Although 2020 presented us with some unforeseen challenges, that didn’t stop the open source community from continuing to mature and take flight. From equipping the first ever virtual Linux Plumbers conference to delivering solutions that tackle the challenges presented by COVID-19, open source has proven to be a significant force for fostering innovation and collaboration.
Though we’re as anxious as the rest of the world to move forward and push 2020 as far out of our minds as possible (admit it, this year wasn’t a ton of fun…), it’s always helpful to look back and realize the “good stuff” that happened. Let’s recap the blogs that resonated most within our open source community and provide a peek into the trends shaping open source in the future.
Why VMware Supports Let’s Encrypt, a Free and Open Certificate Authority
Here at VMware, we truly value privacy and security – which is why we decided to support Let’s Encrypt back in March. As a free, automated and open source certificate authority supported by the non-profit Internet Security Research Group, Let’s Encrypt is dramatically impacting the security and privacy of the internet by moving the world toward the more secure HTTPS (SSL/TLS) website standard. In fact, global HTTPS page loads increased from 39% of total traffic to over 80% between Let’s Encrypt’s launch in 2015 and 2019.
The reason behind Let’s Encrypt’s success? Its creation of the Automated Certificate Management Environment (ACME) protocol, a critical step in simplifying and automating the HTTPS process so that even zero-budget websites can implement the protocol and join a secure and private web. To learn more about how Let’s Encrypt is creating a safer, more private internet, check out our Let’s Encrypt blog here.
An Overview of Apache Tomcat
We revisited and reintroduced the open source projects that returned to VMware following the Pivotal acquisition. One of these projects was Apache Tomcat, a web application server in which Java code can run. Widely used by web developers, Tomcat provides the means to make otherwise static HTML web pages interactive. It uses a web server to monitor incoming client requests and predefined APIs to interface with applications. As a 20-year-old open source project, Tomcat’s mature technology and stable community provides developers with the means to develop, test and run their Java applications in Tomcat’s environment.
Collaborative Leadership: Transparency and Governance Beyond Company Affiliation
Dawn Foster, Director of Open Source Community Strategy at VMware, explained how collaborative leadership creates a level playing field where all types of developers can contribute, collaborate and innovate as equals to facilitate project success. For example, foundations like the CNCF require graduating projects to have a documented governance process, creating greater transparency. Additionally, the implications of a neutral foundation provides contributors with some assurances about the future of the project. Dawn noted some of the benefits of this type of collaborative leadership, such as greater innovation from a diverse group of contributors while reducing vendor lock-in. She also explained how contributing an open source project to a foundation is an ongoing commitment, and how the maturity of the project will likely impact its chances of being accepted. For more information on the importance of collaborative leadership in open source and what projects VMware has contributed, check out our blog here.
TUF PyPI Integration and the Future of Software Update Security
Security Team Lead for the Open Source Technology Center, Joshua Lock, discussed what drove the integration of TUF into the Python Package Index (PyPI) software repository. TUF is a flexible, open source framework and specification that developers can adopt to help protect their software update system. Most Python software is hosted on PyPI, so its security is critical. The TUF integration aims to ensure that PyPI’s contents have TUF’s key attributes of integrity, consistency and freshness.
One key benefit of open source is the inherent collaboration that comes with it, and TUF’s PyPI integration is no different. Feedback from the PyPI community pointed to a number of ways in which TUF itself needed to evolve in order to properly support PyPI. For example, the TUF reference implementation didn’t scale well enough to support integration into the PyPI codebase. This led Joshua and his team to devise performance improvements that would allow the reference implementation to support much larger loads. Read all about the TUF/PyPI integration and its potential for advancing software supply chain security here.
Why Use Singleton for Globalization? Understanding the Key Benefits
As VMware grows, one of our goals is to streamline the globalization process for VMware products. Our efforts in the past year have led to more product teams adopting Singleton, an open-source framework and solution for streamlining the interconnection between software internationalization and localization. It delivers a web service that serves localized resources over a REST API. The application software consumes these localized resources by integrating a Singleton client library that sends HTTP requests to the API endpoints. Singleton provides a number of key benefits, such as providing a microservice that serves localized resources to all other microservices over an API, faster time to market, scalability and more. Read about all of Singleton’s benefits here.
BuildKit CLI for kubectl: A New Way to Build Container Images
Back in November, we introduced a new open source Kubernetes CLI plugin for building container (OCI) images. Optimized for developers, it utilizes a powerful open source component called BuildKit to build Dockerfiles into images directly inside Kubernetes clusters. A key feature of this tool is that it strives to make images immediately available in the container runtime of Kubernetes clusters so that users can “bounce” pods to pick up a freshly built image with virtually no overhead. This tool helps developers streamline the process of building container images, as they don’t have to push to a registry to use the images. For more information on how to become involved in BuildKit and how the project plans on progressing, read our BuildKit CLI blog here.
This year was full of shining open source moments, proving how far we can go when technology is centered around strategic collaboration and community. As you prepare for the New Year , be sure to stay up-to-date on the latest breaking news, updates and in-depth features on all things open source by following us on Twitter (@vmwopensource).
