Google’s Code Search

Google Code Search launched today. It was originally an internal site, for their internal code. But, being such a great application (and having had Krugle and Koders establish a market), they clean it up and made it public. I don’t expect to see Krugle on ebay straight away, but the other code search engines do have a bit of a fight on their hands.

Code Search’s main advantage is that it lets you use regexps for searching. To be more accurate, it defaults to regexps for searching, it takes a little effort not to use them. I can’t even speculate as to how they made regexp searching fast enough for the user and practical enough for the data center. A quick estimate puts the number of files search at 40 million (wave to Gary who found the search term with the most results - 32.4 million for “x“), which is about 1/1000 the size of their main web search index, so we might regexp searching on their web search sooner than I would have thought possible.

I do have to ignore the fact that Code Search has a much smaller audience and hence a much smaller load. If I was to guess, I would say it would get about one ten millionth of the searches web search gets. I’d also have to ignore the possibility that Code Search might have a very different index structure. Then I’d have to find a reason to use regexp for a web search. Before Google perfects their natural language queries, which is probably more important to them then giving us regexp search. But I digress.

Code Search also has a license filter, which is a nice bonus feature. It might save me a little time, but I like it more as an example of Google’s intent parse and understand the world’s data, regardless of structure. adopting this approach removes a significant mental barrier to understanding what you can and can’t do.

In among this goodness are a couple dangers. Will spammers run a search with an email regexp? (a very simple one - 3.9million, or a slightly more complete one - 7.9million results) They may know that programmers are among the least susceptible to spam. Then again, knowing your audience is a pretty big advantage for a spammer. Will it be easier for hackers to attack sites, when it’s so much easier to search for vulnerabilities? (username file:wp-config.php, from kottke) Will programmers start copying and pasting code, regardless of license? Will normal people learn the truth about programmers? (wtf, damn, hack)

Like many other Google products, Code Search shakes things up a bit, by entering other companies’ markets and by making once hard things easy, which removes existing barriers (albeit artificial ones) to abuse of other people’s data.

About this entry

You’re currently reading “Google’s Code Search,” an entry on MalContent

Published:: 10.05.06 / 4pm

Category:: Internet News

About this Site

Random posts on this blog will be vaguely interesting to techie internet people.
Non techie internet people would probably be better off with reddit.com. Non internet techie people are probably called “Cobol programmers” and would not be reading this anyway.

The post where I explain the difference between vague and random hasn’t been written yet.

Rowan 10.05.06 / 6pm

Any idea why they estimate more hits for ‘x’ than ‘.*’?

Caz 10.06.06 / 7am

regexps? I know what it means but how the hell do you pronounce it!?

Mal 10.06.06 / 9am

I can’t tell you exactly why it happens, but I can speculate as to why Google doesn’t worry about it. There’s a combination of factors, but essentially it’s this: Google prefers performance, reliability and relevancy over accuracy and data consistency. The search results on the first page have to be fast and relevant, every page after that diminishes in importance. You see Google make this kind of choice all the time, a great example is the lack of folders and IMAP in GMail. you get performance and relevancy from your mailbox, even if it’s not presented in the most structured manner.

Jack 10.06.06 / 9am

The explanation I prefer is that Google figures that we don’t really care about the the 3rd page of results, let alone page number 2 million, so they cheat a little when they give their number of results. The shortcuts they take are for performance reasons, so I’d speculate that it’s a lot faster, and therefore more accurate, to find “x” than it is to find “.*”.

I say “reg ex”, but only cause I can’t do complicated words like “reg expththt”

techrageo.us 10.09.06 / 1am

Security and Google Code Search

If you use WordPress be careful. An example Google Code Search search going around is “username file:wp-config.php” which happily displays username and passwords in WordPress config files… if they’re in compressed archives or a …

Adam 10.21.06 / 2pm

I use wordpress, and I had some concerns about this but here’s why it shouldn’t be a big deal for most:

1. The MySQL useer/pass in stored in there - not your user login
2. The MySQL DB should be locked down and not accept connections from random IP’s so this shouldn’t be too much of a concern even if it does leak (you don’t use the same pass for MySQL as login do you?)

Finally, you can fix this if you move the various variable declarations to a separate file outside the web root and then use and include statement to bring them back into the WP code. Of course, this makes upgrades a little tricky….

MalContent

Google’s Code Search

About this entry

7 Comments

Have your say

Related Entries

About Me

Categories

About this Site

Monthly Archives