Google Open Sources Browser Sync

Dan Berlin writes "After announcing that Browser Sync was being discontinued, a lot of people asked for Google to open source the code so development could continue. Well, they've done just that. The code for browser sync is now available on code.google.com, and a blog post about the release can be found on the Google open source blog"

dupe

[stiller]

http://tech.slashdot.org/article.pl?sid=08/06/30/2036213 [slashdot.org]

Re:dupe

[Mushdot]

Nah, you didn't sync Slashdot properly.

Re:

[Cyvros]

Indeed, most of the comments seem to be duped as well.

Server

[Anonymous Coward]

What server will you trust?

Re:

[Chrisq]

Thats a good point. With Google you knew where you stood. They might use your info to to target advertising. They might reveal it to the government if ordered to do so. They would not be likely to sell it to spammers or pass on lists of people who bookmark anti-Islamic sites to an Al-Qaeda operative.

Without google hosting it you need to host your own or find someone you can trust.

Re:Server

[hansraj]

But with your data encrypted, why do you need to trust anyone? For you it is the state of your browser, passwords etc, but for anyone else it is random bits.

Doesn't Browser sync already supports encrypting your data? Even if it doesn't I am sure this capability can be added now that it is open-source.

Re:

[Chrisq]

Good point - I hadn't thought of that!

Re:

[drinkypoo]

Doesn't Browser sync already supports encrypting your data? Even if it doesn't I am sure this capability can be added now that it is open-source.

The functionality ought to be super-easy to borrow from firegpg.

No need to borrow.

[Chyeld]

They all ready had it. You had two 'passwords' that you had to enter to use GBS. One was your account password and the other was a passphase used to encrypt what you uploaded to them.

It works the same way Mozilla's Weave project works. The only those with your passphrase can use your data.

Re:

[drinkypoo]

How strong is the encryption? All google seems to say about it [google.com] is that google can't read your data without your pin. But I might say the same thing and use rot13 for your data, for all you know.

Re:

[Chyeld]

You tell me:crypter2.js [google.com]

/**
* Encrypt or decrypt a string. In Clobber, strings are encrypted with
* AES-CBC-256. The IV is an HMAC of the original value, along with any
* additional data we can scrape together that will be known and stable at
* both encryption and decryption time.
*
* This class relies on bits of CLB_Crypter. Once all clients are upgraded, we
* can remove CLB_Crypter and move those bits into this class.
*/

Doesn't look like ROT13 to me.

Re:

[tsadi]

I am wondering, do you download the encrypted data from the server before decrypting locally using your pass phrase, or will the server ask for the pass phrase and decrypt it for you? The latter is a stupid solution and beats the purpose of encrypting anything because those who operate the server can still see your decrypted data - but if a service provider is to offer such service, most users may not care much which among the 2 solutions above the provider is using.

Re:

[Anonymous Coward]

How about hosting it on google? Like on gmail or something.

Hosting on Google is possible using Google App Engine.

Re:Server

[djdavetrouble]

How about you name droppping some more distros within an otherwise useless comment.

Re:

[TikiTDO]

Ooh! Ooh! Pick me!

Ubuntu, Slackware, SUSE, Knoppix, Mandiva, Yellow Dog Linux...

Re:Server

[KlaymenDK]

You know, some of us would rather host our data ourselves than trust Google with it...

Re:Server

[Xiph]

Might it be part of the reason they're shutting down and releasing source?
They don't want a judge to release the data to Corporation X.

Besides i can easily host my own browsersettings on my home computer, in fact, i'll be setting it up (or trying to) when i come home

Re:

[mitgib]

Besides i can easily host my own browsersettings on my home computer, in fact, i'll be setting it up (or trying to) when i come home

My thoughts pretty much. Host your own server for your own use. I can see this as a fantastic OpenVZ Template [openvz.org] to easily deploy a server for anyone wanting one. You can get a VPS for around $10/mo if you really wish to keep it in your own hands, I know I would, and I bet many others would opt if that option was available.

Re:

[Red Alastor]

The data is encrypted before it leaves your computer. It doesn't matter who they give it to, it is only readable with your passphrase.

Re:

[syphax]

This is true, but I don't think it would be *that* hard for e.g. Google to brute-force the key for the 90+% of users who use a weakish password.

I used Google sync and really liked it (I move between my work computer and 2-3 home computers all the time), but I was somewhat concerned that Google had all the keys to my kingdom (e.g. passwords for financial sites). So while I am usually too lazy for long, strong passwords, my one exception was my Google Sync key.

Re:Server

[Alarash]

I don't understand people. You could send your sync data to _any_ server, even your own, it will *never* be totally safe. Just *_don't_* send data that can potentially harm you if it's intercepted. Personally, I sync only my bookmarks, and I don't give a damn if anyone ever gets access to them.

Re:

[syphax]

Driving is never totally safe, etc.

Me, I value using different passwords for different online accounts, but suck at memorizing them, so I used Google Sync with a really strong master password.

I recognize that this is a security risk, but I value the convenience of only having to remember 1 really good password over the potential security risk, which I judge to be small (b/c I'm probably more secure than the next guy).

That said, I look forward to hosting this info on my home server.

Re:

[shvytejimas]

Have a look at Passhash [wijjo.com] add-on for firefox. You only need to remember a single strong master password; the add-on generates different passwords for each site, according to their URL (or site tag).
In cases where the add-on is not locally available, there is a static html page with javascript with the same functionality, that you can host on your home server.

Re:

[psydeshow]

Just *_don't_* send data that can potentially harm you if it's intercepted.

Given that any data on your future p0wned or stolen computer can be intercepted, perhaps you should revise this upwards to "don't create data that can potentially harm you."

Good luck with that, tho.

Re:

[Alarash]

I'm sure that the hundred of people who agreed on the fact that the weakest link in encrypted data transmission is the key exchange never thought of that. They only had to invent a protocol, IPSec, just for this, and even with an encrypted key exchange in Phase 2 some of them felt it wasn't safe enough, so they invented Client Certificates, Certificate Authority Servers with Revocation Lists, and decided the safest way to transmit these certificates and lists was to physically transport these keys in encryp

Re:

[ksd1337]

That's the beauty of FOSS. If you want to host the data yourself, just add that capability to the software.

Re:

[atlastiamborn]

Don't worry. It will be implemented as a service in Windows 7.

Re:

[ady1]

>>They would not be likely to sell it to spammers or pass on lists of people who bookmark anti-Islamic sites to an Al-Qaeda operative.

Someone has been watching too much fox news.

Your own? Or... Google?

[brunes69]

If you don't want to run your own server, I am sure someone can modify this code such that the saved settings are either saved in your GMail account or your Google Pages account or elsewhere in the Google mesh.

Re:

[redxxx]

Any special reason I can't use the one at my house?

Re:Server

[dissy]

What server will you trust?

One that I own and administer.

The real question is, will I be able to get their server back end installed and working...

The conspiracy is complete

[pacroon]

I can't imagine a company that actually does what the public asks? They must have a secret agenda!

Re:

[Anonymous Coward]

We're not evil!
We actually do open source stuff! See?

Re:

[jacquesm]

yes, but only when we decide it's either bad business (as in we just dropped it) or when it makes us look good. If it should in any way shape or form be a 'key' item (GFS, linux kernel improvements) then forget about it.

Re:

[drinkypoo]

If we all stopped using google until they delivered those items, they would do so. However, since we won't (most literates wouldn't bother to try to do so, let alone the masses) then they won't be giving us that code. (And since they're not redistributing it, they're not violating any licenses, either.)

Re:

[chrisd]

We actually do push back kernel improvements, and funded work on disk traceability, xorp routing and more...

There was a neat study [kernel.org] that Greg KH did about corporate contributions to the kernel, which has us at a not-too-shabby 13th.

Re:

[jacquesm]

hi Chris, thank you for answering,

It's my understanding (possibly wrongly so) that there is a special version of the linux kernel that google has created that has a large number of changes to improve scaleability and facilitates the managing of a large number of machines in a cluster. Those are the improvements that I meant. The existence of this kernel has been hinted at in several google publications. It is also my understanding tha these modifications have not been given back to the community.

As for GFS,

Re:The conspiracy is complete

[chrisd]

Well, I'd disagree, I think we're doing fine from a kernel release perspective. We could do more, and in time, we will, but we only really started a concerted effort to release changes 3 years ago, so...not so shabby. Red Hat has been more important than Google or any linux -user- in the development of the kernel.

Your comments about manipulation are weirdly paranoid. The original list that Greg posted was 20+ companies long, and originally didn't include us, as he didn't count Andrew to us. He fixed that, and the post I sent to you was from his talk at Google. It's part of his presentation to call out the company he visits, which is one of the reasons we invited him out.

Google is built on software, some of which comes from the world of open soruce, and most of which was written here. To give back, we both release code from the company (a significant amount >1m lines per year), fund external code (uncountable, really) and through the summer of code, create new developers and even more code still (2.1m+ last year, at least 3m this).

That's not too shabby, in my book. I also would point out that it is disingenuous to equate linux use with some license fee savings. If linux had initially charged a license fee, then the world of linux users would be using bsd. Linux is successful because it is free of charge and free to use and free to modify. I think it is important that we give back and the rest, and we do that, but to multiply the number of machines running linux on the internet and consider that money as having been stolen is antithetical to the whole idea behind free software and open source.

Chris

Re:

[jacquesm]

Then you probably should have posted the original list or you should have given an explanation regarding the weird format up front, this one looks as if google got added in on purpose or at a later date, which you more or less confirm in your posting.

You seem to fail to address any of the points regarding the specific pieces of code I've raised in a concrete way (GFS + the indicated mods to the kernel, not the 'regular' fixes).

The reason I mentioned the licensing fees is because google deploys an enormous n

Good for Google

[Rik Sweeney]

If they're not going to develop it any further, they might as well let someone else have a go. Now all we have to do is convince Microsoft to release the source code to Windows ME.

Re:

[Anonymous Coward]

If they're not going to develop it any further, they might as well let someone else have a go. Now all we have to do is convince Microsoft to release the source code to Windows ME.

the difference is that nobody wants Windows ME.

Google vs. MS

[rajafarian]

This shows they're a little kinder than MS, or at least have better PR.

Yous guys remember MS and SenderID [zdnet.com]? If it doesn't benefit them directly, they'd rather it not benefit anyone else. Brats. /sigh

Re:Good for Google

[Syrente]

Whereas Browser Sync is in the interest of technology/simplicity, I'd see the source code of Windows ME being released in the interest of tragic comedy more than anything...

Re:

[hvm2hvm]

You could feed thedailywtf.com for years with it...

Re:

[Syrente]

Assuming the code doesn't compromise the stability of the site and cause frequent, intermittant downtimes...

Cursed code... *shudder*

Re:

[Godji]

Do you really think none of the Windows ME code is in Vista? I'd guess you'd be wrong.

Re:

[Firehed]

Check out the Add Font dialog... that hasn't changed since Win3.11. Big surprise that most designers use Macs :p

Re:

[morgan_greywolf]

Source code to Windows ME revealed:

/*
* Windows ME
* Copyright 1981-1999 Microsoft Corp.
* All rights reserved.
*/

# include <windows98.h>
# include <windows2000_new_ui.h>
# include <bsod.h>
# include <random.h>

main() {
shell=start_windows2000_new_ui();
start_windows98(*ui);
while 1 {
seed=new_seed();
randomness=

Re:

[Anonymous Coward]

Why do you need GBS to get your browser state into Weave? Hint: If you are not backing up your bookmarks at least, you should not be using Weave at this point in time.

Weave is not reliable at this point

[Count_Froggy]

So says the website and my experience with it. Synchs start and never end (>hour). I've moved to Foxmarks and password exporter for now.

I really liked it.

[XB-70]

I use a bunch of machines all over the place (mostly for development/personal interest). I use old machines, dial-up, new machines, servers - having browser sync was a god-send. It was great to be able to reference everything regardless of architecture and O/S. I agree that there are concerns about what Google would/could reveal to legislative bodies, but that's only because they are so huge that other factors come into play. Maybe this is their way of extricating themselves (somewhat) from the liabilities associated with having that much info about a person's real interests. That said, I feel that I was never 'targeted' as a result of their handling of my data, nor was there ever any 'push' marketing as a result. I think that's where you draw the line between good corporate citizen and spammer. I hope that someone who has the time can re-incorporate it into FireFox 3.x

Re:

[wangi]

Are are aware that other solutions exist for this problem? I use Foxmarks: http://www.foxmarks.com/ [foxmarks.com]

Re:I really liked it.

[naich]

Foxmarks is OK for syncing bookmarks, but GBS also synced your history, open tabs, passwords (if you were brave enough) and cookies. Having a synced history and cookies was very useful because you could stay logged in to the same sites across any GBS'd computer.

Re:

[sunwolf]

Awesome Bar + synced history = Awesome Everywhere?

Never heard of this...

[pgillan]

There's no clear reason given as to why it's being discontinued, but if it's due to lack of interest, it was probably lack of advertising; I wasn't even slightly aware of this project, and it sounds like something I would have been very interested in. I use Foxmarks religiously and have trouble functioning without it.

When google

[Anonymous Coward]

stops obfuscating the FLV url in complex SWF binaries that can be run only with the latest version of Adobe Flash, for YouTube, then we'll talk about google being "open".

Thank you.

Re:

[martin-boundary]

Can't you just flasm -d [nowrap.de] the SWF bytecode and figure out the url for the flv that way?

Re:

[Anonymous Coward]

A program supplied by a THIEF? Is this to be TRUSTED? http://www.identitytheft911-sunj.com/articles/article.ext?sp=90 [identityth...1-sunj.com]

Re:When google

[martin-boundary]

Dang! First Reiserfs, now THIS .... I hope Linus checks criminal records on patch submitters, or I'm TOTALLY switching to Vista ;)

Re:When google

[daveime]

There's a nice little add on for Firefox called "Live HTTP Headers", which shows all requests made from the browser. This includes the actual request by Flash to fetch the FLV file, so you get the full URL of the request, paste it back into the address bar, and choose save as file. Easy.

Let the FLV pr0n downloads begin.

Re:

[Per Wigren]

Or you could just let it load the file, cd $HOME/.mozilla/firefox/blablabla/Cache/, "ls -lt | head" to find the filename, test it with mplayer and if it's the right one, cp it to somewhere.

Wow

[Cloud K]

I'm sure there have been other examples, but this is the first and possibly only example I can think of of a company *actually responding* to requests for a discontinued product to be open-sourced. Let alone actually going ahead and doing it.

Bravo Google :)

Re:

[Deltaspectre]

Isn't this what happened to Blender? (Although I think that one required some monetary persuasion)

Re:Wow

[neokushan]

I'm sure there's better examples, but off the top of my head I know that a few years ago, there was a petition started to release the source code to Warzone 2100 [wikipedia.org], an old (yet brilliant) 3D RTS game that still stands out amongst the crowd today. After a few months (possibly a couple of years), Eidos scrambled together the source code and released it to the community.
Since then, the Warzone resurrection project has come leaps and bounds - fixing bugs, improving what platforms the game runs at, allowing higher resolutions, improving the AI, etc.
The only slight catch (that I'm aware of) is that the Video CODEC used in the original game was proprietary, so Eidos couldn't release the source to that and the company that owns the CODEC wouldn't allow it to be distributed any more.

Re:

[JustinOpinion]

Another example I like is Blender [blender.org] (the open-source 3D modeling platform). Blender was originally [wikipedia.org] a closed-source commercial product. When the company went bankrupt, the creditors agreed to release the code under the GPL for a one-time payment of $100,000. A donation campaign was started and raised the required funds. So now Blender is open-source, and has been extended and enhanced remarkably in the years since its release.

The reason I like this example is it shows that you can get paid to write code tha

Re:

[Daengbo]

I think that's actually most of the business model that RMS had in mind when he started the GPL. Get paid for your work once, then set the code free.

Re:

[drinkypoo]

There's a few more open-sourced games out there. Ones that come up off the top of my head are Quake, Allegiance, Freespace 2, and Star Control 2 (as The Ur-Quan Masters). Not sure if Allegiance has gone much of anywhere since release.

Re:

[neokushan]

Yup, it's good to see so many as well. However, the example I picked was because it came from a petition from the community to have the source, rather than the developers releasing it of their own free will (Ala ID and Quake)

Re:

[RichiH]

The videos are available. No idea what codec Eidos used to release them, though. But now that the data is there, this should be a minor matter. I myself watched the intro video with mplayer, so it is out there in a usable format.

Re:

[irc.goatse.cx troll]

Far better than Valve, who last I asked (~6 months ago) still won't give up the sourcecode to Counterstrike 1.6, yet also refuses to actually improve or update it. Unless you count ingame ads as an improvement.

Re:

[neokushan]

That's probably because if you had the source to 1.6, you could probably improve it beyond that of CSS (perhaps not graphically, mind you) which Valve still sells.

Cynical? Naaaaaw...

Re:

[iwein]

Wasn't the source to some browser once open sourced and developed into Firefox?

http://en.wikipedia.org/wiki/Mozilla [wikipedia.org]

Re:

[X0563511]

First came the Netscape suite. Then came Mozilla. Then came Firefox, and Seamonkey proceeded from Mozilla shortly after.

Re:

[iwein]

yes, that is indeed on the wikipage. thanks for getting the point.

Re:

[Anonymous Coward]

What about the other 20 or so extensions I depend on that Opera does not offer similar functionality to?

If it wasn't for the extensions I probably would be using Opera myself. But Opera is just killed by the flexibility of Firefox.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[StoneCrusher]

firefox -no-remote will open a new instance on linux, I have no idea about windows. --ProfileManager to get the profile manager

I already switched to foxmarks

[smartin]

And I have to say that it works much better than browsersync ever did, with the added bonus that I can host my own data.

Re:

[AusIV]

How do you host your own data? I use foxmarks, and was unaware of this option.

Re:

[smartin]

You need to set up apache running webdav

http://wiki.foxmarks.com/wiki/Foxmarks:_Frequently_Asked_Questions#Using_Other_Servers

no server code.

[Anonymous Coward]

It's only the client code (the xul & javascript code, which can already be found in the xpi file). There is no sever code (yet ?).

This is what every software company should do.

[zmjjmz]

Open source their abandonware. The world would be a much better place, and the companies wouldn't get hurt.

Re:

[iwein]

Some things are better left untouched.

Re:

[X0563511]

You can't opensource abandonware that has other companies IP in it, or active patents. You could opensource the other components, but... it's abandonware! For some reason or another, they are no longer working with the code (and filtering the code may be impractical or impossible).

Mashup with Amazon S3

[stickytar]

Rather than "trust" some third-party with our data, someone should mod the extension to work with S3 so all you provide is an S3 account and then synching stuff with S3.

Re:Mashup with Amazon S3

[Firehed]

Is Amazon no longer a third party? Granted I trust them as much as I trust Google (and from an advertising perspective, they probably have better data about me as they have actual data points for my purchases, not just my purchase-related searches) but that still seems like a rather dumb statement.

Gcal and Google calendar in Outlook.

[Anonymous Coward]

Another way to use your google data is to access it trough MS Outlook.

We just launched KiGoo, a free tool that allows Google users to fully manage (create, read, update and delete) their Calendar and Contacts from MS Outlook.

Also KiGoo manage the Free Busy information of your Gmail contacts for appointments if they shared their FB status.

Currently we support Windows XP and office 2007.

You could download it from http://www.getkigoo.com

Re:

[Count_Froggy]

Let me know when your product is OS independent.

Re:

[Anonymous Coward]

Why do they even bother with modding something already at ZERO to -1? It only makes it more true...

Re:Slashdot Google Obsession

[Xiph]

my settings is set to give trolls +1 and flamebait +2.
It's often some of the most humerous and insightful comments. At other times it's just gay fiction.