Skip to content

Software Development News: .NET, Java, PHP, Ruby, Agile, Databases, SOA, JavaScript, Open Source

Methods & Tools

Subscribe to Methods & Tools
if you are not afraid to read more than one page to be a smarter software developer, software tester or project manager!

Google Open Source Blog
Syndicate content
News about Google's Open Source projects and programs.
Updated: 2 hours 58 min ago

Google Summer of Code 2016 statistics: Part one

Tue, 05/24/2016 - 21:23
Google Summer of CodeWe share statistics from Google Summer of Code (GSoC) every year — now that 2016 is chugging along we’ve got some exciting numbers to share! 1,206 students from all over the globe are currently in the community bonding period, a time where participants learn more about the organization they will be contributing to before coding officially begins on May 23. This includes becoming familiar with the community practices and processes, setting up a development environment, or contributing small (or large) patches and bug fixes.

We’ll start our statistics reporting this year with the total number of students participating from each country:

Country Accepted Students Country Accepted Students Country Accepted Students Albania 1 Greece 10 Romania 31 Algeria 1 Guatemala 1 Russian Federation 52 Argentina 3 Hong Kong 2 Serbia 2 Armenia 3 Hungary 7 Singapore 7 Australia 6 India 454 Slovak Republic 3 Austria 19 Ireland 3 Slovenia 4 Belarus 5 Israel 2 South Africa 2 Belgium 5 Italy 23 South Korea 6 Bosnia-Herzegovina 1 Japan 12 Spain 33 Brazil 21 Kazakhstan 2 Sri Lanka 54 Bulgaria 2 Kenya 3 Sweden 5 Cambodia 1 Latvia 3 Switzerland 2 Cameroon 16 Lithuania 1 Taiwan 7 Canada 23 Luxembourg 1 Thailand 1 China 34 Macedonia 1 Turkey 12 Croatia 2 Mexico 2 Ukraine 13 Czech Republic 6 Netherlands 9 United Kingdom 18 Denmark 2 New Zealand 2 United States 118 Egypt 10 Pakistan 4 Uruguay 1 Estonia 1 Paraguay 1 Venezuela 1 Finland 3 Philippines 2 Vietnam 4 France 19 Poland 28     Germany 66 Portugal 7    

We’d like to welcome a new country to the GSoC family. 2016 brings us one student from Albania!

In our upcoming statistics posts, we will delve deeper into the numbers by looking at  universities with the most accepted students, gender numbers, mentor countries and more. If you have additional statistics that you would like us to share, please leave a comment below and we will consider including them in an upcoming post.

By Mary Radomile, Open Source Programs

Correction: A previous version of this blog post erroneously reported the total number of students as 1,202 and the number of students from Cameroon as 1. This has been updated to reflect the actual totals as 1,206 and 16 respectively.
Categories: Open Source

Coding has begun for Google Summer of Code 2016

Mon, 05/23/2016 - 22:23
2016 Google Summer of Code

Today marks the start of coding for the 12th annual Google Summer of Code. With the community bonding period complete, about 1,200 students now begin 12 weeks of writing code for 178 different open source organizations.

We are excited to see the contributions this year’s students will make to the open source community. 

For more information on important dates for the program please visit our timeline. Stay tuned as we will highlight some of the new mentoring organizations over the next few months.

Have a great summer and happy coding!

By Josh Simmons, Open Source Programs Office
Categories: Open Source

Announcing SyntaxNet: The World’s Most Accurate Parser Goes Open Source

Fri, 05/13/2016 - 20:08
Originally posted on the Google Research Blog

By Slav Petrov, Senior Staff Research Scientist

At Google, we spend a lot of time thinking about how computer systems can read and understand human language in order to process it in intelligent ways. Today, we are excited to share the fruits of our research with the broader community by releasing SyntaxNet, an open-source neural network framework implemented in TensorFlow that provides a foundation for Natural Language Understanding (NLU) systems. Our release includes all the code needed to train new SyntaxNet models on your own data, as well as Parsey McParseface, an English parser that we have trained for you and that you can use to analyze English text.

Parsey McParseface is built on powerful machine learning algorithms that learn to analyze the linguistic structure of language, and that can explain the functional role of each word in a given sentence. Because Parsey McParseface is the most accurate such model in the world, we hope that it will be useful to developers and researchers interested in automatic extraction of information, translation, and other core applications of NLU.

How does SyntaxNet work?

SyntaxNet is a framework for what’s known in academic circles as a syntactic parser, which is a key first component in many NLU systems. Given a sentence as input, it tags each word with a part-of-speech (POS) tag that describes the word's syntactic function, and it determines the syntactic relationships between words in the sentence, represented in the dependency parse tree. These syntactic relationships are directly related to the underlying meaning of the sentence in question. To take a very simple example, consider the following dependency tree for Alice saw Bob:


This structure encodes that Alice and Bob are nouns and saw is a verb. The main verb saw is the root of the sentence and Alice is the subject (nsubj) of saw, while Bob is its direct object (dobj). As expected, Parsey McParseface analyzes this sentence correctly, but also understands the following more complex example:


This structure again encodes the fact that Alice and Bob are the subject and object respectively of saw, in addition that Alice is modified by a relative clause with the verb reading, that saw is modified by the temporal modifier yesterday, and so on. The grammatical relationships encoded in dependency structures allow us to easily recover the answers to various questions, for example whom did Alice see?, who saw Bob?, what had Alice been reading about? or when did Alice see Bob?.

Why is Parsing So Hard For Computers to Get Right?

One of the main problems that makes parsing so challenging is that human languages show remarkable levels of ambiguity. It is not uncommon for moderate length sentences - say 20 or 30 words in length - to have hundreds, thousands, or even tens of thousands of possible syntactic structures. A natural language parser must somehow search through all of these alternatives, and find the most plausible structure given the context. As a very simple example, the sentence Alice drove down the street in her car has at least two possible dependency parses:


The first corresponds to the (correct) interpretation where Alice is driving in her car; the second corresponds to the (absurd, but possible) interpretation where the street is located in her car. The ambiguity arises because the preposition in can either modify drove or street; this example is an instance of what is called prepositional phrase attachment ambiguity.

Humans do a remarkable job of dealing with ambiguity, almost to the point where the problem is unnoticeable; the challenge is for computers to do the same. Multiple ambiguities such as these in longer sentences conspire to give a combinatorial explosion in the number of possible structures for a sentence. Usually the vast majority of these structures are wildly implausible, but are nevertheless possible and must be somehow discarded by a parser.

SyntaxNet applies neural networks to the ambiguity problem. An input sentence is processed from left to right, with dependencies between words being incrementally added as each word in the sentence is considered. At each point in processing many decisions may be possible—due to ambiguity—and a neural network gives scores for competing decisions based on their plausibility. For this reason, it is very important to use beam search in the model. Instead of simply taking the first-best decision at each point, multiple partial hypotheses are kept at each step, with hypotheses only being discarded when there are several other higher-ranked hypotheses under consideration. An example of a left-to-right sequence of decisions that produces a simple parse is shown below for the sentence I booked a ticket to Google.
Furthermore, as described in our paper, it is critical to tightly integrate learning and search in order to achieve the highest prediction accuracy. Parsey McParseface and other SyntaxNet models are some of the most complex networks that we have trained with the TensorFlow framework at Google. Given some data from the Google supported Universal Treebanks project, you can train a parsing model on your own machine.

So How Accurate is Parsey McParseface?

On a standard benchmark consisting of randomly drawn English newswire sentences (the 20 year old Penn Treebank), Parsey McParseface recovers individual dependencies between words with over 94% accuracy, beating our own previous state-of-the-art results, which were already better than any previous approach. While there are no explicit studies in the literature about human performance, we know from our in-house annotation projects that linguists trained for this task agree in 96-97% of the cases. This suggests that we are approaching human performance—but only on well-formed text. Sentences drawn from the web are a lot harder to analyze, as we learned from the Google WebTreebank (released in 2011). Parsey McParseface achieves just over 90% of parse accuracy on this dataset.

While the accuracy is not perfect, it’s certainly high enough to be useful in many applications. The major source of errors at this point are examples such as the prepositional phrase attachment ambiguity described above, which require real world knowledge (e.g. that a street is not likely to be located in a car) and deep contextual reasoning. Machine learning (and in particular, neural networks) have made significant progress in resolving these ambiguities. But our work is still cut out for us: we would like to develop methods that can learn world knowledge and enable equal understanding of natural language across all languages and contexts.

To get started, see the SyntaxNet code and download the Parsey McParseface parser model. Happy parsing from the main developers, Chris Alberti, David Weiss, Daniel Andor, Michael Collins & Slav Petrov.
Categories: Open Source

Googlers on the road: OSCON 2016 in Austin

Mon, 05/09/2016 - 18:17
Developers and open source enthusiasts converge on Austin, Texas in just under two weeks for O’Reilly Media’s annual open source conference, OSCON, and the Community Leadership Summit (CLS) that precedes it. CLS runs May 14-15 at the Austin Convention Center followed by OSCON from May 16-19.

OSCON 2014 program chairs including Googler Sarah Novotny.
Photo licensed by O'Reilly Media under CC-BY-NC 2.0.
This year we have 10 Googlers hosting sessions covering topics including web development, machine learning, devops, astronomy and open source. A list of all of the talks hosted by Googlers alongside related events can be found below.
If you’re a student, educator, mentor, past or present participant in Google Summer of Code or Google Code-in, or just interested in learning more about the two programs, make sure to join us Monday evening for our Birds of a Feather session.

Have questions about Kubernetes, Google Summer of Code, open source at Google or just want to meet some Googlers? Stop by booth #307 in the Expo Hall.


Thursday, May 12th - GDG Austin7:00pm   Google Developers Group Austin Meetup


Sunday, May 15th - Community Leadership Summit10:00am  Occupational Hazard by Josh Simmons


Monday, May 16th9:00am   Kubernetes: From scratch to production in 2 days by Brian Dorsey and Jeff Mendoza7:00pm   Google Summer of Code and Google Code-in Birds of a Feather


Tuesday, May 17th9:00am   Kubernetes: From scratch to production in 2 days by Brian Dorsey and Jeff Mendoza9:00am   Diving into machine learning through TensorFlow by Julia Ferraioli, Amy Unruh and Eli Bixby


Wednesday, May 18th1:50pm    Open source lessons from the TODO Group by Chris DiBona, Chris Aniszczyk, Nithya Ruff, Jeff McAffer and Benjamin VanEvery5:10pm    Scalable bidirectional communication over the Web by Wenbo Zhu


Thursday, May 19th
11:00am  Kubernetes hackathon at OSCON Contribute hosted by Brian Dorsey, Nikhil Jindal, Janet Kuo, Jeff Mendoza, John Mulhausen, Sarah Novotny, Terrence Ryan and Chao Xu2:40pm    Blocks in containers: Lessons learned from containerizing Minecraft by Julia Ferraioli5:10pm    PANOPTES: Open source planet discovery by Jennifer Tong and Wilfred Gee5:10pm    Stop writing JavaScript frameworks by Joseph Gregorio


Haven’t registered for OSCON yet? You can knock 25% off the cost of registration by using discount code Google25, or attend parts of the event including our Birds of a Feather session for free by using discount code OSCON16XPO.

See you at OSCON!
By Josh Simmons, Open Source Programs Office
Categories: Open Source

XRay: a function call tracing system

Tue, 05/03/2016 - 15:58
At Google we spend a lot of time debugging and tuning the performance of our production systems. Some standard practices when doing this involves using profilers, debuggers, and analysis of logs and execution traces. Doing this at scale, in production, is difficult. One of the ways for getting high fidelity data from production systems is to build applications with instrumentation, and then reconstruct the instrumentation data into a form humans can consume (summary statistics, reports, etc.). Instrumentation comes at a cost though, sometimes too high to make it feasible to deploy in production.

Getting this balance right is hard. This is why we've developed XRay, a function call tracing system that has very little overhead when not enabled, but can be dynamically turned on and only impose moderate costs. XRay works as a combination of compiler-inserted instrumentation points which functionally do nothing (called "nop sleds") and a library that can be enabled and disabled at runtime which replaces the nop sleds with the appropriate instrumentation instructions.

We've been using XRay to debug internal systems, from core infrastructure services like Bigtable to ad serving systems. XRay's detailed function tracing has enabled several teams in Google to debug issues that would be really hard to solve without XRay.

We think XRay is an important piece of technology, not only at Google, but for developers around the world. It's because of this that we're working on making XRay opensource. To kick-start that process, we're releasing a white paper describing the technical details of XRay. In the following weeks, we will be engaging the LLVM community, where we are committed to making XRay available for wide use and distribution.

We hope that by open-sourcing XRay we can contribute to the advancement of debugging real-world applications. We're looking forward to working with the LLVM community and other projects to make the data XRay generates useful for debugging a wide variety of applications.

By Dean Michael Berris, Google Engineering
Categories: Open Source

Students announced for Google Summer of Code 2016

Fri, 04/22/2016 - 20:08
2016 Google Summer of Code

It's that time of year again: 1,206 students have been accepted for our 2016 Google Summer of Code! Congratulations all around. We want to thank everyone who applied — it was another competitive year with 178 mentoring organizations receiving 7,543 proposals from 5,107 students.

Now we enter the community bonding period when students get acquainted with their mentors and familiarize themselves with their new community before they begin coding in May. In this period, students will do things like hang out in IRC channels and read documentation, become familiar with the code base and set their deadlines and milestones with their mentors.

If you want to review important dates or learn more about the 178 organizations that the accepted students will be working with over the summer, please visit the program website.

Here's to another exciting and productive summer of contributing to open source.

By Josh Simmons, Open Source Programs Office
Categories: Open Source

CCTZ v2.0 — now with more civil time

Tue, 04/12/2016 - 18:53
Last September we announced an open source project called CCTZ, a C++ library that enables computing with arbitrary time zones. Today we're announcing CCTZ v2.0 which introduces a new civil time library. Civil time is a legally recognized representation of time used by humans (i.e., year, month, day, hour, minute and second). The most common example of a civil time is a time zone independent date. In version 2.0, CCTZ's time zone and new civil time libraries cooperate with the standard C++ <chrono> library to give programmers a complete (and simple!) framework in which to reason about and solve even the most complicated time programming problems.
To learn more, please check out the project page on GitHub. Pay particular attention to the fundamental concepts section which establishes a simple, cross-platform and language agnostic mental model that will help you reason about time programming challenges with ease and confidence. And don't forget to subscribe to the new CCTZ mailing list to ask questions and learn about future announcements.
by Greg Miller and Bradley White, Google Engineering
Categories: Open Source

Google Summer of Code marches on!

Fri, 04/01/2016 - 18:00
Google Summer of Code 2016 (GSoC) is well underway and we’ve already seen some impressive numbers — all record highs!sun.png
  • 18,981 total registered students (up 36% from 2015)
  • 17.34% female registrants
  • 142 countries
  • 5107 students submitting  7,543 project proposals

Student proposals are currently being reviewed by over 2300 mentors and organization administrators from the 180 participating mentor organizations. We will announce accepted students on April 22, 2016 on the Open Source blog and on the program site.
Last week, members of the Google Open Source Programs team attended FOSSASIA in Singapore, Asia’s premier open technology event, to talk about GSoC and Google Code-in. There, we met dozens of former GSoC and GCI students and mentors who were excited to embark on another great year. To learn more about Google Summer of Code, please visit our program site.

By Stephanie Taylor, Open Source Programs
Categories: Open Source

Seesaw: scalable and robust load balancing

Thu, 03/31/2016 - 23:59
Like all good projects, this one started out because we had an itch to scratch…

As Site Reliability Engineers who manage corporate infrastructure at Google, we deal with a large number of internally used services that need to be load balanced for scalability and reliability. In 2012, two different platforms were used to provide load balancing, both of which presented different sets of management and stability challenges. In order to alleviate these issues, our team set about looking for a replacement load balancing platform.
After evaluating a number of platforms, including existing open source projects, we were unable to find one that met all of our needs and decided to set about developing a robust and scalable load balancing platform. The requirements were not exactly complex - we needed the ability to handle traffic for unicast and anycast VIPs, perform load balancing with NAT and DSR (also known as DR), and perform adequate health checks against the backends. Above all we wanted a platform that allowed for ease of management, including automated deployment of configuration changes.
One of the two existing platforms was built upon Linux LVS, which provided the necessary load balancing at the network level. This was known to work successfully and we opted to retain this for the new platform. Several design decisions were made early on in the project — the first of these was to use the Go programming language, since it provided an incredibly powerful way to implement concurrency (goroutines and channels), along with easy interprocess communication (net/rpc). The second was to implement a modular multi-process architecture. The third was to simply abort and terminate a process if we ended up in an unknown state, which would ideally allow for failover and/or self-recovery.
After a period of concentrated development effort, we completed and successfully deployed Seesaw v2 as a replacement for both existing platforms. Overall it allowed us to increase service availability and reduce management overhead. We're pleased to be able to make this platform available to the rest of the world and hope that other enterprises are able to benefit from this project. You can find the code at https://github.com/google/seesaw.
By Joel Sing, Google Site Reliability Engineer
Categories: Open Source

Hungering for Game Utilities?

Thu, 03/31/2016 - 23:57
At Fun Propulsion Labs we spend some of our time building sample games to help demonstrate how to make easy-to-build, performant, cross-platform games. With the growth of Google Cardboard, we got to work and over many long evenings, feeding our animal hunger on sushi, we came up with Zooshi. Zooshi is an open source, cross-platform game written in C++ which supports:
  • Android, Android TV, Windows, OSX, and Linux
  • Google Cardboard
  • Google Play Games Services sign-in and leaderboards on Android
  • Level customization
Zooshi serves as a demonstration of how to build Android games using a suite of newly released and updated open source game technologies from Google:
  • Motive drives our Animation system, giving life and movement to the characters and environment.
  • CORGI, the Component Oriented Reusable Game Interface, is an Entity-Component system designed to allow users to define complicated game objects as collections of modular, custom-defined behaviors.
  • FlatUI is a straightforward immediate mode GUI system with a light footprint that makes building up user interfaces a breeze.
  • Scene Lab allows designers to design levels and edit entities from right in the game without needing to use an external editor.
  • Breadboard provides an easy to use node based scripting system for editing entity behaviors that's accessible to designers without deep knowledge of programming.
  • FPLBase is a cross-platform API layer, for abstracting low-level tasks like reading input and creation of graphical contexts.
As in our previous release, PieNoon, we also made extensive use of Flatbuffers, Mathfu, fplutil, and WebP.

You can download the game in the Play Store and the latest open source release from our GitHub page. We invite you to learn from the code to see how you can apply these libraries and utilities in your own Android games. Take advantage of our discussion list if you have any questions, and don’t forget to toss some sushi around while you’re at it!

Posted by Alex Ames, Fun Propulsion Labs*

* Fun Propulsion Labs is a team within Google that's dedicated to advancing gaming on Android and other platforms.
Categories: Open Source

J2ObjC 1.0 Release

Thu, 03/31/2016 - 23:56
We are pleased to announce the 1.0 release of J2ObjC, a Google-authored open-source compiler that lets iPhone/iPad applications use Java code. J2ObjC's goal is to support the sharing of an application's non-UI code (such as data access, or application logic) by writing it once in Java, then building it into the iOS application. This same code can be shared with the Android and web versions of the application (the latter using the GWT compiler), as well as with server-side code. J2ObjC is licensed under the Apache License, Version 2.0.J2ObjC is not a Java emulator, but instead translates Java to Objective-C classes that extend the iOS Foundation Framework. It supports the Java 8 language and runtime required by client-side application developers. JUnit and Mockito test translation and execution is also supported.  J2ObjC can be used with most build tools, including Xcode and Make, and there are Gradle and Maven plug-ins.J2ObjC does not translate user interfaces, as world-class apps need to have world-class user interfaces that adhere closely to the different iOS and Android design standards. J2ObjC instead focuses on writing common abstractions once, and verifying them with a common set of unit tests. This ensures that an app's features work the same across platforms, improving customer experiences. Teams developing multi-platform apps still need great engineers for each platform, but with J2ObjC they don't waste time rewriting each others' code.

Using continuous integration, J2ObjC helps product velocity. As each feature is added or bug fix made to the application's shared code, all platforms are automatically rebuilt and tested. And because common features are shared across platforms, a bug found on one platform is fixed once for all platforms.

Several of Google’s iOS applications use J2ObjC for these reasons, including Inbox by Gmail, Google Calendar, Google Docs, Google Sheets, Google Slides and Google My Business. Each team has dedicated iOS designers and engineers, but application logic common to all platforms is written once.
By Tom Ball, Google Engineering
Categories: Open Source

Running your models in production with TensorFlow Serving

Thu, 03/31/2016 - 23:55
Machine learning powers many Google product features, from speech recognition in the Google app to Smart Reply in Inbox to search in Google Photos. While decades of experience have enabled the software industry to establish best practices for building and supporting products, doing so for services based upon machine learning introduces new and interesting challenges. Today, we announce the release of TensorFlow Serving, designed to address some of these challenges. TensorFlow Serving is a high performance, open source serving system for machine learning models, designed for production environments and optimized for TensorFlow.
TensorFlow Serving is ideal for running multiple models, at large scale, that change over time based on real-world data, enabling:
  • model lifecycle management
  • experiments with multiple algorithms
  • efficient use of GPU resources
TensorFlow Serving makes the process of taking a model into production easier and faster. It allows you to safely deploy new models and run experiments while keeping the same server architecture and APIs. Out of the box it provides integration with TensorFlow, but it can be extended to serve other types of models. Here’s how it works. In the simplified, supervised training pipeline shown below, training data is fed to the learner, which outputs a model:
Once a new model version becomes available, upon validation, it is ready to be deployed to the serving system, as shown below.
TensorFlow Serving uses the (previously trained) model to perform inference - predictions based on new data presented by its clients. Since clients typically communicate with the serving system using a remote procedure call (RPC) interface, TensorFlow Serving comes with a reference front-end implementation based on gRPC, a high performance, open source RPC framework from Google. It is quite common to launch and iterate on your model over time, as new data becomes available, or as you improve the model. In fact, at Google, many pipelines run continuously, producing new model versions as new data becomes available.
TensorFlow Serving is written in C++ and it supports Linux. TensorFlow Serving introduces minimal overhead. In our benchmarks we recoded ~100,000 queries per second (QPS) per core on a 16 vCPU Intel Xeon E5 2.6 GHz machine, excluding gRPC and the TensorFlow inference processing time. We are excited to share this important component of TensorFlow today under the Apache 2.0 open source license. We would love to hear your questions and feature requests on Stack Overflow and GitHub respectively. To get started quickly, clone the code from github.com/tensorflow/serving and check out this tutorial. You can expect to keep hearing more about TensorFlow as we continue to develop what we believe to be one of the best machine learning toolboxes in the world. If you'd like to stay up to date, follow @googleresearch or +ResearchatGoogle, and keep an eye out for Jeff Dean's keynote address at GCP Next 2016 in March.

Posted by Noah Fiedel, Software Engineer 
Categories: Open Source

EarlGrey: iOS functional UI testing framework

Thu, 03/31/2016 - 23:55
Brewing for quite some time, we are excited to announce EarlGrey, a functional UI testing framework for iOS. Several Google apps like YouTube, Google Calendar, Google Photos, Google Translate, Google Play Music and many more have successfully adopted the framework for their functional testing needs.

The key features offered by EarlGrey include:
  • Powerful built-in synchronization : Tests will automatically wait for events such as animations, network requests, etc. before interacting with the UI. This will result in tests that are easier to write (no sleeps or waits) and simple to maintain (straight up procedural description of test steps).
  • Visibility checking : All interactions occur on elements that users can see. For example, attempting to tap a button that is behind an image will lead to test failure immediately.
  • Flexible design : The components that determine element selection, interaction, assertion and synchronization have been designed to be extensible.

Are you in need for a cup of refreshing EarlGrey? EarlGrey has been open sourced under the Apache license. Check out the getting started guide and add EarlGrey to your project using CocoaPods or manually add it to your Xcode project file.
By Siddartha Janga, on behalf of Google iOS Developers
Categories: Open Source

Scalable vendor security reviews

Thu, 03/31/2016 - 23:55
At Google, we assess the security of hundreds of vendors every year. We scale our efforts through automating much of the initial information gathering and triage portions of the vendor review process. To do this we've developed the Vendor Security Assessment Questionnaire (VSAQ), a collection of self-adapting questionnaires for evaluating multiple aspects of a vendor's security and privacy posture.

We've received feedback from many vendors who completed the questionnaires. Most vendors found them intuitive and flexible — and, even better, they've been able to use the embedded tips and recommendations to improve their security posture. Some also expressed interest in using the questionnaires to assess their own suppliers.

Based on this positive response, we've decided to open source the VSAQ Framework (Apache License Version 2) and the generally applicable parts of our questionnaires on GitHub: https://github.com/google/vsaq. We hope it will help companies spin up, or further improve their own vendor security programs. We also hope the base questionnaires can serve as a self-assessment tool for security-conscious companies and developers looking to improve their security posture.

The VSAQ Framework comes with four security questionnaire templates that can be used with the VSAQ rendering engine:


All four base questionnaire templates can be readily extended with company-specific questions.Using the same questionnaire templates across companies may help to scale assessment efforts. Common templates can also minimize the burden on vendor companies, by facilitating the reuse of responses.

The VSAQ Framework comes with a simple client-side-only reference implementation that's suitable for self-assessments, for vendor security programs with a moderate throughput, and for just trying out the framework. For a high-throughput vendor security program, we recommend using the VSAQ Framework with a custom server-side component that fits your needs (the interface is quite simple).

Give VSAQ a try! A demo version of the VSAQ Framework is available here:https://vsaq-demo.withgoogle.com

Excerpt from Security and Privacy Programs Questionnaire
Let us know how VSAQ works for you: contact us. We look forward to getting your feedback and continuing to make vendor reviews scalable — and maybe even fun!
By Lukas Weichselbaum and Daniel Fabian, Google Security
Categories: Open Source

Google Code-in 2015 Wrap Up: Sustainable Computing Research Group (SCoRe)

Mon, 03/28/2016 - 21:48
For the next several weeks, we will be showcasing wrap up posts from the 14 organizations that participated as mentor organizations for Google Code-in 2015. This week we feature SCoRe, an open source research project based in Sri Lanka. The Sustainable Computing Research Group (SCoRe) at University of Colombo School of Computing conducts research covering various aspects of wireless sensor networks, embedded systems, digital forensic, information security, mobile applications and e-learning. The goal of our research is to generate computing solutions through identifying low cost methodologies and strategies that lead to sustainability. The solutions we get by sustainable computing research projects conducted at SCoRe lab are important for developing countries like Sri Lanka.

Inspired by our participation in Google Summer of Code (GSoC), for the very first time, SCoRe lab participated in Google Code-in 2015 (GCI), with 13 other open source organizations around the world. We offered 250 claimable task for students and we had 27 mentors, mentoring students who successfully completed 164 tasks! We gained active contributors to SCoRe, from students who contribute to our open source projects even after the contest ended.

The tasks covered code, user interface, research, quality assurance, outreach and documentation. 44 students completed at least one task with us this year and eight students completed at least three tasks with us to earn a GCI t-shirt. Six students completed over ten  tasks each in competition to become grand prize winners.

However among these students we had to choose the ones who we felt had the most impactful contributions. We’d like to congratulate the two grand prize winners from SCoRe: Brayan Alfaro and Anesu Mafuvadze.

Below is a comment received from a student who participated:

“It was my pleasure working with you and the SCoRe Community. This contest helped me to enhance my knowledge in software development...I gained a lot of knowledge through the tasks I did. My mentors guided me every time and I would gladly work with this community in the future. I would love to contribute to you in every possible way.”

We give our special thanks to our mentors who voluntarily worked throughout the contest around their busy schedules and vacation plans. We’d also like to thank all the students who actively participated and contributed to our organization. SCoRe was pleased to be selected as a mentoring organization for GCI 2015 and we hope to participate in both GSoC and GCI again in future!

By Dilushi Piumwardane, GCI mentor, SCoRe
Categories: Open Source

Something different — code up hardware in Google Summer of Code

Fri, 03/18/2016 - 18:00
In 1983, the same year I was born, a company called Altera was founded and created the EP300, their first reprogrammable logic device. The event was considered a major step towards the development of devices we now call “Field Programmable Gate Arrays” or FPGAs for short. In the following 33 years, FPGAs would go from extremely expensive devices found only in high end military and telecommunications equipment, to something even a student can afford.The EP300 in all it's gloryFPGAs are exciting because they make the development process for hardware the same as software. Developers are able to create designs in a hardware description language (HDL), compile and then use them almost instantly! They make hardware code. Turning hardware into code makes it easy for open source developers to share, collaborate and improve the hardware in ways that would have been extremely hard, or even impossible in the past. 

There were 180 open source organizations accepted to participate in Google Summer of Code 2016 (GSoC), and it is exciting to see several of the organizations using these technologies. I've highlighted some of the different types of hardware coding opportunities in GSoC this year below. (Anything I've missed? Feel free to add it in the comments section below!)
In the area of CPU architectures, OpenRISC and it’s spiritual successor, the RISC-V, are attempting to make a truly open hardware at the most fundamental level. In 2016 you could help this goal via participating in GSoC with either the FOSSi Foundation or lowRISC project.

Not content with the existing HDLs, both the ArchC organization and MyHDL organization (a sub-organization of the Python group), are attempting to make it easier to create these hardware designs. MyHDL is particularly cool because Python is normally considered to be as far away from hardware as you can get.

My own project, TimVideos.us, is using much of the work from these other projects to develop high speed video processing hardware for conference and user group recording (or maybe even video DJing).

Imagine developing hardware in the same way you write code. With FPGAs you can — and GSoC has numerous opportunities to create hardware using this exciting technology. With only 7 days left to submit your application, you better get cracking!

By Tim ‘mithro’ Ansell, Software Engineer on Chrome by day, open source hardware hacker by night
Categories: Open Source

Student applications now open for Google Summer of Code!

Mon, 03/14/2016 - 20:15
Are you a university student looking to learn more about open source software development? Look no further than Google Summer of Code (GSoC) and spend your summer break working on an exciting open source project, learning how to write code.
vertical GSoC logo.jpgFor twelve years running, GSoC gives participants a chance to work on an open source software project entirely online. Students, who receive a stipend for their successful contributions, are paired with mentors who can help address technical questions and concerns throughout the program. Former GSoC participants have told us that the real-world experience they’ve gained during the program has not only sharpened their technical skills, but has also boosted their confidence, broadened their professional network and enhanced their resumes. 

Students who are interested can submit proposals on the  program site now through Friday, March 25 at 19:00 UTC. The first step is to review the 180 open source projects and find project ideas that appeal to you. Since spots are limited, we recommend a strong project proposal to help increase your chances of selection. Our Student Manual provides lots of helpful advice to get you started on choosing an organization and crafting a great application. 

For ongoing information throughout the application period and beyond, see the Google Open Source Blog, join our Google Summer of Code discussion lists or join us on internet relay chat (IRC) at #gsoc on Freenode.

Good luck to all the open source coders out there, and remember to submit your proposals early — you only have until Friday, March 25 at 19:00 UTC to apply!


By Mary Radomile, Google Open Source team
Categories: Open Source

Goodnight Melange

Wed, 03/09/2016 - 21:10
The time has come to say farewell to Melange, the website software which ran Google Summer of Code from 2009 to 2015, and Google Code-in from 2010 to 2014. Both programs have migrated to new websites.
Starting on Thursday, March 31, www.google-melange.com will become a limited static archive of what projects and tasks were completed. It will contain titles, descriptions, and display names, but no other project information. If there is any data from the site you wish to save, you should extract it now. Melange has facilitated over 11,000 students to get involved in open source software development, working on projects big and small. We encourage our users to export the data and keep it alive.
The code for Melange will continue to be open source but Google will not be doing any further development on it. We'd be pleased to hear someone forked the code and continued working on Melange as a new project.

Thanks to everyone who contributed to Melange and kept it running over the past 7 years: Aditi, Akeda, Anatoly, Andrew, Anthony, Arc, Aruna, Ashish, Augie, Chen, Dan, Daniel, David, Denys, Dmitri, Doug, Drew, Felix, Gilles, Jacob, James, Jasvir, Jenn, Johannes, John, Jonn, Kevin, Lennard, Leo, Leon, Madhusudan, Marcelo, Mario, Matthew, Mayank, Nathaniel, Orcun, Pankaj, Pawel, Piotr, Piyush, Praveen, Raul, Robert, Rylan, Savitha, Selwyn, Shikher, Simon, Sriharsha, Suyash, Sverre, Syed, Tim, Tobias, Todd, Vivek and Zachary.

Melange served us well for a long time, and we hope it enjoys its retirement!

By Stephanie Taylor, Open Source Programs

Categories: Open Source

Teaching kids to program in their native language

Fri, 03/04/2016 - 19:00

Today we introduce two programs to help kids program in their native language — clojure-turtle and clj-thamil. Both are written in Clojure, a dialect of Lisp that runs on the Java Virtual Machine. What makes Clojure unique is its simple design which can help make the path for kids to learn programming easier.
clojure-turtle: a bridge between logo beginners and lisp experts
For some beginners, the Clojure learning curve has been steep in the area of functions and functional programming. Many students learning to program prefer to start instead with Logo, a dialect of Lisp that is used in Scratch and teaching efforts such as code.org. We designed clojure-turtle with this in mind.
The clojure-turtle project was created to bridge the gap between the people using Lisp at opposite ends of the spectrum. It’s for those learning to program for the first time and those with “real-world concerns” who write macros. The project implements Logo in Clojure, and remains faithful to the basics of Logo —(forward 10),  (right 90), etc.  But the door is left open for you to blur the lines of Logo/Clojure, beginner/FP, etc.:
(defn square-by-length  [side-length]  (repeat 4 (all (forward side-length) (right 90))))
(defn mirrored [f]  (fn [& args]    (repeat 2 (all (apply f args) (right 180)))))
(def lengths [40 50 60])(map (mirrored square-by-length) lengths)clojure-turtle2.pngOne place where the Logo in Clojure approach of clojure-turtle has already proven successful is in ClojureBridge, a workshop for beginners aimed at increasing the number of people from underrepresented minority groups within the Clojure community. The section on teaching functions had been challenging for students previously, but students now learning through the Logo-based approach move past it with ease onto higher level concepts.
clj-thamil: programming in your native language
When I originally set out to create a library for processing for the Thamil language, I stumbled upon the realization that I could also program in the Thamil language. Functions are first-class data, which can be assigned to new names. But macros are what enable me to “translate” the rest of Clojure from English to Thamil, doing so in the form of a library, without having to modify the compiler, and in a manner that is generic for any language to use. Now, a function to pluralize a word in Thamil can be itself written in Thamil. In my Clojure/West talk on clj-thamil, I talked about the potential impact on increasing diversity among programmers, especially when we consider the number of people globally who do not have access to a (good) English education that is an implicit prerequisite for learning to program.
Putting the two together: learning Logo in your native language
The approach of clj-thamil is flexible and powerful enough that we can “translate” any code, not just the core of Clojure. So why not translate clojure-turtle in less than 30 lines of code? Here is a video demonstrating the use of Logo in the Thamil language:

The simple concepts of Logo soften the learning curve for programming and can make it fun for all ages! The simplicity of Clojure gives it a power that you can use to shape the program to your will — students can write all their code in a non-English language if they want. The combination of simple concepts can make it  possible to teach programming to kids around the world who do not speak English. I hope that clojure-turtle and clj-thamil can be used to improve literacy and diversity for students learning to code.
Visit the clojure-turtle Github page and the clj-thamil Github page to learn more, sign up for the mailing lists and contribute patches for features.
By Elango Cheran, Software Engineering
Categories: Open Source

New algorithms may lower the cost of secure computing

Wed, 03/02/2016 - 19:00
Here at Google we strive to make computing not only more cost-efficient, faster, and easier but also more secure. Hash functions are essential building blocks in computing, but must be protected against certain inputs. Today, we are open-sourcing 3 new hash function implementations: faster, data-parallel versions of SipHash, a fast cryptographically strong pseudorandom function, and the entirely new HighwayHash, which reaches even higher speeds thanks to the data parallel features of modern computers.
Our first hash function produces the same output as SipHash, but 1.5 times as quickly thanks to AVX-2 instructions. The second improvement uses j-lanes tree hashing to process multiple inputs in parallel, which is 3 times as fast. This technique is known to be secure, but produces different output than the original SipHash and is slightly slower for short inputs.
HighwayHash is based on a new way of mixing inputs with just a few AVX-2 multiply and permute instructions. We are hopeful that the result is a cryptographically strong pseudorandom function, but new cryptanalysis methods might be needed for analyzing this promising family of hash functions. HighwayHash is significantly faster than SipHash for all measured input sizes, with about 7 times higher throughput at 1 KiB.
We believe our efforts represent the current state of the art in high-speed attack-resistant hashing. These new functions can lower the cost of safe and secure computing. We invite everyone to use, study, and analyze the open-source implementations.
By Jan Wassenberg and Jyrki Alakuijala, Google Research
Categories: Open Source