I don't doubt that Google is a very public and very popular target for those looking to breach insecure systems. Having said that, I've heard this "we are the ones that need this the most" sort of argument that they use to justify their in house network authentication by many other companies in many different scenarios. However, most of the time, the problem they are having applies to just about everyone else in the field they are a part of. Which is why open source development has been so successful. Many with the same problem, helping to implement a common solution, instead of a custom one for each of them. So I wonder, what are the deficiencies of other existing 'network authentication' solutions out there? Why couldn't they help improve those? Why not contribute whatever improvements they've mode to this area?
Have you heard about Google Authenticator? http://code.google.com/p/google-authenticator/ It's a wonderful, standards-based, open-source project that brings two-factor authentication to Android, iOS, Blackberry, and PAM.
I doubt Google would want to talk about every single way that we try to secure our networks from hackers, but Google is pretty good about open-sourcing things (or publishing papers) to contribute to the industry's security practices.
I agree, Google does open up a lot of projects and publishes a lot of papers as well on their work. I guess my comment was a bit of a gut reaction to the wording used that entailed "our problem are unique" which are many times used to justify brand new proprietary projects.
I imagine whats used is based on a combination of open source projects (either theirs or others) with their own secret sauce. Which is pretty standard process I guess.
Alright, maybe I commented too early. The wording threw me off.
I don't think they do. As far as I understand it, employees can choose Mac, Goobuntu or Windows (though windows has to be justified b/c of the higher overheard of support). Sounds reasonable to me.
From talking with Thomas before, if I have this correctly, is that Google doesn't allow offsite development. So it seems most Googlers have a desktop for development and an laptop for other things with NO code on it. I may have that wrong, but I'm sure some Googlers here can verify that or not.
It's not "offsite development" that's prohibited so much as not allowing source code to be stored locally on laptop HDD's (even with full-disk encryption). You can develop remotely over SSH, NX, NFS, SSHfs, etc., you just can't have the source (or compilation artifacts) on an easily-stolen device.
Java developers that use Eclipse or IntelliJ seem to work remotely pretty well using NX or VNC to get a remote Linux desktop, and Googlers who work on open-source projects obviously have different rules for that code.
I'm actually not sure what the IOS devs do. They might have different rules since their projects are more standalone and not tied into the rest of the main Google source tree, but it might also be that they just develop on-site. You could probably be fairly successful with XCode using something like SSHfs if you're on a fast enough connection, but I don't know if anyone actually does that.
