opensource.google.com

Menu

Paving the way for a more diverse open source landscape: The First OSS Contributor Summit in Mexico

Wednesday, November 6, 2019

“I was able to make my first contribution yesterday, and today it was merged. I'm so excited about my first steps in open source", a participant said about the First Summit for Open Source Contributors, which took place this September in Guadalajara, México.
How do you involve others in open source? How can we make this space more inclusive for groups with low representation in the field?

With these questions in mind and the call to contribute to software that is powering the world's favorite products, Google partnered with Software Guru magazine, Wizeline Academy, OSOM (a consortium started by Googler, Griselda Cuevas, to engage more Mexican developers in open source), IBM, Intel, Salesforce and Indeed to organize the First Summit for Open Source Contributors in Mexico. The Apache Software Foundation and the CNCF were some of the organizations that sponsored the conference. The event consisted of two days of training and presentations on a selection of open source projects, including Apache Beam, Gnome, Node JS, Istio, Kubernetes, Firefox, Drupal, and others. Through 19 workshops, participants were able to learn about the state of open source in Latin America, and also get dedicated coaching and hands-on practice to become active contributors in OSS. While unpaid, these collaborations represent the most popular way of learning to code and building a portfolio for young professionals, or people looking to do a career shift towards tech.


As reported by many advocacy groups in the past few years, diversity remains a big debt in the tech industry. Only an average of 8.4% of employees in ten of the leading tech companies are Latinx(1). The gap is even bigger in open source software, where only 2.6% of committers to Apache projects are Latinx(2). Diversity in tech is not just the right thing to do, it is also good business: bringing more diverse participation in software development will result in more inclusive and successful products, that serve a more comprehensive set of use cases and needs in any given population.


While representation numbers in the creation of software are still looking grim, the use of OSS is growing fast: It is estimated that Cloud and big-data OSS technologies will grow five times by 2025 in Latin America. The main barrier for contributing? Language. 

The First Summit for Open Source Contributors set out to close this fundamental gap between tech users and its makers. To tackle this problem, we created, in partnership with other companies, 135 hours of content in Spanish for 481 participants, which produced over 200 new contributors across 19 open source projects. When asked why contributions from the region are so low, 41% of participants said it was due to lack of awareness, and 34% said they thought their contributions were not valuable. After the event, 47% of participants reported that the workshops and presentations provided them with information or guidance on how to contribute to specific projects, and 39% said the event helped them to lose fear and contribute. Almost 100% of participants stated that they plan to continue contributing to Open Source in the near future… and if they do, they would raise representation of Latinx in Open Source to 10%.
Organizing Team
This event left us with a lot of hope for the future of diversity and inclusion in open source. Going forward, we hope to continue supporting this summit in Latin America, and look for ways of reproducing this model in other regions of the world, as well as designing proactive outreach campaigns in other formats.

View more pictures of the event here.
View some of the recorded presentations here.


By: María Cruz for Google Open Source

(1) Aggregate data from Tech Crunch: https://techcrunch.com/2019/06/17/the-future-of-diversity-and-inclusion-in-tech/
(2) Data from the last Apache Software Foundation Committer Survey, applied in 2016, 765 respondents (13% of committers)

OpenTitan – Open sourcing transparent, trustworthy, and secure silicon

Tuesday, November 5, 2019

Security begins with secure infrastructure. To have higher confidence in the security and integrity of the infrastructure, we need to anchor our trust at the foundation—in a special-purpose chip.

Today, along with our partners, we are excited to announce OpenTitan—the first open source silicon root of trust (RoT) project. OpenTitan will deliver a high-quality RoT design and integration guidelines for use in data center servers, storage, peripherals, and more. Open sourcing the silicon design makes it more transparent, trustworthy, and ultimately, secure.
The OpenTitan logo

Anchoring trust in silicon

Silicon RoT can help ensure that the hardware infrastructure and the software that runs on it remain in their intended, trustworthy state by verifying that the critical system components boot securely using authorized and verifiable code. Silicon RoT can provide many security benefits by helping to:
  • Ensure that a server or a device boots with the correct firmware and hasn't been infected by a low-level malware.
  • Provide a cryptographically unique machine identity, so an operator can verify that a server or a device is legitimate.
  • Protect secrets like encryption keys in a tamper-resistant way even for people with physical access (e.g., while a server or a device is being shipped).
  • Provide authoritative, tamper-evident audit records and other runtime security services.
The silicon RoT technology can be used in server motherboards, network cards, client devices (e.g., laptops, phones), consumer routers, IoT devices, and more. For example, Google has relied on a custom-made RoT chip, Titan, to help ensure that machines in Google’s data centers boot from a known trustworthy state with verified code; it is our system root of trust. Recognizing the importance of anchoring the trust in silicon, together with our partners we want to spread the benefits of reliable silicon RoT chips to our customers and the rest of the industry. We believe that the best way to accomplish that is through open source silicon.

Raising the transparency and security bar

Similar to open source software, open source silicon can:
  1. Enhance trust and security through design and implementation transparency. Issues can be discovered early, and the need for blind trust is reduced.
  2. Enable and encourage innovation through contributions to the open source design.
  3. Provide implementation choice and preserve a set of common interfaces and software compatibility guarantees through a common, open reference design.
The OpenTitan project is managed by the lowRISC CIC, an independent not-for-profit company with a full-stack engineering team based in Cambridge, UK, and is supported by a coalition of like-minded partners, including ETH Zurich, G+D Mobile Security, Google, Nuvoton Technology, and Western Digital.

The founding partners of the OpenTitan project

OpenTitan is an active engineering project staffed by a team of engineers representing a coalition of partners who bring ideas and expertise from many perspectives. We are transparently building the logical design of a silicon RoT, including an open source microprocessor (the lowRISC Ibex, a RISC-V-based design), cryptographic coprocessors, a hardware random number generator, a sophisticated key hierarchy, memory hierarchies for volatile and non-volatile storage, defensive mechanisms, IO peripherals, secure boot, and more. With OpenTitan, a coalition of partners have come together to deliver a more open, transparent, and high-quality RoT.
A comparison of the major design components of a traditional RoT and an OpenTitan RoT
The OpenTitan project is rooted in three key principles:
  • Transparency – anyone can inspect, evaluate, and contribute to OpenTitan’s design and documentation to help build more transparent, trustworthy silicon RoT for all.
  • High quality – we are building a high-quality logically-secure silicon design, including reference firmware, verification collateral, and technical documentation.
  • Flexibility – adopters can reduce costs and reach more customers by using a vendor- and platform-agnostic silicon RoT design that can be integrated into data center servers, storage, peripheral and other devices.

Participating in the OpenTitan project

OpenTitan will be helpful for chip manufacturers, platform providers, and security-conscious enterprise organizations that want to enhance their infrastructure with silicon-based security. Visit our GitHub repository today.

If you are interested in actively collaborating on OpenTitan to help make secure open source silicon a reality, we encourage you to contact the OpenTitan team. If you would like your product to be considered for a pilot OpenTitan RoT integration, the team would be excited to hear from you.

By Royal Hansen‎, Vice President, Google and Dominic Rizzo, OpenTitan Lead, Google Cloud

From "let's try" to "woah, this is awesome!": Three years of GSoC for InterMine

Friday, November 1, 2019

GSoC Experience Series

InterMine is an open source data warehouse for biological data. In 2017, we decided at short-ish notice to participate in a call from Open Genome Informatics for Google Summer of Code (GSoC) mentoring organisations. InterMine had never participated in a program like this before, and we weren’t entirely sure if the time investment was actually going to be worth it. We nervously said “no more than two projects”, but we had so many great applications, we ended up taking on five brilliant students.
Fast forward to 2019, GSoC is firmly embedded in our organisation it’s hard to imagine that this is only our third time participating. The benefits to us (and hopefully the students as well!) were immeasurable, allowing us to explore open-ended projects we thought might be fun and implement concrete ideas that we’ve been wanting to do for years, all while interacting with a really smart bunch of talented students. 

From the 2017 cohort of students, we ended up with one of our students, Konstantinos Krytsis, authoring a scientific paper about the work they did: InterMineR: an R package for InterMine databases. Another student, Nadia Yudina, returned to our org as a mentor the next year.
In 2018, student engagement got even better: of six students, Adrián Rodríguez-Bazaga applied for an internal vacancy and joined us full time, Nupur Gunwant spent her next summer break working on an internship in our office, and two students returned as mentors the next year (Aman Dwivedi and Arunan Sugunakumar).

By this point, any questions we might have had about whether or not GSoC was “worth it” were firmly answered: GSoC had become an integral part of our team’s operations. There were still things we needed to improve, though—we ran a student debrief after GSoC 2018, and one student expressed that despite having worked with our API and data for three months, they still didn’t have a firm idea of why or how someone might wish to use InterMine. 😱 whoops! This definitely had never been our intent, and I felt mortified that we’d overlooked something so basic.

In 2019, we set out to provide our students with a firm grounding by running cohort calls. All students were invited, giving them the chance to meet one another and interact—not quite face to face, but video calls still give a great sense of “group” compared to just text chat. We structured the calls to run over several months, liberally borrowing from the Mozilla Open Leaders curriculum to teach students about open source good practices, presentation skills, code review, providing effective and kind feedback (an essential part of code review), and of course—talking about what InterMine is, how it was founded, and what type of people might use it. We made heavy use of Zoom’s breakout room feature, to allow small sub-groups of students and mentors to have private discussions about topics, before re-convening to report their experiences to the group.

Feedback from students was very positive about the calls, so we expect to continue this in later years. I think my favourite comment after our very first call was “Are there going to be more of these group calls? This was awesome!” We also repeatedly had the group calls mentioned positively in free-text feedback from student evaluations.

With this in mind, we’d like to share our call agenda templates with other organisations so others can run the same student cohort calls if they wish,and remix/modify, etc. as needed. As part of our GSoC site repo, all content including our call templates, GSoC grading criteria and advice, etc. is Apache licensed and open for reuse. You can see all of our call templates on our GSoC repo site, or fork our GSoC GitHub repo;and I’m happy to discuss ideas (email: yo@intermine.org, twitter: @yoyehudi or @intermineorg) or help others get similar group call programs off the ground if you’d like advice.
.