Author Archives: Open Source Programs Office

Outline: secure access to the open web

Censorship and surveillance are challenges that many journalists around the world face on a daily basis. Some of them use a virtual private network (VPN) to provide safer access to the open internet, but not all VPNs are equally reliable and trustworthy, and even fewer are open source.

That’s why Jigsaw created Outline, a new open source, independently audited platform that lets any organization easily create and operate their own VPN.

Outline’s most striking feature is arguably how easy it is to use. An organization starts by downloading the Outline Manager app, which lets them sign in to DigitalOcean, where they can host their own VPN, and set it up with just a few clicks. They can also easily use other cloud providers, provided they have shell access to run the installation script. Once an Outline server is set up, the server administrator can create access credentials and share with their network of contacts, who can then use the Outline clients to connect to it.


A core element to any VPN’s security is the protocol that the server and clients use to communicate. When we looked at the existing protocols, we realized that many of them were easily identifiable by network adversaries looking to spot and block VPN traffic. To make Outline more resilient against this threat, we chose Shadowsocks, a secure, handshake-less, and open source protocol that is known for its strength and performance, and enjoys the support of many developers worldwide. Shadowsocks is a combination of a simplified SOCKS5-like routing protocol, running on top of an encrypted channel. We chose the AEAD_CHACHA20_POLY1305 cipher, which is an IETF standard and provides the security and performance users need.

Another important component to security is running up-to-date software. We package the server code as a Docker image, enabling us to run on multiple platforms, and allowing for automatic updates using Watchtower. On DigitalOcean installations, we also enable automatic security updates on the host machine.

If security is one of the most critical parts of creating a better VPN, usability is the other. We wanted Outline to offer a consistent, simple user experience across platforms, and for it to be easy for developers around the world to contribute to it. With that in mind, we use the cross-platform development framework Apache Cordova for Android, iOS, macOS and ChromeOS, and Electron for Windows. The application logic is a web application written in TypeScript, while the networking code had to be written in native code for each platform. This setup allows us to reutilize most of code, and create consistent user experiences across diverse platforms.

In order to encourage a robust developer community we wanted to strike a balance between simplicity, reproducibility, and automation of future contributions. To that end, we use Travis for continuous builds and to generate the binaries that are ultimately uploaded to the app stores. Thanks to its cross-platform support, any team member can produce a macOS or Windows binary with a single click. We also use Docker to package the build tools for client platforms, and thanks to Electron, developers familiar with the server's Node.js code base can also contribute to the Outline Manager application.

You can find our code in the Outline GitHub repositories and more information on the Outline website. We hope that more developers join the project to build technology that helps people connect to the open web and stay more safe online.

By Vinicius Fortuna, Jigsaw

These 27 organizations will mentor students in Google Code-in 2018

We’re excited to welcome 27 open source organizations to mentor students as part of Google Code-in 2018. The contest, now in its ninth year, offers 13-17 year old pre-university students from around the world an opportunity to learn and practice their skills while contributing to open source projects–all online!

Google Code-in starts for students on October 23rd. Students are encouraged to learn about the participating organizations ahead of time and can get started by clicking on the links below:
  • AOSSIE: Australian umbrella organization for open source projects.
  • Apertium: rule-based machine translation platform.
  • Catrobat: visual programming for creating mobile games and animations.
  • CCExtractor: open source tools for subtitle generation.
  • CloudCV: building platforms for reproducible AI research.
  • coala: a unified interface for linting and fixing code, regardless of the programming languages used.
  • Copyleft Games Group: develops tools, libraries, and game engines.
  • Digital Impact Alliance: collaborative space for multiple open source projects serving the international development and humanitarian response sectors.
  • Drupal: content management platform.
  • Fedora Project: a free and friendly Linux-based operating system.
  • FOSSASIA: developing communities across all ages and borders to form a better future with Open Technologies and ICT.
  • Haiku: operating system specifically targeting personal computing.
  • JBoss Community: a community of projects around JBoss Middleware.
  • KDE Community: produces FOSS by artists, designers, programmers, translators, writers and other contributors.
  • Liquid Galaxy: an interactive, panoramic and immersive visualization tool.
  • MetaBrainz: builds community maintained databases.
  • MovingBlocks: a Minecraft-inspired open source game.
  • OpenMRS: open source medical records system for the world.
  • OpenWISP: build and manage low cost networks such as public wifi.
  • OSGeo: building open source geospatial tools.
  • PostgreSQL: relational database system.
  • Public Lab: open software to help communities measure and analyze pollution.
  • RTEMS Project: operating system used in satellites, particle accelerators, robots, racing motorcycles, building controls, medical devices.
  • Sugar Labs: learning platform and activities for elementary education.
  • SCoRe: research lab seeking sustainable solutions for problems faced by developing countries.
  • The ns-3 Network Simulator Project: packet-level network simulator for research and education.
  • Wikimedia: non-profit foundation dedicated to bringing free content to the world, operating Wikipedia.
These 27 organizations are hard at work creating thousands of tasks for students to work on, including code, documentation, design, quality assurance, outreach, research and training tasks. The contest starts for students on Tuesday, October 23rd at 9:00am Pacific Time.

You can learn more about Google Code-in on the contest site where you’ll find Frequently Asked Questions, Important Dates and flyers and other helpful information including the Getting Started Guide.

Want to talk with other students, mentors, and organization administrations about the contest? Check out our discussion mailing list. We can’t wait to get started!

By Stephanie Taylor, Google Open Source

Google Code-in 2018 is looking for great open source organizations to apply

We are accepting applications for open source organizations interested in participating in Google Code-in 2018. Google Code-in (GCI) invites pre-university students ages 13-17 to learn by contributing to open source software.

Working with young students is a special responsibility and each year we hear inspiring stories from mentors who participate. To ensure these new, young contributors have a solid support system, we only select organizations that have gained experience in mentoring students by previously taking part in Google Summer of Code.

Organization applications are now open and all interested open source organizations must apply before Monday, September 17 at 16:00 UTC.

In 2017, 25 organizations were accepted – 9 of which were participating in GCI for the first time! Over the last 8 years, 8,108 students from 107 countries have completed more than 40,000 tasks for participating open source projects. Tasks fall into 5 categories:
  • Code: writing or refactoring.
  • Documentation/Training: creating/editing documents and helping others learn more.
  • Outreach/Research: community management, outreach/marketing, or studying problems and recommending solutions.
  • Quality Assurance: testing and ensuring code is of high quality.
  • Design: graphic design or user interface design.
Once an organization is selected for Google Code-in 2018 they will define these tasks and recruit mentors from their communities who are interested in providing online support for students during the seven week contest.

You can find a timeline, FAQ and other information about Google Code-in on our website. If you’re an educator interested in sharing Google Code-in with your students, you can find resources here.

By Stephanie Taylor, Google Open Source

Introducing the Tink cryptographic software library

Cross-posted on the Google Security Blog

At Google, many product teams use cryptographic techniques to protect user data. In cryptography, subtle mistakes can have serious consequences, and understanding how to implement cryptography correctly requires digesting decades' worth of academic literature. Needless to say, many developers don’t have time for that.

To help our developers ship secure cryptographic code we’ve developed Tink—a multi-language, cross-platform cryptographic library. We believe in open source and want Tink to become a community project—thus Tink has been available on GitHub since the early days of the project, and it has already attracted several external contributors. At Google, Tink is already being used to secure data of many products such as AdMob, Google Pay, Google Assistant, Firebase, the Android Search App, etc. After nearly two years of development, today we’re excited to announce Tink 1.2.0, the first version that supports cloud, Android, iOS, and more!

Tink aims to provide cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Tink is built on top of existing libraries such as BoringSSL and Java Cryptography Architecture, but includes countermeasures to many weaknesses in these libraries, which were discovered by Project Wycheproof, another project from our team.

With Tink, many common cryptographic operations such as data encryption, digital signatures, etc. can be done with only a few lines of code. Here is an example of encrypting and decrypting with our AEAD interface in Java:
 import com.google.crypto.tink.Aead;
    import com.google.crypto.tink.KeysetHandle;
    import com.google.crypto.tink.aead.AeadFactory;
    import com.google.crypto.tink.aead.AeadKeyTemplates;
     // 1. Generate the key material.
    KeysetHandle keysetHandle = KeysetHandle.generateNew(
        AeadKeyTemplates.AES256_EAX);
     // 2. Get the primitive.
    Aead aead = AeadFactory.getPrimitive(keysetHandle);
     // 3. Use the primitive.
    byte[] plaintext = ...;
    byte[] additionalData = ...;
    byte[] ciphertext = aead.encrypt(plaintext, additionalData);
Tink aims to eliminate as many potential misuses as possible. For example, if the underlying encryption mode requires nonces and nonce reuse makes it insecure, then Tink does not allow the user to pass nonces. Interfaces have security guarantees that must be satisfied by each primitive implementing the interface. This may exclude some encryption modes. Rather than adding them to existing interfaces and weakening the guarantees of the interface, it is possible to add new interfaces and describe the security guarantees appropriately.

We’re cryptographers and security engineers working to improve Google’s product security, so we built Tink to make our job easier. Tink shows the claimed security properties (e.g., safe against chosen-ciphertext attacks) right in the interfaces, allowing security auditors and automated tools to quickly discover usages where the security guarantees don’t match the security requirements. Tink also isolates APIs for potentially dangerous operations (e.g., loading cleartext keys from disk), which allows discovering, restricting, monitoring and logging their usage.

Tink provides support for key management, including key rotation and phasing out deprecated ciphers. For example, if a cryptographic primitive is found to be broken, you can switch to a different primitive by rotating keys, without changing or recompiling code.

Tink is also extensible by design: it is easy to add a custom cryptographic scheme or an in-house key management system so that it works seamlessly with other parts of Tink. No part of Tink is hard to replace or remove. All components are composable, and can be selected and assembled in various combinations. For example, if you need only digital signatures, you can exclude symmetric key encryption components to minimize code size in your application.

To get started, please check out our HOW-TO for Java, C++ and Obj-C. If you'd like to talk to the developers or get notified about project updates, you may want to subscribe to our mailing list. To join, simply send an empty email to [email protected]. You can also post your questions to StackOverflow, just remember to tag them with tink.

We’re excited to share this with the community, and welcome your feedback!

By Thai Duong, Information Security Engineer, on behalf of Tink team

Announcing Google Code-in 2018: nine is just fine!

We are excited to announce the 9th consecutive year of the Google Code-in (GCI) contest! Students ages 13 through 17 from around the world can learn about open source development by working on real open source projects, with mentorship from active developers. GCI begins on Tuesday, October 23, 2018 and runs for seven weeks, ending Wednesday, December 12, 2018.

Google Code-in is unique because, not only do the students choose what they want to work on from the 2,500+ tasks created by open source organizations, but they have mentors available to help answer their questions as they work on each of their tasks.

Getting started in open source software can be a daunting task for a developer of any age. What organization should I work with? How do I get started? Does the organization want my help? Am I too inexperienced?

The beauty of GCI is that participating open source organizations realize teens are often first time contributors, so the volunteer mentors come prepared with the patience and the experience to help these newcomers become part of the open source community.

Open source communities thrive when there is a steady flow of new contributors who bring new perspectives, ideas and enthusiasm. Over the last 8 years, GCI open source organizations have helped 8,108 students from 107 countries make meaningful contributions. Many of these students are still participating in open source communities years later. Dozens have gone on to become Google Summer of Code (GSoC) students and even mentor other students.

The tasks that contest participants will complete vary in skill set and level, including beginner tasks any student can take on, such as “setup your development environment.” With tasks in five different categories, there’s something to fit almost any student’s skills:
  • Code: writing or refactoring
  • Documentation/Training: creating/editing documents and helping others learn more
  • Outreach/Research: community management, marketing, or studying problems and recommending solutions
  • Quality Assurance: testing and ensuring code is of high quality
  • Design: graphic design or user interface design
Open source organizations can apply to participate as mentoring organizations for in Google Code-in starting on Thursday, September 6, 2018. Google Code-in starts for students October 23rd!

Visit the contest site g.co/gci to learn more about the contest and find flyers, slide decks, timelines, and more.

By Stephanie Taylor, Google Open Source

That’s a wrap for Google Summer of Code 2018

We are pleased to announce that 1,072 students from 59 countries have successfully completed the 2018 Google Summer of Code (GSoC). Congratulations to all of our students and mentors who made this our biggest and best Google Summer of Code yet.

Over the past 12 weeks, GSoC students have worked diligently with 212 open source organizations and over 2,100 mentors from all around the world, learning to work with distributed teams and developing complex pieces of code. Student projects are now public – take a closer look at their work.

Open source communities need new ideas to keep projects thriving and evolving; GSoC students bring fresh perspectives while helping organizations enhance, extend, and refine their codebases. This is not the end of the road for GSoC students! Many will go on to become mentors in future years and many more will become long-term committers.

And finally, a big thank you to the mentors and organization administrators who make GSoC possible. Their dedication to welcoming new student contributors into their communities is awesome and inspiring. Thank you all!

By Mary Radomile, Google Open Source

ZuriHac 2018: Haskell hackathon in Rapperswil

Google Open Source recently co-sponsored a three-day hackathon for Haskell, an open source functional programming language. Ivan Krišto from Google’s Zürich office talks more about the event below.

Over the weekend of June 9th, Rapperswil, Switzerland became a home for 300 Haskellers. Hochschule für Technik Rapperswil hosted the seventh annual ZuriHac, the biggest Haskell Hackathon in Europe. ZuriHac is a free, international coding festival with the goal to expand our community and to build and improve Haskell libraries, tools and infrastructure.

Participants could choose to hack all day long, attend the Haskell beginners course led by Julie Moronuki, join the Glasgow Haskell Compiler (GHC) DevOps track organized by GHC contributors with the goal to bring in new contributors, listen to the Haskell flavoured talks, or socialize and swim in the lake. The event was colocated with C++ standardization committee meetings which offered a unique opportunity for sharing ideas between the two communities.

Here is a short summary of featured talks at ZuriHac.
The event concluded with a presentation of the results of the three day hackathon: project presentations.

Video by Hochschule für Technik Rapperswil.

Once again, we broke the attendance record! We’re already preparing for ZuriHac 2019 and hope to keep up this amazing growth. See you next year!

By Ivan Krišto, Software Engineer

Congratulations to the latest Google Open Source Peer Bonus winners

We are pleased to announce the latest round of Google Open Source Peer Bonus winners and the projects they support.

Open source software is a cornerstone of software development inside and outside of Google, and the Google Open Source Peer Bonus program is one way we thank the people who make our work possible. Twice a year we invite Googlers to nominate external contributors to be rewarded for their contribution to open source projects.

This time we have a truly international team of recipients from Australia, Brazil, Canada, Germany, India, Italy, Ireland, France, Japan, Netherlands, Russia, Singapore, Switzerland, Sweden, UK and USA. You can learn about previous recipients in these blog posts.

Projects range from Linux distributions and version control systems to monitoring and testing software. Some are part of the backbone of our industry, others are critical dependencies of specific products and services we offer. All of them are important to us!

Listed below are the individuals who gave us permission to thank them publicly:

Name Project Name Project
Sultan AlsawafAndroid KernelRavi Santosh GudimetlaKubernetes
Allan McRaeArch LinuxSteve KuznetsovKubernetes
Seth Pollackaws-encryption-providerHisham MuhammadLuaRocks
George GensureBazel BuildfarmYutaka Matsubarameinheld
Omar CornutDear ImGuiPulkit GoyalMercurial
Alessandro ArzilliDelveYuya NishiharaMercurial
Matt KleinEnvoyAdam Mummery-SmithMixin
Ivan GrokhotkovESP8266 core for ArduinoArnout EngelenNotion
Esther OnfroyExodus PrivacyBrian BrazilPrometheus
Yao LiForkliftBruno Oliveirapytest
Warner LoshFreeBSDJames FriedmanRMWC
Elijah NewrenGitSteve KlabnikRust Book
Gábor SzederGitJack LukicSemantic UI
Alvaro Viebrantzgoogle-cloud-iot-arduinoVidar HolenShellCheck
Richard MusiolGopherJS, go-wasmIvan PopelyshevSkia graphics in Chrome
Tobias FuruholmGrafeasSpencer GibbSpring Cloud
David PursehouseJGitDaniel AlmSwift gRPC
Brian GrangerJupyterYong TangTensorFlow
Rodrigo MenezeskopsJason ZamanTensorFlow, Gentoo, SELinux
Rohith JayawardenekopsKai SasakiTensorFlow.js
Kam KasraviKubeflowManraj GroverTensorFlow.js
Pete MacKinnonKubeflowStefan WeilTesseract
Christoph BleckerKubernetesSumana HarihareswaraWarehouse (PyPI)
Davanum SrinivasKubernetesJia Lizone.js

Once again we would like to express our gratitude and appreciation to current and former recipients for their hard work, time and devotion to open source. Without you these projects wouldn’t thrive!

We look forward to your ongoing contributions and can’t wait to recognize even more contributors for their work in 2019.

By Maria Tabak, Google Open Source

Congratulations to the latest Google Open Source Peer Bonus winners

We are pleased to announce the latest round of Google Open Source Peer Bonus winners and the projects they support.

Open source software is a cornerstone of software development inside and outside of Google, and the Google Open Source Peer Bonus program is one way we thank the people who make our work possible. Twice a year we invite Googlers to nominate external contributors to be rewarded for their contribution to open source projects.

This time we have a truly international team of recipients from Australia, Brazil, Canada, Germany, India, Italy, Ireland, France, Japan, Netherlands, Russia, Singapore, Switzerland, Sweden, UK and USA. You can learn about previous recipients in these blog posts.

Projects range from Linux distributions and version control systems to monitoring and testing software. Some are part of the backbone of our industry, others are critical dependencies of specific products and services we offer. All of them are important to us!

Listed below are the individuals who gave us permission to thank them publicly:

Name Project Name Project
Sultan AlsawafAndroid KernelRavi Santosh GudimetlaKubernetes
Allan McRaeArch LinuxSteve KuznetsovKubernetes
Seth Pollackaws-encryption-providerHisham MuhammadLuaRocks
George GensureBazel BuildfarmYutaka Matsubarameinheld
Omar CornutDear ImGuiPulkit GoyalMercurial
Alessandro ArzilliDelveYuya NishiharaMercurial
Matt KleinEnvoyAdam Mummery-SmithMixin
Ivan GrokhotkovESP8266 core for ArduinoArnout EngelenNotion
Esther OnfroyExodus PrivacyBrian BrazilPrometheus
Yao LiForkliftBruno Oliveirapytest
Warner LoshFreeBSDJames FriedmanRMWC
Elijah NewrenGitSteve KlabnikRust Book
Gábor SzederGitJack LukicSemantic UI
Alvaro Viebrantzgoogle-cloud-iot-arduinoVidar HolenShellCheck
Richard MusiolGopherJS, go-wasmIvan PopelyshevSkia graphics in Chrome
Tobias FuruholmGrafeasSpencer GibbSpring Cloud
David PursehouseJGitDaniel AlmSwift gRPC
Brian GrangerJupyterYong TangTensorFlow
Rodrigo MenezeskopsJason ZamanTensorFlow, Gentoo, SELinux
Rohith JayawardenekopsKai SasakiTensorFlow.js
Kam KasraviKubeflowManraj GroverTensorFlow.js
Pete MacKinnonKubeflowStefan WeilTesseract
Christoph BleckerKubernetesSumana HarihareswaraWarehouse (PyPI)
Davanum SrinivasKubernetesJia Lizone.js

Once again we would like to express our gratitude and appreciation to current and former recipients for their hard work, time and devotion to open source. Without you these projects wouldn’t thrive!

We look forward to your ongoing contributions and can’t wait to recognize even more contributors for their work in 2019.

By Maria Tabak, Google Open Source

OpenMetrics project accepted into CNCF Sandbox

For the past several months, engineers from Google Cloud, Prometheus, and other vendors have been aligning on OpenMetrics, a specification for metrics exposition. Today, the project was formally announced and accepted into the CNCF Sandbox, and we’re currently working on ways to support OpenMetrics in OpenCensus, a set of uniform tracing and stats libraries that work with multiple vendors’ services. This multi-vendor approach works to put architectural choices in the hands of developers.
+
OpenMetrics stems from the stats formats used inside of Prometheus and Google’s Monarch time-series infrastructure, which underpins both Stackdriver and internal monitoring applications. As such, it is designed to be immediately familiar to developers and capable of operating at extreme scale. With additional contributions and review from AppOptics, Cortex, Datadog, InfluxData, Sysdig, and Uber, OpenMetrics has begun the cross-industry collaboration necessary to drive adoption of a new specification.

OpenCensus provides automatic instrumentation, APIs, and exporters for stats and distributed traces across C++, Java, Go, Node.js, Python, PHP, Ruby, and .Net. Each OpenCensus library allows developers to automatically capture distributed traces and key RPC-related statistics from their applications, add custom data, and export telemetry to their back-end of choice. Google has been a key collaborator in defining the OpenMetrics specification, and we’re now focusing on how to best implement this inside of OpenCensus.

“Google has a history of innovation in the metric monitoring space, from its early success with Borgmon, which has been continued in Monarch and Stackdriver. OpenMetrics embodies our understanding of what users need for simple, reliable and scalable monitoring, and shows our commitment to offering standards-based solutions,” said Sumeer Bhola, Lead Engineer on Monarch and Stackdriver at Google.

For more information about OpenMetrics, please visit openmetrics.io. For more information about OpenCensus and how you can quickly enable trace and metrics collection from your application, please visit opencensus.io.

By Morgan McLean, Product Manager for OpenCensus and Stackdriver APM