Category Archives: Open Source Blog

News about Google’s open source projects and programs

Goodnight Melange

The time has come to say farewell to Melange, the website software which ran Google Summer of Code from 2009 to 2015, and Google Code-in from 2010 to 2014. Both programs have migrated to new websites.

Starting on Thursday, March 31, www.google-melange.com will become a limited static archive of what projects and tasks were completed. It will contain titles, descriptions, and display names, but no other project information. If there is any data from the site you wish to save, you should extract it now. Melange has facilitated over 11,000 students to get involved in open source software development, working on projects big and small. We encourage our users to export the data and keep it alive.

The code for Melange will continue to be open source but Google will not be doing any further development on it. We'd be pleased to hear someone forked the code and continued working on Melange as a new project.

Thanks to everyone who contributed to Melange and kept it running over the past 7 years: Aditi, Akeda, Anatoly, Andrew, Anthony, Arc, Aruna, Ashish, Augie, Chen, Dan, Daniel, David, Denys, Dmitri, Doug, Drew, Felix, Gilles, Jacob, James, Jasvir, Jenn, Johannes, John, Jonn, Kevin, Lennard, Leo, Leon, Madhusudan, Marcelo, Mario, Matthew, Mayank, Nathaniel, Orcun, Pankaj, Pawel, Piotr, Piyush, Praveen, Raul, Robert, Rylan, Savitha, Selwyn, Shikher, Simon, Sriharsha, Suyash, Sverre, Syed, Tim, Tobias, Todd, Vivek and Zachary.

Melange served us well for a long time, and we hope it enjoys its retirement!

By Stephanie Taylor, Open Source Programs


Scalable vendor security reviews

At Google, we assess the security of hundreds of vendors every year. We scale our efforts through automating much of the initial information gathering and triage portions of the vendor review process. To do this we've developed the Vendor Security Assessment Questionnaire (VSAQ), a collection of self-adapting questionnaires for evaluating multiple aspects of a vendor's security and privacy posture.

We've received feedback from many vendors who completed the questionnaires. Most vendors found them intuitive and flexible — and, even better, they've been able to use the embedded tips and recommendations to improve their security posture. Some also expressed interest in using the questionnaires to assess their own suppliers.

Based on this positive response, we've decided to open source the VSAQ Framework (Apache License Version 2) and the generally applicable parts of our questionnaires on GitHub: https://github.com/google/vsaq. We hope it will help companies spin up, or further improve their own vendor security programs. We also hope the base questionnaires can serve as a self-assessment tool for security-conscious companies and developers looking to improve their security posture.

The VSAQ Framework comes with four security questionnaire templates that can be used with the VSAQ rendering engine:


All four base questionnaire templates can be readily extended with company-specific questions.
Using the same questionnaire templates across companies may help to scale assessment efforts. Common templates can also minimize the burden on vendor companies, by facilitating the reuse of responses.

The VSAQ Framework comes with a simple client-side-only reference implementation that's suitable for self-assessments, for vendor security programs with a moderate throughput, and for just trying out the framework. For a high-throughput vendor security program, we recommend using the VSAQ Framework with a custom server-side component that fits your needs (the interface is quite simple).

Give VSAQ a try! A demo version of the VSAQ Framework is available here:

Excerpt from Security and Privacy Programs Questionnaire

Let us know how VSAQ works for you: contact us. We look forward to getting your feedback and continuing to make vendor reviews scalable — and maybe even fun!

By Lukas Weichselbaum and Daniel Fabian, Google Security

New algorithms may lower the cost of secure computing

Here at Google we strive to make computing not only more cost-efficient, faster, and easier but also more secure. Hash functions are essential building blocks in computing, but must be protected against certain inputs. Today, we are open-sourcing 3 new hash function implementations: faster, data-parallel versions of SipHash, a fast cryptographically strong pseudorandom function, and the entirely new HighwayHash, which reaches even higher speeds thanks to the data parallel features of modern computers.

Our first hash function produces the same output as SipHash, but 1.5 times as quickly thanks to AVX-2 instructions. The second improvement uses j-lanes tree hashing to process multiple inputs in parallel, which is 3 times as fast. This technique is known to be secure, but produces different output than the original SipHash and is slightly slower for short inputs.

HighwayHash is based on a new way of mixing inputs with just a few AVX-2 multiply and permute instructions. We are hopeful that the result is a cryptographically strong pseudorandom function, but new cryptanalysis methods might be needed for analyzing this promising family of hash functions. HighwayHash is significantly faster than SipHash for all measured input sizes, with about 7 times higher throughput at 1 KiB.

We believe our efforts represent the current state of the art in high-speed attack-resistant hashing. These new functions can lower the cost of safe and secure computing. We invite everyone to use, study, and analyze the open-source implementations.

By Jan Wassenberg and Jyrki Alakuijala, Google Research

2016 Google Summer of Code mentor organizations

GSOC Roboto Lockup (1).jpg
It’s that time of year again! We are pleased to announce the mentor organizations accepted for this year’s Google Summer of Code (GSoC). Every year, we have many more great projects than we can accept — 2016 was no exception. After carefully reviewing 369 applications, we have chosen 180 open source projects, 24% of which are new to the program. Please see our new program website for a complete list of the accepted orgs.

Over the next two weeks, students interested in participating in GSoC can research each of the organizations. The student application period begins on Monday, March 14, 2016 at 19:00 UTC and ends on Friday, March 25, 2016 at 19:00 UTC.


Interested? Start by reviewing the Ideas List from each organization to learn about the organization and how you might contribute. Some of the most successful proposals have been completely new ideas submitted by students, so if you don’t see a project that appeals to you, don’t be afraid to suggest a new idea to the organization! There are contacts listed for each organization on their Ideas List — students should contact the organization directly to discuss a new proposal. We also strongly encourage all interested students to reach out to and become familiar with the organization before applying.


For more information, visit our website for a full timeline of important dates and program milestones. We also highly recommend all potential students read the student manual and the FAQ’s.


Congratulations to all of our mentor organizations! We look forward to working with all of you during Google Summer of Code 2016!

By Mary Radomile, Open Source Programs

2016 Google Summer of Code mentor organizations

GSOC Roboto Lockup (1).jpg
It’s that time of year again! We are pleased to announce the mentor organizations accepted for this year’s Google Summer of Code (GSoC). Every year, we have many more great projects than we can accept — 2016 was no exception. After carefully reviewing 369 applications, we have chosen 180 open source projects, 24% of which are new to the program. Please see our new program website for a complete list of the accepted orgs.

Over the next two weeks, students interested in participating in GSoC can research each of the organizations. The student application period begins on Monday, March 14, 2016 at 19:00 UTC and ends on Friday, March 25, 2016 at 19:00 UTC.


Interested? Start by reviewing the Ideas List from each organization to learn about the organization and how you might contribute. Some of the most successful proposals have been completely new ideas submitted by students, so if you don’t see a project that appeals to you, don’t be afraid to suggest a new idea to the organization! There are contacts listed for each organization on their Ideas List — students should contact the organization directly to discuss a new proposal. We also strongly encourage all interested students to reach out to and become familiar with the organization before applying.


For more information, visit our website for a full timeline of important dates and program milestones. We also highly recommend all potential students read the student manual and the FAQ’s.


Congratulations to all of our mentor organizations! We look forward to working with all of you during Google Summer of Code 2016!

By Mary Radomile, Open Source Programs

Google Code-in 2015: diving into the numbers


GCI vertical. 1142x994dp.png

Google Code-in (GCI), our contest introducing 13-17 year olds to open source software development, wrapped up a few weeks ago with our largest contest to date: 980 students from 65 countries completed a record-breaking 4,776 tasks! Working with 14 open source organizations, students wrote code, created and edited documentation, designed UI elements and logos, conducted research, developed screencasts and videos teaching others about open source software, and helped find (and fix!) hundreds of bugs.

General statistics

  • 57% of students completed three or more tasks (earning themselves a sweet Google Code-in 2015 t-shirt)
  • 21% of students were female, up from 18% in 2014
  • This was the first Google Code-in for 810 students (83%)


Student age

Participating schools

Students from 550 schools competed in this year’s contest. Below are the top five participating schools.

School Name
Number of student participants
Country
Website
Dunman High School
147
Singapore
GSS PU College
44
India
Colegiul National Aurel Vlaicu
31
Romania
Sacred Heart Convent Senior Secondary School
28
India
Freehold High School
10
United States

Countries

The charts below display the top ten countries with the most students completing at least 1 task.

Country
Number of student participants
India
246
United States
224
Singapore
164
Romania
65
Canada
24
Taiwan
22
Poland
19
United Kingdom
18
Australia
17
Germany
13


We are pleased to have 11 new countries participating in GCI this year: Albania, Armenia, Cameroon, Costa Rica (home to one of this year’s grand prize winners!), Cyprus, Georgia, Guatemala, Laos, Luxembourg, Qatar and Uganda.

In June we will welcome all 28 grand prize winners (along with a mentor from each participating organization) for a fun-filled trip to the Bay Area. The trip will include meeting with Google engineers to hear about new and exciting projects, a tour of the Google campus and a day of sightseeing around San Francisco.  

Stay tuned to our blog for more stats on Google Code-in, including wrap up posts from the mentor organizations. We are thrilled that Google Code-in was so popular this year. We hope to grow and expand this contest in the future to introduce even more passionate teens to the world of open source software development.

By Stephanie Taylor, Google Code-in Program Manager

EarlGrey: iOS functional UI testing framework

Brewing for quite some time, we are excited to announce EarlGrey, a functional UI testing framework for iOS. Several Google apps like YouTube, Google Calendar, Google Photos, Google Translate, Google Play Music and many more have successfully adopted the framework for their functional testing needs.

The key features offered by EarlGrey include:
  • Powerful built-in synchronization : Tests will automatically wait for events such as animations, network requests, etc. before interacting with the UI. This will result in tests that are easier to write (no sleeps or waits) and simple to maintain (straight up procedural description of test steps).
  • Visibility checking : All interactions occur on elements that users can see. For example, attempting to tap a button that is behind an image will lead to test failure immediately.
  • Flexible design : The components that determine element selection, interaction, assertion and synchronization have been designed to be extensible.

Are you in need for a cup of refreshing EarlGrey? EarlGrey has been open sourced under the Apache license. Check out the getting started guide and add EarlGrey to your project using CocoaPods or manually add it to your Xcode project file.

By Siddartha Janga, on behalf of Google iOS Developers

Running your models in production with TensorFlow Serving

Machine learning powers many Google product features, from speech recognition in the Google app to Smart Reply in Inbox to search in Google Photos. While decades of experience have enabled the software industry to establish best practices for building and supporting products, doing so for services based upon machine learning introduces new and interesting challenges. Today, we announce the release of TensorFlow Serving, designed to address some of these challenges. TensorFlow Serving is a high performance, open source serving system for machine learning models, designed for production environments and optimized for TensorFlow.
TensorFlow Serving is ideal for running multiple models, at large scale, that change over time based on real-world data, enabling:
  • model lifecycle management
  • experiments with multiple algorithms
  • efficient use of GPU resources
TensorFlow Serving makes the process of taking a model into production easier and faster. It allows you to safely deploy new models and run experiments while keeping the same server architecture and APIs. Out of the box it provides integration with TensorFlow, but it can be extended to serve other types of models. Here’s how it works. In the simplified, supervised training pipeline shown below, training data is fed to the learner, which outputs a model:
Once a new model version becomes available, upon validation, it is ready to be deployed to the serving system, as shown below.
TensorFlow Serving uses the (previously trained) model to perform inference - predictions based on new data presented by its clients. Since clients typically communicate with the serving system using a remote procedure call (RPC) interface, TensorFlow Serving comes with a reference front-end implementation based on gRPC, a high performance, open source RPC framework from Google. It is quite common to launch and iterate on your model over time, as new data becomes available, or as you improve the model. In fact, at Google, many pipelines run continuously, producing new model versions as new data becomes available.
TensorFlow Serving is written in C++ and it supports Linux. TensorFlow Serving introduces minimal overhead. In our benchmarks we recoded ~100,000 queries per second (QPS) per core on a 16 vCPU Intel Xeon E5 2.6 GHz machine, excluding gRPC and the TensorFlow inference processing time. We are excited to share this important component of TensorFlow today under the Apache 2.0 open source license. We would love to hear your questions and feature requests on Stack Overflow and GitHub respectively. To get started quickly, clone the code from github.com/tensorflow/serving and check out this tutorial. You can expect to keep hearing more about TensorFlow as we continue to develop what we believe to be one of the best machine learning toolboxes in the world. If you'd like to stay up to date, follow @googleresearch or +ResearchatGoogle, and keep an eye out for Jeff Dean's keynote address at GCP Next 2016 in March.

Posted by Noah Fiedel, Software Engineer 

Mentor Organization applications are now being accepted for Google Summer of Code 2016

GSOC Roboto Lockup (1).jpg
Our 12th year of Google Summer of Code (GSoC) has officially begun! GSoC is a global program focused on bringing more student developers into open source software development. Students work with an open source organization on a three month programming project during their break from university.

Do you represent a free or open source software organization looking for new contributors? Do you love the challenge and reward of mentoring new developers in your community? Apply to be a mentor organization for GSoC! Starting today we will be accepting applications from open source projects who would like to serve as mentor organizations for enthusiastic student developers.

The deadline to apply is February 19 at 19:00 UTC. Organizations chosen for GSoC 2016 will be announced via the program site on February 29.

Please visit our new program site page for more information on how to apply, a detailed timeline of important deadlines and general program information. We also encourage you to check out the Mentor Manual or join the discussion group. Best of luck to all of our mentor organization applicants!

By Mary Radomile, Open Source Programs