Friday, July 13, 2007
To help you achieve better AdSense-life balance (and, okay, technically to perform routine system maintenance), your AdSense account will be inaccessible starting at 10am PDT on Saturday, July 14th. As usual, your ads will keep running and your reports will keep tracking during this time.
While the maintenance will be over at 2pm PDT, feel free to spend the rest of the day – nay, the whole weekend! – enjoying yourself in whatever fashion you choose. And, hey, if you choose to spend it optimizing your account, who are we to argue?
Also, to give our international publishers a better idea of how the maintenance might affect your weekend activities:
New York -- Go for a walk in the park at 1:00pm Saturday
Sao Paolo -- Challenge your neighbor to a game of futebol at 2:00pm Saturday
Dublin -- Head out for a pint at 6:00pm Saturday
New Delhi – Dance the night away at 10:30pm Saturday
Tokyo -- Sleep right through it at 2:00am Sunday
Given helpful suggestions from our discussion group, we've improved feedback for sitemaps in Webmaster Tools. Now, minor problems in a sitemap will be reported as "warnings," and will appear instead of, or in addition to, more serious "errors." (Previously all problems were listed as errors.) Warnings allow us to provide feedback on portions of your sitemap that may be confusing or inaccurate, while saving the real "error" alarm for problems that make your sitemap completely unreadable. We hope the additional information makes it even easier to share your sitemaps with Google.
The new set of warnings includes many problems that we had previously classified as errors, including the "incorrect namespace" and "invalid date" examples shown in the screenshot above. We also crawl a sample of the URLs listed in your sitemap and report warnings if the Googlebot runs into any trouble with them. These warnings might suggest a widespread problem with your site that warrants further investigation, such as a stale sitemap or a misconfigured robots.txt file.
Please let us know how you like this new feedback. Tell us what you think via the comments below, or in the discussion group. We also appreciate suggestions for additional warnings that you would find useful.
In API and developer-product news...
Othman Laraki talked about the Gears roadmap and development process and how the team is working on a Cross-Origin API and an Improved Workerpool.
Omar Khan has introduced a new blog for the Google Desktop APIs which was created to open a another line of dialog and provide useful information such as tips, announcements, developer jokes, links to articles and tutorials, and more.
The new AJAX Search feature on Blogger that uses linked Custom Search Engines is a fantastic feature that allows you to implement ideas such as "search my blog, and reach out to other sites that I link too". All automatically.
GGeoXML Methods, GDraggableObject Events, & Geodesic Polylines details how the Maps API team has given developers GGeoXML functions to make loading and viewing files easier. GGeoXML now comes with a callback function that's entered once the file has loaded, plus a number of utility functions.
Dick Wall has written his second article on a series on Guice, Squeezing More Guice from Your Tests with EasyMock, which delves into how dependency injection and mock objects can be used together in glee.
The FeedBurner and Blogger teams have joined up very quickly to create a nice integration of the two products. From within your Blogger settings you can now specify that you have a FeedBurner feed that manages your blog, and Blogger will use that feed address.
This YouTube Mapplet mashes-up YouTube videos and Geo using the newly released Mapplets feature that now lives in My Maps.
The Telekinesis iPhone Remote allows you to use your shiny new iPhone to control your Mac.
Google Tech Talks
What Every Engineer Needs to Know About Security and Where to Learn It
Neil Daswani's talk discusses recent trends in security, and what every engineer needs to know to prevent the most significant emerging threats such as cross-site scripting and SQL injection attacks.
While We Wait for BabelFish: Languages on theInternet
This talk addresses some localization issues, but beyond that, questions the very way languages are dealt with on the internet.
Summer of Coders at Google: Ed Baskerville
Now in his second year of working on GridSweeper for Summer of Code, Ed Baskerville recently joined us to talk more about his project and his burgeoning career as a cellist.
Thursday, July 12, 2007
Here at the Sundance Channel, we recently launched a weekly programming block dedicated to the environment, called THE GREEN.
As part of this online environment, Google Maps for Enterprise technology offered us a great platform for developing the Eco-mmunity Map, an exciting interactive tool that supports our television shows and creates a community of users around eco issues. The Eco-mmunity Map allows you to list and search for green individuals, businesses, special attractions, and action points anywhere in the world through a customized site. The Google Maps technology makes it simple to share information about environmental causes and events in your community. You can input and search for green information based on four key category "markers" -- Individuals, Businesses, Green Action Points, and Green Attractions and Events. By posting markers with detailed descriptions, contact information, related web links, comments, ratings, and photos, you can share local knowledge and suggestions with others from around the world. So come on over to www.sundancechannel.com/map and start adding your content today.
Ultimately, our hope is that visitors to the Eco-mmunity Map will have the opportunity to share their knowledge and connect with others in the virtual green movement. We're grateful to the Google Maps for Enterprise team that helped make this online world possible.
It's a little-known fact, but we're happy to tell you that it is possible to select this option within your account. First, visit the 'AdSense Setup' tab and select 'AdSense for search' as your product. On the code generation page, you'll see a sample search box under 'Search box style' that changes as you customize the layout:
If you'd like your search box to default to SiteSearch, simply click the radio button for SiteSearch within the sample. Once you've finished customizing your search box, copy and paste the provided code onto your pages – and voila, you'll see that SiteSearch is selected as the default for your search box.
Haven't tried monetizing your pages with AdSense for search yet? Visit our Help Center to learn more.
Posted by Arlene Lee - AdSense Publisher Support
We thought you might like to know that we've added support for another ten languages to Google Docs & Spreadsheets. We're now available in Danish, Finnish, Norwegian, Swedish, Czech, Ukrainian, Hungarian, Thai, Vietnamese, and Indonesian. To change your default language, click the "Settings" link from the top right of your document list. This means that now we know how to say "collaborate" in 25 languages!
With our launch of Linked Custom Search Engines (CSEs) we made it possible for developers to construct CSEs on the fly.
Using the Custom Search APIs, you can now dynamically construct CSEs, and Google will automatically update and maintain them for you.
You may already know how you can use our APIs to create innovative search-enabled applications. Today, we're delivering a Google Search widget for Blogger built using the AJAX Search API. Configure this widget on your Blogger blog to immediately search not just your blog posts, but across all the link lists/blogrolls you've set up on your blog and the links you've made from your posts -- in other words, the world around your blog!
Try out the Search Box widget at Blogger's experimental site, draft.blogger.com. Once you've logged in and configured the widget, visitors to your blog will see a search box there. The search experience inherits your blog's look and feel, and is uniquely flavored around pages you've linked to from your blog.
To add the widget:
- Edit your blog's layout.
- Click on "Add a page element", and configure the "Search Box" widget.
Your link lists will automatically show up as optional tabs for your search; you can decide which ones you want to configure.
Preview the search experience and save your changes. Your blog is instantly custom-search-enabled.
If you're not using Blogger, you can still use our AJAX Search API to put Linked CSEs on your website.
Let us know what you think, and what CSE-enabled applications you're working on.
As a member of the Gmail support team, I get to read testimonials from people about why they love Gmail. Many of you have lamented the fact that your work, school, and other email accounts aren't more like Gmail. Why can't all my messages magically appear in my Gmail account? Well, we can't do magic, but we do offer free POP-in access with Mail Fetcher.
Mail Fetcher lets you retrieve messages from up to five different email accounts. Besides taking advantage of Gmail's spam filtering, you can also use Gmail to send messages using your other email addresses. This is convenient for users juggling multiple accounts -- log in once from anywhere and access all of your messages from different email accounts (without missing a single Gmail chat). To enable Mail Fetcher, simply click "Settings," select the "Accounts" tab, click "Add another mail account" and specify your settings.
Just note that the account you're fetching from must have POP3 access. Some providers, including Yahoo! Mail and Hotmail, don't provide free POP3 access, but many ISP email services do. For more information on Mail Fetcher, you can visit the Gmail Help Center.
Wednesday, July 11, 2007
Many Google Desktop users install gadgets and plug-ins to customize and improve their desktop experience. For example, you've likely seen the gadget gallery, which holds all kinds of interesting gadgets, from games to news displays to tools. We're always looking for new ways to support the developers who build these add-ons using our APIs. So, to supplement our Google Desktop Developer Group, we've now created a new blog to open a another line of dialog and provide useful information such as tips, announcements, developer jokes, links to articles and tutorials, and more.
If you're interested in Google Desktop development, check out the Google Desktop APIs blog.
To enable this functionality, visit your blog's Settings | Site Feed page, and enter your feed's address in the "Post Feed Redirect URL" field.
Note: this feature isn't limited to FeedBurner alone - you can use any feed-mashing service (like Pipes) with it.
For more information about the Polls feature, see these posts on the Draft blog.
Google recently hosted the Plone Documentation and E-Commerce Sprint, and more than forty stalwart sprinters got some amazing things accomplished in just five days. The documentation team completely revamped the project documentation hosted at Plone.org, so any newbies out there should now find it much easier to get started using Plone. They docs team also created a great deal of new documentation focused on Plone 3.0, which should be leaving Beta soon.
The E-Commerce team spent their time making improvements to GetPaid, Plone's payment processing framework. Led by Kapil Thangavelu, core contributor to Plone and Zope, the team finished out the week with three payment processors, including Google Checkout, integrated into the framework. They also added shipping functionality to ease the order fulfillment process. Even cooler, the team started off their work with code targeted towards helping non-profits easily take donations through their Plone-based websites, and mission accomplished!
Congratulations to both teams for their many accomplishments during the sprint! Thanks to all of you for being our guests.
Ever imagined yourself diving in Chuuk, Micronesia? How about visiting the Mayan ruins of Yaxha, Guatemala? Well, maybe it's time you did. Though you probably won't make it to South America or the South Pacific in person before Labor Day, you can pay some quick visits to these and other exotic locales from the comfort of your computer, courtesy of Matt Harding, who has has been traveling to as many places in the world as possible, and dancing badly in all of them. Ten million YouTube views later, Matt has teamed up with the Google Earth crew to give us all a peek at some of his favorite stopping points. You can check out Matt's video below and, if you have Google Earth installed, explore lots of practical travel info (Yelp restaurant reviews for Las Vegas, for instance) by loading this Earth overlay file.
If you haven't yet transitioned, you might check out these resources:
- the animated tour of the new version,
- the Report Finder tool, which maps where data from the previous interface is located within the new version, (also available within your reports in the left navigation menu)
- the FAQs,
- and the features page for the new version.
Posted by Christian Yee, Google Analytics Team
AdWords system maintenance typically occurs on the second Saturday of each month during the above times. We'll continue to update you here as we always have, but you may want to take note of our intended dates and times to help you plan for any scheduled downtimes further down the road.
Posted by Judy, Inside AdWords crew
We apologize for the inconvenience.
Posted by Adam Wooley, Google Analytics Team
Citizens should have a right to privacy online. And governments have an obligation to keep their citizens safe. Finding the right balance between privacy and security is a delicate balancing act. Europe's recent experience with data retention holds interesting lessons for everyone concerned with this balance.
In the aftermath of the Madrid bombings in 2004, the European Council adopted a Declaration on Combating Terrorism, which stated the need for rules on the retention of communications traffic data by European service providers for the first time. In some European countries, the ability to monitor communications was perceived as a practical priority in helping law enforcement agencies prevent and investigate terrorist acts. In April of 2004, the UK, Sweden, Ireland and France put forward a proposal for a Framework Decision calling for the retention of a wide variety of data for between 12 and 36 months.
However, for some politicians, the idea of adopting wide-ranging measures, requiring providers of telecommunications and Internet services to retain details of calls and electronic communications for periods of time beyond their pure operational needs, was not entirely justified. Indeed, for a while European privacy rights appeared to have the upper hand and the European Union institutions seemed to listen to the objections of the European Parliament's Committee on Civil Liberties, Justice and Home Affairs.
According to the calculations of this group of European Members of Parliament, if all the traffic data covered by the proposal did indeed have to be stored, the network of a large Internet provider would accumulate up to 40,000 terabytes – the equivalent of four million kilometers worth of paper files -- or about 10 stacks of files each reaching from Earth to the moon. But others pointed out that even the slowest terrorist would figure out that he could simply avoid his communications being traced by using a non-European service provider. Nonetheless, the political pressure continued, and the European Commission went on to propose a directive on data retention in September 2005.
The rest is history… and now law. Although the European Parliament's Committee on Civil Liberties, Justice and Home Affairs succeeded at introducing some amendments aimed at softening the effect of the proposal, an unprecedented data retention directive was adopted by the European Council on 15 March 2006. This directive imposes retention obligations between six months and two years in relation to accessible data generated or processed as a consequence of a communication or a communication service.
On paper, the aim behind the directive is simple and proper: to harmonise data retention rules across the EU and to ensure that the necessary information is available for the purpose of the investigation, detection and prosecution of serious crime. Unfortunately, the simplicity pretty much ends there. For a start, using the words "directive" and "harmonisation" in the same sentence is often an oxymoron, especially when a directive is cobbled together as a compromise between conflicting ideological positions.
On a practical level, the likelihood of seeing a consistent implementation of the rules across the EU is effectively zero. The timing of the implementation – due by September 15, 2007 – will certainly vary. 16 of the 27 EU Member States have already declared that they will delay the implementation of data retention of Internet traffic data for an additional period of 18 months, as permitted by the directive. The compulsory retention period for each type of data will also vary from country to county (e.g. Germany has proposed 6 months, the UK 12 months, and the Netherlands 18 months). The interpretation of other key elements, such as "serious crime," "competent national authorities," or "electronic communications services" will be different across jurisdictions too.
These uncertainties impact on the justification for any privacy intrusions. Is a country more democratic than its neighbour because of its shorter retention period? Or do the citizens of that country face a greater security risk for the same reason? If there is something about the data retention directive that can be called into question is its proportionality – not necessarily in terms of financial cost to service providers, but in terms of privacy and anonymity loss. And what will Internet companies do in practice, especially if they operate one data architecture that cannot vary from one country to another: apply the longest retention period, or the shortest, or some "average"?
The data retention directive is of course just part of the picture. Several other initiatives provide additional evidence of the fact that traditional concepts of Internet privacy are in turmoil. One example was a proposal by the German government to complement its anti-terrorism measures by prohibiting the use of anonymous email accounts, by mandating that service providers verify the identity of their account holders.
Thankfully, the German government has recently retracted this proposal. Nonetheless, the idea continues to appeal to many: to make sure that every single e-mail user can be tracked down to an identifiable individual, so that the police can locate the terrorist behind the e-mail with the bomb-making instructions attachment, to take the most blatant possible example. The issue once again is whether this threat to anonymity on the Internet will be effective in making the world a safer place. Or will it do nothing to catch your average technology-savvy terrorist while eroding yet another layer of Internet privacy?
So, against this background, what is Google doing? We have recently announced a new policy to anonymize our search server logs after 18 months (we're the first in our industry to have taken this step). We're trying to get the balance right too, between privacy and other goals (like security, fraud prevention, and search improvements). People want to be free as much as they want to be safe. That's true online too.
Tuesday, July 10, 2007
When we were building the original Google Maps site, we envisioned that it would eventually become a platform for navigating all kinds of location-based information, such as home listings and travel information. Within weeks of the launch of Google Maps, we were pleasantly surprised that an independent developer named Paul Rademacher released HousingMaps.com, a site that displayed housing listings from Craigslist on top of our interactive maps -- what is now known as a "mashup" -- without needing help from anyone at Google. Hoping to encourage even more of this type of innovation, we released the official Google Maps API in June 2005, and since then, developers have created over 50,000 Google Maps mashups.
To address these issues, we started two major projects:
In April, we released the first version of "My Maps," which empowers anyone to create a personal map simply by dropping placemarks onto the map. These maps are hosted on Google Maps and can be shared with friends and family. When marked as "public," these maps are automatically included into the Google Maps search index so that other users can find them. Since the launch of the "My Maps" tab, over 4 million maps have been created.
While this drag-and-drop editor is a great tool, we still needed a solution to help with mashups that have dynamic content such as real-time weather conditions. Thus, we created the Google Mapplets platform, which enables any developer to create mini applications that overlay their content and services onto Google Maps. We announced a preview version of Mapplets in May, and over 100 developers submitted Mapplets within the first month.
Today, we've brought these two features together under the "My Maps" tab on Google Maps. You can now layer information from multiple sources on the same map as well as save content that's relevant to you into a personal map. For example, if you're looking for a home in Chicago, you can add Mapplets that display real estate listings and Chicago Transit Authority train lines so that you can find out which homes are near public transit. To get an even richer sense of the surroundings, you could also layer in photos of the neighborhood and local events (from Zvents). When you find a home that you're interested in, simply click on "Save to My Maps" in the home's info bubble and save a copy of it to your personal map.
To get started, check out this demo video and then head over to the "My Maps" tab to find great maps and tools you can add from the Google Maps Directory.
Posted by Trevor, Inside AdWords crew
If you're an expert spreadsheet user, you might be familiar with the powerful and obscure feature known as array formulas. They're powerful because they let you replace an entire column of formulas with a single array formula that does all the calculations in one place. And they're obscure because you've always had to hit Ctrl-Shift-Enter to create one, and, well, who's ever going to discover that on their own?
It's now a lot simpler to create an array formula in Google Spreadsheets. If you want to create a multiple-output formula (like TRANSPOSE or MMULT), just enter the formula normally and hit enter. As if by magic, the entire output of the formula will appear. And if you want a multiple-input formula, wrap the whole formula in the ARRAYFORMULA function, like so: =ARRAYFORMULA(SUM(IF(A1:A10>B1:B10, A1:A10, B1:B10))).
And if you've never heard of array formulas but we've piqued your interest, take a look at our array formulas help page that explains them in a little more detail.
Initially, Gauri and her team relied on fixed ad colors and placements. They noticed that the site was earning a similar amount of revenue each month. "We had a problem choosing color codes and ad placements, which we didn't know could actually impact our revenue so drastically," she remembers. But she soon found the benefits of testing with custom channels.
"We placed channels on the ad units and changed the ad positions to understand the performance of each unit, resulting in much higher revenue," she says. For example, Gauri added a 300x250 medium rectangle to the bottom of each article and moved her link unit from the right sidebar to the left. In addition, she updated the colors of her ad and link units to match the look and feel of the rest of her site. Together, all of these changes resulted in a 60% increase in revenue.
"It is now easy to optimize the site's performance with custom channels. They give us a complete picture of how different ads are performing on our site, and help us to compare all ad units and pages," Gauri comments. Even now, her team continues to experiment with other changes to find what will perform best for Mid-day.com. "We have learned that subtle changes can produce significant results."
Posted by Warren Pereira - AdSense India Publisher Support
As I've written before, Google has become increasingly involved in U.S. spectrum policy issues this year. One of our top public policy objectives is to expand the Internet's reach to more Americans. In part, that means creating new competition to challenge the existing broadband access duopoly (between cable and phone companies), by paving the way for consumers to gain meaningful alternatives via advanced wireless services.
Unfortunately, the wireless airwaves required to develop such a service traditionally have been allocated in a fragmented and inefficient manner. The federal government's upcoming auction of spectrum in the 700 MHz bands (as part of the digital television transition) offers a tremendous, and probably unique, opportunity to promote competition and web-based innovation.
Earlier this year, Google and other members of the "Coalition for 4G in America" urged the Federal Communications Commission to adopt flexible rules that encourage competitive entry by new and innovative broadband companies. At the time, we stated that our advocacy in the 700 MHz proceeding did not necessarily signal our intention to participate in the auction itself, although no final decision had yet been made.
In comments we filed in late May, we stressed that new entrants face considerable hurdles when competing head-to-head with incumbent wireless carriers. We also noted that a proposal by Frontline Wireless to impose a wholesale/open access mandate on a certain spectrum block would ensure that the owner of that block at least would operate its wireless network in an open manner.
Over the last several weeks, we've been taking a closer look at whether and how Google might participate meaningfully in the auction. As part of that look, we've consulted with spectrum auction experts and conducted various game theory scenarios. Our analysis has confirmed that, under the originally proposed rules, the existing national wireless carriers are likely to prevail in the bidding process against a potential new entrant like Google. While we remain interested in the possibility of participating in the auction, it's clear that the incumbent carriers have built-in advantages that will prove difficult to overcome (particularly the economic and operational barriers to entry for a company like ours, and the relatively greater value and usefulness that spectrum brings to existing carriers).
What would happen if one or some of the existing national wireless carriers win this valuable spectrum at auction? They would probably use it to protect their existing business models and thwart the entry of new competitors -- both understandable actions from a rational business perspective. Beyond the loss of a valuable public resource, however, that outcome would not bring us any closer to fostering much-needed competition in the broadband market, or providing innovative new web applications and service offerings.
Too much is at stake for the federal government to let that happen. Late yesterday, we filed a letter urging the FCC to take concrete steps to make sure that regardless of who wins the spectrum at auction, consumers' interests are best served. We believe that the winning bidders should be required to adhere to enforceable rules that require the adoption of four types of "open" platforms:
- Open applications: consumers should be able to download and utilize any software applications, content, or services they desire;
- Open devices: consumers should be able to utilize a handheld communications device with whatever wireless network they prefer;
- Open services: third parties (resellers) should be able to acquire wireless services from a 700 MHz licensee on a wholesale basis, based on reasonably nondiscriminatory commercial terms; and
- Open networks: third parties (like internet service providers) should be able to interconnect at a technically feasible point in a 700 MHz licensee's wireless network.
We believe that adopting these four license conditions collectively will encourage prospective broadband companies to participate in the auction, and be able to bid successfully for the available spectrum. Not only are new entrants more likely to embrace an ethos of openness, but additional forms of competition will emerge from web-based entities, such as software applications providers, content providers, handset makers, and ISPs. And consumers ultimately will come out ahead in that rich and vibrant broadband environment.
In the meantime, there is now potentially positive news coming out of the FCC. Chairman Kevin Martin apparently is about to circulate proposed auction rules to his fellow commissioners, and we're hearing through the proverbial grapevine that his proposal includes several of the open platform conditions we have recommended. If these reports are accurate, we are most encouraged by this favorable development. Obviously we'll need to see the fine print, but such a proposal would represent a step forward for new, innovative entrants to the broadband market.
Monday, July 9, 2007
Almost every stock investor that we talk to during our user visits makes use of a spreadsheet to compile the data they have researched and many use their own formula to help decide when it is optimal to trade a stock. Whether they use Excel or a napkin, vast numbers of investors spend time every day keying in or writing down data. Wouldn't it be great if there was a spreadsheet that you could access from anywhere with an Internet connection -- a spreadsheet you could share with certain friends and automatically get the data updated to save you doing that work each day? For a while now, Google Spreadsheets has included Finance formulas so you can do all this and more.
Within Google Spreadsheets you can select the Formula tab and follow the more >> link on the top right.
Look at the Google section within the dialogue box and from here you can see the syntax for entering a Finance formula (see above). The details of all the stock and mutual fund data that you can pull into the spreadsheet can be found on this help page. To quote a section:
"Here are a couple examples using the formula:
* To insert the current volume of Google stock:
* To insert the current price of Google stock:
=GoogleFinance("GOOG") and =GoogleFinance("GOOG"; "price")
* Alternatively, the stock symbol and/or the attribute values can come from spreadsheet cells. For example, the function can be:
In this case, the attribute specified as a string in cell B1 would be returned for the stock symbol in cell A2."
Using this approach you can set up your portfolios and watchlists and have the data be updated continually. This is a screenshot of a portfolio I pulled together in a few minutes:
If you have your own formula that you would normally use to screen stocks then go ahead, it is easy to add them in. If you want to collaborate with anyone else, maybe a co-worker or investment club, it is easy to add them through the Share tab and you can show off your winning formulas with the world by publishing the spreadsheet and linking to it on your blog.
You can see how powerful this tool is, and so we are busy talking to folks who use it, and exploring ways in which we can improve it. If you have any ideas, please feel free to comment below.
People request new features for Google Calendar all the time. They post to blogs, send email to our support team, call to me on the street, etc. One thing people always ask me about is better mobile access. You can already send a text message to "GOOGL" with a search query, and you'll get a text message reply with the top Google search result. Some folks want a similar service for Google Calendar, where they can send text messages to add events to their calendar or find out what events they have coming up. This is by far my favorite request -- not only because I think it's a great feature, but because it already exists.
Here's how it works: send a text message to "GVENT" (48368) with information about an event, like "3pm cappuccino at Borrone's," and this event will be added to your calendar. Just like the "Quick Add" feature in Google Calendar, GVENT will pop the event into your calendar in the right place. You'll get a text message back confirming the details of your event. Or, send the word "day" to "GVENT" to get a text message response containing all of your scheduled events for today, "next" for your next scheduled event, or "nday" for all your events scheduled for tomorrow. You can learn more about GVENT in the help center.
And now I'm off to get my cappuccino.
(if you're unfamiliar with Twitter, its FAQ states that, "Twitter is a community of friends and strangers from around the world sending updates about moments in their lives. Friends near or far can use Twitter to remain somewhat close while far away. Curious people can make friends. Bloggers can use it as a mini-blogging tool. Developers can use the API to make Twitter tools of their own. Possibilities are endless!")
We have rescheduled the server maintenance originally planned for Thursday, July 5th at 9pm PDT. This maintenance will now occur on Monday, July 9th at 9pm PDT. At that time, Google Checkout will be unavailable for approximately 60-90 minutes. During this maintenance period, the Google Checkout button will not appear on merchant websites, and merchants will be unable to process orders or log in to their Google Checkout account. Please note that any orders received prior to this scheduled maintenance will be unaffected. If you have any questions, please contact the support team. We will be sure to let you know if there are further updates to the schedule.
Posted by Niels Provos, Anti-Malware Team
Some of you might have seen this message while searching on Google, and wondered what the reason behind it might be. Instead of search results, Google displays the "We're sorry" message when we detect anomalous queries from your network. As a regular user, it is possible to answer a CAPTCHA - a reverse Turing test meant to establish that we are talking to a human user - and to continue searching. However, automated processes such as worms would have a much harder time solving the CAPTCHA. Several things can trigger the sorry message. Often it's due to infected computers or DSL routers that proxy search traffic through your network - this may be at home or even at a workplace where one or more computers might be infected. Overly aggressive SEO ranking tools may trigger this message, too. In other cases, we have seen self-propagating worms that use Google search to identify vulnerable web servers on the Internet and then exploit them. The exploited systems in turn then search Google for more vulnerable web servers and so on. This can lead to a noticeable increase in search queries and sorry is one of our mechanisms to deal with this.
At ACM WORM 2006, we published a paper on Search Worms [PDF] that takes a much closer look at this phenomenon. Santy, one of the search worms we analyzed, looks for remote-execution vulnerabilities in the popular phpBB2 web application. In addition to exhibiting worm like propagation patterns, Santy also installs a botnet client as a payload that connects the compromised web server to an IRC channel. Adversaries can then remotely control the compromised web servers and use them for DDoS attacks, spam or phishing. Over time, the adversaries have realized that even though a botnet consisting of web servers provides a lot of aggregate bandwidth, they can increase leverage by changing the content on the compromised web servers to infect visitors and in turn join the computers of compromised visitors into much larger botnets. This fundamental change from remote attack to client based download of malware formed the basis of the research presented in our first post. In retrospect, it is interesting to see how two seemingly unrelated problems are tightly connected.