Posts from March 2016

Google Code-in 2015 Wrap Up: Sustainable Computing Research Group (SCoRe)

Wednesday, March 23, 2016

For the next several weeks, we will be showcasing wrap up posts from the 14 organizations that participated as mentor organizations for Google Code-in 2015. This week we feature SCoRe, an open source research project based in Sri Lanka.
The Sustainable Computing Research Group (SCoRe) at University of Colombo School of Computing conducts research covering various aspects of wireless sensor networks, embedded systems, digital forensic, information security, mobile applications and e-learning. The goal of our research is to generate computing solutions through identifying low cost methodologies and strategies that lead to sustainability. The solutions we get by sustainable computing research projects conducted at SCoRe lab are important for developing countries like Sri Lanka.

Inspired by our participation in Google Summer of Code (GSoC), for the very first time, SCoRe lab participated in Google Code-in 2015 (GCI), with 13 other open source organizations around the world. We offered 250 claimable task for students and we had 27 mentors, mentoring students who successfully completed 164 tasks! We gained active contributors to SCoRe, from students who contribute to our open source projects even after the contest ended.

The tasks covered code, user interface, research, quality assurance, outreach and documentation. 44 students completed at least one task with us this year and eight students completed at least three tasks with us to earn a GCI t-shirt. Six students completed over ten  tasks each in competition to become grand prize winners.

However among these students we had to choose the ones who we felt had the most impactful contributions. We’d like to congratulate the two grand prize winners from SCoRe: Brayan Alfaro and Anesu Mafuvadze.

Below is a comment received from a student who participated:

“It was my pleasure working with you and the SCoRe Community. This contest helped me to enhance my knowledge in software development...I gained a lot of knowledge through the tasks I did. My mentors guided me every time and I would gladly work with this community in the future. I would love to contribute to you in every possible way.”

We give our special thanks to our mentors who voluntarily worked throughout the contest around their busy schedules and vacation plans. We’d also like to thank all the students who actively participated and contributed to our organization. SCoRe was pleased to be selected as a mentoring organization for GCI 2015 and we hope to participate in both GSoC and GCI again in future!

By Dilushi Piumwardane, GCI mentor, SCoRe

Something different — code up hardware in Google Summer of Code

Friday, March 18, 2016

In 1983, the same year I was born, a company called Altera was founded and created the EP300, their first reprogrammable logic device. The event was considered a major step towards the development of devices we now call “Field Programmable Gate Arrays” or FPGAs for short. In the following 33 years, FPGAs would go from extremely expensive devices found only in high end military and telecommunications equipment, to something even a student can afford.

The EP300 in all it's glory
FPGAs are exciting because they make the development process for hardware the same as software. Developers are able to create designs in a hardware description language (HDL), compile and then use them almost instantly! They make hardware code. Turning hardware into code makes it easy for open source developers to share, collaborate and improve the hardware in ways that would have been extremely hard, or even impossible in the past. 

There were 180 open source organizations accepted to participate in Google Summer of Code 2016 (GSoC), and it is exciting to see several of the organizations using these technologies. I've highlighted some of the different types of hardware coding opportunities in GSoC this year below. (Anything I've missed? Feel free to add it in the comments section below!)

In the area of CPU architectures, OpenRISC and it’s spiritual successor, the RISC-V, are attempting to make a truly open hardware at the most fundamental level. In 2016 you could help this goal via participating in GSoC with either the FOSSi Foundation or lowRISC project.

Not content with the existing HDLs, both the ArchC organization and MyHDL organization (a sub-organization of the Python group), are attempting to make it easier to create these hardware designs. MyHDL is particularly cool because Python is normally considered to be as far away from hardware as you can get.

My own project,, is using much of the work from these other projects to develop high speed video processing hardware for conference and user group recording (or maybe even video DJing).

Imagine developing hardware in the same way you write code. With FPGAs you can — and GSoC has numerous opportunities to create hardware using this exciting technology. With only 7 days left to submit your application, you better get cracking!

By Tim ‘mithro’ Ansell, Software Engineer on Chrome by day, open source hardware hacker by night

Student applications now open for Google Summer of Code!

Monday, March 14, 2016

Are you a university student looking to learn more about open source software development? Look no further than Google Summer of Code (GSoC) and spend your summer break working on an exciting open source project, learning how to write code.
vertical GSoC logo.jpg
For twelve years running, GSoC gives participants a chance to work on an open source software project entirely online. Students, who receive a stipend for their successful contributions, are paired with mentors who can help address technical questions and concerns throughout the program. Former GSoC participants have told us that the real-world experience they’ve gained during the program has not only sharpened their technical skills, but has also boosted their confidence, broadened their professional network and enhanced their resumes. 

Students who are interested can submit proposals on the  program site now through Friday, March 25 at 19:00 UTC. The first step is to review the 180 open source projects and find project ideas that appeal to you. Since spots are limited, we recommend a strong project proposal to help increase your chances of selection. Our Student Manual provides lots of helpful advice to get you started on choosing an organization and crafting a great application. 

For ongoing information throughout the application period and beyond, see the Google Open Source Blog, join our Google Summer of Code discussion lists or join us on internet relay chat (IRC) at #gsoc on Freenode.

Good luck to all the open source coders out there, and remember to submit your proposals early — you only have until Friday, March 25 at 19:00 UTC to apply!

By Mary Radomile, Google Open Source team

Goodnight Melange

Wednesday, March 9, 2016

The time has come to say farewell to Melange, the website software which ran Google Summer of Code from 2009 to 2015, and Google Code-in from 2010 to 2014. Both programs have migrated to new websites.

Starting on Thursday, March 31, will become a limited static archive of what projects and tasks were completed. It will contain titles, descriptions, and display names, but no other project information. If there is any data from the site you wish to save, you should extract it now. Melange has facilitated over 11,000 students to get involved in open source software development, working on projects big and small. We encourage our users to export the data and keep it alive.

The code for Melange will continue to be open source but Google will not be doing any further development on it. We'd be pleased to hear someone forked the code and continued working on Melange as a new project.

Thanks to everyone who contributed to Melange and kept it running over the past 7 years: Aditi, Akeda, Anatoly, Andrew, Anthony, Arc, Aruna, Ashish, Augie, Chen, Dan, Daniel, David, Denys, Dmitri, Doug, Drew, Felix, Gilles, Jacob, James, Jasvir, Jenn, Johannes, John, Jonn, Kevin, Lennard, Leo, Leon, Madhusudan, Marcelo, Mario, Matthew, Mayank, Nathaniel, Orcun, Pankaj, Pawel, Piotr, Piyush, Praveen, Raul, Robert, Rylan, Savitha, Selwyn, Shikher, Simon, Sriharsha, Suyash, Sverre, Syed, Tim, Tobias, Todd, Vivek and Zachary.

Melange served us well for a long time, and we hope it enjoys its retirement!

By Stephanie Taylor, Open Source Programs

Scalable vendor security reviews

Monday, March 7, 2016

At Google, we assess the security of hundreds of vendors every year. We scale our efforts through automating much of the initial information gathering and triage portions of the vendor review process. To do this we've developed the Vendor Security Assessment Questionnaire (VSAQ), a collection of self-adapting questionnaires for evaluating multiple aspects of a vendor's security and privacy posture.

We've received feedback from many vendors who completed the questionnaires. Most vendors found them intuitive and flexible — and, even better, they've been able to use the embedded tips and recommendations to improve their security posture. Some also expressed interest in using the questionnaires to assess their own suppliers.

Based on this positive response, we've decided to open source the VSAQ Framework (Apache License Version 2) and the generally applicable parts of our questionnaires on GitHub: We hope it will help companies spin up, or further improve their own vendor security programs. We also hope the base questionnaires can serve as a self-assessment tool for security-conscious companies and developers looking to improve their security posture.

The VSAQ Framework comes with four security questionnaire templates that can be used with the VSAQ rendering engine:

All four base questionnaire templates can be readily extended with company-specific questions.
Using the same questionnaire templates across companies may help to scale assessment efforts. Common templates can also minimize the burden on vendor companies, by facilitating the reuse of responses.

The VSAQ Framework comes with a simple client-side-only reference implementation that's suitable for self-assessments, for vendor security programs with a moderate throughput, and for just trying out the framework. For a high-throughput vendor security program, we recommend using the VSAQ Framework with a custom server-side component that fits your needs (the interface is quite simple).

Give VSAQ a try! A demo version of the VSAQ Framework is available here:

Excerpt from Security and Privacy Programs Questionnaire

Let us know how VSAQ works for you: contact us. We look forward to getting your feedback and continuing to make vendor reviews scalable — and maybe even fun!

By Lukas Weichselbaum and Daniel Fabian, Google Security

Teaching kids to program in their native language

Friday, March 4, 2016

Today we introduce two programs to help kids program in their native language — clojure-turtle and clj-thamil. Both are written in Clojure, a dialect of Lisp that runs on the Java Virtual Machine. What makes Clojure unique is its simple design which can help make the path for kids to learn programming easier.

clojure-turtle: a bridge between logo beginners and lisp experts

For some beginners, the Clojure learning curve has been steep in the area of functions and functional programming. Many students learning to program prefer to start instead with Logo, a dialect of Lisp that is used in Scratch and teaching efforts such as We designed clojure-turtle with this in mind.

The clojure-turtle project was created to bridge the gap between the people using Lisp at opposite ends of the spectrum. It’s for those learning to program for the first time and those with “real-world concerns” who write macros. The project implements Logo in Clojure, and remains faithful to the basics of Logo (forward 10),  (right 90), etc.  But the door is left open for you to blur the lines of Logo/Clojure, beginner/FP, etc.:

(defn square-by-length
 (repeat 4 (all (forward side-length) (right 90))))

(defn mirrored [f]
 (fn [& args]
   (repeat 2 (all (apply f args) (right 180)))))

(def lengths [40 50 60])
(map (mirrored square-by-length) lengths)
One place where the Logo in Clojure approach of clojure-turtle has already proven successful is in ClojureBridge, a workshop for beginners aimed at increasing the number of people from underrepresented minority groups within the Clojure community. The section on teaching functions had been challenging for students previously, but students now learning through the Logo-based approach move past it with ease onto higher level concepts.

clj-thamil: programming in your native language

When I originally set out to create a library for processing for the Thamil language, I stumbled upon the realization that I could also program in the Thamil language. Functions are first-class data, which can be assigned to new names. But macros are what enable me to “translate” the rest of Clojure from English to Thamil, doing so in the form of a library, without having to modify the compiler, and in a manner that is generic for any language to use. Now, a function to pluralize a word in Thamil can be itself written in Thamil. In my Clojure/West talk on clj-thamil, I talked about the potential impact on increasing diversity among programmers, especially when we consider the number of people globally who do not have access to a (good) English education that is an implicit prerequisite for learning to program.

Putting the two together: learning Logo in your native language

The approach of clj-thamil is flexible and powerful enough that we can “translate” any code, not just the core of Clojure. So why not translate clojure-turtle in less than 30 lines of code? Here is a video demonstrating the use of Logo in the Thamil language:

The simple concepts of Logo soften the learning curve for programming and can make it fun for all ages! The simplicity of Clojure gives it a power that you can use to shape the program to your will — students can write all their code in a non-English language if they want. The combination of simple concepts can make it  possible to teach programming to kids around the world who do not speak English. I hope that clojure-turtle and clj-thamil can be used to improve literacy and diversity for students learning to code.

Visit the clojure-turtle Github page and the clj-thamil Github page to learn more, sign up for the mailing lists and contribute patches for features.

By Elango Cheran, Software Engineering

New algorithms may lower the cost of secure computing

Wednesday, March 2, 2016

Here at Google we strive to make computing not only more cost-efficient, faster, and easier but also more secure. Hash functions are essential building blocks in computing, but must be protected against certain inputs. Today, we are open-sourcing 3 new hash function implementations: faster, data-parallel versions of SipHash, a fast cryptographically strong pseudorandom function, and the entirely new HighwayHash, which reaches even higher speeds thanks to the data parallel features of modern computers.

Our first hash function produces the same output as SipHash, but 1.5 times as quickly thanks to AVX-2 instructions. The second improvement uses j-lanes tree hashing to process multiple inputs in parallel, which is 3 times as fast. This technique is known to be secure, but produces different output than the original SipHash and is slightly slower for short inputs.

HighwayHash is based on a new way of mixing inputs with just a few AVX-2 multiply and permute instructions. We are hopeful that the result is a cryptographically strong pseudorandom function, but new cryptanalysis methods might be needed for analyzing this promising family of hash functions. HighwayHash is significantly faster than SipHash for all measured input sizes, with about 7 times higher throughput at 1 KiB.

We believe our efforts represent the current state of the art in high-speed attack-resistant hashing. These new functions can lower the cost of safe and secure computing. We invite everyone to use, study, and analyze the open-source implementations.

By Jan Wassenberg and Jyrki Alakuijala, Google Research