These 27 organizations will mentor students in Google Code-in 2018

We’re excited to welcome 27 open source organizations to mentor students as part of Google Code-in 2018. The contest, now in its ninth year, offers 13-17 year old pre-university students from around the world an opportunity to learn and practice their skills while contributing to open source projects–all online!

Google Code-in starts for students on October 23rd. Students are encouraged to learn about the participating organizations ahead of time and can get started by clicking on the links below:

• AOSSIE: Australian umbrella organization for open source projects.
• Apertium: rule-based machine translation platform.
• Catrobat: visual programming for creating mobile games and animations.
• CCExtractor: open source tools for subtitle generation.
• CloudCV: building platforms for reproducible AI research.
• coala: a unified interface for linting and fixing code, regardless of the programming languages used.
• Copyleft Games Group: develops tools, libraries, and game engines.
• Digital Impact Alliance: collaborative space for multiple open source projects serving the international development and humanitarian response sectors.
• Drupal: content management platform.
• Fedora Project: a free and friendly Linux-based operating system.
• FOSSASIA: developing communities across all ages and borders to form a better future with Open Technologies and ICT.
• Haiku: operating system specifically targeting personal computing.
• JBoss Community: a community of projects around JBoss Middleware.
• KDE Community: produces FOSS by artists, designers, programmers, translators, writers and other contributors.
• Liquid Galaxy: an interactive, panoramic and immersive visualization tool.
• MetaBrainz: builds community maintained databases.
• MovingBlocks: a Minecraft-inspired open source game.
• OpenMRS: open source medical records system for the world.
• OpenWISP: build and manage low cost networks such as public wifi.
• OSGeo: building open source geospatial tools.
• PostgreSQL: relational database system.
• Public Lab: open software to help communities measure and analyze pollution.
• RTEMS Project: operating system used in satellites, particle accelerators, robots, racing motorcycles, building controls, medical devices.
• Sugar Labs: learning platform and activities for elementary education.
• SCoRe: research lab seeking sustainable solutions for problems faced by developing countries.
• The ns-3 Network Simulator Project: packet-level network simulator for research and education.
• Wikimedia: non-profit foundation dedicated to bringing free content to the world, operating Wikipedia.

These 27 organizations are hard at work creating thousands of tasks for students to work on, including code, documentation, design, quality assurance, outreach, research and training tasks. The contest starts for students on Tuesday, October 23rd at 9:00am Pacific Time.

You can learn more about Google Code-in on the contest site where you’ll find Frequently Asked Questions, Important Dates and flyers and other helpful information including the Getting Started Guide.

Want to talk with other students, mentors, and organization administrations about the contest? Check out our discussion mailing list. We can’t wait to get started!

By Stephanie Taylor, Google Open Source

Google Code-in 2018 is looking for great open source organizations to apply

We are accepting applications for open source organizations interested in participating in Google Code-in 2018. Google Code-in (GCI) invites pre-university students ages 13-17 to learn by contributing to open source software.

Working with young students is a special responsibility and each year we hear inspiring stories from mentors who participate. To ensure these new, young contributors have a solid support system, we only select organizations that have gained experience in mentoring students by previously taking part in Google Summer of Code.

Organization applications are now open and all interested open source organizations must apply before Monday, September 17 at 16:00 UTC.

In 2017, 25 organizations were accepted – 9 of which were participating in GCI for the first time! Over the last 8 years, 8,108 students from 107 countries have completed more than 40,000 tasks for participating open source projects. Tasks fall into 5 categories:

• Code: writing or refactoring.
• Documentation/Training: creating/editing documents and helping others learn more.
• Outreach/Research: community management, outreach/marketing, or studying problems and recommending solutions.
• Quality Assurance: testing and ensuring code is of high quality.
• Design: graphic design or user interface design.

Once an organization is selected for Google Code-in 2018 they will define these tasks and recruit mentors from their communities who are interested in providing online support for students during the seven week contest.

You can find a timeline, FAQ and other information about Google Code-in on our website. If you’re an educator interested in sharing Google Code-in with your students, you can find resources here.

By Stephanie Taylor, Google Open Source

Introducing the Tink cryptographic software library

Cross-posted on the Google Security Blog

At Google, many product teams use cryptographic techniques to protect user data. In cryptography, subtle mistakes can have serious consequences, and understanding how to implement cryptography correctly requires digesting decades' worth of academic literature. Needless to say, many developers don’t have time for that.

To help our developers ship secure cryptographic code we’ve developed Tink—a multi-language, cross-platform cryptographic library. We believe in open source and want Tink to become a community project—thus Tink has been available on GitHub since the early days of the project, and it has already attracted several external contributors. At Google, Tink is already being used to secure data of many products such as AdMob, Google Pay, Google Assistant, Firebase, the Android Search App, etc. After nearly two years of development, today we’re excited to announce Tink 1.2.0, the first version that supports cloud, Android, iOS, and more!

Tink aims to provide cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Tink is built on top of existing libraries such as BoringSSL and Java Cryptography Architecture, but includes countermeasures to many weaknesses in these libraries, which were discovered by Project Wycheproof, another project from our team.

With Tink, many common cryptographic operations such as data encryption, digital signatures, etc. can be done with only a few lines of code. Here is an example of encrypting and decrypting with our AEAD interface in Java:

 import com.google.crypto.tink.Aead;
    import com.google.crypto.tink.KeysetHandle;
    import com.google.crypto.tink.aead.AeadFactory;
    import com.google.crypto.tink.aead.AeadKeyTemplates;
     // 1. Generate the key material.
    KeysetHandle keysetHandle = KeysetHandle.generateNew(
        AeadKeyTemplates.AES256_EAX);
     // 2. Get the primitive.
    Aead aead = AeadFactory.getPrimitive(keysetHandle);
     // 3. Use the primitive.
    byte[] plaintext = ...;
    byte[] additionalData = ...;
    byte[] ciphertext = aead.encrypt(plaintext, additionalData);

Tink aims to eliminate as many potential misuses as possible. For example, if the underlying encryption mode requires nonces and nonce reuse makes it insecure, then Tink does not allow the user to pass nonces. Interfaces have security guarantees that must be satisfied by each primitive implementing the interface. This may exclude some encryption modes. Rather than adding them to existing interfaces and weakening the guarantees of the interface, it is possible to add new interfaces and describe the security guarantees appropriately.

We’re cryptographers and security engineers working to improve Google’s product security, so we built Tink to make our job easier. Tink shows the claimed security properties (e.g., safe against chosen-ciphertext attacks) right in the interfaces, allowing security auditors and automated tools to quickly discover usages where the security guarantees don’t match the security requirements. Tink also isolates APIs for potentially dangerous operations (e.g., loading cleartext keys from disk), which allows discovering, restricting, monitoring and logging their usage.

Tink provides support for key management, including key rotation and phasing out deprecated ciphers. For example, if a cryptographic primitive is found to be broken, you can switch to a different primitive by rotating keys, without changing or recompiling code.

Tink is also extensible by design: it is easy to add a custom cryptographic scheme or an in-house key management system so that it works seamlessly with other parts of Tink. No part of Tink is hard to replace or remove. All components are composable, and can be selected and assembled in various combinations. For example, if you need only digital signatures, you can exclude symmetric key encryption components to minimize code size in your application.

To get started, please check out our HOW-TO for Java, C++ and Obj-C. If you'd like to talk to the developers or get notified about project updates, you may want to subscribe to our mailing list. To join, simply send an empty email to tink-users+subscribe@googlegroups.com. You can also post your questions to StackOverflow, just remember to tag them with tink.

We’re excited to share this with the community, and welcome your feedback!

By Thai Duong, Information Security Engineer, on behalf of Tink team