ProHoster > Blog > internet news > The most important events in 2024 related to open source projects

The most important events in 2024 related to open source projects

Final selection of the most important and notable events of 2024 related to open source projects and information security:

  • Conflicts: Crisis in the NixOS project. Sonny Pearce's expulsion from the GfNOME Foundation board of directors. Temporary suspension of the author of BсacheFS and his criticism by Linus Torvalds. Removal of a key Python developer. Conflict WordPress WP Engine, which has grown to the point of replacing the ACF plugin. Malibal's attacks on CoreBoot. A complaint to the European regulator against Mozilla. Blocking of uBlock Origin Lite. Apache's rebranding due to Native Americans.
  • Sanctions and Blocks: Exclusion of 11 kernel maintainers LinuxRelated to Russia. Spring's refusal to accept changes from Russian developers. Mozilla's compliance with Roskomnadzor's demands, followed by the lifting of the block and a fine. Temporary blocking of Russia from Docker Hub. Denial of Russia's access to OpenTofu repositories. Erroneous blocking of OpenXRay on GitHub. Blocking of the BPC browser add-on in GitLab.
  • Forks: FreeNginx is a fork of Nginx, Valkey and Redict are forks of the Redis DBMS, Flock is a fork of Flutter, Apache Cloudberry is a fork of the Greenplum DBMS. The first release of OpenTofu, a fork of Terraform. The transition of OpenSearch, a fork of Elasticsearch, to Linux Foundation.
  • Acquisitions, mergers, and collaborations: Microsoft hands over Mono to the Wine community. IBM buys HashiCorp. Mozilla acquires Anonym. Tor and Tails merge. OpenSSL restructures and merges with Bouncy Castle and Cryptlib. The x86 initiative.
  • Patents and copyrights: Nintendo attacks projects developing console emulators: Yuzu, Suyu, Ryujinx, Yuzu forks. OS Zone initiative annulled 54 patents. Removal of part of ZLUDA code at AMD's request. HDMI Forum did not allow HDMI 2.1 to be implemented in open drivers.
  • Laws and Regulations: Possibility of Blocking Kernel Developers Linux, violating the code of conduct. The FCC reinstated net neutrality rules. Rust trademark usage guidelines. NetBSD and Gentoo banned the use of code generated by AI systems. GitHub banned hosting projects for creating deepfakes.
  • Licenses: Post-Open draft license. Redis, CockroachDB, and ScyllaDB DBMSs transition to proprietary licenses. Elasticsearch reverts to an open source license. Greenplum DBMS development ceases as an open source product. Zabbix license changes from GPLv2 to AGPLv3, Forgejo from MIT to GPLv3. OpenVPN From GPLv2 to GPLv2 with exceptions. Licensing issues with Tuxedo drivers.
  • Winamp source code publication. GPL license violation in Winamp code. Winamp code removal.
  • Introduction of the definition of an open AI system and the initiative to cancel it. Rating of openness of generative AI models.
  • Development platforms and application catalogs: Forgejo completely separated from Gitea. Fedora's transition to Forgejo. GitVerse by SberTech. P2P platform Radicle 1.0. Git repository hosting Game of Trees Hub. Mandatory two-factor authentication and a new system for verifying package authenticity in PyPI. 2 billion downloads and a million users in Flathub.
  • Programming languages ​​and compilers: GCC 14, LLVM 18/19, Java SE 22/23, Go 1.22/1.23, .NET 9, Perl 5.40, Julia 1.11, PHP 8.4, Ruby 3.4, V 0.4.8, Snek 1.10, Tcl/Tk 9.0, Swift 6.0, Clojure 1.12, Mojo 24.3.
  • New languages ​​and compilers: Borgo (combines the best features of Go and Rust). TrapC (a C-like language that works safely with memory). Hare (a C-like language from the creator of Sway). Pkl (a language for defining configurations). Vcc is a C/C++ compiler for Vulkan. Bend is a language for parallel computing on GPUs.
  • Development tools: Meson 1.6, Automake 1.17, GNU Mes 0.27. Gittuf for cryptographic protection of Git repositories. Eclipse Theia development environment. Zed code editor is open.
  • Python: Python has displaced JavaScript from the #1 spot on GitHub. JIT compiler is built in. Python 3.13. NumPy 2.0.0. Nuitka 2.0 compiler.
  • Secure Coding: Advancing Memory Safety in C++. A Strategy for Mitigating Vulnerabilities in AndroidFil-C is a memory-safe compiler for C/C++. Evaluating the effectiveness of MiraclePtr in C++. Hyperlight is a hypervisor for isolating individual functions.
  • Rust: AI translator for rewriting C code to Rust. Consortium for developing highly reliable systems in Rust. Analysis of unsafe usage in Rust packages. Verification of the Rust standard library. Improving portability between C++ and Rust.
  • System components: systemd 256/257, Glibc 2.39/2.40, GNU Shepherd 1.0.0. Reduced dependencies for libsystemd. run0 — a systemd-integrated replacement for sudo. A port of systemd based on Musl.
  • Hardware: OpenWrt One router. New Raspberry Pi boards: Pico 2, Compute Module 5, Pico 2 W, 500, Monitor, Media Center. Home Assistant Voice AI assistant. Vortex 2.2 (an open RISC-V-based GPGPU). Creating an open Z80-compatible processor. FuryGpu, an FPGA-based GPU. PiDP-10 (a clone of the PDP-10 mainframe). The first chip on the OpenTitan platform.
  • Firmware: Intel's participation in CoreBoot development. fwupd 2.0.0 toolkit. Modification of firmware for TI CC13XX and CC26XX chips.
  • Network infrastructure: Initiative to use TCP_NODELAY by default (implemented in OpenBSD). Tesla open-sourced the TTPoE protocol. The share of garbage traffic increased to 6.8%. free5GC for building a 5G core network. Deprecation of the OCSP protocol in Let's Encrypt. Pingora framework from Cloudflare. Netplan 1.0 configuration system. F-Stack 1.24 network stack. hostapd/wpa_supplicant 2.11 with Wi-Fi 7 support.
  • Standards: C23. Vulkan 1.4. POSIX 1003.1-2024. BPF standardization. OpenMP 6.0. Post-quantum encryption algorithms standardization. RFC for the FLAC audio codec.
  • Protection mechanisms: OpenPaX (analog of Grsecurity/PaX). IPE access control system.
  • New OSes and distributions: KDE is developing its own distribution. ALDOS is a variant of Fedora without systemd. The Asterinas and Maestro kernels, written in Rust and partially compatible with LinuxApertis is a distribution for electronic devices from Collabora. Chimera is the kernel. Linux with the FreeBSD environment. Red Hat Enterprise Linux AI. Fedora Atomic Desktops. Serpent OS. AlmaLinux Kitten. A continuously updated version of Manjaro. Selectel OS. TileOS. Helios (based on Illumos). ExectOS (with a microkernel similar to Windows NT).
  • Distribution and OS updates: Ubuntu 24.04 / 24.10, Ubuntu core 24, CentOS Stream 10, Red Hat Enterprise Linux 10-beta/9.5/9.4, Fedora 40/41, openSUSE Leap 15.6, SUSE Linux Enterprise 15 SP6, openSUSE Leap Micro 6, ALT 10, elementary OS 8, Whonix 17.2, Linux Mint 22, Azure Linux 3.0, Proxmox VE 8.3, Tails 6, Alpine 3.21, Armbian 24.11, NixOS 24.11, Vanilla OS 2, Blend OS 4, Endless OS 6.0, LibreELEC 12.0, Manjaro 24.0, OpenMediaVault 7.0, Redox OS 0.9, Haiku R1-beta5, OpenIndiana 2024.04.
  • Distribution Changes: GNOME OS Transforms into a Consumer Distribution and Switches to Atomic Updates in Arch Linux (RISC-V port, Valve involvement). Fedora (X11 session removal, DNF5 migration, AI tools, web-based installer, KDE core edition status). RHEL mid-release changes. OpenSUSE (SLFO/ALP migration, Agama installer, repeatable builds, SUSE brand deprecation). Fresh kernels in Ubuntu.
  • OpenStreetMap has migrated from Ubuntu + DebianLinkedIn has moved from CentOS on Azure Linux.
  • Real-time OS: RISC OS 5.30. RT-Thread 5.1. Real-time mode support in the kernel Linux. Possibility of free use of QNX 8.0.
  • BSD: FreeBSD 14.2, NetBSD 10, OpenBSD 7.6. ravynOS (FreeBSD-style edition macOS). NixBSD (NixOS with a FreeBSD kernel). Discussion of using Rust on FreeBSD. Improving notebook support on FreeBSD. A new cycle of FreeBSD releases. A graphical installer for FreeBSD. SmolBSD (creating micro-builds of NetBSD).
  • Mobile platforms: Android 15/16-pre, LineageOS 22, KDE Plasma Mobile 6, Phosh 0.44, webOS 2.27, Ubuntu Touch OTA-7 Focal, Bliss OS, postmarketOS 24.12, /e/OS 2.6. Mobifree open source mobile app ecosystem. PostmarketOS builds based on systemd. Tizen port to RISC-V. Droidian is a variant. Debian For smartphones. Destructive PIN support in GrapheneOS.
  • Migrating Chrome OS to the platform Android. Support Linux-applications in AndroidMicroFuchsia for virtual machines in Android.
  • Package Management: OpenWrt Migrating to the APK Package Manager. Pacstall (AUR Analog for Ubuntu). GNU Mes 0.27. RPM 6 development begins. Aura 4.0.0. Pacman 7.0. GNU Stow 2.4. APT 3.0 testing releases. Arch package management modernization Linux.
  • New user environments: Miracle, COSMIC alpha testing, KDE 6, Theseus Ship (former KWinFT).
  • Updated desktop environments: Xfce 4.20, GNOME 46/47, KDE Plasma 6.0/6.1/6.2, KDE Gear 24.12, MATE 1.28, LXQt 2.1.0, Cinnamon 6.4, Trinity R14.1.3], MaXX Interactive Desktop 2.2, Sway 1.10, Budgie 10.9, Regolith 3.1. KDE's two-year goals. GNOME's five-year plan. 5 years of the X Window System.
  • Composite servers updated: labwc 0.8.0, Hyprland 0.46, Niri 0.1.10, Cage 0.2, Weston 14.0, Wayfire 0.9.
  • GUI: GTK 4.41/4.16, Qt 6.7/6.8, IGL 1.0. FLTK 1.4.0 with Wayland support. Ardour continued development of the GTK2 fork. PortableGL 0.98 (OpenGL 3 implementation in C). New engines for OpenGL and Vulkan in GTK. Louvre for developing composite servers. SDL3 development.
  • GPU: Mesa 24.0/24.1/24.2/24.3. Direct3D 8 support added to DXVK. NVIDIA drivers converted to open kernel modules. Open implementation of vGPU from NVIDIA. LibreCUDA project. AMD published documentation for RDNA 3.5 GPU.
  • Wayland Promotion: Wayland 1.23. Ability to build GNOME with Wayland only. Wayland support in NVIDIA drivers. Raspberry Pi OS switched to Wayland. Frog project to promote new Wayland protocols. Experimental Wayland protocols.
  • Drivers: Nova (new open driver for NVIDIA GPUs with GSP firmware). embedded-hal (creating drivers in Rust). Improving NVK and Zink drivers. EXT2 in Rust. Honeykrisp (Vulkan driver for Apple M1 chip). Readiness of panthor driver for 10th generation Mali GPUs. AMD has opened a driver for NPU with XDNA engine.
  • Multimedia: Open stack for MIPI cameras. FFmpeg 7.0/7.1, PipeWire 1.2.0, PulseAudio 17.0, OBS Studio 31.0, Kodi 21, MythTV 34. Zrythm 1.0.0 audio workstation. Rivendell radio station management platform.
  • Codecs: TSAC and Opus 1.5 audio codecs. xHE-AAC decoder by FFMpeg. jpegli — JPEG encoder and decoder by Google. JPEG XL support in Samsung.
  • Graphics: GIMP 3.0 release approaching. Inkscape 1.4, Darktable 5.0, RawTherapee 5.10, Scribus 1.6.0.
  • Modeling and 3D: Blender 4.3, FreeCAD 1.0, CadZinho 0.6, KiCad 8.0. Google Blocks open source. OSPRay Studio 3 1.0D visualization program and OSPRay 3 3.1D rendering engine. 3D model of Caldera Island. Road network map by Overture Maps.
  • Games: NauEngine beta from VK, Godot 4.3, Open 3D Engine 24.09, Dagor Engine 24.12. Asahi's Windos game launcher. Lakka 5.0. Proton 9.0. Wine 9.0. Minetest renamed to Luanti. Descent 3 game code is open source. SteamFork project. ASUS ROG Ally support in SteamOS.
  • New open source projects: Mikage emulator open sourced. Microsoft open sourced Garnet repository. Valve open sourced Steam Audio. NVIDIA donated Slang shader language to Khronos consortium. Bitwarden SDK open sourced.
  • DBMS: PostgreSQL 17, MySQL 8.4/9.0/9.1, MariaDB 11.4, Valkey 8.0, Redis 7.4, DuckDB 1.0, IvorySQL 4.0, SynchDB 1.0, EdgeDB 5.0, Firebird 5.0.
  • Web: Node.js 23/24 with TypeScript support. Deno 2.0. C code support in the Bun JavaScript platform. Wasmer 5. Speedometer 3.0 test.
  • Browsers: Tor Browser 14.0, FixBrowser Wolvic on the Chromium engine. 25 years of Dillo. Verso and Servo-the-browser on the Servo engine. Servo passed the Acid2 tests. Forcing the development of the Ladybird browser and the decision to use the Swift language in it.
  • Mozilla: Advertising platform. Refusal to cooperate with Onerep. MLS (Mozilla Location Service) project is closed. Decision not to stop supporting the second version of the Chrome manifesto. Management change. Winter and autumn layoffs. AI-generation of sites. Speech recognition tools. Rebranding.
  • Firefox: Releases 122-133, Redirect Tracking Protection, Third-Party Cookie Blocking, Temporary Permissions, Thumbnail Display, Text Fragment Translation, Firefox Labs, Built-in Chatbot, Sidebar, Vertical Tabs, Unified Cleanup Dialog, HTTP to HTTPS Auto-Replacement, Zstandard Support, Firefox View and PDF Viewer Improvements, Haiku Port. Firefox is 20 years old.
  • Chrome: Releases 121-131, Micropayments for Monetization, Add-on Performance, Moving Away from Manifest XNUMX, Maintaining Third-Party Cookie Support, Warning About Usage of uBlock Origin, Embedding a Large Language Model.
  • Distributed and P2P systems: Nebula 2 P1.9P overlay network. Meshtastic — a mesh network based on LoRa transmitters. OpenZiti 1.0 for embedding overlay networks into applications. PeerTube 7.0.
  • Office suites: LibreOffice 24.2/24.8, Calligra 4.0, ONLYOFFICE 8.2.
  • Machine learning: DeepMind's AlphaFold 3, hertz-dev's voice model, ChatTTS's speech synthesis model, Databricks' open-sourced DBRX model, xAI's open-sourced Grok model, OpenAI's Transformer Debugger, Google's open-sourced Gemma model.
  • File systems: Deprecation of Ext2 driver and removal of ReiserFS. Ceph cluster with tebibytes per second throughput. LittleFS 2.10. VitastorFS cluster FS.
  • Virtualization and containers: Work on migrating VMware Workstation to the KVM hypervisor. VMware Workstation and VMware Fusion are now free. IOMMU paravirtualization in Xen. VirtualBox on top of KVM. Microsoft open sourced the OpenVMM/OpenHCL hypervisor. Finch for LinuxMigrating Hyper-V host components to the kernel Linux. Lima 1.0 (LInux-on-MAc), Xen 4.19, XCP-ng 8.3, Kata Containers 3.4, LXC 6.0, QEMU 9.0-9.2, Bubblewrap 0.11, CRIU 4.0, Distrobox 1.8, VirtualBox 7.1, MicroCloud LTS.
  • Server applications: OpenSSH 9.7-9.9, BIND 9.20, Samba 4.20/4.21, Exim 4.98, Postfix 3.9, chasquid 1.13 SMTP server, ClamAV 1.4, nginx 1.26 with HTTP/3, libmicrohttpd 1.0.0, HAProxy 3.0. Let's Encrypt transition to ntpd-rs. OpenSSH: DSA deprecation, split into multiple processes, password brute-force protection.
  • Core Linux: linus-next branch. Discussion of using C++ in the kernel. Lunatik (creating handlers in Lua). Launch Linux On the Intel 4004 chip. Code for Elbrus CPU support has been opened. Collisions. x86_64 microarchitecture versions. ELKS 0.8 kernel for 16-bit CPUs. UEK-next branch from Oracle.
  • eBPF: task schedulers, input device diagnostics, user space work, bpftop, DTrace update. Plan to end support for older ARM CPUs.
  • Major changes in the core:
    • 6.7: Bcachefs FS integration, Itanium architecture support discontinued, Nouveau support with GSP-R firmware, TLS encryption support in NVMe-TCP, the ability to use exceptions in BPF, futex support in io_uring, fq (Fair Queuing) scheduler performance optimization, TCP-AO (TCP Authentication Option) extension support and the ability to limit network connections in the Landlock protection mechanism, user namespace and io_uring access control via AppArmor added.
    • 6.8: Xe driver for Intel GPUs, block device protection mode with mounted FS, Deadline server task scheduler mechanism, automatic optimization of identical memory pages merging, first driver in Rust, listmount and statmount system calls, removal of bpfilter and SLAB, guest_memfd mechanism in KVM, data access profiling.
    • 6.9: dm-vdo module for deduplication and compression of block devices, direct file access mode in FUSE, support for creating pidfd for individual threads, BPF token mechanism, Rust support on ARM64 systems, deprecation of Ext2 FS driver, removal of old NTFS driver, support for Intel FRED mechanism.
    • 6.10: ntsync driver with synchronization primitives Windows NT, DRM Panic components for implementing a "blue screen of death" analogue, discontinuation of support for older Alpha CPUs, the ability to verify integrity in a FUSE-based file system, restricting access to ioctl via the Landlock mechanism, a subsystem for profiling memory allocation operations, the mseal() system call, the ability to encrypt data exchange with TPM devices, support for high-priority work queues in dm-crypt, and the panthor driver for the tenth generation of Mali GPUs.
    • 6.11: support for atomic write operations at the block level, support for bind() and listen() operations in io_uring, a new mechanism for blocking software interrupt handlers, the ability to write to memory-mirrored executables, support for writing block device drivers in Rust, optimization of the getrandom() call, a new implementation of AES-GCM.
    • 6.12: ability to enable Realtime mode, sched_ext for creating CPU schedulers via eBPF, QR code output in emergency conditions, Device Memory TCP mechanism, SCHED_DEADLINE server resource reservation mechanism, EEVDF task scheduler improvement, IPE module for setting integrity policies.
  • Encryption: Apple's Homomorphic Encryption Library. PGP toolkit sq 1.0, OpenSSL 3.3/3.4, LibreSSL 4.0, VeraCrypt 1.26.14, GnuPG 2.5, Libgcrypt 1.11.0, Cryptsetup 2.7. OpenSSL refactoring. Rustls compatibility with OpenSSL and nginx. Post-quantum encryption algorithms development.
  • Cryptographic issues: KyberSlash (a vulnerability in the Kyber post-quantum algorithm). EUCLEAK (cloning YubiKey 5 keys). Recreating a PuTTY key.
  • Backdoor in the XZ Utils package: retrospective, activation logic, audit results, attempts at similar attacks on other projects.
  • Vulnerabilities in processors: BadRAM (AMD, SEV-SNP bypass), Sinkclose (AMD, SMM access). Spectre protection bypass. Indirector (Intel). TikTag (ARM, MemTag bypass). New BHI variant (Intel). ZenHammer (AMD). GhostRace (Intel, AMD, ARM, IBM). GhostWrite (RISC-V XuanTie). LeftoverLocals (AMD, Apple, Qualcomm and Imagination GPUs). RFDS (Intel Atom).
  • Attack methods: KeyTrap and NSEC3 in DNSSEC. ArtPrompt and BoN for bypassing AI system filters. Port Shadow (connection redirection) VPN and Wi-Fi). TunnelVision (VPN traffic redirection). Obtaining TLS certificates for foreign ".mobi" domains. Attack via IP 0.0.0.0 in the browser. SnailLoad (determining which websites to open based on packet delay). Attack on the handler of uninstalled applications in UbuntuUDP-based protocol looping. Continuation flooding (HTTP/2.0 server disruption). RADIUS response forgery. Escape sequence attack. BatBadBut (Rust, PHP, Node.js, Python, Ruby, Go, Erlang, and Haskell libraries).
  • Research: Using AI to Detect Vulnerabilities in SQLite. Analysis of the Ebury Rootkit Installed by Hacking Kernel.org. The Bootkitty UEFI Bootkit.
  • Problems due to AI-generated garbage vulnerability reports. Reputation damage due to CVE with false and inflated vulnerabilities.
  • Local vulnerabilities: kernel Linux (n_gsm, netfilter, io_uring, nf_tables, ksmbd, ktls, uio, network stack), FreeBSD kernel (1, 2), GRUB2 (RHEL), tuned, needrestart (default in Ubuntu Server), PostgreSQL, NetworkManager-libreswan, guix-daemon, pam_oath, Nix, NVIDIA drivers, Flatpak, Buildah, Podman, Node.js, libuv, Glibc.
  • Remote Vulnerabilities: IPv6 Stack LinuxBluetooth stack AndroidRoot vulnerability in OpenSSH (regreSSHion), RHEL- and FreeBSD-specific vulnerabilities in OpenSSH. Code execution on systems with CUPS (continued). libaom and libvpx (AV1 and VP8/VP9 codecs, possible attack via browsers). FreeBSD and OpenBSD NFS server. Apache Struts, GStreamer, Libarchive, X.Org Server (1, 2, 3, 4), libgsf (affects GNOME), Emacs, Js2Py, PHP, nginx (HTTP/3), Fluent Bit, Git, R, Glibc (attack via PHP scripts), Suricata, ClamAV, runc (affects Docker and Kubernetes), FFmpeg (JPEG XL), Redis.
  • Hacks: Internet Archive. Cloudflare. Barracuda Networks. PyTorch repository compromise. Pwn2Own Automotive, Pwn2Own 2024, and Pwn2Own Ireland 2024 competitions.
  • Privacy: Session Analysis OpenVPN. Telemetry in Manjaro Linux, Fedora and Go. VPN Application Analysis for AndroidAd blocker statistics. Access to data from remote and private GitHub repositories.
  • Firmware and bootloader vulnerabilities: Vulnerability in Shim (UEFI Secure Boot bypass). PixieFAIL (attack on UEFI firmware via PXE). Vulnerabilities in Phoenix and AMI MegaRAC UEFI firmware. Vulnerabilities in Qualcomm firmware. UEFI Secure Boot bypass due to test key in motherboards.
  • Router and hardware vulnerabilities: Disabling 659 home routers. Ability to control modems of millions of ISP Cox subscribers. Backdoors in D-Link routers and network storage. Vulnerabilities in Juniper devices. Vulnerabilities in ASUS routers. SSID Confusion (Wi-Fi network substitution). Substitution of OpenWRT assembly artifacts. Unlocking Saflok electronic locks.
  • Detection of malicious packages in PyPI (1, 2) and Snap Store directories. Dangerous vulnerabilities in GitHub Enterprise Server, Gogs, GitLab (1, 2, 3, 4, 5, 6). Manual review of package names in Snap Store. Analysis of downloading outdated packages from NPM. Malicious AI models in the Hugging Face repository. One hundred thousand repositories with malicious code on GitHub.
  • Problems: Loading issues Linux due to an error in the update to Windows (parsing). /home deleted when running "systemd-tmpfiles --purge." RU domain zone failure due to DNSSEC. Root DNS server "C" desynchronized. KDE theme deleting user files.
  • Attacks on infrastructure: Polyfill malware injection. Python GitHub repositories access token leak. SourceHut DDoS. Hugging Face Spaces token leak. Ultralytics malicious releases published. Malicious code injection into the official Solana cryptocurrency JavaScript client. Malicious code in the ss-otr plugin for Pidgin.
  • Incidents: Attackers changed the BGP settings of the Orange Espagne telecom operator. GitHub updated GPG keys due to an infrastructure vulnerability. A token from Mercedes internal repositories was leaked.

Over the course of a year, 1569 news items were published on OpenNET, with 158 comments left on them. In the fall of 2024, the OpenNET project turned 28 years old.

Source: opennet.ru

Buy reliable hosting for sites with DDoS protection, VPS VDS servers 🔥 Buy reliable website hosting with DDoS protection, VPS VDS servers | ProHoster