The editor on duty ： Yuan Yuhan
One 、 Open source event
In recent days, ,Elastic An article on the official website said it would be right Elasticsearch and Kibana There have been significant changes in the license , By open source Apache 2.0 License to adopt Elastic License and SSPL（ Server side public license ）.
about Elastic This decision ,AWS stay AWS Open source blog official blog published articles 《Stepping up for a truly open source Elasticsearch》 — Elastic Breaking the definition of open source itself , and AWS Will step up creation and maintenance by open source Elasticsearch and Kibana get Apache The license 2.0 edition （ALv2） Licensed branch .
2021 year 1 month 20 Japan ,UBML The project code is officially open to the public . Currently, there are modeling standards for open code （UBML-Standard） And UBML-Models, Including the core model for back-end development BE（Business-Entity）、VO（View-Model） And in the service model EAPI（External-API）. The project team is in the incubation process of the open atom open source foundation , Will continue to open up more components to enrich the ecological development , Welcome more friends to join us .
UBML（Unified-Business-Modeling-Language） It's a domain specific language based 、 Low code development modeling language for fast component applications , It's the wave iGIX Low code modeling system is the core of enterprise digital capability platform .UBML It's an incubation project under the open atom open source foundation .
UBML Development language as a low code development platform , It is the core foundation of low code development platform , Modeling standards that include development language independence （UBML-Standard）, Built in based on UBML Standard full stack business model （UBML-Models）, It also provides development services and kits that can interact with the model in the whole life cycle （UBML-SDK） And the runtime framework that supports the running of the model （UBML-Runtime）. future ,UBML More low code development tools will be introduced （UBML-Designer） etc. , Form a complete low code development platform .
UBML What problems have been solved ？
As digital transformation becomes mainstream , Software is the business carrier of digital transformation , There has been a spurt in demand .Gartner expect ,2021 The market demand for application development will be five times that of IT The company's capacity . To fill this production gap , Low code / Zero code technology is the only feasible solution at present , More and more enterprises are bound to introduce this technology .
Low code development is a way of rapid software development , Developers can complete the development of business applications with a small amount of code or even zero code .UBML As the core foundation of low code development platform , Committed to solving the high cost of traditional code development mode 、 High threshold , Speed of development 、 flexibility 、 The problem of poor agility . Can increase productivity , Reduce cost and increase efficiency , Provide momentum for enterprise digital transformation .
UBML Code warehouse address ： https://gitee.com/ubml
3、 Tencent multi environment configuration and packet capture debugging platform Nohost Official open source
Tencent's open source official account is announced by Tencent IMWeb A multi environment configuration and packet capture debugging platform built by the front-end team is officially open source .
It is reported that Nohost It covers the joint development and commissioning in the R & D process 、 test 、 Three stages of product experience , Provide cross end proxy tools 、 Support one click switch experience test environment 、 request mock、 real time / History 、 Proxy forwarding and other capabilities , It solves the problem of rough test environment management 、 Conflict prone 、 The efficiency of joint commissioning is slow 、 The configuration is complex , It supports tens of thousands of demand research and development of Tencent online education in recent years , It improves the efficiency of joint debugging experience in the R & D process .
Nohost It's a universal design in itself 、 Scalable solutions , It is widely used in Tencent and other front-end teams in the industry . In Tencent, there are more than 80 A front-end team deployed directly Nohost Or based on Nohost Application of capability expansion , The coverage user group exceeds 1000 people . There are also many companies in the industry （ Little win technology 、 Netease game 、 Bytes to beat 、 Second hand cars, etc ） The front-end team is deployed independently .
More configurations or more advanced applications , You can go to Nohost git and Nohost Learn about ：
Official website ： https://nohost.pro/
4、 Open source server exposed 7 Big hole ！ Hackers can initiate DNS Cache poisoning attacks and remote execution of malicious code
Network security researchers are Dnsmasq Found out 7 A loophole , This is a popular open source software server , Used to cache DNS （DNS） Respond to .
this 7 A loophole was discovered by Israel Research Corporation JSOF Collectively referred to as “ DNSpooq”, It's the same as what was disclosed earlier DNS The weakness of the architecture echoes , bring Dnsmasq The server can't resist a series of attacks . Malicious attackers can launch DNS Cache poisoning attacks and remote execution of malicious code .
In a report published today, the researchers pointed out that : “ We found that ,Dnsmasq It's vulnerable to deviating attackers （ That is, there is no observation of DNS Transponders and DNS Attackers communicating between servers ） Of DNS Cache poisoning attack .”
Because of this 7 A loophole , Attackers can attack multiple domain names simultaneously in seconds to minutes , And there's no special operation . Besides , Security researchers also found that ,Dnsmasq Many instances of are incorrectly configured to listen WAN Interface , Hackers can launch network attacks directly .
Dnsmasq yes DNS Short for camouflage , It's a lightweight software , have DNS Forward capability , For local caching DNS Record , This reduces the load on the upstream name server , Improved performance .
JSOF Find out , By 2020 year 9 month , There are about 100 m Dnsmasq Examples of vulnerabilities , The software is included in Android In a smartphone , And millions of people from Cisco、Aruba、Technicolor、Redhat、Siemens、Ubiquiti and Comcast Routers and other network devices .
12 month 8 Number ,CentOS The official blog published an article entitled 「CentOS Project shifts focus to CentOS Stream」 The news of . The content is CentOS It used to exist as a downstream version of an upstream supplier （ Receive patches and updates after upstream vendors ）, Now it will move to the upstream version （ Including patches and updates tested by upstream vendors ）.
Roughly speaking 「 In the future CentOS The project shifted its focus to CentOS Stream in 」. in other words CentOS The life cycle will be terminated ,CentOS Maintenance will stop soon , No more updates ,「 free 」 Of RHEL No more ..
CentOS As RHEL Our community fork edition , Known as the most stable distribution , It's also one of the most used server distributions in the world . Although in use for a short time CentOS There is no impact on the server of the system , But now it's in use CentOS Users should also consider server replacement system as soon as possible .
TencentOS Serverr ( also called Tencent Linux abbreviation Tlinux) Bring us a good alternative , Its user mode is based on RHEL, It's developed by Tencent for cloud scenarios Linux operating system , Special features and performance optimizations are provided , Provide high performance for applications in the cloud server instance , And safe and reliable operation environment .
Tencent Linux Not only is it free to use , stay CentOS（ And distribution ） Applications developed on are also directly in Tencent Linux Up operation , Users can also obtain the update, maintenance and technical support of Tencent cloud , At present, the number of installations has exceeded 500 ten thousand .
TencentOS Server comparison CentOS and Ubuntu There are many other advantages to the distribution version ：
- After more than ten years of verification and polishing of Tencent's internal business ;
- Support from a team of top kernel experts ;
- Includes key performance optimizations and customization features for cloud and container scenarios ;
- Strong operation support team , Get top business support ;
- Support for multiple computing architectures , And provide enterprise level stability and support services ;
The kernel code is already in GitHub Open source ：
In recent days, , Alibaba's pingtouge semiconductor company （T-Head） In its official chip open community, it officially announced , Support RISC-V Architecturally Android Here comes the system .
ICE EVB yes T-Head The development is based on XuanTie C910 A high performance SoC plate .ICE SoC Integrated 3 individual XuanTie C910 kernel （RISC-V 64） and 1 individual GPU kernel ; The advantage is that it runs fast 、 High cost performance .
The chip can provide 4K @ 60 HEVC / AVC / JPEG Decoding ability , And various high-speed interfaces and peripherals for control and data exchange ; Apply to 3D graphics , Vision AI And multimedia processing .
This port is based on android10-release（platform / manifest 1c222b02bde285fe1272b4440584750154d3882d）. Now? T-HEAD All the source code developed is contained in the repository , Anyone interested in this project can reproduce the emulator environment as follows .
The code is already in GitHub Open source ：
One 、 New trend of open source development
Healthy open source software projects cannot be achieved overnight , It should be cultivated slowly . The secret of cultivation lies in the construction of open source community , How to attract open source developers ？ How to keep open source developers ？ How to avoid and solve conflicts with open source developers ？ How to maintain community development ？ These are the problems we have to face when building open source communities .
Joe Brockmeier（ Red hat ） stay LinuxCon At the North American Conference, we shared a wealth of practical wisdom, which is worth learning .
Excerpts from Speeches ：
The word community is on the rise , Many people have only a vague concept of it ：「 Building communities is a good thing 」.
But what does it mean ？Brockmeier say ：「 I've worked with many different companies and projects , They often express that they want a community 」, When I asked ：「 What kind of community do you want ？ What kind of people are your target groups ？ Who matters to you ？ What is the direction of the community's efforts ？」 They often can't answer .
OSS Capital Founder and CEO of Joseph Jacks He has been engaged in open source business for many years , He summed up his career in an article , He also said that he will continue to contribute to open source in the coming decades .
Here are Joseph Jacks Excerpts from the compilation of this article ：
- Why use COSS The word" ？
Because I don't like “ Open source company ” The word , The term is wrong . Open source actually means something very specific ： When applied to software source code , Open source means that almost everyone can view it at any time 、 function 、 Modify and distribute code . In that sense , Open source is actually about enabling unauthorized rights , Not anything else . meanwhile , Open source doesn't mean free .
In fact, the essence of the company is not open source , therefore , Call a company “ Open source ” It's contradictory , It's like saying feathers are heavy . A company can never let its core code be seen by the outside world at any time , Otherwise, it's going to get anyone to “ modify ” or “ commercial ”. actually , Companies have to differentiate in essence , In order to find the right product market , Hire the right people , Find the right investors , Effectively determine the appropriate strategy and so on .
I think commercial open source （COSS） It should have its own category . Basically , be based on OSS Companies with core technologies are different at all levels . therefore , I think the world needs a new principle to understand 、 Describe and study this kind of company . We need a new term 、 New ways of thinking , To inspire more people to understand why this open core approach as a whole is better than the old model .
- direct OSS Value acquisition
In the coming decades , I believe two things will happen ：
1.OSS Will continue to drive the value creation of the vast majority of truly basic digital technologies , And more and more physical technology （ The world of atoms ） The value of .
2. The pendulum of value capture will gradually swing in another direction — Make the world develop in the direction of direct access to open source value , Thanks to the rise of a new small but exponential growth business category ： Commercial open source software , I call it “COSS”.
3、2020 China open source annual report ： The rise of China's open source and the split of the open source world
Preface to the report :
Write this preface , Our mood has always been complicated , It's hard to generalize in some words . A word that rises in my heart is ：“ This is the best time , This is the worst of times ”.
Maybe years later , Let's go back to 2020 year , It will be called ： The beginning of world upheaval . A lot of friends last year , even to the extent that “ I'm going through history every day , Every day is a long time ！” New covid-19 outbreak and Sino US trade war , In the same year . And because of the epidemic and the trade war , The world is accelerating change .
In this historical context , We're in the open source world , There are also three trends ：
- The great development of open source and the trend from real to virtual
From all kinds of data , And our own feelings ： There is a big development trend of global open source .GitHub The number of active code warehouses and active users is growing at a high speed （35.3% / 21.2%）;Gitee The number of code warehouses and users is growing at a more amazing rate （192% / 162%）.
One side , Open source has been on the rise for so many years . And on the other hand , It's our guess ： Since the outbreak , More and more people are telecommuting , In fact, it promotes more people to have opportunities “ Slashing ”, In other words, it is convenient to switch multiple identities in front of a computer , Handle multiple transactions asynchronously , This increases the time and opportunity for developers to participate in open source .
Of course , Also because of telecommuting , The proportion of virtual world in human life , It's getting bigger . Is this better , What problems will arise ？ As a human standing at the tunnel entrance , It's hard to guess .
- The rise of China's open source and the trend of split open source world
With more and more Chinese open source projects increasing influence 、 Introduction of Mulan agreement 、 The foundation of open atom Foundation ,Gitee Super fast growth of ,CODE China New release of , We can be sure already ,2020 The year of the rise of open source in China . Next, friends reading the report , You should see a lot of solid evidence .
however , Another noteworthy phenomenon , It can also be seen from the following data . stay GitHub The most active open source projects in China , And Gitee Among the most active open source projects in the world , There is no overlap at all .
With Gitee The continuous and rapid development of science and technology , It's predictable , There will be more and more in the future , High quality open source projects in China , Choice in Gitee The open source . A friend once mentioned it “One World, Two Systems”, Will gradually become a reality .
If China's open source , In a way separate from the world “ The rise of ”, This is not the future we want to see .
- Open source for good and we are not ready
Since the outbreak , Many open source people devote their time 、 energy 、 Technology and wisdom , Invest in open source projects related to epidemic prevention one by one , Therefore, a lot of medical oriented talents were born 、 epidemic prevention 、 public welfare 、 Rescue of open source organizations and open source projects . among wuhan2020 It's a typical example .
therefore , stay 2020 During the preparation of the annual meeting of China open source in , We did not hesitate to choose “ Open source for good （Open Source for Good）” As the theme of the annual meeting , It has also won many lecturers 、 Consensus between participants and sponsors .
however , What should we do next ？ People united to fight the epidemic , Projects created , Accumulated experience , Lessons learned , How to “ Arrangement 、 encapsulation 、 modularization ”, And for future accidents , Ready ？ These are areas worthy of long-term thinking and improvement .
In recent days, , Vice president of tools products for Microsoft developers Amanda Silver On Microsoft's official blog, the theme is “2021 Software development in 2000 and beyond ” Blog posts .
Amanda Silver This paper discusses how to help develop and support the development of talents in the unprecedented needs , Improve the inclusiveness and speed of developers , And help the engineering team expand through open source and low code tools , And the future software development plan of Microsoft is described in detail .
The following is a Amanda Silver Compilation and excerpt of the article ：
2020 It's a disruptive year , The relationship between enterprises and employees and customers has changed almost overnight . Businesses are rapidly turning to telecommuting , In a few months, it went through a digital transformation that could have taken years .
For a software development team , They have an urgent demand for new features , For digital interaction with customers and communities . A lot of this transformation benefits from being “digital first responders” With the support of our developers . Developers move the workload to the cloud , And found a new way , You can code faster anywhere 、 Collaborate and distribute software .
Although many of the changes we see are the work that the software development team has been doing , But they started to grow rapidly during the outbreak .2021 year , It's time to reflect on these big changes , And consider the lasting changes they will make as we transition to a mixed work environment . It's also an opportunity to think about how these changes will affect the future of software development and how we can work together to build a more resilient future .