A look inside Google's open-source kitchen
Google's Chris DiBona says the search giant has a lot of involvement in open source, but is also a firm believer in proprietary software.
The Mountain View, Calif.-based company has versions of software like Ubuntu running on its own machines, according to DiBona, the open-source programs manager at Google. For outsiders, it has recently
In addition, the source code for a company-sponsored project called Net Trust was recently published on Google Code, its collaboration space for open-source developers. Net Trust, a project started by L. Jean Camp at Indiana University, is an online antiphishing initiative. Web sites are flagged as trustworthy or not depending on what the members of an Internet user's social network think of them.
Despite all this activity, Google it is also a firm believer in proprietary software, DiBona said when he sat down for an interview with CNET News.com. He talked about which open-source programs the search company likes, how the open-sourcing of Java will affect Google and why there is a lot of code the company will never release to developers.
Q: What are the criteria for Google to support an open-source project?
DiBona: A couple of things go into it. Sometimes Google engineers will bring a project to us that they would like to see us fund, and then we work and see if funding actually makes sense for that project. By "makes sense," we mean that it would result in more code being created, more open-source developers being minted, or would otherwise help the open-source community in some manner.
If you look at all of our funding activities, you'll see that they fit into one of those three categories, or more than one. Net Trust basically helps the college (Indiana University) create more open-source code and more open-source developers, because you have a number of students working on this. We have broad latitude to do that kind of funding.
Net Trust is one of the open-source projects that Google is helping out with. How did that come about?
DiBona: A Google engineer approached to the open-source group almost a year ago. He had a friend at a college who was doing some research into fighting the phishing problem through the use of social networking. We do fund a lot of open-source software, and it sounded interesting. We met up with Jean (Camp) and saw what she was doing, thought it was kind of interesting, so we gave a donation toward that project.
Net Trust is basically a way for users to verify with each other that a site is what they think it is--or more importantly, when a site is not what they think it is. The idea is if you trust your friends, and if you trust your friends' friends, then you can trust the Internet a little bit more. That's pretty compelling.
Do you have a lot of people asking you to support open-source projects?
DiBona: What's funny about money and open source is that money does not necessarily translate into source code. We're very focused on that as being the output of our funding activities. It means that when people come to us wanting to do things that are more non-code-oriented, we don't go for that. We have a reputation of being good to talk to if you want code written, and not so good if you want other bureaucracies created.
Have any open-source projects come out of Google?
DiBona: We've released a lot of code, but we're more likely to take part in existing communities than we are to create new ones. I would rather add patches to the (Linux) kernel than create a new kernel. I would rather send patches back into Apache than create a new Apache. I think it's a better way to go.
What are the top open-source projects that Google or Googlers are involved in?
DiBona: That would be any number of Apache projects and the Apache Software Foundation in general. Then, with the
And Firefox as well?
DiBona: Sure, Firefox. I don't know why I forgot.
It seems like all the other projects are on the server side, other than Firefox, which obviously is a client application. Is that a coincidence, are you more involved in server projects?
DiBona: Generally, we are.
Is that because you use that software yourself?
DiBona: Exactly. We're way more likely to patch out the things that are important to us, that's just natural. We have some stuff that we released that isn't really our bread and butter, but we mostly concentrate on things that matter to us.
So, what open-source software does Google use itself?
DiBona: We use the Linux kernel. We've got the GNU tools, we use a lot of the compiler collection from the Free Software Foundation. We use some Apache libraries--we don't use the Apache Web servers so often, but we do use a lot of their libraries. We use a lot of OpenSSL and OpenSSH. We use languages like Python and C. We use a fair amount of MySQL, all kinds of things.
Which versions of Linux do you use?
DiBona: We use Goobuntu, which is our version of Ubuntu, internally for our desktops. And then we derived our server systems from an old Red Hat install, but it has changed so much that's it's really our own now. We used to track with Red Hat when it came to operating systems, but now it's so trimmed down and different that it's really not that anymore.
You use Ubuntu on the desktop, is there any reason for that?
DiBona: Well, the founder went into space! We just really like it, we think it's really well-executed, and it's really user-friendly. It's also very well managed. It's a very up-to-date distribution. It's very secure. It's very well-written. They started with Debian, and they made it really nice. I think they did a great job of it. Of course, we modified it so it runs on our network and provides the kinds of tools that our software developers use.
Are you contributing the Google versions of Linux at all to the community? Or do you not have to?
DiBona: We don't have to. We do use some stuff for the search appliance, and that's on our Web site, because we have to release it.
You can talk about our open-source compliance, which is different from our open-source outreach. The most important thing is to be compliant with the open-source license, we do that first. Then we have activities like the
And when you fund projects like Net Trust, do you require it to be under a specific open-source license?
DiBona: We generally prefer the Apache license, but we're willing to work with people.
Why do you prefer the Apache license?
DiBona: It is really easy to comply with by the users. We don't have any problem with compliance around things like the GPL (General Public License), and the LGPL, and the MPL, and the CPL, and all those others. It can be kind of difficult for users. We want to make things easy, so that when we fund work, they're able to take advantage of the work that we're funding.
How does Google view the mix between open source and closed source? You appear to be a nice example of a mixed-source company.
DiBona: They clearly do live together. We have a lot of software we'll never release that runs on top of the open-source base distribution that we use here.
Sun open-sourced Java. Does that make a difference for you?
DiBona: We use a fair amount of Java, and it's nice that Java is open-source now. I think it's really good for Sun to have done that. For us--the way we ship our software, and the way that we display it to our users on Google.com--the open sourcing or not of Java didn't really matter all that much. But we're really glad that they did it.
Does it give you more flexibility?
DiBona: It absolutely gives us more flexibility. In the past, if we found a bug in Java, it was a lot harder. You had to actually have a special agreement with Sun if you wanted to patch your own Java. We had that agreement, but now it's a lot easier for us to get those patches out through Sun itself, and get it out to the community if we so choose.
What do you feel is the great benefit of open source?
DiBona: It's all about flexibility for us. The terrific thing about open-source software is that we don't have to ask anyone's permission before we make changes to our operating systems. We don't have to ask anyone's permission before we make changes to our databases. We don't have to pay any per client license fees for these things. This is really important, not just from a cost savings point of view, but from a flexibility and speed point of view.
We get terrific value from being able to do what we like with our computers. Nobody is incentivized to tell us no--none of our competitors, none of our friends. It's really remarkable. I wish that more companies would recognize this. There is a very real cost to buying software that is well beyond the financial. Buying software means you have to really trust who you interact with, because they know things about you. And they have the power to slow you down, so you have to be very careful when you pick your partners. The great thing about open source is you are your own partner.
Yet proprietary code is very important to Google as well. Is it important to keep your business secrets secret?
DiBona: Yes, for sure! We couldn't very well release any of the ranking functions. Not because of security through obscurity or anything bogus like that, but because those techniques themselves are a part of the war. It's more like releasing the key to cryptography rather than releasing cryptography itself.
