【Open Source Daily】Under the trend of open source devouring the world, with the help of open source software, based on open source protocols, anyone can get the source code of the project, learn, modify, and even redistribute. Pay attention to "Open Source Daily" and take a quick look at today's open source events at home and abroad!
Organize | Song Tongtong, editor-in-charge of | Tu Min
Exhibiting | CSDN(ID:CSDNnews)
Catch up on news points in one minute!
Following the establishment of the OpenCloudOS community led by Tencent and others, the Dragon Lizard community led by Alibaba Cloud and other enterprises launched the "Dragon Plan"
The OpenInfra Foundation introduces a new standard for open source infrastructure: LOKI
CISA and CrowdStrike released Log4j scanners, but there are still blind spots
CNCF Developer Survey Report: Kubernetes adoption is on the rise, serverless is down
The Apache HTTP Server Update fixes two bugs
The new open source library GraphQL AuthZ was formed, adding authorization layers to different GraphQL architectures
2021: The year when the LibreOffice documentation team shines
GitLab 14.6 released: Added seamless geographic experience, support for .NET 6 in SAST
Krita 5.0 release: An open source Photoshop alternative
OpenKruise v1.0 release: Reaching a new peak in application automation
Micronaut 3.2 was released to enable higher performance microservices
Annie: A quick and easy video download library and CLI tool written in Go
Big news on open source
On December 23, following Tencent's leadership in establishing the open source operating system community OpenCloudOS, in the later part of the 23rd, Alibaba Cloud, Tongxin Software, Loongson, Zhongke Fangde and other domestic and foreign head operating system manufacturers, chip manufacturers, operators and other jointly established the Dragon Lizard Community launched the "Dragon Teng Plan", launched a recruitment invitation to the majority of ecological partners, hoping that 500 enterprises will join in the future to realize the business and technology dreams together. At the same time, the Dragon Lizard community said that it will provide the following commercial benefits for members who join the "Dragon Teng Project": support for the seamless migration of CentOS; one adaptation, compatibility; priority integration of community solutions; independent support service system; and assistance in the distribution of commercial operating systems. (OpenAnolis Dragon Lizard)
Recently, the OpenInfra Foundation launched a new standard for open source infrastructure LOKI , Linux OpenStack Kubernetes Infrastructure. Companies such as AT&T, CERN, China Mobile, China Telecom, Verizon, Vodafone and Yahoo have adopted OpenInfra's new standard and put it into production. Similar to how the LAMP stack became the standard for deploying web applications, LOKI will also help operators identify successful patterns and technology combinations for building production infrastructures.
Image source: OpenInfra Foundation
In response to the "epic" vulnerability Log4j, the world began to self-examine the operation. Among them, the Cybersecurity and Infrastructure Security Agency CISA this week released its own Log4j scanner, which is modified from the Log4j scanner created by security firm FullHunt to support DNS callbacks for vulnerability discovery and verification, as well as provides fuzz testing for HTTP POST data parameters, fuzz testing for JSON data parameters, and support for URL lists. In addition, cybersecurity technology company CrowdStrike similarly released its own free Log4j scanner, called the CrowdStrike Archive Scanner or CAST.
Image credit: Rezilion
Yotam Perkal, head of vulnerability research at Rezilion, an autonomous DevSecOps platform, tested a number of Log4j scanners and found that many scanners could not find all instances of the vulnerability. Perkal says, "While some scanners do better than others, none of them are able to detect all formats. It also reminds us that the testing capability depends on your detection method. The scanner has blind spots. According to Perkal, the study illustrates the limitations of static scanning in detecting Instances of Log4j.
On December 20, the Cloud Native Computing Foundation (CNCF) released "The State of Cloud-Native Development," based on research firm SlashData's survey of more than 19,000 developers from 155 countries in late 2020 and early 2021. The survey found that 5.6 million developers were using Kubernetes in the first quarter of 2021, a 67 percent increase compared to the first quarter of 2020; 31 percent of back-end developers were using Kubernetes, a 4 percentage point increase from the previous 12 months; and among edge developers, Kubernetes usage increased by 11 percentage points to 63 percent. Of all the industries surveyed, edge technology has the highest adoption of Kubernetes.
The survey also found that the percentage of developers involved in serverless architectures dropped from 27% to 24%. Serverless computing involves dynamically allocating compute cycles through services such as AWS Lambda. The report argues that the downtrend may be due to a lack of flexibility in serverless solutions, such as companies' fear of locking themselves into specific vendors. (IndoWorld)
On December 23, the Apache Software Foundation released an update to address a critical flaw in its popular Web server that allowed remote attackers to take control of vulnerable systems. The Foundation has released version 2.4.52 of the Apache HTTP Server, which addresses two bugs tracked as CVE-2021-44790 and CVE-2021-44224. Apache HTTP Server is not directly affected by the Java-based Log4j error message library, however, even a Web server written in a language other than Java may have a vulnerable Log4j library integrated into one technology. (ZDNet)
On December 19, the Guild team launched a new open source library, GraphQL AuthZ. GraphQL AuthZ is a flexible, modern way to add a licensing layer on top of an existing GraphQL microservice or monolithic back-end system. It is suitable for code-first and pattern-first (SDL) development, supports different ways of attaching authorization rules, has zero dependencies in the core package (except for peer dependencies on graphql-js), and keeps the pattern clean with any authorization logic.
GraphQL AuthZ wraps the graphql .js execution phase and runs the logic for enforcing the defined authorization rules before and after this phase. By employing the GraphQL AuthZ method, the user's executable mode does not contain any authorization logic. At the same time, in addition to pre-execution rules, GraphQL AuthZ also allows users to write post-execution rules, and graphQL AuthZ can be used to implement a centralized gateway authorization layer and microservice-level authorization. In fact, GraphQL AuthZ was inspired by GraphQL Shield. However, compared to GraphQL AuthZ, GraphQL Shield uses a different approach to applying authorization rules.
LibreOffice is a free and open source office suite based on OpenOffice with additional features, improved Microsoft Office compatibility, and regular updates. In 2021, the OpenOffice team bridged the gap between major LibreOffice releases and updated the user guides accordingly. By the end of the year, they've updated all of their guidelines for version 7 to LibreOffice version 7.2 and are ready to continue releasing version 7.3, which will be released in early February 2022. The updates and enhancements to the guide are a joint effort of all teams and are coordinated by Jean Weber (Writer and Getting Started Guide), Steve Fanning (Calculation and Foundation Guide), Peter Schofield (Impression and Drawing Guide), Rafael Lima (Math Guide).
In 2021, they also launched the LibreOffice Bookshelf. Unlike the current documentation .libreoffice.org Server page, the shelf can be cloned and installed in organizations, libraries, colleges, and schools for immediate availability in a controlled environment and online reading of the guide. ODF chapters have been converted to static HTML pages and are ready to be displayed on computers, tablets, and phones, bringing the LibreOffice user guide closer to the public anytime, anywhere.
Open Source Software Zone
On December 22, the GitLab team announced the release of GitLab 14.6, saying that it was the last release in 2021. This release brings simplified geo-configuration, accelerated Git clones or Git pull commands by automatically using the geographic sites closest to them to help globally distributed teams, a list of activities for GitLab agents that record real-time events such as connection and token status, and various SAST improvements, including SAST execution policies and support for .NET 6.
Krita is a non-profit, open source, and community-driven software project that is also an open source alternative to Photoshop. Krita 5.0 is the largest update to date for the Krita project, bringing improvements to every aspect of Krita and enabling many new features: a faster and more resilient resource management system; color management and gradient improvements; faster brush smudge brushes, a new MyPaint brush engine; improvements to animation features; new split-shot scripting tools and companion workflows; user interface improvements; and support for new file formats such as AVIF and WebP , as well as tool, layer function improvements, and more.
For details, please refer to: https://krita.org/zh/krita-5-0-release-notes-zh/
Recently, Alibaba and OpenKruise maintainer Siyu Wang announced the release of OpenKruise 1.0, a CNCF sandbox-level project. OpenKruise is Kubernetes' suite of extension components focused primarily on application automation such as deployment, upgrade, operation, and availability protection, and most of the functionality it provides is built primarily on CRD extensions. They can work in a pure Kubernetes cluster without any other dependencies. Capabilities are currently available in application workloads, Sidecar container management, enhanced operations, and application availability protection.
For details, see: https://www.cncf.io/blog/2021/12/23/openkruise-v1-0-reaching-new-peaks-of-application-automation/
On December 22, Micronaut, a JVM-based multilingual framework for building microservices applications in Java, Kotlin, and Groovy, reached version 3. Some improvements and updates have been made in the new version: updated to support the latest GraalVM version 21.3.0; new coordinates for the official GraalVM Maven plugin; new major version of the Gradle plugin; support for Kotlin 1. 6. 0.;Websocket improvements. At the same time, Micronaut Data, Micronaut Security, Micronaut Openapi, Reactive Library Modules, Micronaut Kubernetes, Schema Migration Modules, micronaut Elasticsearch modules have made some upgrades.
For details, please refer to: https://www.i-programmer.info/news/80-java/15098-micronaut-3-2-released-for-more-performant-microservices.html
Open source tools recommended
Annie is a fast, simple and clean video downloader built using Go. There are many supported platforms, including MacOS, Windows, Linux, etc., installation and use is very simple, currently support the following websites: Douyin, Bilibili, Half-Dimensional, pixivision, Youku, YouTube, iQiyi, Mango TV, Jelly Bean Square Dance, Tumblr, Vimeo, Facebook, Douyu Video, Seconds Beat, Sina Weibo, Instagram, Twitter, Tencent Video, NetEase Cloud Music, YinyueTai, Pornhub, Xvideos, United News Network, TikTok, Good Video, AcFun, Eporner, StreamTape.
For details, please refer to the https://github.com/iawia002/annie
【Welcome to contribute】In front of the source code, there is no secret. What other recommended open source tools or open source software, or want to know about open source information, you can contribute to the mailbox: [email protected]. Everything in the open source world, created by you and me!