Open Source Rookies of the Year
The sixth annual Black Duck Open Source Rookies of the Year awards recognize the top new open source projects initiated in 2013. This year's Open Source Rookies honorees span cloud and software virtualization, privacy, social media and Internet of Things projects addressing needs in the enterprise, government, gaming and consumer applications, among others, and reflect important trends in the open source community.
- Cloud and Software Virtualization – As the use of virtualization and cloud becomes commonplace for today’s IT infrastructure, new deployment and management challenges arise. Chef, Puppet, Salt (2011 Rookie) and Ansible (2012 Rookie) provided cloud deployment and configuration management solutions, helping with core configuration and management of large-scale cloud deployments. Docker provides a virtual container that packages an app and its dependencies so it can run on any Linux server, creating a new level of application portability using a lightweight virtualization approach. But while virtualization makes it fast and easy to deploy and scale, it creates new challenges for networking, spawning the need for Software-Defined Networks (SDNs) and the creation of the OpenDaylight project, garnering serious contributions from some of the world’s leading network providers. And through the use of Serverspec, developers can now run automated test scripts for server configuration across large-scale server deployments.
- Privacy – The security and privacy of our personal information continues to be a major focus, from those wishing to communicate under restrictive governments to the need to protect the personal information stored on our smartphones. Two of this year’s Rookies will help -- locking down private data on Android mobile devices with XPrivacy and providing secure instant messaging using Tox.
- Social Media – As social media continues to grow and mature, new, more flexible solutions are emerging for blogging and messaging. Ghost provides a new open source blogging alternative, while the rapid expansion of timeline-based data produced in social media creates the need for new kinds of data storage and access, spawning projects like InfluxDB. We also discovered a gem of a social learning tool for coding called Exercism, started by a software development instructor who wanted her students to learn in a more social way.
- Internet of Things – As the Internet of Things continues to gain momentum, connecting the world’s devices, projects like OpenIoT are defining important communications standards that will enable billions of devices to interact seamlessly.
As mobile apps become core to our operating infrastructure, agile development methodologies require automated testing to deliver. Appium provides a broad platform for testing both native and hybrid mobile apps on iOS and Android, enabling organizations to utilize a single testing tool to support their growing needs.
While initially started as a tool for SauceLabs to help customers build a scalable, automated test environment, Appium has quickly taken on a life of its own with a rapidly expanding, diverse developer community.
Docker is an open source project that automates the deployment of lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
Docker really got our attention. Few projects outside the highly corporate-sponsored arena garner this level of excitement and attention. While Docker was started by a small, commercial firm previously known as dotCloud, this project has quickly grown roots and turned the heads of the big guys, including RedHat and Google. But more importantly, Docker provides developers with an important advancement in the way they build scalable applications for the cloud – the ability to create lightweight, portable, self-sufficient containers from any application. This level of portability offers companies plenty of options for where their apps will run, while allowing developers to have freedom of choice in the languages and tools used to build them.
Ghost is dedicated to one thing: publishing. It's beautifully designed, completely customizable and completely open source. It allows you to write and publish your own blog, giving you the tools to make it easy and even (gasp) fun to do. It's simple, elegant, and designed so that you can spend less time messing with making your blog work - and more time blogging.
InfluxDB is a time series, events, and metrics database. It's written in Go and has no external dependencies. Once you install it there's nothing else to manage (like Redis, HBase, or whatever). It's designed to be distributed and scale horizontially, but is useful even if you're only running it on a single box.
Paul Dix started a project called ErrPlane, focusing on monitoring and metrics. As he traveled around trying to get traction with ErrPlane, he began to realize that other competing projects were all writing their own time-series database to handle the type and volume of data needed. So he and his partner made a big decision to stop working on ErrPlane and shift their focus to building a specialized, time-series database. Paul and team worked quietly for one month, and then decided they needed some feedback to continue, so they did a talk at a NY Ruby Meet-up. One of the attendees posted it up on Hacker News. O’Reilly Radar picked it up and the story went to the top. When Paul saw people talking about InfluxDB at a DevOps conference in Australia and another in Japan, they knew they were onto something solid. As of this writing, the project is only 3 months old, with the first commit Sept 23rd.
OpenDaylight's objective is to provide a fully functional SDN platform that can be deployed directly, without requiring other components. It is focused on building an open, standards-based SDN controller platform that is suitable for deploying in a variety of production network environments. In addition to a modular controller framework, OpenDaylight is expected to include support for a number of standard and emerging SDN protocols, network services such as virtualization and service insertion, well-defined application APIs, and data plane elements including physical device interfaces and virtual switch enhancements.
OpenIoT began as a research project partially funded by the European Commission with a goal of enabling a new range of open large scale, intelligent IoT (Internet of Things) applications according to a utility cloud computing delivery model. The project focuses on mobility aspects of internet-connected objects (sensor Networks) for energy-efficient orchestration of sensor data harvesting and data transmission into the cloud. OpenIoT integrates ontologies and semantic structures, in order to enable semantic interactions and interoperability between the various objects, which means a significant advancement over the existing syntactic interactions offered by GSN and AspireRFID projects.
Serverspec provides a simple approach to testing your server configurations, independent of any configuration management tools. Using serverspec, you can write RSpec tests for checking your servers’ configuration. It tests your servers' actual state through SSH access, so you don't need to install any agent software on your servers and can use any of the leading configuration management tools including Puppet, Chef, CFEngine and more.
Project Tox, also known as Tox, is an instant messaging application aimed to replace Skype. It’s no surprise that this project got some big traction this year given all the privacy and security related events that have taken place. With the rise of governmental monitoring programs, Tox aims to be an easy to use, all-in-one communication platform (including audio and videochats in the future) that ensures their users full privacy and secure message delivery.
XPrivacy can prevent applications from leaking privacy sensitive data and can restrict the categories of data an application can access. This is done by feeding an application with no or fake data. There are several data categories which can be restricted, including contacts and locations. For example, if you restrict access to contacts for an application, an empty contact list will be sent. Similarly, restricting an application's access to your location will result in a fake location being sent.