ProHoster > Blog > internet news > The most important events of 2021

The most important events of 2021

The final selection of the most important and notable events of 2021:

  • Motion to remove Stallman and dissolve the Board of Directors of the Free Software Foundation following Stallman's return to the Board of the Free Software Foundation. Breaking with the Free Software Foundation of many open source projects, including Red Hat, Fedora, Creative Commons, GNU Radio, OBS Project, SUSE, The Document Foundation. The Debian project has taken a neutral stance. Restructuring the management of the SPO Fund.
  • Suspension of the University of Minnesota from kernel development for experimenting with submitting potentially vulnerable patches.
  • Conflicts: Change of power in the FreeNode IRC network and the incident with the capture of the IRC channels of many projects. Termination of Mypal development due to Pale Moon's actions. The community has defended the Hot Reload feature removed from .NET. A hacky implementation of WireGuard for FreeBSD. Suspending the team that enforces the code of conduct in the Perl community. Attacks on the creator of the Audacity fork. Libopenaptx license change to spite Freedesktop. The resignation of Rust community moderators. Blocking Matrix-client Element in Google Play. Removing the musescore-downloader and Barinsta repositories.
  • Forks: Amazon created OpenSearch, a fork of Elasticsearch. Elasticsearch blocked the ability to connect to forks in client libraries. zlib-ng is a high performance fork of zlib. Glimpse, a fork of GIMP, has been discontinued. Microsoft's OpenJDK distribution.
  • Acquisitions: The Muse Group took over Audacity and introduced new privacy rules (the community responded with forks. Microsoft bought ReFirm Labs. Brave bought out the Cliqz search engine.
  • Litigation: Litigation against Vizio related to violation of the GPL. Sued and revoke the GPL license from ChessBase. Xinuos vs. IBM and Red Hat litigation. Sony Music succeeded in blocking pirate sites at the level of the Quad9 DNS resolver, the court rejected Quad9's appeal. Google beat Oracle in a Java and Android case.
  • Take-Two Interactive has secured a GitHub lock on the open-source RE3 project. After an appeal, GitHub restored access, but Take-Two filed a lawsuit against the developers, and GitHub re-blocked the repository.
  • Copyright: Copyright infringement in the GNOME screensaver. Third party attempt to trademark PostgreSQL in Europe and the US. Borrowing the OBS code in TikTok Live Studio. Copyleft troll phenomenon. DMCA exceptions that allow replacement of router firmware.
  • GitHub has established a service to protect developers from unreasonable DMCA bans. GitHub has tightened its rules around posting security research results following a conflict over the removal of a prototype exploit for Microsoft Exchange. GitHub has lifted restrictions for Iranian developers.
  • Licenses: Elasticsearch has moved to the non-free SSPL license. The GCC and Glibc projects have removed the mandatory transfer of ownership of the code to the Free Software Foundation. Grafana has changed the license from Apache 2.0 to AGPLv3. Nokia has relicensed the Plan9 OS under the MIT license. The Ministry of Digital Development of the Russian Federation has developed a β€œState open license. Fixing a GPL violation in the mimemagic library caused a crash in Ruby on Rails. Declaring the license for NMAP incompatible with Fedora, after which Nmap changed the license. Removal of restrictions on the use of the JDK for commercial purposes.
  • Free software promotion: Russia is planning to create its own Open Source Foundation. The European Commission will distribute its programs under open licenses. The use of open source software in the Ingenuity Marshall.
  • Programming languages ​​and compilers: GCC 11, LLVM 12/13, Ruby 3.1, Java SE 17, Perl 5.43, PHP 8.1, Go 1.17, Rust 2021, Dart 2.5, Julia 1.7, Vala 0.54, Nim 1.6, Haxe 4.2, Erlang/OTP 24, Crystal 1.0/1.2, .NET 6 Luau, a type-checked variant of the Lua language, is open-sourced. Mariana Trench and PHPStan are static analyzers for Java and PHP. IBM has published a COBOL compiler for Linux. New logic programming language Logica. HPVM is a compiler for CPUs, GPUs, FPGAs and accelerators. High performance Mold linker by LLVM lld. Creation of the PHP Foundation organization.
  • Python: Python 3.10 with support for pattern matching. Python is 30 years old. Cinder is a fork of CPython used by Instagram. Pyston (Python with JIT) has returned to an open development model. Support for building CPython to work in the browser. A plan to significantly improve Python performance. Support for Python 2 has been dropped from PIP. Python ranked #XNUMX in the TIOBE rankings.
  • Rust Language Expansion: The Rust Foundation is formed with directors from AWS, Huawei, Google, Microsoft, Facebook, and Mozilla. Google is funding the addition of Rust support to the Linux kernel and the development of a new TLS module for the Apache http server in Rust. Adding Rust support to Android. Experimenting with Rust in Chrome. Experiment with porting Debian to coreutils in Rust. Frontend OpenCL on Rust. Implementation of Tor in Rust.
  • System components: systemd 248/249/250. The systemd fork has been ported to OpenBSD. Musl and systemd based Gentoo builds. The OpenPrinting project took over the development of the CUPS printing system and released CUPS 2.4.0. Finit 4.0 initialization system.
  • Hardware: Libre-SOC Open Chip. RV64X and Vortex are open source GPUs and GPGPUs based on the RISC-V architecture. Open firmware architecture Universal Scalable Firmware from Intel. Open RISC-V processors XuanTie (from Alibaba) and XiangShan. End of development of the MIPS architecture in favor of RISC-V. Open PCIe card with atomic clock. Initiative to develop open source projects for FPGA. Open source BMC controller LibreBMC. OpenHW Accelerate Research Program. Launch open keyboard. Smart watch PineTime. PineNote eBook. Smartphone PinePhone Pro.
  • Network infrastructure: HTTPA protocol (HTTPS Attestable). Lightway VPN protocol. Browsers stop supporting FTP. Firewalld 1.0.
  • Standards: Gained WebRTC, Web Audio, QUIC and OpenDocument 1.3 standard status. Standardization of Web GPU and WebTransport has begun. Mozilla, Google, Apple and Microsoft have begun to standardize the platform for browser add-ons.
  • Security Mechanisms: Snort 3. The Open Source Foundation introduced the JShelter browser add-on to restrict the JavaScript API. Switching NPM to Extended Account Verification. SLSA to protect against malicious changes during development. Linux kernel stack address randomization.
  • New OS: MuditaOS for e-paper screens. Muen is a microkernel for building highly reliable systems. Kerla is a Linux-compatible Rust kernel. Chimera (Linux kernel + FreeBSD environment). ToaruOS. Port of OpenVMS for x86-64. Fuchsia OS pre-installation on Nest Hub devices and support for running Linux programs in Fuchsia.
  • BSD: FreeBSD 12.3/13.0, OpenBSD 7.0, NetBSD 9.2, DragonFly BSD 6.0. HelloSystem distributions (from the author of AppImage) and Airyx in the style of macOS. Development of a new installer for FreeBSD. Support for RISC-V and Apple M1 in OpenBSD. Primary support for ARM64 and secondary i386 on FreeBSD.
  • Mobile platforms: Android 12, LineageOS 18, CalyxOS 2.8, WebOS 2.14, KDE Plasma Mobile 21.12, NemoMobile 0.7, postmarketOS 21.06/21.12, EdgeX 2.0, Ubuntu Touch OTA-20. InfiniTime (firmware for smart watches). PinePhone switched to Manjaro Linux by default. Interface for smart watches based on postmarketOS. Migrating Google Play from APK to App Bundle. JingOS is a distribution for tablet PCs.
  • Distributions: Debian 11, Devuan 4.0, Ubuntu 20.04/21.10, openSUSE 15.3, RHEL 8.4/8.5, Fedora 34/35, SUSE 15.3. The issue of small dependencies and the resolution of Kubernetes dependency injection in Debian. Microsoft has released the CBL-Mariner Linux distribution. Amazon Linux is moving from CentOS to Fedora. Free Use Cases for Red Hat Enterprise Linux. RHEL emulation based on Fedora Rawhide. Beginning of RHEL 9 testing and formation of CentOS Stream 9. Cessation of release of updates for CentOS 8.x. Alternative releases of CentOS 8 are AlmaLinux, Rocky Linux and VzLinux. Fedora Kinoite, similar to Fedora Silverblue with a KDE desktop. CentOS for automotive information systems. Development of a new installer for Ubuntu. Formation of intermediate assemblies of openSUSE. Renaming Fedora distribution to Fedora Linux. DUR (Debian User Repository).
  • New user environments: Maui Shell, COSMIC, Ubuntu Frame, labwc, wayward, CuteFish.
  • User environment updates: GNOME 40/41, KDE 5.21/5.22/5.23, LXQt 1.0, MATE 1.26, Cinnamon 5.2, Enlightenment 0.25, Budgie 10.5.3, Regolith 1.6, Sway 1.6. Renaming KDE Applications to KDE Gear. Budgie is moving from GTK to EFL.
  • GUI and graphics: Qt 6.1/6.2, GTK 4.2/4.4/4.6, SDL 2.0.18, DearPyGui 1.0.0, X.Org Server 21.1. Wayland promotion. SDL moves to Git and GitHub. The Qt Company has restricted access to the Qt 5.15 code, and KDE has taken over the maintenance of the Qt 5.15 open branch. New GUI library SixtyFPS. Interface building language Blueprint. GUI for developing Cambalache GTK interfaces.
  • Multimedia, graphics, modeling and 3D: Blender 3.0, ArmorPaint 0.8, FreeCAD 0.19, KiCad 6.0, FFmpeg 4.4, Krita 5.0, GIMP 2.99.x, Inkscape 1.1. Lyra audio codec. Opening of the IPTV broadcasting system msd. Kodi 19. QOI image format. Sprite Fright Movie by Blender.
  • Games: Amazon opened the game engine Open 3D Engine. DeepMind has opened the MuJoCo physics simulator. Storm game engine code is open. Godot 3.4. Valve has announced the Steam Deck game console based on Arch Linux.
  • DBMS: PostgreSQL 14, MariaDB 10.6, rqlite 6.0, Tarantool 2.8, Apache Cassandra 4.0, MongoDB 5.0, Firebird 4.0, immudb 1.0, libmdbx 0.10, Dolt, TimescaleDB 2.0, SQLite 3.37. Amazon opened Babelfish to replace MS SQL Server with PostgreSQL. Distributed DBMS PolarDB. FerretDB/MangoDB with implementation of the MongoDB protocol over PostgreSQL. Changes in MariaDB development.
  • Firefox: Improved Wayland support and hardware acceleration. Using EGL for X11. Interface redesign. Improved tracking protection and site isolation. New rules in the add-ons catalog. New Firefox Focus interface. End of development of Firefox Lite, Voice Fill and Firefox Voice. Enable HTTP/3 support. Switching to ECH to hide the domain in HTTPS traffic.
  • Chrome: Chromium maintenance issues on Linux distributions. Translation to the Ozone layer for systems with X11. Possibility of local prohibition of viewing the code of web pages. Release of MS Edge for Linux. RenderingNG optimizations. The imminent termination of the second version of the manifesto. Port for Fuchsia OS. HTTPS-First mode. Third party cookie deprecation delayed. Rejection of the idea of ​​showing only the domain in the address bar. Shortening the release cycle. Prevent Google APIs from being used in third-party browsers.Chrome add-on performance analysis.
  • Distributed and P2P systems: LF decentralized storage. Distributed FS JuiceFS. Update IPFS 0.9, Nebula 1.5, Venus 1.0, Yggdrasil 0.4, GNUnet 0.15.0, Hubzilla 5.6, 4.0. Termination of Mesos development.
  • Machine Learning: ControlFlag for detecting bugs in code. CodeNet for creating translators from one programming language to another. StyleGAN3 for face synthesis. HyperStyle for image editing. PIXIE for building 3D models of people from photos. Text recognition system Tesseract 5.0.
  • Virtualization and Containers: Support for running Linux GUI applications on Windows. Lima for running Linux applications on macOS. Runj based FreeBSD jail. Hypervisor Bareflank 3.0. Waydroid to run Android on Linux. A RISC-V emulator in the form of a pixel shader.
  • Linux Kernel: Promotion of patches for Rust driver development (adopted into the linux-next branch). Ability to create eBPF handlers in Rust. ISP RAS Linux Security Enhancement Initiative. Transition to the development of innovations for Android in the main core. 30 years of the Linux kernel. End of support for legacy platforms. Modernization of work on errors.
  • Major changes in the core:
    • 5.15: new writable NTFS driver, ksmbd module with SMB server implementation, DAMON subsystem for memory access monitoring, real-time locking primitives, fs-verity support in Btrfs, process_mrelease system call for out-of-memory response systems, module remote attestation dm-ima.
    • 5.14 new quotactl_fd() and memfd_secret() system calls, removal of ide and raw drivers, new cgroup I/O priority controller, SCHED_CORE task scheduling mode, infrastructure for creating loaders for verified BPF programs.
    • 5.13 initial support for Apple M1 chips, "misc" cgroup controller, deprecated /dev/kmem support, support for new Intel and AMD GPUs, ability to directly call kernel functions from BPF programs, kernel stack randomization for each system call, ability to build in Clang with CFI (Control Flow Integrity) protection, Landlock LSM module for additional process restriction, virtio-based virtual sound device, multi-shot mode in io_uring.
    • 5.12 support for zoned block devices in Btrfs, the ability to map user IDs for FS, clean up obsolete ARM architectures, NFS "eager" write mode, LOOKUP_CACHED mechanism for determining file paths from the cache, support for atomic instructions in BPF, KFENCE debugging system for detecting errors when working with memory, working in a separate kernel thread, the NAPI polling mode in the network stack, the ACRN hypervisor, the ability to change the preempt model on the fly in the task scheduler, and support for LTO optimizations when building in Clang.
    • 5.11: support for Intel SGX enclaves, new syscall interception mechanism, auxiliary virtual bus, block assembly of modules without MODULE_LICENSE(), fast syscall filtering mode in seccomp, demaintainment of ia64 architecture, move WiMAX technology to staging branch, SCTP encapsulation capability in UDP.
  • Encryption: OpenSSL 3.0, Libgcrypt 1.9.0. Google has opened up a fully homomorphic encryption toolkit. Service for cryptographic verification of Sigstore code. GNU Anastasis for backing up encryption keys. Cryptographic hash function BLAKE3 1.0.
  • Local vulnerabilities: KVM hypervisor, Linux kernel (USB, tty, eBPF, eBPF 2, eBPF 3, eBPF 4, io_uring, vfs, netfilter, CAN, iSCSI, VSOCK ), PHP-FPM, OpenOffice, Polkit, runc, Please, Flatpak (2), GRUB, sudo, Cinnamon, firejail, Python.
  • Remote vulnerabilities: Log4j, Mozilla NSS, LibreSSL, Grafana, HP Printers, Samba, Linux Kernel (TIPC), Apache httpd, OMI Agent, Matrix, Ghostscript, libssh, Node.js, Suricata, nginx, Exim, BIND (2), Git, MyBB, OpenSSL, SaltStack, wpa_supplicant, Libgcrypt, dnsmask.
  • Vulnerabilities in processors and hardware: New types of attacks on Intel and AMD CPUs. Three Specter and Meltdown vulnerabilities in AMD CPUs and a vulnerability in AMD SEV. Data leak through the Intel CPU ring bus. Attack on Intel SGX. Vulnerabilities in MediaTek DSP chips and NXP tokens. Three new variants of attacks on DRAM memory. Realtek SDK.
  • Attack methods: Methods of exploiting Specter and extracting data from the cache through the execution of JavaScript in the browser. Trojan Source attacks, NAT slipstreaming 2, FragAttacks (on Wi-Fi), ALPACA (MITM on HTTPS), HTTP Request Smuggling 2, SAD DNS 2, NAME:WRECK. Bypass Specter protection via eBPF.
  • Research: Impact on the performance of an accurate time source. Cloning fingerprints with a laser printer. Determination of the PIN-code by video recording. Detection of hidden cameras using the smartphone's ToF sensor. Experiment with determining the passwords of users of 70% of Tel Aviv Wi-Fi networks
  • Backdoors in FiberHome routers, NETGEAR, Cisco Catalyst PON switches, Zyxel access points and MonPass client.
  • Hacks: Compromises of the git repository and user base of the PHP project. Loss of control over the perl.com domain. Compromise of the OSI voting system. The story of the Ubiquiti compromise. Hacking MidnightBSD server, GoDaddy, OpenWRT forum. Attempts to hack the Blender website. A wave of breaches of vulnerable GitLab servers. Bulk delete data on WD My Book Live and My Book Live Duo network drives.
  • Privacy: Resisting the implementation of the FLoC API promoted by Google instead of tracking cookies. Identification through parsing external protocol handlers in the browser and manipulating Favicon caching. FS Oramfs, hiding the nature of data access.
  • Continued detection of malicious packages in NPM, PyPI, Mozilla AMO repositories and directories. 46% of Python packages on PyPI contain potentially unsafe code. Vulnerabilities in NPM that allow overwriting files and releasing an update for any package. A Composer vulnerability that could compromise the Packagist PHP repository. Hiding the traffic of malicious libraries in PyPI via CDN.
  • Attacks on Infrastructures: SolarWinds. Travis C.I. Cloudflare (cdnjs) Compromised HashiCorp PGP key. Dependency attack that allowed code to be executed on PayPal, Microsoft, Apple, Netflix, Uber servers. Hacking Cloudflare and Tesla through Verkada security cameras. Cryptocurrency mining on GitHub servers
  • Incidents: Loss of trust in Let's Encrypt on older devices and failures in many projects due to an outdated IdenTrust root certificate. Time shift due to error in GPSD. Facebook, Instagram and WhatsApp unavailable for 6 hours due to incorrect BGP settings.

During the year, 1625 news items were published on OpenNET, on which 202177 comments were left. In the fall of 2021, the OpenNET project turned 25 years old. Those who wish to provide financial support to continue writing news can find details on this page.

Source: opennet.ru

Add a comment