Wednesday, May 28, 2008

Google IO Conference - Day 1

Well I'm here at the Google IO Conference 2008 and the lines are long and they are getting a late start due to very long lines still waiting to get checked in. (10 Minutes late so far.)

Quick Thoughts: 15 minutes late now, this place is packed, great round style layout, they finally caved in and just let everyone upstairs (without badges or checking if they have paid.)  They are starting the event now...

The sessions lineup looks great for me today..

  1. Keynote: Client, Connectivity, and the Cloud - Vic Gundotra, Vice President, Engineering
  2. Extend the Reach of your Google Apps Environment with Google APIs
    (Room 9)
  3. Lunch
  4. Rapid Development with Python, Django and Google App Engine (Room 1)  (Skipped this for Building an Android Application 101 (Room 3))
  5. Can We Get There From Here?
    (Room 4)
  6. Secure Collaboration - How Web Applications can Share and Still Be Paranoid
    (Room 4)
  7. Authenticating to Google Data Services
    (Room 9)

Keynote - Google/Other announcements so far..

MySpace Mail Message center goes Mobile with announced Gears  support

Google App Engine (GAE) announces two new API additions, the ever popular MEMCACHE and a Image Manipulation API. GAE Opens up the doors from limited beta by waiting list invite to all are welcome. They also announced their pricing plan.

Keynote showed a demo using the AJAX API of not yet fully release jQuery 1.2.6.  No longer do you have to maintain your own versions of jQuery but the ever popular Google will do that an load the API for you. AJAX Libraries API

GWT 1.5 Released available today with JAVA 5 Language/Feature support.


Session: Extend the Reach of your Google Apps Environment with Google APIs - Lots more JSON-Script style support for web apps.  I liked the information for .Net about the Google Document List Data  API that allows you upload multiple DOCS into Google documents. did not interest me much..  Wish I had gone to the AJAX track but was good information.


Session: Building an Android Application 101 (Room 3) -

IntentRecievers are listeners designed to respond to broadcasts. They are like a verb and object; a description of what you want done or an action (VIEW, PLAY.)  The core System matches Intent with actions. One cool thing about Android is the Integrated Browser called WebKit which is an open source project.  This API set is so cool I think that I might drop my iPhone just to write apps for it.  Well perhaps not but I could get another phone. Wow the whole hour is already gone..

Retweeting @gmitsopoulos: #IO2008 Android is scheduled to ship on first handhelds in second half of this year


I stumbled into the end of another session and managed to get in a question as they were talking about the Google Language Translation API.  I fired off a question about contextual HTML parsing and after the event on of the API team approached and told me he had read my post and reviews on the Translator API over the last year. Very cool to know that I'm being read.. Wowza..  They did mention some improvements in the API with HTML handling and leaving it alone which is cool (somewhat prompted by my earlier blog posts)


Session: Can we get there from here? - This is a tough topic for the speaker to take on.  They had to delve quite a bit into overview and historical tense to get to the root of where things are going and what the needs are now and later.  Lowest browser sets the ruddy bar we get stuck with.  We need tools that allow for faster newer version of browsers supporting latest standards. Alex Russell the speaker is of the opinion that the Browser Sucks in two ways.  So many browsers that just don't work together, provide standard API's, standard formatting on platforms from desktop to mobile phones.  His opinion of what will make these browser vendors to make this happen is competition. New versions out for all major browsers (perhaps) before the end of the year.

Mono-cultures reduce costs in the short run - (Not sure what that exactly means)

There exists an idea that web developers are hostage to deployed web browsers and the realm of web-ish applications although cool do not get us to the desktop-ish applications that Silverlight and FX take us too.

BTW - Alex Russell is a frigging genius and I need to get on board with his preaching's.


Session: Secure Collaboration - How Web Applications can Share and Still Be Paranoid
(Room 4) - Mike Samuel

Douglas Crockford's ADSafe and Google Code Caja Project are just to approaches to securing third party code.

Turns out that Caja is not yet usable today but there are prototypes.  Not much use to me though since this is just all theory.

Was very short presentation..


Break - Sitting around attempting to digest the new and old.  It's amazing how far things have moved since Google Dev Days about a year plus ago.  Software changes are so much more rapid these days and that is for sure one thing to look for in my own work and designs.  I think foundations for rapid change is a better sought after approach than doing things the manual way.


Session: Authenticating to Google Data Services
(Room 9) - Google Data API Authentication Overview

Google Data API's about

ClientLogin - Stored on the client machine only.

When you cant always do a browser redirection.  Typically uses HTTPS and sometimes CAPTCHA when negotiating security authorization.

HTTP POST URL - CGI Headers (accountType,Email,password,service,source) and gets back plaintext key-value pairs SID LSID and Auth.  Auth is the important token that you use in the authorization header to get a users data for them.

AuthSub - redirection style login using redirection.

Redirects to a Google branded web page and gives approval for your web application and redirects the user back to the originating page.  Apps have to be registered with Google for this to work.  Remember that this is all about Google user personal data access.

Scope - New Is a new feature that allows coverage over many different user Google Data sets (Calendar,Email,Contacts,etc..)

This is a more complex approach and to protect against this the web app domain must be registered with Google in order to use AuthSub.  This approach uses Asymmetric Cryptography with Public/Private keys for verification.  You own your Private Key signature and it's a PKI like exchange.

myrsakey.pem - private RSA key

myrsacert.pem - public RSA certificate

opensll req -x509 -nodes -days etc...

This poor iPhone screen print sort of shows it working (I forgot to bring a camera.)


1> Register your account domain with Google (for example  They use an HTML file you place into the root of the server.

2> Then you Agree to a TOS and upload your certificate till it becomes active.

When complete your ready to roll

Client Libraries are available in Java,.Net,Python,PHP,Objective-C

OAuth - net step for AuthSub just more complex.

Open standard with specification still being developed with Open Source Libraries already available.

Most of this stuff I already know but what the heck it was very good to get the juices flowing to see how I can better our offerings.

End Day 1

Kevin Pirkl

No comments:

Blog Archive