With hundreds of millions of Google accounts in existence, and reliance upon Google accounts for your personal life, your business life, your cell phone, your calendar, your documents, etc, you should absolutely consider the security of your Google Account. The easiest way to do this is a strong password. Unfortunately, strong passwords can still be broken by dedicated or interested individuals or groups. One thing you can do to greatly increase the security of your Google account is to add Two-factor authentication. With 2-factor authentication, it is extremely difficult for anonymous remote entities to break into your account.

What is Two factor authentication?

Historically, Two factor authentication relied on a small piece of hardware they would ship to you. This was great from a security perspective, but was not convenient and was not mobile. Google (as well as other such as Blizzard) have begun to allow 2 factor authentication using Smartphones. This enables you to combine something you know (your password), with something you almost always have with you (your smartphone) to achieve better account security.

Setting up Two Factor Authentication on your Google Account

There are about 8 easy steps you can follow to quickly get 2 Factor Authentication working with any smart phone.

1. Log into Gmail and Click on the drop down next to your email address in the upper right hand corner.
2. Click on "Account Settings".
3. Under the Security section, select "Using 2-step verification".
4. Click on "Start setup" from the right side of the screen.
5. Create a backup method by entering a phone number to text or call.
6. Click on "Turn on 2 Step Verification".
7. Decide what smartphone you wish to use to generate codes, and select it from the list at the top. Follow the instructions for your phone.
8. Create application-specific passwords for your mobile devices and special applications, like Google Music.

What to expect

Overall, you should have confidence in the security of your account, but at the same time you should expect the nuisance of needing to run an application on your phone every 30 days, and every time you want to access your account from a new computer. Additionally, some rare applications (such as Google Music for Linux), are not written well, and won't save passwords. This means that any time you want to run that application, you need to log in and generate a new Application-specific password for it.

Google will also create some backup codes for you, I have them stored securely on one of my servers that I can access via SSH. This is in case you lose your phone at any point, you don't lose complete access to your account.

Make sure you delete unused Application Specific passwords, and enjoy the additional peace of mind and security that 2 Factor Authentication provides!

Some of us live on the edge. We sacrifice stability to be on the bleeding edge of technology, experiencing new features immediately as they are added. Here are my top 5 pieces of software that are generally safe to update on a daily basis.

Chromium

When developing web pages for mass consumption, one of the most important things you can do with your content is to make sure it is being transmitted in a compressed manner. Typically for web pages, the way to achieve this is to gzip your content. If your browser supports this, it will report its support to the browser as one of the headers when it requests a page. When the web server receives this, if it has the correct setup it will render the content, place it into memory, run a compression algorithm on it, and transmit it. On the client side your browser will then take the compressed stream, uncompress it, and render the page to the user. This may seem like a lot of steps, but in actuality, the slowest part of the request/transmit/rendering process for web pages is usually the internet transaction, and compression can speed things up many times.

When setting up this type of compression, or when testing the setup of an existing server, it can be very helpful to have a tool that will report whether a given URL is being sent gzipped or not. In order to address that, I have built a GZIP Detector. Simply give it a URL, and it will tell you whether or not that URL is being transmitted in a compressed format. There are many other ways to detect this, but they aren't always handy, or they require specific software or browsers.

Hopefully this GZIP Detector will provide value to someone besides me.

HTML5 Beta YouTube Video Download

The battle for YouTube continues. I love to download videos from YouTube. If you are using the HTML5 beta, I had previously written a bookmarklet that unblocks the videos and lets you download them directly with HTML5. It appears that either a recent update to Chrome or to YouTube has rendered the existing bookmarklet ineffective. Some javascript investigation has revealed that the event listener for oncontextmenu is now anonymous (or at least I don't have it in scope), and setting it to false no longer clears the listener (as it shouldn't according to DOM). This means that in order to continue using the YouTube Unlocker Bookmarklet, I had to update it to clone the node, and replace the old one. Cloning a node in DOM does not copy event listeners, and this is the only way to clear them.

Or just drag the YouTube Unlocker Bookmarklet onto your bookmarks bar and you should be good to go. This has only been tested in chrome.

Flash YouTube Video Download

If you still use the old Flash way of viewing videos, they have also improved their algorithm so that videos are deleted as soon as they are opened in /tmp/. This means that you can no longer trivially copy them out. Fortunatly the file still exists on linux systems, and it's not impossible to copy them out of the tmp folder. Check out the following command line (which I pasted into a button on my panel) that opens the video in VLC. Similar could be used to copy the file to your home folder, or whatever you wanted to do with it.

On a technical level, this command looks up the flashplayer executable and finds open file handles (including deleted files) to Flash files in your tmp folder. The string is then rewritten into something that can be passed into VLC. If you run this script (or hit the button on your panel with this script in it), VLC will open with any currently open videos, making watching the video easy and nice again.

YouTube has a major challenge with their adoption of HTML5, they want to leverage the new format and capabilities, but they don't want to make it easy to download videos. This is going to be one of the biggest challenges youtube faces until they realize that allowing users to download videos will not reduce their market position or decrease ad revenue.

Originally with the flash version, downloading youtube videos was as easy as copying the unstreamed files from /tmp/ assuming you are using linux. With the introduction of HTML5 videos (both .h264 and webm videos) they made it a little bit harder, because HTML5 videos were not stored in adobe's cache, but in your browsers further obfuscated cache. This was overcome by disabling a content blocking box that they put over the video.

Round 2 of Downloading YouTube Videos

Now it seems they have updated the site again, and some additional sleuthing was required to see what they were doing. They are now using javascript to capture and ignore the right click event when you click on the video. I have expanded my bookmarklet to fix this issue as well. I left the original unblock code in there just in case they try multiple techniques. Drag this bookmarklet to your bookmark bar. This bookmarklet unhooks the context menu capturing event, and removes a blocker box if one is found.

As of 2010-08-07 it is safe again to update to the chromium nightlies without losing large amounts of functionality. As of chromium-browser 6.0.487.0~svn20100806r55176-0ubuntu1~ucd1~lucid, the issue with <video> and <audio> tags has been fixed, and these pieces of HTML5 are working again. This means that my HTML5 video gallery is working again in chromium, as well as the YouTube HTML5 preview. Hurray!

If you do manual upgrades and are using the Chromium Nightly (or daily) builds, you should probably not upgrade. The last 2 nightlies released contain issues with broken HTML5 video. Not only do they no longer support any codecs, the entire video tag doesn't work. This can be confirmed by visiting YouTube with the HTML5 beta active, by visiting my HTML5 Video Gallery, or by visiting the HTML5 Test.

Affected Chromium Versions

• 6.0.478
• 6.0.480
• 6.0.483
• 6.0.485

Unaffected Chromium Versions

• 6.0.472 (and earlier)

One of the most common reasons to build a tool for an open source developer is when the developer him or herself wants the tool. This is the case with Reddit Imager, a tool designed to improve Reddit. The concept is simple, whenever there is a URL or image format we recognize (very few right now), replace the tiny thumbnail with the blown up version, maximized to the screen width. I launched this extension on the Chrome Extension Gallery because I wanted to try out the gallery at least once, despite my dislike of giving Google control. Now the extension has a couple users, and I want to make sure they get the features and capabilities they want.

What's new in 1.1?

Reddit Imager 1.1 released today adds an options page where users can specify their mode. Normal mode automatically replaces matching thumbnails with their blown up versions. I also added activated mode, which waits for a user to try to click on the thumbnail before blowing it up. I find this feature a little confusing because there are very few thumbnails we are actually capable of blowing up, but it was requested and I wanted to try it out.

Let me know if you think I should switch default modes, add other options, or add some type of visual indicator for which images can be blown up on the home page.

Report issues or feature requests here: http://github.com/PeEllAvaj/redditimager/issues

Although Google definitely frowns upon the practice, there are several high profile methods for downloading videos from YouTube. There are several windows programs for doing this, and a couple command line tools, but I have developed a couple simpler methods that work really well under Linux. These methods are changing as Flash and HTML5 come into prevelance, but as of today, both of these methods work depending on whether you are using the HTML5 version of YouTube or not.

Download YouTube Videos when using Flash Player

You can be sure that you are using the flash player by right clicking on the video. If the bottom menu entry shows "Flash Player", then you are using Flash.

The flash player makes this relatively easy to do. Simply open Nautilus or Dolphin to /tmp. After the video begins streaming to your computer, it will show up at the bottom of the folder list when you sort by Date. It should have a random filename that looks like Flashe6Oshq. At ANY POINT during the streaming, you can move this file, or give it a real name. I always rename it in place and then drag and drop it into my home folder. The only thing you need to do is make sure you don't navigate away or close the tab containing the video streaming until after the video has finished downloading. I typically give these files a .flv file extension, as this is their container format. This has been tested in Firefox and Chromium/Chrome on Linux.

Download YouTube Videos when using the HTML5 Player

This works now with the .h264 file, and it should continue to work with the new .webm videos. HTML5 has built in capabilities for "save file", but YouTube blocks this by placing a transparent element on top of the video. You can hide this video by clicking this bookmarklet: YouTube Unblock. You can drag that link to your bookmarks bar to use it on YouTube. All you need to do after that is to right click on the video and click on "Save Video As". This should work in Firefox and Chromium/Chrome, but I have only tested it in Chromium. These files will be .mp4 encoded (as of today), and in the future .webm encoded.

One of the biggest strengths of Theora was the ability to easily re-encode video on the command line with the tool ffmpeg2theora. Theora encoding could be accomplished by passing flags to ffmpeg, but the ffmpeg2theora handled common settings and detection and made converting existing files even easier.

For me, one of the biggest successes for WebM will be when a command becomes available, and is released in the package systems that allows users to simply run ffmpeg2webm when encoding. I'll be re-releasing my videos as a WebM gallery as soon as Firefox and Chromium stable builds have WebM support, or sooner.

Desired man page

Take the following man page as an example of what I'm hoping for.

I have included my rough notes from Google IO 2010, keynote 2 below. I'll be cleaning them up as I have time as they are rather unorganized now.

Some of the initial comments by Google compare "draconian future" and Apple which ends up coming off pretty inflamatory. "If you want freedom, choice, etc, welcome to android".

At this point, they are coving some of the milestones achieved by Android:

• Wow, 100,000+ new android activations per day worldwide
• Android is #1 for web and application usage as of now
• 1 billion miles of paths navigated on android in 6 months
• 5x growth in mobile search from '08-'10 (across all mobile phones)
• 50,000 applications in the marketplace
• 180k developers.
• 7 releases in 18 months.

At this point, the discussion turns to Froyo, the new Android 2.2 operating system. They gently sprinkle post-froyo functionality that they are working on. I will try to mark where they said something might be post-2.2, but I may have missed a couple of these indicators.

Announcing Froyo - Android 2.2

Android speed

They have achieved a lot of things with the Dalvik VM, and one of the biggest of these is a speed increase in the newest version. They introducing JIT (just in-time compiling). With existing applications and hardware, this has a 2-5x speedup effect, which is frankly pretty amazing, and somewhat needed.

They demonstrate a game: replica island comparing Eclair and Froyo. Although they use the same hardware, froyo is faster.

Enterprise Device Administration

The intent is Android works well with existing enterprise infrastructure and management tools. The new version of Android is completely capable of belonging to a domain name, with features like remote wiping of the device, and the application of domain policies for phones that belong to a domain.

New services in Android SDK

This includes items such as a new data backup API that allows you to migrate data when you migrate phones. One of the more groundbreaking additions to the API is a Cloud to Device messaging API. This API allows you to start intents remotely. Imaging looking at a google map with directions on the desktop browser, being able to click a button and have those directions on the mobile device.

The second example of the Cloud to Device messaging API they talk about is the idea that you could be reading an article on the desktop, press a button and sends article to device.

Tethering and portable hot spot

More devices shouldn't mean more complexity and bills. Android of capable of serving the needs of other devices. The demonstration used an Android to give an iPad internet, to the amusement of the crowd.

Android Browser Improvements

Their data shows that the top three things individuals use their phones for are as follows:

1. Phone calls
2. text messaging
3. browser

Froyo is introducing a 2x-3x browser performance increase. The way they are achieving this is with V8 for android. They show a demo comparing Froyo, Eclaire, and an iPad using the Sunspider test. iPad started first and given a head start. The results end up showing that Froyo finishes, then iPad, then a very close third is Eclair for browser javascript performance.

They had a frog swimming laps to show the sunspider benchmark performance in an interesting way, and he makes a joke about whether or not they could get this in the app store, but then makes the comment that it's a web application.

Integration with Native Capabilities

Orientation/Camera/Speech/Magnetometer/Accelerometer are all capabilities native to the phone that they want to expose to browser-based applications, not just native applications. Google made a very loud and clear statement that they intend on maintaining leadership in browser capabilities on the phone. They will be offering web developers access to orientation, camera, speech, magnetometer, accelerometer. This could possibly be beyond Froyo.

At this point, they demo a web-based Buzz Camera application for demonstrating picture taking as part of a Google Buzz status update. The demo fails the first time, but they come back to it and it works.

They really stress the idea of accessing capability from browser: translate app with new feature: microphone "can you help me find the nearest hospital"

Existing Android Features are getting better

They provide a demo of voice search:"pictures of barack obama with the french president at the g8 summit", "pictures of the golen gate bridget at sunset", and "del dotto vinyards, napa". Each of these terms is quick and effective.

Human intention understandings

The live example they perform is "call 5th floor restaurant", which is a contact in his phone.

Flash 10.1 public beta, AIR Developer Pre-Release

Another few rips at apple: "Worlds most comprehensive browser" "It turns out that on the internet, people use flash"

They state that part of being open means your inclusive, rather than exclusive. He gives an example where his daughter had picked up her ipad, tried to go to nickelodian. On the iPad, all she got was a big orange screen, but it works perfectly using Android. He calls out a "special thanks to adobe", as they have been working together to meet the needs of users . He says that this is "much nicer than just saying no".

Android Marketplace

The average Android user installs more than 40 apps per devices. They want to add the capability to search inside apps, move apps to sd card, update all apps. Their new interfaces for keeping applications on the SD have the functionality that apps automatically move if you run out of space, as well as allowing manual control if you want it.

On the phone, developers can plug into the search framework. The live example he shows is that mint returns financial records in the smart search box. The addition of an "Update all" button is great, and he states that they were basically embarrassed that we didn't have that before. You can also allow automatic updates on an app-by-app basis with an "allow auto update" checkbox.

They understand that you need to close the loop between users and developers to improve quality of app store. A new "Report" crashes feature goes to the developer. Developer gets to see the entire stack trace of real user bugs from real user devices.

Post froyo: they will be releasing a web market that is automatically connected to all of your android devices, browse and install from the web. They make a comparison with the Apple model where you are always tethering and syncing your whole device. "We discovered something really cool, it's called the internet", when he presses download, it automatically installs in the background on the device over the air.

They plan on extending the Android marketplace "because it's more than apps", including features like Music sales, that are instantly and immediately send to the devices "using the internet".

One question they ask is "What do I do with my existing music?" They answering this question with the services of one of the companies they bought, simplifymedia - makes all of your non_DRM music available to device over internet. This capability is similar to the Gmote, but much more mainstream. When they plug in the speakers to the device, they realize they still have the phone call to the 5th Floor Restaurant still going on in the background. This is a great unintentional advertisement for multi-tasking.

Advertising on Android

Google really applies their experience and wisdom to the new market of advertising on mobile devices. For Advertising you need a healthy ecosystem, and "you need advertisers, we have them. If you have an ad spot, we have invetory to fill it.". They show several new advertisement types and notes they are working on releasing.

1. local advertisers, direct response, brand advertisers - need formats that meet different needs
2. measurement for advertising on android
3. "we have some tools you may have heard of" adsense, analytics, doubleclick
4. Open to Innovation (cute google ponies)
5. adsense for mobile apps - contextual relevance
6. direct native interaction for advertisements within context of app
7. expandable add with rich media (movie trailers)
8. add format with direct phone call.
9. expandable with embedded map and click to call.
10. fully immersive inline ad with integration delivered by medialens (not through google), doubleclick works with any ad network based on relevance.

Google TV

Again they list some facts / observations, and then move into some of the new features and opportunities provided by Google TV.

• For developers - no bigger market than tv
• "TV Just Works" - access really cool stuff
• 1994 laptop, 2007 mobile, TV,
• Web and TV is completely separate
• Today everyone sits around the laptop,which doesn't work.
• Don't put web on TV (WAP SUCKS)
• Closed doesn't work, people must go to anywhere on the internet
• Using the TV's "input button" loses 90% of people if you have to switch
• If you make them choose "TV or Web", they choose TV.
• Google TV, tv meets web, web meets tv
• things that will redefine tv:
  1. less time finding, more time watching
  2. control and personalize what you watch (and when)
  3. make tv content more interesting
• To me, this sounds like mythtv, but perhaps better executed, and more backed by a huge company?
• There are too many chanels for existing guides. Users need the relevancy of search
• search box for tv (same empowerment) "Quick search box" accross tv and web
• dvr integration
• Android phone input device, pairing over wifi (VOICE RECOGNITION FOR TV through phone)
• browsing a web page on the phone, click button (pushes to TV)
• remote control protocol standardized (open source)
• Google TV: (Built on android)
• Android apps on TV
• Push apps from Google Apps to Google TV

Over the past week I have been doing a lot of work on Chromium Extension development. The main place people go to download extensions is the Google Chrome Extension Gallery. I assumed when I began writing the CSS Destyler that I would want to upload the extension to the main Gallery.

The Problem with the Gallery

The biggest problem with the gallery is the fact that You Lose Control. What this means is that when you compose the .zip file to upload to the gallery, you are not allowed to include an update URL in the manifest.js file. Google does this because they want to use the gallery as the update URL. This is nice for Google because they get to leverage their servers and track google extension usage.

The problem with this is clearly shown with what happened to the YouTube HTML5 extension I worked on with Mark Renouf. After several months of being online with a useful tool that improved the YouTube experience on Chromium, Google made the decision to remove our extension from the gallery. Although users with the extension installed were able to keep it, soon thereafter Google updated the YouTube HTML format and URL structure. Without the gallery, our users were unable to get updates, breaking the extension for thousands of people. By this point we had an alternative host, with working automatic updates, and a new working version. Despite this, we were unable to fix the broken code for any of our users.

Compared with Apple's market

If you look at the Apple App Store which is used by the iPhone and the iPad, there are some huge problems for developers.

• Original Upload Approval (Many many developers and companies have been prevented from breaking into the market because of this)
• Update Upload Approval (You have to get Apple's approval to make changes to your software)
• Moral Absolutism (Apple considers itself the authority on morality, blocking apps with pornography, swearing, or other allegedly immoral activities)
• Development Restrictions (Apple has recently updated their agreement to prevent applications written in other languages, or even with other tools from ending up in the App Market)

These are huge issues from a freedom standpoint. These restrictions could be considered inherently evil because of their lack of freedom, and the totalitarian control of software that Apple is trying to have. Google isn't anywhere near this level of restriction, but the their Android and Extension markets/galleries are beginning to exhibit too much centralized control from the corporation, where they decide what you can an cannot do as a developer, which ends up effecting what users can do with their computers.

When browsing web pages, one of the biggest strengths of the current state of HTML is the ability to style web pages using CSS. Sometimes web authors take things too far and end up making their content less useful, and harder to use and read. In order to respond to this, I have created a CSS Destyler that works by matching against a list of URLs and then removing the stylesheets from the page if it matches.

This project is a Chrome/Chromium extension, and should work for anyone. I built it in about two hours this evening (whilst learning the messaging protocol between content scripts, background pages, and option pages). It's not very polished, but it gets the job done.

Installing and using the CSS Destyler

You can either build it yourself from the CSS Destyler GitHub home, or download it from the Google Chrome extension library, where I'm hoping to upload it soon.

After you have installed the extension, click on the options page and add a couple of URLs. Any URL you visit that matches one of the strings you provided will then be Destyled for as long as you have the extension.

The future

In the future, I want to add a PageAction icon at the top so that people can add the current page they are on to the list of urls to destyle. I also want to clean up the current icon, and add the ability to delete items from the options page.

In the past month or so, HTML5 has been getting a lot of attention. I still feel that HTML5 is really going to be one of the biggest causes of change and innovation in computing for the past 5 or 6 years. Based on the W3c's past history, it seems that all of this is going to happen at the will of the browser makers, rather than the will or planning of the W3c. It is estimated that HTML5 won't become a formal recommendation until 2020, but the browser makers are going forward with these things today, with or without each other, or the w3c.

One of the bigger changes people are discussing, but we haven't seen yet, is Google's commitment to make their video codec free. This was the codec they acquired when purchasing On2. In theory this codec will solve all of the debate between Ogg Theora and .H264

Conformance

There are two really nice tests you can look at right now to see how your browser is doing in the race for implementation of new functionality, and for conformance to standards.

• HTML5 Test - Uses 160 CSS and functionality checks to measure implementation status.
• The Acid 3 Test - A standards conformance metric combining a wide variety of measures. Your browser must match the provided image exactly.

Functionality

There is one really neat presentation designed to demonstrate some of the working features of HTML5. Best viewed in Chrome, as they use some webkit-specific functionality while they wait for the standards to catch up.

HTML5 presentation

Conclusion

There's almost a palpable hope regarding the next set of web and browser innovation. In the next month or so, I hope to try out some of the new functionalities such as geolocation, local SQL, etc.

In the chromium nightlies (join them with sudo add-apt-repository ppa:chromium-daily/ppa), some new features have recently landed that include initial expansions to the synchronization code. Previously users would be able to sync their bookmarks with their Google account. This was accomplished by using the same back-end as Google Docs. Additional functionality (or at least the menus for future additional functionality) have landed for the following data types:

1. Preferences
2. AutoFill
3. Themes

This is very exciting, as chromium is the first browser to see these features natively. The bad news is that my initial tests indicate these additional sync types aren't functional, although they show up in Google Docs.

I gave my talk to the Penguins Unbound group this weekend. Things went well, people asked some good questions, and there was a little bit of information for everyone.

Download the powerpoint from my presentation

One of the most critical uses of computers in modern society is as a portal onto the world wide web and the internet. This is an area that is well supported under Linux, and Linux is seeing some of the latest cutting edge technologies immediately as they become available. I am going to cover what browsers are available on Linux, how to try them out, some of the differences between them, and what is coming in the near future.

I'm giving a talk about Browsers on Linux at Penguins Unbound on March 27th from 10:00AM - 12:00PM. Come and check it out!

When writing earlier versions of HTML, it was appropriate to specify any extra namespaces as attributes in the html tag. In HTML5, there are no longer traditional namespaces. Instead, standard namespaces such as SVG are automatically recognized in the children tags of an SVG element. This means that if you had a facebook connect integration on your site, with a namespace declaration:

You should replace this line with:

This change will help your HTML5 to validate, and shouldn't affect the functionality of your webpage, unless you are doing something unusual such as having integration with non-browser XML parsers that need the namespace declarations.

Recently Google announced that it was dropping IE6 support for YouTube. This momentus decision will have the impact of upgrading many many users off of Internet Explorer 6. I fully support this migration in general, but it also comes at a price. If you look at the notice posted on YouTube, you will see that their browser list starts with Chrome. As Google very well knows, in lists of sites or alternatives, over 90% of people select the first item from the list when they don't know what they are looking for.

In the end, this means that Google is pushing for an end to IE6's domination, but in a way that benefits their own interests. While I can't blame them, this is definitely a step towards evil.

In March I'm going to be giving a talk on Browsers in Linux, with a lot of specific examples and demos from Ubuntu. Hopefully this talk will cover some of the basic things for beginners who need to know things like "What are the options", and "how to install new browsers in ubuntu", as well as advanced options detailing some of the more unique and advanced features of the available browsers, as well how to get started with development for browsers.

This talk will be at the Penguins Unbound Linux users group in Falcon Heights, Minnesota on the last Saturday of the month. I will post additional details and documents closer tot he date.