MalaGIS

Sharing GIS Technologies, Resources and News.

In the previous article 'Apple's Source Code Leak Incident: Key Takeaways for GIS Frontend Development', the author mentioned the Apple front-end source code 'leak' incident and highlighted several serious security risks in current front-end development. So, besides improving developers' skills, is there a more perfect detection mechanism for these risks? If you are a team leader, how can you avoid these problems as much as possible? The author believes that in addition to proper build configuration and production environment security hardening, a mechanism for continuous detection of sensitive information submitted to the repository is needed, and Gitleaks is such a tool.

What is Gitleaks?

Gitleaks is an open-source tool that can scan Git repositories (including commit history) or directories/files to detect hardcoded sensitive information, such as passwords, API keys, tokens, credentials, etc. It supports multiple scanning modes (e.g., git mode, dir mode, stdin mode) as well as custom rules, ignore rules, baseline reports, etc. Its installation methods are flexible: it supports Homebrew (Mac), Docker images, Go source builds, etc. The community is active, with nearly 24k stars on GitHub, and it is widely adopted.

In short: if your project may have sensitive credentials, tokens, or keys (especially in front-end, back-end, DevOps, CI/CD processes) accidentally submitted or left in history, Gitleaks is a tool that significantly adds assurance.

more >>

A few days ago, while working on a GIS dashboard development, I encountered a highly peculiar issue: the map worked perfectly in the development environment but failed to display in the production environment. After a thorough investigation, I finally discovered that the GeoJSON data in the production environment was problematic. The data team might have manually edited and accidentally deleted some content during the GeoJSON export process, resulting in incomplete data. Since no comprehensive validation was performed beforehand, this caused the map to fail to load.

After identifying the problem, I decided to create a validation tool to prevent similar issues in the future. I tested several methods available online and have summarized a few reliable ones to share with you. The core idea is: Attempt to convert each GeoJSON file into an ArcGIS format (such as a feature class). If the conversion is successful, the file is considered valid; if it fails, capture the error and log it.

Method 1: Using Geoprocessing Tools for Manual Batch Processing (Suitable for a Small Number of Files)

This method leverages the error handling mechanism of geoprocessing tools but requires manual setup.

First, place all the GeoJSON files you need to check in the same folder. Then, open the Geoprocessing pane (Analysis > Tools), search for and find the JSON To Features tool. This official tool for converting GeoJSON is strict with format requirements, making it very suitable for checking validity. In the tool interface, click the folder icon next to the Input JSON parameter. Locate the GeoJSON folder and select multiple files (hold Ctrl or Shift keys). Finally, set an output location and click Run.

more >>

Recently, a hot topic has been the Apple source code leak incident. Due to negligence by a developer, Apple failed to disable the sourcemap functionality in the production environment during the deployment of the App Store web version, leading to the exposure of the complete frontend code. This incident quickly sparked heated discussions within the tech community. Although only frontend logic code was leaked, containing no user data or security vulnerabilities, it served as a wake-up call for the frontend development field. The author takes this opportunity to discuss some lessons that can be learned for GIS frontend development.

more >>

While recently researching how to load Bing Maps in ArcGIS Pro, the author conducted a simple packet capture of Bing Maps and discovered an unusual phenomenon. When requesting tile data, Bing Maps uses a request format that is noticeably different from common approaches. For example, services like Gaode Map typically pass xyz parameters, which correspond to x and y coordinates and the zoom level z. In contrast, Bing Maps passes a single integer parameter instead of three separate xyz values. How does this work? The image below shows a packet capture of Bing Maps requesting remote sensing imagery.

The image below shows a packet capture of Gaode Map requests.

Clearly, the request format of Bing Maps differs from that of Gaode Map. Bing Maps uses an integer parameter, while Gaode Map uses xyz parameters. So how is the Bing Maps request format generated?

more >>

Users of ArcGIS Pro who wish to customize advanced features often rely on Python scripts, as many functions of ArcGIS Pro itself are implemented using Python. However, directly installing various Python packages in the built-in environment can easily lead to compatibility issues (especially since Python packages often have compatibility problems between versions). Therefore, ArcGIS Pro comes with a built-in Conda environment and packages the environment that ArcGIS Pro depends on as a read-only environment. This ensures that ArcGIS Pro remains stable and does not fail to run due to arbitrary modifications by users. As shown in the figure below, the software clearly indicates that the default environment cannot be modified.

more >>

Many users encounter issues when installing third-party packages for ArcPy, sometimes accidentally causing conflicts with Python versions and their corresponding packages. Incompatibilities between package versions can be particularly frustrating and may even disrupt core functionality of ArcGIS or ArcGIS Pro. This article provides a reference for the default Python and NumPy versions bundled with various ArcGIS versions, which can be helpful for troubleshooting such problems.

more >>

In a previous article titled "ArcGIS Pro Basemap Service Access Issues in China and Solutions", we discussed the blocking of ArcGIS Pro services in China. Although services were later restored, they have been fully switched to Tianditu services, which offer limited basemap options—only six are available. Therefore, I have been continuously exploring and sharing more basemap services accessible within China. Today, I will introduce a method to add Bing Maps as a basemap in ArcGIS Pro. This approach is somewhat indirect and is provided for reference.

more >>

GIS professionals often work with OSM (OpenStreetMap) data, which has a strong reputation in the open data domain. However, in recent years, as OSM data continues to expand globally with increasing geographic features, frequent updates, and wide regional distribution, importing and processing OSM data has become highly time-consuming and hardware-intensive. Although the traditional .osm.pbf (Protocolbuffer Binary Format) is widely used, it still faces performance bottlenecks, especially on machines with limited hardware resources. Recently, the GeoDesk team introduced the GOB data format, aiming to improve the efficiency of data distribution and import, making OSM data processing lighter and faster.

more >>

Recently, when downloading data from NASA-related websites, many users have encountered the following message: "Due to the lapse in federal government funding, NASA is not updating this website." Translated, it means: "Due to the lapse in federal government funding, the National Aeronautics and Space Administration (NASA) has suspended updates to this website. We apologize for any inconvenience caused." I tested several websites and found that common ones like NOAA, EarthData, GISS, etc., all display this message. What exactly is happening? And what impact will it have on the vast number of GIS professionals?

Above: Notices on various NASA websites

more >>

Recently (on October 24), the Google Earth team updated their official website, announcing that this upgrade officially integrates the Gemini large model into Google Earth, adding geospatial reasoning capabilities. This transforms it from a platform primarily displaying satellite images into an intelligent geospatial analysis platform that can understand and respond to natural language queries.

Geospatial Reasoning

To solve complex problems, one must see the big picture. This is the concept behind "Geospatial Reasoning," a framework powered by Gemini that now enables AI to automatically connect different Earth AI models—such as weather forecasting, population maps, and satellite imagery—to answer complex questions.

more >>