Software Engineering at Google

Fergus Henderson, who has been a software engineer at Google for 10 years, published the PDF document entitled “Software Engineering at Google“, where he collects and describes key software engineering practices the company is using.

It covers the following:

  • software development – version control, build system, code review, testing, bug tracking, programming languages, debugging and profiling tools, release engineering, launch approval, post-mortems, and frequent rewrites.
  • project management – 20% time, objectives and key results (OKRs), project approval, and corporate reorganizations.
  • people management – roles, facilities, training, transfers, performance appraisal and rewards.

Some of these practices are widely known, some not so much.  There are not a lot of details, but the overall summaries should provide enough food for thought for anyone who works in the software development company or is involved in management.

 

Google and HTTPS

Here are some interesting news on the subject of Google and HTTPS:

In support of our work to implement HTTPS across all of our products (https://www.google.com/transparencyreport/https/) we have been operating our own subordinate Certificate Authority (GIAG2), issued by a third-party. This has been a key element enabling us to more rapidly handle the SSL/TLS certificate needs of Google products.

As we look forward to the evolution of both the web and our own products it is clear HTTPS will continue to be a foundational technology. This is why we have made the decision to expand our current Certificate Authority efforts to include the operation of our own Root Certificate Authority. To this end, we have established Google Trust Services (https://pki.goog/), the entity we will rely on to operate these Certificate Authorities on behalf of Google and Alphabet.

The process of embedding Root Certificates into products and waiting for the associated versions of those products to be broadly deployed can take time. For this reason we have also purchased two existing Root Certificate Authorities, GlobalSign R2 and R4. These Root Certificates will enable us to begin independent certificate issuance sooner rather than later.

We intend to continue the operation of our existing GIAG2 subordinate Certificate Authority.

If you need a bit of help putting this into perspective, this Hacker News thread has your back:

You can now have a website secured by a certificate issued by a Google CA, hosted on Google web infrastructure, with a domain registered using Google Domains, resolved using Google Public DNS, going over Google Fiber, in Google Chrome on a Google Chromebook. Google has officially vertically integrated the Internet.

Google Infrastructure Security Design Overview

If you ever wanted to know what Google does to maintain its high level of security, here’s your chance. Google Infrastructure Security Design Overview provides quite a bit of information on the subject.

This document gives an overview of how security is designed into Google’s technical infrastructure. This global scale infrastructure is designed to provide security through the entire information processing lifecycle at Google. This infrastructure provides secure deployment of services, secure storage of data with end user privacy safeguards, secure communications between services, secure and private communication with customers over the internet, and safe operation by administrators.

How Google Uses and Contributes to Open Source

Here is a good Open Source story – “How Google Uses and Contributes to Open Source“, which goes into some detail and history of how Google is working with Open Source community.

I’ve seen this before:

“There are companies and people who just take the software and say, “I didn’t have to pay for it. I can do anything I want. The license file is a big blob of text. I’m not going to read that,” Merlin said.

And I’ve this (quite a few times actually):

Back in its early days, around 1998, Google was a small company. It was using open source just like any other small company. While Google was abiding by licences, they were not giving back much due to several reasons. “Some of it was just run fast and make sure that we have money next month to pay everyone’s salary,” said Merlin.

Having been involved in open sourcing companies’ projects new and old, this is what I firmly believe now is the best strategy:

Go open source from the beginning

Google changed that by writing a lot of things from the ground up as open source or to be open source ready. That was a good lesson that they learned, and that’s a problem many companies face when they want to open source their stuff but can’t because the code was not designed to be open source from the beginning.

This, I think, is an interesting approach too (if  you are too small of a company to have research papers and algorithms, consider blog posts, tips and tweaks, case studies, and the like):

Even if Google can’t open source certain code, they found a way to bring that work to the public. “We wrote papers talking about the magic algorithm that we used. We can’t give you the code for the reason I just explained, but we’re giving you the way they work so you can rewrite them,” said Merlin. Google has published hundreds of such papers and people are using it to create projects based on those ideas.

This bit on Android is mind blowing:

Now virtually all of Google’s open source code is on GitHub, except for Android. “The Android distribution is so big and it gets released in big chunks. So, when it gets released, everyone wants to sync that,” Merlin said. “It’s so huge that if we put it on GitHub, it would completely kill GitHub. We use our own mirrors for that, to help out.”

A word of caution for the companies using Open Source software:

Companies have to be extremely careful when using open source. Different projects use different licenses, and you need to be in compliance with them.

[…]

Things become complicated when you have projects that you ship. In the case of open source, you need to list the projects that you use and their licenses. In the case of BSD and MIT, you need to list the name and the copyright of the person you got that project from.

You’ll probably need a set of tools to deal with issues like this.  For PHP-based projects, composer is indispensable.  You can run “composer licenses” command and instantly get information about the project’s license, as well as licenses for each and every dependency in use (thanks to this blog post).

There is a good section on Contributor License Agreements (CLAs).  I am slightly familiar with the subject (I signed a few myself), but my experience is limited, especially from the company perspective.  I found this part useful, for that distant time when I’ll need to set it up:

Google uses the Apache foundation ICLA, without modifying it or putting anything special in it. CLAs ensure that companies like Google “can re-license your code under a different open source (license) if we need to. Sometimes we need to merge with other projects and that’s what the CLA allows us to do,” said Merlin.

These are just bits and pieces which I found interesting.  I wish more companies shared their practices and experiences – in particular those larger businesses, with years of history and a wide variety of challenges.

Election. Yeah, right!

This Google blog post titled “A voice for everyone in 2016” made me chuckle:

Every election matters and every vote counts. The American democracy relies on everyone’s participation in the political process. This November, Americans all across the country will line up at the polls to cast their ballots for the President of the United States.

It sounds like a true effort to make things better and enhance democracy and what not.  But in practice, is it really an election? One by one, the candidates are falling of the ballot.  Day by day it becomes more obvious that Hillary Clinton will be the next president of the USA.

The more tools and technologies we have to enhance our lives, the worst the content on which we can apply those tools becomes.  The better the home cinemas became, the worse the movies got.  The better audio systems we have, the worse the music gets.  And politics just follow the same trend, unfortunately.

How Voice Search Will Forever Change SEO

Search Engine Optimization is not one of my favorite subjects to talk about. But I think this article is worth the time.  It explains some of the challenges with voice search in very simple terms, and shows how voice search is growing and affecting the web.

Voice search is the fastest growing type of search, according to the keynote speech given by Behshad Behzadi at SMX West in March, Principal Engineer at Google Zurich. Already, 55% of teens and 41% of adults use voice search on a daily basis, and that number is only growing. The allure of voice chat is undeniable—it’s faster, it’s hands-free, it lets you multi-task, and (especially among millennials) it’s considered cool.

Voice chat is also becoming increasingly reliable as technology improves. In fact, two years ago word error rate was over 20%, but current speech recognition word error rate is as low as 8%—a huge leap in a short amount of time.

Google vs. Oracle : API vs. implementation

Slashdot is running the story about the Google vs. Oracle court case.  I thought this bit was rather brilliant:

Schwartz’s second attempt at the breakfast menu analogy went much better, as he explained that although two different restaurants could have hamburgers on the menu, the actual hamburgers themselves were different — the terms on the menu were an API, and the hamburgers were implementations.”

Google Design : Resizer

resizer

Here’s a very handy tool for anyone in web design and developer – Resizer, from the Google Design team.  It allows you to preview your site in different resolutions, helping with all kinds of responsive issues.

This is an alternative to Am I Responsive?, which I mentioned a while back.

2016 Google Tracker: Everything Google is working on for the new year

It’s surprising how many people still think of Google as the search engine company.  Many even missed the news of the restructuring into the Alphabet Inc. holding last year.  Well, here’s a good look at what Google is these days and what they are working on.

Alphabet-Org-Chart-v2-980x488

See how small of a part the actual Google is on this picture?  See how Google is not just about the search engine?