Bowling

On Friday we went bowling for a friend's birthday. I hadn't been bowling in about 15 years. Several things were surprising. First, Google had the address wrong - it's 1205 Wellington, not 1025 - I've filed a bug. Second, the shoes were both comfortable and stylish - they had an embroidered "Rental" on the side - I almost stole them.

But the automatic scoring system fascinated me most. It detected which pins were down and calculated scores - players didn't need to do anything. Each lane had their own computer screen. You could manually override incorrect score - of course, none of us knew how to score anyway. Here's a blurry photo.


It's an old system - probably programmed by one or two people 20 years ago. It must be cool for them to know that their software is still chugging along. It was a good system - as players were added the height of the rows changed. There were awesome multi-coloured ASCII art animations when someone got a strike, spare or gutter-ball.

The system was from Mendes, a now defunct Quebec company. They built the software and the pin mechanisms. YouTube has a very cool video of the pin mechanism.

For the observant, yes, that's 5-pin bowling - a truly Canadian game.

Google Blogs

I've just published a post about malware on Google's Online Security Blog and cross-posted to Google's Webmaster Central Blog. Avid readers (all 5 of you) will recognize the content as being adapted from a few earlier posts on this blog: "This site may harm your computer", Advance Warning, and How long does a review take?

A new point in that post is about Google's new notifications to webmasters with hackable servers. The best type of malware warning is one you get before you've been infected! Hopefully webmasters will find those notification useful and the team building them will be able to expand the program.

Android G1 Phone in Canada on Rogers

Update: Also see my recent Nexus One in Canada post.

Getting the G1 working in Canada on Rogers' GSM network isn't hard, but you won't be able to use a true 3G connection - you'll only get an EDGE connection. For me, that's good enough and I love the phone. I've never owned an iPhone so I'll leave the iPhone vs G1 debate to others.

You'll need an unlocked phone. Apparently T-Mobile will unlock any phone for any customer who has been with T-Mobile at least 3 months. Of course, someone will write an unlocking program so new customers don't have to wait 3 months. You may also be able to buy an unlocked G1 from non-T-Mobile sources.

Put a Rogers SIM card into the G1 phone. You should have an iPhone/SmartPhone data plan with Rogers - the Blackberry plan won't work (at least not with these instructions). When I called to switch my plan I said that I had an iPhone - no point in confusing the operator. With the SIM in place you should have voice connectivity right away.

To get data working, go to Settings | Wireless controls | Mobile networks | Access Point Names. You'll see a long list of T-Mobile networks. Press the menu button, select New APN, then modify these values:

• Name: Rogers
  
• APN: internet.com
  
• Username: wapuser1
  
• Password: wap
  
• MCC: 302 - should be preset correctly
  
• MNC: 72 - should be preset correctly

Don't forget to press menu and Save. If you're in an EDGE coverage area, an EDGE icon should appear in the status bar next to the signal strength indicator. Mine appeared within a couple of seconds.

Browsing, email, video and SMS works, but I haven't been able to get MMS working. It may be that my Rogers plan isn't configured for MMS. I think the below settings should work - if you find they do work or what to change to make them work, please let me know. Create a New APN and set these values:

• Name: Rogers MMS
  
• APN: media.com
  
• Username: media
  
• Password: mda01
  
• Server: 172.25.0.107 - or maybe this should be * - I've tried both
  
• MMSC: http://mms.gprs.rogers.com
  
• APN type: mms

EDGE is as good as it gets in Canada with the G1 hardware. The G1 has quad-band (850/900/1800/1900Mhz) GSM/GPRS/EDGE, but only dual band (1700/2100Mhz) UMTS/HSPA (3G). Rogers operates their network on 850/1900Mhz, so the G1 hardware can only use EDGE. Bell and Telus are building "4G" networks but they'll also operate on 850/1900Mhz. So, I don't recommend buying a G1 for use in Canada if you're a heavy data user. My unlocked handset came from my employer and replaced my EDGE Blackberry, so I'm very happy. Hopefully there will be other Android hardware released soon that will be compatible with 850/1900Mhz 3G in Canada.

I discovered a good Rogers developer document [pdf]. It's targeted at developers building applications for the Rogers network, but lists everything needed to get non-Rogers hardware connected. The first few pages are also a good overview of GSM/GPRS/EDGE, UMTS/HSPA, 3G, etc.

Update: To clarify, an EDGE connection is usually slower than a 3G connection. I say "usually" because it depends on a ton of network factors.

Update: If you have a G1 with a T-Mobile plan, you can bring it to Canada and it will just work, including data. You'll be roaming on Rogers network and you'll be charged whatever T-Mobile's roaming rates are, but no additional configuration is needed.

Update: Make sure to check out the comments for lots of other settings that work, including on some other Canadian carriers.

How long does a review take?

Webmasters are eager to have a Google malware label removed from their site and often ask how long a review of the site will take. Giving an exact answer is a bit difficult. Both the original scanning and the review process are fully automated. The systems analyze large portions of the internet, which is big place. And, there are other webmasters also requesting reviews. In short, there are a lot of variables that factor into how long any particular review will take. If you're lucky, the label will be removed within a few hours. At its longest, the process should take a day or so.

You can request a review via Google's Webmaster Tools and you can see the status of the review there. If you think the review is taking too long, make sure to check the status. Finding all the malware on a site is difficult and the automated scanners are far more accurate than humans. The scanners may have found something you've missed and the review may have failed.  If your site has a malware label, Google's Webmaster Tools will also list some sample urls that have problems. This is not a full list of all of the problem urls (because that's often very, very long), but it should get you started.

Finally, don't confuse a malware review with a request for reconsideration. If Google's automated scanners find malware on your website, the site will usually not be removed from search results. There is also a different process that removes spammy websites from Google search results. If that's happened and you disagree with Google, you should submit a reconsideration request. But if your site has a malware label, that won't do much good - for malware you need to file a malware review from the Overview page:

If you're still having problems, I recommend stopbadware.org and their forums. There's tons of information that can help you clean things up and even some very helpful volunteers who will answer questions (sometimes I'm one of them). The Google Webmaster Central blog also has a quick security checklist for webmasters.

Advance Warning

I often hear webmasters asking Google for advance warning before a malware label is put on their website. When the label is applied, Google usually sends email the website owners and then posts a warning in Google's Webmaster Tools. But no warning is given ahead of time, before the label is applied. I can understand why that would be helpful - the webmaster may be able to quickly clean up the site without any drop in web traffic.

But, look at the situation from the user's point of view. As a user, I'd be pretty annoyed if Google sent me to a site it knew was dangerous and I had to wipe my computer or had my banking information stolen because of malware. Even a short delay would expose some users to that risk and it doesn't seem justified. I know it's frustrating for a webmaster to see Google traffic drop when a malware label is applied. But, ultimately, the webmaster is responsible for all the content on their website. And one frustrated webmaster seems better than hundreds or thousands of frustrated users with malware infections.

"This site may harm your computer"

You may have seen those words in Google search results - but what do they mean? If you click the search result link you get another warning page instead of the website you were expecting. But if the web page was your grandmother's baking blog, you're still confused. Surely your grandmother hasn't been secretly honing her l33t computer hacking skills at night school. Google must have made a mistake and your grandmother's web page is just fine...

I work with the team that helps put the warning in Google's search results so let me try to explain. The good news is that your grandmother is still kind and loves turtles. She isn't trying to start a botnet or steal credit card numbers. The bad news is that her website or the server that it runs on has a security vulnerability, probably from some out-of-date software.  That vulnerability has been exploited and malicious code has been added to your grandmother's website. It's most likely an invisible script or iframe that pulls content from another website which tries to attack any computer that views the page. If the attack succeeds viruses, spyware, key loggers, botnets and other nasty stuff will get installed. At best you'll waste hours cleaning up you computer; at worst you'll lose all your data and have money stolen from your bank account.

If you see the warning on a site in Google's search results, it's best to pay attention to it. Google has automatic scanners that are constantly looking for these sorts of web pages. I help build the scanners and can say that they're astonishingly accurate. There is almost certainly something wrong with the website even if it is run by someone you trust, like your grandmother.   

Servers are just like your home computer and need constant updating. There are lots of tools that make building a website really easy, but each one adds some risk of being exploited. Even if you're diligent and keep all your website components updated, your web host may not be. They control your website's server and may not have installed the most recent OS patches. And it's not just innocent grandmothers that this happens to. There have been warnings on banks, sports teams, and corporate and government websites.

If your website has been struck by malware, there are some resources to help you clean it up. stopbadware.org has some great information and their forums have a number of helpful and knowledgeable volunteers who may be able to help. You can also use Google SafeBrowsing diagnotics page for your site (http://www.google.com/safebrowsing/diagnostic?site=<insert-site-name-here>) to see specific information about what Google's automatic scanner have found. Once you've cleaned up your website, use Google's Webmaster Tools to request a review. The automatic systems will rescan your website and the warning will be removed if the malware is gone.

Best Breakfast and Brunch in Ottawa

Benny's Bistro - in the back of Le Boulanger Francais, which has the best croissants in Canada. I have a couple of friends who picked up a dozen to take back to Toronto with them. They ate them all on the four hour drive. That's a lot of butter.

Le Boulanger Francais also has a new location in the Glebe. Now we just need that bridge across the canal.

Who am I?

I wish I knew...

The answer most relevant to this blog is that my name is Oliver Fisher and I'm a Googler (a full-time employee of Google). I spend most of my time working on Google's Anti-Malware efforts. But this is a personal blog and has nothing to do with my employer. I'll probably talk mostly about things I know - like malware or maybe Canadian politics - but everything will be my opinion not Google's. My point of view may or may not agree with my employer's.

That was a slow and boring start to blog, but an important thing to say. Hopefully we'll all find future posts more interesting.