Google releases internal development software open source

Protocol Buffers are “a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats”. This will start some interesting conversations around work, as it should. XML doesn’t need to always be the choice when building server to server side data interchange.

For JavaScript developers, note that Google has not released a library, as this appears to be used, within Google, for server to server side, not server to client. In fact, according to Kenton Varda in the Google Group discussion shares that some internal projects serialize or parse Protocol Buffer messages in JSON format.

Google Open Source Blog: Google’s Data Interchange Format

Matt Cutts: Cool: Google Releases Protocol Buffers Into the Wild: To understand the other nice thing about Protocol Buffers, bear in mind that in the Google cluster architecture, there are many different types of servers that talk to each other. Question: how do you upgrade servers when you need to pass new information between them? It’s a fool’s game to try to upgrade both servers at the same time. So you need a communication protocol that is not only backward compatible (a new server can speak the old protocol) but also forward compatible (an old server can speak the new protocol). Protocol Buffers provide that because new additions to the protocol can be ignored by the old server.

Joe Gregorio: Protocol Buffers: They’re one of the first things you learn about when you start at Google and they’re used everywhere.

And a related Hacker News discussion.

ratproxy is “a semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.”

It can be very difficult auditing XSS security issues and it is always good to find a tool that is well used and trusted.

Google Online Security Blog: Meet ratproxy, our passive web security assessment tool: We decided to make this tool freely available as open source because we feel it will be a valuable contribution to the information security community, helping advance the community’s understanding of security challenges associated with contemporary web technologies.