.

With the help of the Google Maps DevRel team, we'll be displaying visualizations of interesting trends on several screens around the conference. Members of the Data Sensing Lab will be on hand in the Google I/O Cloud Sandbox to show off prototypes and talk to attendees about open hardware development. Lead software developer Amy Unruh and Kim Cameron from the Cloud Platform Developer Relations team will talk about how we built the software involved in this project in a talk called "Behind the Data Sensing Lab". In case you aren't able to attend Google I/O 2013, this session will be available online after the conference. Learn more about the Google Cloud Platform on our site, and to dive in to building applications, check out our developer documentation.


Michael Manoochehri is a Developer Programs Engineer supporting the Google Cloud Platform. He is passionate about making cloud computing and data analysis universally accessible and useful.

Posted by Scott Knaster, Editor

By Ted Hamilton, YouTube Analytics

Cross-posted from the YouTube API Blog

Trying to figure out how YouTube’s one billion monthly users are interacting with your videos? Try the new YouTube Analytics API to get custom reports of the YouTube statistics you care about in a direct JSON or CSV response, perfect for dashboards and ad hoc reports.

The new API includes all the standard view and engagement metrics you would expect, including views, shares, and subscriber numbers. Compared to the previous Insight Data API, you also get:

• Watch metrics: Track estimated minutes watched across channel, content owner, or video, and dive into the video details with average view time and average view percentage.
• Earning performance metrics: Track estimated earnings (net revenue) from select advertising sources across your content.
• Ad performance metrics: Break down video performance with monetized playbacks, ad impressions, gross revenue, and cost per impression reports.
• Annotation metrics: Optimize overlays/annotations with click through and close rate metrics.

Client libraries and code samples
You’ll find client libraries for the languages you use most, with nine different languages available today. You can also make HTTP RESTful requests directly, and with our API Explorer, you can try out sample reports before writing any code.

Don’t write your code from scratch! Get started with code examples in Java, JavaScript, Python, and Ruby. If you want a step-by-step walkthrough of building a complete web application, have a look at our JavaScript exercise.

App examples
Check out some apps that are already using the API:

• Next Big Sound provides analytics and insights for the music industry by tracking billions of social signals including YouTube. This enables record labels, artists, and band managers to make better decisions on everything from promotion strategies to tour locations.
• vidIQ is an audience development suite that works with global brands to organically grow their views and subscribers. Their features include cross-platform social analytics, advanced comment management, SEO tools, social syndication and influencer identification.

• Wizdeo’s WizTracker provides in-depth analysis of YouTube channels to help with cross promotion and video comparisons during their initial launch. Users get access to detailed analytics about views, subscriber engagement, traffic sources and demographics.
• Vidyard is a video marketing platform. With powerful analytics, built-in marketing tools, and integration with key marketing automation platforms, Vidyard helps marketers drive results with video content.

Fullscreen is building a global network of YouTube channels with content creators and brands. Fullscreen provides a full suite of end-to-end YouTube tools and uses the new API for internal, business-intelligence tools.

Learn more
In addition to the documentation, check out our Analytics API playlist to make getting started even easier.



If your goal is to export all statistics for a large number of channels on a recurring basis for your data warehouse, look forward to using the upcoming scheduled reports feature of the API, expected to launch later this year.

To get more info on the YouTube APIs, subscribe to our YouTube for Developers channel and YouTubeDev on Google+.


Ted Hamilton is the Product Manager for YouTube Analytics based out of Zurich, Switzerland. Prior to Google, Ted was a consultant at Bain and Company in London. Ted has a Computer Science degree from Northwestern University and holds an MBA from MIT Sloan.

Posted by Scott Knaster, Editor

By Eduardo Vela Nava, Security Team

This January, Google and SyScan announced a secure coding competition open to students from all over the world. While Google’s Summer of Code and Code-in encourage students to contribute to open source projects, Hardcode was a call for students who wanted to showcase their skills both in software development and security. Given the scope of today’s online threats, we think it’s incredibly important to practice secure coding habits early on. Hundreds of students from 25 countries and across five continents signed up to receive information about the competition, and over 100 teams participated.



During the preliminary online round, teams built applications on Google App Engine that were judged for both functionality and security. Five teams were then selected to participate in the final round at the SyScan 2013 security conference in Singapore, where they had to do the following: fix security bugs from the preliminary round, collaborate to develop an API standard to allow their applications to interoperate, implement the API, and finally, try to hack each other’s applications. To add to the challenge, many of the students balanced the competition with all of their school commitments.




We’re extremely impressed with the caliber of the contestants’ work. Everyone had a lot of fun, and we think these students have a bright future ahead of them. We are pleased to announce the final results of the 2013 Hardcode Competition:

1st Place: Team 0xC0DEBA5E
Vienna University of Technology, Austria (SGD $20,000)

• Daniel Marth
• Lukas Pfeifhofer
• Benedikt Wedenik

2nd Place: Team Gridlock
Loyola School, Jamshedpur, India (SGD $15,000)

• Aviral Dasgupta

3rd Place: Team CeciliaSec
University of California, Santa Barbara, California, USA (SGD $10,000)

• Nathan Crandall
• Dane Pitkin
• Justin Rushing

Runner-up: Team AppDaptor
The Hong Kong Polytechnic University, Hong Kong (SGD $5,000)

• Lau Chun Wai

Runner-up: Team DesiCoders
Birla Institute of Technology & Science, Pilani, India (SGD $5,000)

• Yash Agarwal
• Vishesh Singhal

Honorable Mention: Team Saviors of Middle Earth (withdrew due to school commitments)
Walt Whitman High School, Maryland, USA

• Wes Kendrick
• Marc Rosen
• William Zhang

A big congratulations to this very talented group of students!


Eduardo Vela Nava is a Tech Lead for Google's WOOPS (Web or Other Product Security) team, helping teams build safer products.

Posted by Scott Knaster, Editor

By Adam Feldman, APIs Product Manager

We know that deprecation policies can be complex. But it shouldn’t be hard for you to determine which features of our APIs and services are covered by a deprecation policy and which ones aren’t. To date, we’ve often used the label “Experimental” to indicate that certain new versions, features, or functionality don’t have the deprecation policy. But we know you don’t want to hunt through documentation looking for what is “Experimental” and what isn’t.

So starting today, for each API or service that has the deprecation policy, we are creating an explicit list of what is covered by that policy. For instance, here’s what this list will look like for the Google Maps APIs:

We are not adding or subtracting anything, but only changing how we display this information to make it easier to locate and understand. This change will be fully rolled out in the coming weeks. Please refer to each API or service’s terms of service for more information. We hope this will make your life easier so you get back to your code sooner!


Adam Feldman is a Product Manager, focusing on all of Google's APIs and making sure Google provides the best possible platform to developers.

Posted by Scott Knaster, Editor

By Mark Scott, Product Manager, Chrome

Cross-posted from the Chromium Blog

Event pages keep apps and extensions efficient by allowing them to respond to a variety of events such as timers or navigation to a particular site, without having to remain running persistently. But what if you need to respond to something that occurs outside of Chrome, such as a news alert, a message sent to a user or a stock hitting a price threshold? Until now, you had to do this by repeatedly polling a server. This process consumed bandwidth and reduced the battery life of your users’ machines. For a more efficient solution, starting today you can use Google Cloud Messaging for Chrome (GCM) - across all channels of Chrome.

GCM will be familiar to developers who have used Google Cloud Messaging for Android. To send a message, all you need to do is:

1. Request a token (channel ID) via chrome.pushMessaging.getChannelId(). 
2. Pass the returned token to your server. 
3. Whenever you need to send a message to your app or extension, post the message along with the token to the GCM server-side API. 

Your message is then delivered in near real time to Chrome. This makes your event page wake up (if it’s not already running), and the message is delivered to your chrome.pushMessaging.onMessage listener.



To use GCM, your users must be signed into Chrome, as the service relies on an efficient push channel that’s only established for signed-in users. Messages are automatically delivered to all the devices where the user has signed in and installed your app/extension.

To add GCM to your app/extension, take a look at the overview of the service or start with some of the sample apps—and start pushing!


Mark Scott is a Product Manager on the Google Chrome team. He works with a team in Kirkland on features that make Chrome a great platform for building apps.

Posted by Scott Knaster, Editor

By Nicolas Garnier, Developer Relations

We surf the web for a million different reasons – for everything from school research projects to time-killing memes. And when we find something relevant for us, whether that be our most recent pay stub or just an adorably awesome pic, we may want to save it for later reference or to share with friends in the future.

Starting today, Drive users can use the "Save to Drive" button to do exactly that. The “Save to Drive” button is an easier way to save files directly from a website. If you have your own website, you can improve the experience for your site visitors by adding the “Save to Drive” button to your page using two easy lines of HTML.

Saving an ebook to Google Drive from the O’Reilly website
Just try it out. Save this cute kitten’s image to Google Drive using the button below:
Credit: Krzysztof P. Jasiutowicz


Adding a Save to Drive button on your website is easy. You simply have to include the script and HTML tag below:

<script src="https://apis.google.com/js/plusone.js"></script>
<div class="g-savetodrive"
 data-filename="My Statement.pdf"
 data-sitename="My Company Name"
 data-src="/path/to/myfile.pdf">
</div>

You can also use the Save to Drive button’s JavaScript API, which allows programmatic and flexible control of the creation of Save to Drive buttons in your web pages.

The Save to Drive button works in the context of the user’s browser. This allows your users to save files that could require some form of HTTP authorization – such as a session cookie – without any special customization from you. In most cases, the Save to Drive button should be simple to integrate, plug-and-play!

Check out some companies that have already added Save to Drive buttons on their sites: Bigstock, Delta Dental, Fotolia, O'Reilly, Outbox, Ultimate Software, and Zen Payroll.

Saving a dental statement from Delta Dental
Saving your physical mail to Drive from your Outbox account
To learn more, have a look at our technical documentation, and if you have questions, don’t hesitate to post on Stack Overflow.


Nicolas Garnier joined Google’s Developer Relations in 2008 and lives in Zurich. He is a Developer Advocate for Google Drive and Google Apps. Nicolas is also the lead engineer for the OAuth 2.0 Playground.

Posted by Scott Knaster, Editor

By Mike Winton, Director of Developer Relations

At Google I/O 2013, we will share the future of our platforms with you. Developers from all over the world are the key innovators of powerful, breakthrough technologies, and that’s why we challenged ourselves to make the Google I/O experience available to every developer, everywhere.

Watch Google I/O live
From the comfort of your own home, office, secret lair, or anywhere you have a reliable Internet connection, you can stream Google I/O May 15-16 live. Brought to you by Google Developers Live (GDL), the Google I/O homepage will become the GDL at I/O live streaming hub starting on May 15th at 9:00 AM PT (16:00 UTC). From this page, you can:

• Stream 4 channels of technical content on your computer, tablet, or phone. You’ll feel like you’re right there in the keynote and session rooms, listening to product announcements straight from the source. Live streaming will run on developers.google.com/io from 9 AM PT (16:00 UTC) to 7 PM PT (2:00 UTC) on May 15 and 16.
• Watch exclusive interviews with the Googlers behind the latest product announcements. This year, GDL will be on site, broadcasting one-on-one product deep dives, executive interviews, and Sandbox walkthroughs from the GDL stage.
• Get the latest news in real-time. We’ll be posting official announcements during I/O. You’ll be able to see the feed on the Google I/O homepage, in the I/O mobile app (coming soon), and on +Google Developers.
• Never miss a session. All Google I/O technical sessions will be recorded and posted to GDL and the Google Developers YouTube channel. Subscribe to our YouTube channel for archived session updates.

Live blog the keynote
Grab our live blogging gadget to add the keynote live stream to your own site or blog. Customize the gadget with your site or blog name, live blog alongside real-time Google announcements, and share a dynamic Google I/O experience with your readers. Have questions? For more info, check out our live blogging gadget FAQ.

Get together locally
Experience Google I/O with your local developer community by hosting or attending an I/O Extended event. If you’re hosting, register here and learn how to hold a totally epic event with our handy Organizer Guide. Otherwise, with over 400 sites in 90+ countries, chances are good that there is an I/O Extended event near you. Find an event now!

And before I/O, tune in to Google Developers Live programming to connect with Google engineers, prep for this year’s event, and browse our archived content. For official conference updates, add +Google Developers to your Circles, follow #io13 for big announcements, join the Google I/O community, and keep an eye on the Google I/O site.


Mike Winton founded and leads Google's global Developer Relations organization. He also enjoys spending time with his family and DJing electronic music.

Posted by Scott Knaster, Editor

By the Google API Infrastructure Team


As we described in a previous post, earlier this week we experienced an outage in our API infrastructure. Today we’re providing an incident report that details the nature of the outage and our response.

The following is the incident report for the Google API infrastructure outage that occurred on April 30, 2013. We understand this service issue has impacted our valued developers and users, and we apologize to everyone who was affected.

Issue Summary

From 6:26 PM to 7:58 PM PT, requests to most Google APIs resulted in 500 error response messages. Google applications that rely on these APIs also returned errors or had reduced functionality. At its peak, the issue affected 100% of traffic to this API infrastructure. Users could continue to access certain APIs that run on separate infrastructures. The root cause of this outage was an invalid configuration change that exposed a bug in a widely used internal library.

Timeline (all times Pacific Time)

• 6:19 PM: Configuration push begins
• 6:26 PM: Outage begins
• 6:26 PM: Pagers alerted teams
• 6:54 PM: Failed configuration change rollback
• 7:15 PM: Successful configuration change rollback
• 7:19 PM: Server restarts begin
• 7:58 PM: 100% of traffic back online

Root Cause

At 6:19 PM PT, a configuration change was inadvertently released to our production environment without first being released to the testing enviroment. The change specified an invalid address for the authentication servers in production. This exposed a bug in the authentication libraries which caused them to block permanently while attempting to resolve the invalid address to physical services. In addition, the internal monitoring systems permanently blocked on this call to the authentication library. The combination of the bug and configuration error quickly caused all of the serving threads to be consumed. Traffic was permanently queued waiting for a serving thread to become available. The servers began repeatedly hanging and restarting as they attempted to recover and at 6:26 PM PT, the service outage began.

Resolution and recovery

At 6:26 PM PT, the monitoring systems alerted our engineers who investigated and quickly escalated the issue. By 6:40 PM, the incident response team identified that the monitoring system was exacerbating the problem caused by this bug.

At 6:54 PM, we attempted to rollback the problematic configuration change. This rollback failed due to complexity in the configuration system which caused our security checks to reject the rollback. These problems were addressed and we successfully rolled back at 7:15 PM.

Some jobs started to slowly recover, and we determined that the overall recovery would be faster by a restart of all of the API infrastructure servers globally. To help with the recovery, we turned off some of our monitoring systems which were triggering the bug. As a result, we decided to restart servers gradually (at 7:19 PM), to avoid possible cascading failures from a wide scale restart. By 7:49 PM, 25% of traffic was restored and 100% of traffic was routed to the API infrastructure at 7:58 PM.

Corrective and Preventative Measures

In the last two days, we’ve conducted an internal review and analysis of the outage. The following are actions we are taking to address the underlying causes of the issue and to help prevent recurrence and improve response times:

• Disable the current configuration release mechanism until safer measures are implemented. (Completed.)
• Change rollback process to be quicker and more robust.
• Fix the underlying authentication libraries and monitoring to correctly timeout/interrupt on errors.
• Programmatically enforce staged rollouts of all configuration changes.
• Improve process for auditing all high-risk configuration options.
• Add a faster rollback mechanism and improve the traffic ramp-up process, so any future problems of this type can be corrected quickly.
• Develop better mechanism for quickly delivering status notifications during incidents.

Google is committed to continually and quickly improving our technology and operational processes to prevent outages. We appreciate your patience and again apologize for the impact to you, your users, and your organization. We thank you for your business and continued support.

Sincerely,

The Google API Infrastructure Team


Posted by Scott Knaster, Editor

By Louis Ryan, Software Engineer

We know that developers around the world depend on our APIs for their apps, sites and businesses every day. Unfortunately, we experienced an outage of the Google API serving infrastructure yesterday, April 30. This outage impacted most Google APIs, resulting in requests failing with a 500 error code. Additionally, users may have experienced missing features or capabilities from some Google services that rely on these APIs.

At 6:26 pm Pacific Time, we pushed a config change that inadvertently caused a widespread outage of our API infrastructure.  Our normal rollback procedure failed, delaying the rollback until 7:22 pm, at which time APIs started to recover. The outage was completely resolved by 8:00 pm.

We are making several changes to help ensure this issue won’t happen again. We’ve identified some key improvements to our release and rollback process that we are implementing immediately. Reliability is a top priority at Google, and we are continuously making improvements to our systems. We apologize to everyone who was affected.


Louis Ryan is an engineer on the API platforms team in Mountain View. Louis is passionate about making APIs faster, more consistent, and reliable.

Posted by Scott Knaster, Editor

By Raziel Alvarez, Google Fonts Team

The goal of Google Fonts has always been to bring beautiful, open-source fonts to the web, fast and free of cost. Starting today, you can download these fonts for offline access on your desktop. We’ve made all of the fonts from the Google Fonts directory available in SkyFonts, a tool from Monotype that allows you to install and sync fonts from the web onto your Windows or Mac OS X devices.


SkyFonts automatically updates the fonts installed on your system whenever they are updated on Google Fonts – for example, when new characters are added – ensuring you always have the latest fonts to work with. And with the fonts installed locally, browsing websites that use web fonts will be faster, since your browser won’t have to spend time fetching font data. If you’d rather download the source files to edit the font data directly, you can always do so from the project at Google Code.

So whether you’re a designer looking to incorporate popular web fonts into your typography, or you just want to improve your browsing speed by by keeping local, synced copies of fonts, you can take advantage of SkyFonts.


Raziel Alvarez is a software engineer interested in making computing more useful, and usable, through engaging applications and more natural user interfaces. He is part of the Google Fonts Team, responsible for unleashing text by bringing typographical diversity to the Web.

Posted by Scott Knaster, Editor

By Scott Knaster, Google Developers Blog Editor

The Google Transparency Report is designed to point out government censorship, requests to Google for data, and other details about our information services. The newest report, just out this week, shows that government requests for content removal have reached a new high level, with more than 2200 requests received in the second half of last year.

Government removal requests are probably the best known part of the Transparency Report, but there’s plenty of other fascinating and useful data. For example, you can see information about removal requests for specific URLs from copyright owners, or read about the legal process that takes place when a government organization or court requests information about a user. You can learn a lot by spending some time with the Transparency Report.

If you’re on the U. S. East Coast this spring and summer, you won’t need a report to tell you that massive numbers of cicadas are emerging from their underground homes to breed, fill the skies, annoy countless humans, last a few weeks, then die (and annoy even more humans who have to clean them up). This year’s bunch are Magicicada septendecim, or periodical cicadas with a 17-year life cycle. So we can look forward to a similar event in 2030.

Finally, if you haven’t already played with the Earth Day Doodle from last Monday, consider taking a few minutes this weekend to enjoy it. You might find yourself mesmerized by the tranquil scene (cicadas not included).


Fridaygram is mostly about fun and informative stuff that’s not related to development, but we seriously want to congratulate Googlers Peter Norvig and Arun Majumdar on their election to the American Academy of Arts and Sciences. Arun runs Google’s energy strategy as vice president of energy, and Peter is our director of research, although he’s also known for his whimsical take on presentations and technology.

By Jeff Kaufman, Software Engineer, Make the Web Faster Team

When we released mod_pagespeed in 2010, we gave webmasters a way to speed up their sites without needing to become web performance optimization experts. As an Apache module, however, it was unavailable to sites running Nginx, the popular high performing open source web server that powers many large web sites. Today that changes: we're releasing PageSpeed Beta for Nginx, aka ngx_pagespeed.

Running as a module inside Nginx, ngx_pagespeed rewrites your webpages to make them faster for your users. This includes compressing images, minifying CSS and JavaScript, extending cache lifetimes, and many other web performance best practices. All of mod_pagespeed's optimization filters are now available to Nginx users.
After three months of alpha testing on hundreds of sites, ngx_pagespeed has proven its ability to serve production traffic. It's ready for beta, and it's ready for you to start using it on your site.

MaxCDN, a content delivery network provider, recently published a blog post on their experience testing ngx_pagespeed: “With PageSpeed enabled, we shaved 1.57 seconds from our average page load, dropped our bounce rate by 1%, and our exit percentage by 2.5%. In sum, we squeezed out extra performance with nothing but a few extra lines in our nginx config files... We are continuing to test the module with the PageSpeed team, and our goal is to make it available across our CDN and to all of our customers – stay tuned!”

ZippyKid, a popular WordPress hosting provider, is also one of the early beta testers of ngx_pagespeed: “PageSpeed for ZippyKid is the world’s first WordPress optimization service powered by ngx_pagespeed, designed to automatically apply web performance best practices to deliver fast WordPress sites. Our benchmarks indicate that PageSpeed for ZippyKid will deliver up to a 75% reduction in page sizes and a 50% improvement in page rendering speeds.”

Development of ngx_pagespeed is open source, with contributions by developers from Google, Taobao, We-Amp, and many other individual volunteers. Thanks everyone for helping us reach the Beta milestone!

To start using ngx_pagespeed, follow the installation instructions on GitHub.


Jeff Kaufman works on PageSpeed, an open-source server module that helps make the web faster, and is interested in experiment measurement. He also plays for contra dances, organizes other dances, and blogs about dancing, giving, and tech.

Posted by Scott Knaster, Editor

By Seth Ladd, Developer Advocate

Sometimes, you only have 5 minutes. Luckily, with the Dart Tips series of short video tutorials, that's all you need to start learning the new Dart language and libraries. In these videos, I show off code samples and examples across the various language features of Dart.

For example, here's a quick demo of the various types of constructors in Dart:



You can check out all the videos, or jump to the topic that most interests you:

1. A simple Dart script
2. Runtime modes
3. Variables
4. Strings, numbers, booleans, oh my!
5. Collections in Dart
6. Functions are fun, Pt 1
7. Functions are fun, Pt 2
8. Control flow statements
9. Exceptions
10. Classes: setters & getters
11. Classes: Constructors

We hope you enjoy these videos about Dart. If you have questions or comments about the videos, or Dart, please join us on the Dart mailing list and on Google+. As we say on Dart Tips, stay sharp!


Seth Ladd is a Developer Advocate on Dart. He's a web engineer, book author, a conference organizer, and loves a game of badminton.

Posted by Scott Knaster, Editor