How to Release Open Source Library in 2020

Ближайшая конференция — HolyJS 2020 Moscow
25-28 ноября, Online
Подробности и билеты: https://holyjs-moscow.ru/

The talk will show you how normally we release open source libraries and the problems in the process. After this talk, you will get an idea about:

  • how to properly automate the process;
  • how to make the process asynchronous and unblock you;
  • how to release collaboratively with your colleagues.

#javascript #python #node #react #vue

What is GEEK

Buddha Community

How to Release Open Source Library in 2020
Brain  Crist

Brain Crist

1594753020

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.

The Citrix products (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.

Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.

Attacks on the management interface of the products could result in system compromise by an unauthenticated user on the management network; or system compromise through cross-site scripting (XSS). Attackers could also create a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, could result in the compromise of a local computer.

“Customers who have configured their systems in accordance with Citrix recommendations [i.e., to have this interface separated from the network and protected by a firewall] have significantly reduced their risk from attacks to the management interface,” according to the vendor.

Threat actors could also mount attacks on Virtual IPs (VIPs). VIPs, among other things, are used to provide users with a unique IP address for communicating with network resources for applications that do not allow multiple connections or users from the same IP address.

The VIP attacks include denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user; or remote port scanning of the internal network by an authenticated Citrix Gateway user.

“Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices,” according to the critical Citrix advisory. “Customers who have not enabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to those servers. Other virtual servers e.g. load balancing and content switching virtual servers are not affected by these issues.”

A final vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a local logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer, the company said.

#vulnerabilities #adc #citrix #code injection #critical advisory #cve-2020-8187 #cve-2020-8190 #cve-2020-8191 #cve-2020-8193 #cve-2020-8194 #cve-2020-8195 #cve-2020-8196 #cve-2020-8197 #cve-2020-8198 #cve-2020-8199 #denial of service #gateway #information disclosure #patches #security advisory #security bugs

Tyrique  Littel

Tyrique Littel

1598461200

An Open-Source Book About the Open Source World

Open source today is a word that often include a lot of things, such as open knowledge (Wikimedia projects), open hardware (Arduino, Raspberry Pi), open formats (ODT/ODS/ODP) and so on.

It is a world of opportunities that can be difficult for newcomers but also for intermediates. This article will help you discover how to approach specific roles, activities or projects/communities in the best way.

Everything Started with “Coaching for OpenSource Communities 2.0”

I decided to write a book in my personal style about my experience in the last 7 to 8 years in open source. I was surprised when I reached 100 pages about various different topics.

My idea was to write something that I would like to read, so nothing that is boring or complicated, but full of real facts.

The second goal was to include my experience but also my philosophy on contributing and how I contribute daily.

Thirdly, I wanted to give a lot of hints and resources and an overall view of this open source world.

Basically, I wanted to write something different from self-help or coaching books that includes just a list of suggestions and best practices. Instead, I take real examples from real life about the OSS world.

As a contributor and developer, I prefer to have real cases to study, because best practices are useful, but we need to learn from others and this world is full of good and bad cases to discover.

In 2019, I started writing a book after Fosdem 2019 and after 2 years inside the Mozilla Reps Council. In that Fosdem edition, I had a talk “Coaching for Open Source Communities 2.0” and after the feedback at the conference and my thoughts in various roles, activities, and projects, it was time to write something.

At the end it wasn’t a manual but a book that included my experience, learnings, best practices and so on in Localization, Development, Project Maintainer, Sysadmin, Community Management, Mentor, Speaker and so on. It contains the following sections:

  • Biography - This choice isn’t for self promotion but just to understand my point of view and my story that can be inspiring for others
  • Philosophy - Not the usual description of Open Source or the 4 freedoms, but just what Open Source means and how you can help
  • How to live inside the Open Source - A discovery about communications and tools, understanding the various kind of people and the best way to talk with your community
  • How to choose a project - Starting with some questions to yourself and how to involve more people in your project
  • The activity - Open Source is based on tasks that can be divided in 2 levels: Support, Testing, Marketing, Development etc
  • How to use your time - We are busy, we have a life, a job and a family but Open Source can be time-consuming
  • Why document is important - How writing documentation can be healthy for your community and the project’s future and brand

There are also three appendices that are manuals which I wrote throughout the years and gathered and improved for this book. They are about: community management, public speaking, and mentoring.

The book ends with my point of view about the future and what we have to do to change opinions about those topics.

I wrote this book and published in October 2019, but it was only possible with the help of reviews and localizers that improved and contributed. Yes, because this book is open source and free for everyone.

I picked the GPL license because this license changed the world and my life in the best way. Using this license is just a tribute. This decision usually is not clear because after all this is a book and there are better licenses like Creative Commons.

#open-source #contributing-to-open-source #programming #software-development #development #coding #books #open-source-software

Ray  Patel

Ray Patel

1623348300

Top 8 Java Open Source Projects You Should Get Your Hands-on [2021]

Learning about Java is no easy feat. It’s a prevalent and in-demand programming language with applications in numerous sectors. We all know that if you want to learn a new skill, the best way to do so is through using it. That’s why we recommend working on projects.

So if you’re a Java student, then you’ve come to the right place as this article will help you learn about the most popular Java open source projects. This way, you’d have a firm grasp of industry trends and the programming language’s applications.

However, before we discuss its various projects, it’s crucial to examine the place where you can get those projects – GitHub. Let’s begin.

#full stack development #java open source projects #java projects #open source projects #top 8 java open source projects #java open source projects

Edison  Stark

Edison Stark

1604060760

Hacktoberfest 2020: Let’s Get Hacking

It’s October and we’re calling all programmers, designers, content writers and open-source contributors to join Hacktoberfest 2020. This is a fantastic opportunity to contribute to open-source or try your hand at something new.

For those who are new to programming or open-source, you may be wondering what is open-source or Hacktoberfest.

_Open source_refers to source code that is publicly accessible and allows anyone to inspect, modify, or learn from it. Open source projects encourage collaboration and the freedom to use the software for any purpose you wish._Hacktoberfest_is a month-long celebration of open source software run by DigitalOcean and is open to everyonein our global community.

Seven years ago, Hacktoberfest kick-started the celebration along with 676 excited participants contributing to open source projects and earning a limited-edition T-shirt. Now, hundreds of thousands of developers participate in Hacktoberfest from 150 countries.

If you want to contribute to open-source projects, but don’t know where to start, then Hacktoberfest is the perfect opportunity for you.

Hacktoberfest is a month-long celebration of open source software sponsored by Digital Ocean, Intel, and DEV.

The goal of the event is to encourage participation in the open-source community all across the globe. The challenge is quite simple: open four high-quality pull requests in October on any open source project to get some swag.

Swag you say?

If you complete valid 4prs, you stand to get a T-shirt, some stickers and a cup coaster (I got one last year, I’m not sure if they’ll be doing it this year also).

They also introduced the option to plant a tree instead of receiving a T-shirt as a reward to reduce the environmental impact.

#hacktoberfest #github #git #open-source #opensource #contributing-to-open-source #open-source-contribution #first-open-source-contribution

Mitchel  Carter

Mitchel Carter

1602579600

Release Radar · October 2020 Edition

We’re here to bring you the latest and greatest releases for October 2020. These are exciting new releases from some of the coolest projects around. There’s everything from world-changing tech, to weekend hobbies. The best part about these releases, they’re all you. These are projects shipped by amazing developers from the open source community. Whilst there’s lots of projects released every month, we don’t have enough blog space for them all. So we selected a handful of awesome ones. Grab out your phone, settle in on the couch, and read up on our top ten picks.

OBS Studio 26.0

If you’re involved in live streaming, then you’ve probably come across Open Broadcast Software (OBS). Even at GitHub we’ve been using it for all our Open Source Friday Twitch streams. OBS released their latest version, v26.0 with a bunch of really cool changes. There’s an added virtual camera for Windows users, meaning you don’t need a third party plug in. Along with all the tweaks and improvements there’s additions such as media controls, source toolbar, log viewer, screenshots via hotkey, and more ways to control your live stream. If you’re into any kind of streaming, then read up on all the improvements and new features. Oh and for those non-Windows users, I hear the virtual camera is coming for you too. Time to up your Zoom game!

Profile README Generator 1.0

By now you’ve probably seen the GitHub Profile README we recently released. This gives you the chance to showcase your best shelf. Well, if you’re tired of editing your profile, you can now do it easily. The new GitHub Profile README Generator shipped their first release and is available to you now. You can simply fill in details such as name, tagline, blog, GitHub Stats, and more and your profile README will be automatically generated. Now there’s no excuse not to have your GitHub Profile looking all shiny and cool.

Open Drone Map 2.0

Are you into drone photography and video? Do you have loads of drone imagery to trawl through? Then this is the tool for you. Open Drone Map (ODM) is a command line toolkit for processing all your aerial drone images. You can easily turn 2D images into 3D models, point clouds, and more. It’s available on Windows, Mac, and Linux. The new 2.0 version added a bunch of bug fixes and speed improvements. The code base was upgraded from Python 2 to Python 3 and there’s support for Ubuntu 18.04. Plus “unicorns”. You totally want to know what unicorns are right? There’s now the option to override GPS location of your footage. In addition, image masking now allows you to choose what you want to include in your new render. Read more about these “shiny” new features on the ODM blog.

#community #open source #cli #gitmoji #javascript #laravel #obs studio #open drone map #open source #readme #release #resume #terasology #vue js