If you are a developer, source code is some of the most important data you have. It needs to be backed up regularly, it must be readily accessible from all of your machines, and it may even be confidential. Most of the code is probably already stored under version control.
With this in mind I developed Hesokuri, a background process that keeps Git repositories on multiple machines in sync. Changes are pushed aggressively to peers as they are committed. When a peer is offline, Hesokuri will retry a push regularly until the peer responds. In some cases, a peer will merge pushed commits into the current branch so they are immediately visible in any open text editor. This means that if Hesokuri is running on two or more networked machines, the Git repositories on them are duplicated, backed up, and widely accessible.
Once you have set up Hesokuri and written a simple configuration file, you can just use Git as you always have. Hesokuri also has a web interface so you can check what revisions of each repository have been pushed to each peer.
We are still working on the user interface and the list of features that we want to include, so thanks to the community in advance for your bug reports, pull requests, and other contributions!
For the source code and how to get started, check out the Hesokuri project page. You can also get help using Hesokuri and discuss improvements in the Google discussion group.
By Matthew DeVore, Google+ Team
Open Source Security
Wednesday, September 11, 2013
Free and open source software is a crucial part of the security infrastructure of the internet. As a Googler working on security issues, especially those involving open source software, I want to describe some of the open source security projects Google is involved with. This list is far from comprehensive, but comprises some of the projects I have personally had a hand in.
Instead, we need fine-grained access control and strong sandboxing.
My Cambridge colleague, Dr. Robert Watson says:
We’ve been working hard on a new idea in that area, Certificate Transparency - essentially a verifiably correct log of all issued certificates that can be used to quickly detect any missteps on the part of CAs. And, of course, we are hard at work on an open source implementation, with clients in C++, Java and Python, and a C++ server.
By Ben Laurie, Security Engineering
OpenSSL
Google employs two members of the OpenSSL team, myself and Bodo Möller. As well as helping to address security issues as they arise (sometimes discovered by other Googlers) we’ve also been helping with work to improve OpenSSL’s capabilities, for example implementing application-defined TLS extensions, adding support for ALPN (http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-01) and adding a framework for Authenticated Encryption with Additional Data (AEAD) (work in progress).Capsicum
Over the last decade or so, it has become increasingly (and painfully) apparent that ACLs and MAC, which were originally designed to protect expensive mainframes from their users, and the users from each other, are failing to secure modern cheap machines with single users who need protecting from the software they run.Instead, we need fine-grained access control and strong sandboxing.
My Cambridge colleague, Dr. Robert Watson says:
In August 2010, the University of Cambridge and Google published the Capsicum security model at the USENIX Security Symposium. Initially funded by a Google Faculty Research Award, Capsicum combines security ideas from historic research capability systems with contemporary operating-system design to allow robust, fine-grained, flexible, and application-centred sandboxing. Since 2012, Google Open Source Programs Office and the FreeBSD Foundation have been jointly funding continuing open source development to transition Capsicum from research to practice; Google also has summer students working on Capsicum through Google Summer of Code under the FreeBSD organization.
The project has been led by FreeBSD developer Pawel Dawidek, who has refined the Capsicum model as our experience has grown, updating existing privilege-separated applications to use Capsicum (e.g., OpenSSH and dhclient). Pawel has also adapted new applications to use Capsicum compartmentalisation "out-of-the-box", including system tools services (e.g., tcpdump, kdump,the high-availability storage daemon [hastd], the security audit-trail distribution daemon [auditdistd]), and UNIX pipeline components (e.g., grep, uniq). The goal is to move gradually towards ubiquitous sandboxing: since it is cheap (and often easy), explore what happens when you try to do it everywhere, mitigating as-yet unknown future vulnerabilities.
A key contribution of this work is the Casper application framework. Casper manages the creation of sandboxes, launching them on demand with only the rights they require to operate (Saltzer and Schroeder's 1975 Principle of Least Privilege). Existing applications can be linked against Casper to make use of a growing suite of Casper components, including sandboxed DNS resolution, delegation of file-system subsets, cryptographic random number generation, network services (such as sockets), system monitoring interfaces (via sysctl), and system databases such as the user and password files.
Pawel's current work is due to wrap up later in 2013. FreeBSD 10.0 will ship with Capsicum enabled by default and a suite of sandboxed applications.
Certificate Transparency
A key concern has been the repeated failures of Certificate Authorities (CAs) to properly defend their operations and correctly issue certificates, most recently exemplified by the DigiNotar incident, which not only compromised the security of hundreds of thousands of internet users, but also led to the company’s bankruptcy.We’ve been working hard on a new idea in that area, Certificate Transparency - essentially a verifiably correct log of all issued certificates that can be used to quickly detect any missteps on the part of CAs. And, of course, we are hard at work on an open source implementation, with clients in C++, Java and Python, and a C++ server.
Tor
Tor (originally short for The Onion Router), is a free software for enabling online anonymity. Widely recognized as a key component in online privacy, Foreign Policy Magazine named its primary authors among its 2012 Top 100 Global Thinkers “for making the web safe for whistleblowers.” Originally released in 2002 by the US Naval Research Laboratory, Tor development is now supported by a broad range of governments, organizations and individuals. Google is proud to have had the Tor Foundation as a Google Summer of Code mentoring organization since 2007, providing the project with both funding and potential new contributors.Libpurple
If you’ve ever “chatted” online chances are very good that you’ve used libpurple. Libpurple is the core of various instant messaging applications, notably Pidgin and Adium. Through a donation to Instant Messaging Freedom, Inc. we have sponsored a developer working on improving its security.By Ben Laurie, Security Engineering
We are joining the Open edX platform
Tuesday, September 10, 2013
A year ago, we released Course Builder, an experimental platform for online education at scale. Since then, individuals have created courses on everything from game theory to philanthropy, offered to curious people around the world. Universities and non-profit organizations have used the platform to experiment with MOOCs, while maintaining direct relationships with their participants. Google has published a number of courses including Introduction to Web Accessibility which opens for registration today. This platform is helping to deliver on our goal of making education more accessible through technology, and enabling educators to easily teach at scale on top of cloud platform services.
Today, Google will begin working with edX as a contributor to the open source platform, Open edX. We are taking our learnings from Course Builder and applying them to Open edX to further innovate on an open source MOOC platform. We look forward to contributing to edX’s new site, MOOC.org, a new service for online learning which will allow any academic institution, business and individual to create and host online courses.
Google and edX have a shared mission to broaden access to education, and by working together, we can advance towards our goals much faster. In addition, Google, with its breadth of applicable infrastructure and research capabilities, will continue to make contributions to the online education space, the findings of which will be shared directly to the online education community and the Open edX platform.
We support the development of a diverse education ecosystem, as learning expands in the online world. Part of that means that educational institutions should easily be able to bring their content online and manage their relationships with their students. Our industry is in the early stages of MOOCs, and lots of experimentation is still needed to find the best way to meet the educational needs of the world. An open ecosystem with multiple players encourages rapid experimentation and innovation, and we applaud the work going on in this space today.
We appreciate the community that has grown around the Course Builder open source project. We will continue to maintain Course Builder, but are focusing our development efforts on Open edX, and look forward to seeing edX’s MOOC.org platform develop. In the future, we will provide an upgrade path to Open edX and MOOC.org from Course Builder. We hope that our continued contributions to open source education projects will enable anyone who builds online education products to benefit from our technology, services and scale. For learners, we believe that a more open online education ecosystem will make it easier for anyone to pick up new skills and concepts at any time, anywhere.
By Dan Clancy, Director of Research
Today, Google will begin working with edX as a contributor to the open source platform, Open edX. We are taking our learnings from Course Builder and applying them to Open edX to further innovate on an open source MOOC platform. We look forward to contributing to edX’s new site, MOOC.org, a new service for online learning which will allow any academic institution, business and individual to create and host online courses.
Google and edX have a shared mission to broaden access to education, and by working together, we can advance towards our goals much faster. In addition, Google, with its breadth of applicable infrastructure and research capabilities, will continue to make contributions to the online education space, the findings of which will be shared directly to the online education community and the Open edX platform.
We support the development of a diverse education ecosystem, as learning expands in the online world. Part of that means that educational institutions should easily be able to bring their content online and manage their relationships with their students. Our industry is in the early stages of MOOCs, and lots of experimentation is still needed to find the best way to meet the educational needs of the world. An open ecosystem with multiple players encourages rapid experimentation and innovation, and we applaud the work going on in this space today.
We appreciate the community that has grown around the Course Builder open source project. We will continue to maintain Course Builder, but are focusing our development efforts on Open edX, and look forward to seeing edX’s MOOC.org platform develop. In the future, we will provide an upgrade path to Open edX and MOOC.org from Course Builder. We hope that our continued contributions to open source education projects will enable anyone who builds online education products to benefit from our technology, services and scale. For learners, we believe that a more open online education ecosystem will make it easier for anyone to pick up new skills and concepts at any time, anywhere.
By Dan Clancy, Director of Research
Who is New in Google Summer of Code - Final post
Friday, September 6, 2013
For our final post in the Google Summer of Code blog series highlighting new open source organizations participating in this year’s program, we have organization administrators from TimVideos.us and lmonade discussing their student’s projects.
By Stephanie Taylor, Open Source Programs
TimVideos.us is a group of projects which together create a system for doing both recording and live event streaming for conferences, meetings, user groups and other presentations. The project combines both software (gst-switch, streaming website and tools, speaker tracking, etc.) and hardware projects (HDMI2USB - A HDMI/DVI Capturing Solution). Parts of the system have been been used at large open source conferences such as Linux.conf.au, PyCon US and others.
Google Summer of Code 2013 has generously funded three students to work on the following TimVideos.us projects:
- EDID Database Website - Code Extended display identification data (EDID) is a data structure provided by a digital display to describe its capabilities to a video source. Many devices ship with bad or misleading EDID information. The goal of this project is to develop a website to list EDID information, allowing users to browse, search and update them.
- Developing Python API for gst-switch - Code gst-switch aims to do interactive live mixing of incoming video streams, designed to meet the needs of conference recording. Designed as a flexible replacement for DVSwitch, and based around GStreamer, this project aims to develop a Python API for controlling and testing gst-switch.
We hope that through our projects, the costs and expertise currently required to produce live streaming events will be reduced to near zero. We wish to develop a system where everyone has the ability to record presentations and host live remote participants across the globe.
By Tim Ansell, TimVideos.us Google Summer of Code Organization Administrator and Mentor
-----
lmonade is a scientific software distribution that can be installed without administrative rights on Unix based systems. Building on the Gentoo packaging system, we hope to solve the dependency nightmare experienced by all sufficiently complex scientific software packages which have release schedules that do not fit the restrictions of packagers for large GNU/Linux distributions.
We are thrilled to be a part of Google Summer of Code as a new organization this year. As an umbrella organization, lmonade promotes ideas to improve various open source/free mathematical software, especially computational algebra projects. After the midterm evaluations, we are continuing the Google Summer of Code with 4 projects:
- Tom Bachmann - C++ wrapper for FLINT - FLINT is a highly optimized library for performing computations in number theory, written in C. This project aims to create C++ wrappers using expression templates, which compile down to code which achieves performance as close to native C as possible.
- Remus Barbatei - Continuous integration platform for lmonade - This project is about improving the existing CI infrastructure used by lmonade to take advantage of the build instructions and dependency information stored in its package repository and easily set up nightly testing facilities for more scientific software packages.
- Verónica Suaste - New decoding algorithms for error correcting codes in Sage - The main goal of this work is to implement decoding algorithms based on Gröbner bases methods in Sage. While improving the coding theory module of Sage, this will provide the opportunity to compare performance of this new algorithm with implementations in computer algebra systems.
- Ioana Tamas - Binary decision diagrams for Boolean polynomial rings - Zero-suppressed binary decision diagrams are used by Polybori for efficiently representing Boolean polynomials. At the moment, they are manipulated via CUDD, which is not specialized on these types of diagrams and only uses C in the implementation. The goal of this project is to implement an independent library in C++ that is specialized on zero-suppressed binary decision diagrams.
We wish all our students continuing success in their projects.
By Burcin Erocal, lmonade Organization AdministratorIt’s hard to believe the student coding for Google Summer of Code 2013 will conclude in less than three weeks! To view a complete list of the projects students are working on this summer, visit the Google Summer of Code program site.
By Stephanie Taylor, Open Source Programs
Patchfield for Android
Wednesday, September 4, 2013
Some of the best apps are those that specialize in a single task. With Patchfield, a new open-source audio library for Android, you can create highly focused audio apps (such as synthesizers and effects) and then combine their capabilities by connecting them to one another in a virtual patch bay. Inspired by JACK, the JACK Audio Connection Kit, Patchfield provides a simple, callback-driven API for implementing audio modules, a flexible API for managing the signal processing graph, and support for inter-app audio routing. Patchfield is the 20% project of Peter Brinkmann, an engineer on the speech infrastructure team.
Running as a remote service, Patchfield allows audio developers to create interoperable apps that focus on a single task each, such as synthesis or effects or recording. The output of one app can be connected to the input of another, for a combinatorial explosion of possibilities. Running locally within a single app, Patchfield provides a powerful way of organizing the audio components of an app. The implementation resides entirely in user space and works on many stock consumer devices, such as Nexus 7 and 10.
Patchfield is available at GitHub, under the the Apache 2.0 License. The repository includes the core library as well as a number of sample projects that illustrate how to use Patchfield. Happy hacking!
DevBytes video: http://www.youtube.com/watch?v=LTisevoxm64
By Peter Brinkmann, Speech Infrastructure team
Patchfield is available at GitHub, under the the Apache 2.0 License. The repository includes the core library as well as a number of sample projects that illustrate how to use Patchfield. Happy hacking!
DevBytes video: http://www.youtube.com/watch?v=LTisevoxm64
By Peter Brinkmann, Speech Infrastructure team