Facebook Open Sources Tool to Aid Developers

by Ostatic Staff - Jan. 02, 2017

Facebook, like Google, has shown itself to be a strong contributor to the open source community. Only a few months ago, the company open sourced Haxl, a library that eases access to remote data. Then, wiith an eye toward optimizing the performance of open source distributed SQL query engine Presto, Facebook designed a new Optimized Row Columnar (OCR) file format reader for Presto, and open sourced it as noted in this blog post.

 Now, Facebook is open sourcing an alternative to the Atom open source text editor that can run directly in a web browser. Atom in Orbit is its name, and it is available on GitHub immediately, accompanied by a demo app that can give you a sense of the tool's capabilities.

Based on Nuclide IDE, Atom in Orbit lets developers work with code easily from with in a browser. According to a post from Facebook:

  "Nuclide is built on top of Atom, an open source desktop text editor. At another hackathon later in the year, a few engineers set out to produce a version of Atom that runs in the browser as a step toward supporting remote development. While web apps in general offer several advantages for engineers — for example, automatic backups, remote access, and server-side processing — Atom on the desktop still enjoyed several features that weren't available in the browser, such as synchronous access to the filesystem, access to local resources, natively implemented dependencies, access to native APIs, and unrestricted access to the internet. During the hackathon, the engineers found workarounds to these obstacles and contributed a set of scripts that repackages Atom's source so that it runs as a web app. This hack is still ongoing — you can follow progress, try it out, or contribute to the code on GitHub."

 Facebook has also open sourced osquery, an SQL-powered detection tool for Linux and OS X that provides real-time insight into the state of corporate infrastructure. And, Facebook has ported osquery to Windows and open sourced it, giving administrators timely, reliable visibility into operations running throughout their network. It's proven to be a reliable security threat monitoring tool.

According to Facebook engineers:

..."osquery allows our Facebook security team to fetch data about all browser extensions running on our corporate network. We then compare that information to threat intelligence data to quickly identify malicious extensions and remove them. This proactive technique, known as “threat hunting,” is an important enhancement to traditional detection-based security, but not yet offered by many commercial agents.

As adoption for osquery grew, a strong and active community emerged in support of a more open approach to security. We saw the long-held misconception of “security by obscurity” fall away as people started sharing tooling and experiences with other members of the community. Our initial release of osquery was supported for Linux and OS X, but the community was also excited for a Windows version — so we set out to build it."

 Facebook also sought the help of engineers at Trail of Bits to accelerate and document the entire public development process, so you can jump into the osquery project with a clear audit trail. You can read the full documentation of the development process from Trail of Bits here.

The osquery developer kit for Windows includes documentation, the development environment, and a single script to get you started. Interested in more? If so, check out the community post.