MalaGIS

Sharing GIS Technologies, Resources and News.

In the GIS field, especially when creating CIM digital twin scenarios, building white model data is often required. I have previously used many such building white model datasets (such as global building footprint data released by Google and Microsoft), but I frequently encountered situations where only the "footprint" was available without height information, or the height was randomly generated. A few days ago, I came across an interesting dataset online: GlobalBuildingAtlas, which can precisely solve the problem of missing height information. The data is global in scope, so interested friends should not miss it.

Read More >>

The other day, while casually browsing in the MalGIS community chat, a friend @Tiantian suddenly asked me, "Does ArcGIS Pro 3.6 not support Windows 10 anymore?" This sudden question gave me a fright. After all, many friends following MalGIS should still be on Windows 10, some even on Windows 7. If there were such an issue, it should have surfaced earlier. However, when the friend later showed me the evidence, I couldn't be sure for a moment.

Read More >>

In the field of GIS development, on-premises deployment is an extremely common requirement, and MinIO is almost synonymous with private object storage. Whether storing hundreds of terabytes of remote sensing imagery or billions of loose map tiles, MinIO has consistently been the "cornerstone" of WebGIS architecture due to its simple deployment, excellent S3 compatibility, and the high performance of the Go language. However, just last week, the official MinIO GitHub repository announced an update to the project's status, moving it to maintenance mode and ceasing to accept new feature requests. The main changes are as follows:

• The codebase is now in a maintenance-only state.
• No new features, enhancements, or pull requests will be accepted.
• Critical security fixes may be evaluated on a case-by-case basis.
• Existing issues and pull requests will not be actively reviewed.
• Community support will continue on a best-effort basis via Slack.
• For enterprise support and actively maintained versions, please refer to MinIO AIStor.

To summarize the key point: if you wish to use a continually updated version of MinIO in the future, you must pay for the commercial version, MinIO AIStor. According to my research, the price is quite steep, requiring a subscription service. The annual fee is $96,000 to manage 400TB of data (a price point that is essentially unfeasible within the domestic GIS community in China).

Read More >>

In the previous article QGIS 4.0 Delayed: New Release Scheduled for February 2026, the editor introduced the latest progress on QGIS 4.0 development, noting that the originally planned QGIS 4.0 version has been postponed to February 2026. This is very disappointing news for many macOS users, especially those with M-series chips, as everyone has been waiting for the official native QGIS application for Mac M chips. Consequently, users will have to continue using the translated version of QGIS (which still works). However, there is good news: the official team has ported the Mac packaging method originally intended for QGIS 4.0 to the QGIS 3.x series. This means that an official native QGIS 3.x version for Mac M chips is now available. The editor checked today and confirmed that the official website has been updated. Users still on the Intel-translated version are highly recommended to upgrade immediately!

Read More >>

It's Friday, are you starting to slack off and prepare for the weekend? Hold on, just yesterday (December 3, 2025), React official and the Next.js team jointly disclosed a Critical-level security vulnerability. This is not just an ordinary bug, but a 'nuclear-level' vulnerability that allows unauthorized remote code execution (RCE). If your WebGIS project uses Next.js or React 19, please investigate promptly. This vulnerability is extremely dangerous and could lead to further data leakage risks.

Vulnerability Details

Vulnerability ID: CVE-2025-55182 (React) / CVE-2025-66478 (Next.js)

Affected Scope: As long as your project has React Server Components (RSC) enabled, even if you think you haven't written any backend logic, you could be affected.

Severity Level: CVSS 10.0 (maximum score) — This means attackers can execute arbitrary code on your Node.js server without logging in or performing complex operations, just by sending a carefully crafted HTTP request.

Affected Versions:

• React: 19.0.0 to 19.2.0
• Next.js: 15.x, 16.x, and versions after 14.3.0-canary.77

Read More >>

For GIS professionals, obtaining high-precision, global distribution data for energy facilities—particularly emerging sources like photovoltaics (PV) and wind power—is often challenging. While open-source maps like OpenStreetMap provide some data, they frequently fall short in terms of timeliness, coverage, and attribute detail required for rigorous scientific research or commercial analysis. Recently, Microsoft, in collaboration with organizations like The Nature Conservancy (TNC), launched a significant open-source project on GitHub called the Global Renewables Watch (GRW). The research team utilized high-resolution satellite imagery and deep learning image segmentation models to conduct a quarterly analysis of global high-resolution satellite images from Q4 2017 to Q2 2024. This process automatically identified PV and wind power installations worldwide, accompanied by estimated construction dates and pre-construction land use information.

Data Overview

Coverage: Globally processed
Data Volume: Over 13 trillion pixels
Detections:

• PV Power Plants: 86,410
• Wind Turbines: 375,197
  Data Format: gpkg (GeoPackage)
  Temporal Range: Q4 2017 to Q2 2024

Read More >>

This afternoon, while I was browsing the Mala GIS group, a user named @zheer discovered a pop-up demanding unpaid wages in an open-source Cesium examples project. This immediately piqued my interest, so I opened it to explore. The project summarizes common effects in Cesium development with over 200 demos, and also includes over 100 demos developed with ThreeJS. It's lamentable that such a talented developer had to resort to using an open-source project to plead for their wages, which is quite disheartening.

Open-source project address: https://jiawanlong.github.io/

Read More >>

After much anticipation, ArcGIS Pro has been updated again! This update brings version 3.6, but the currently released version does not include a Chinese language pack, so only the English version is available. I downloaded and installed it, and the process is relatively straightforward and user-friendly for beginners, though the lack of a Chinese pack is a bit inconvenient. It is recommended for users with some English proficiency who want to try out the new features.

PS: For production use, it is advisable to wait until a Chinese language pack and subsequent update patches are released.

Read More >>

In today's rapidly evolving AI technology, we are constantly exploring ways to make AI process various types of data more efficiently. Currently, JSON is the most mainstream data format, but its redundancy leads to high token consumption when interacting with AI. To address this issue, a new data format called TOON has been designed to replace JSON in interactions with LLMs, reducing token consumption.

TOON GitHub: https://github.com/toon-format/toon

Demo Website: https://toonformat.dev/

Read More >>

In the previous article 'Apple's Source Code Leak Incident: Key Takeaways for GIS Frontend Development', the author mentioned the Apple front-end source code 'leak' incident and highlighted several serious security risks in current front-end development. So, besides improving developers' skills, is there a more perfect detection mechanism for these risks? If you are a team leader, how can you avoid these problems as much as possible? The author believes that in addition to proper build configuration and production environment security hardening, a mechanism for continuous detection of sensitive information submitted to the repository is needed, and Gitleaks is such a tool.

What is Gitleaks?

Gitleaks is an open-source tool that can scan Git repositories (including commit history) or directories/files to detect hardcoded sensitive information, such as passwords, API keys, tokens, credentials, etc. It supports multiple scanning modes (e.g., git mode, dir mode, stdin mode) as well as custom rules, ignore rules, baseline reports, etc. Its installation methods are flexible: it supports Homebrew (Mac), Docker images, Go source builds, etc. The community is active, with nearly 24k stars on GitHub, and it is widely adopted.

In short: if your project may have sensitive credentials, tokens, or keys (especially in front-end, back-end, DevOps, CI/CD processes) accidentally submitted or left in history, Gitleaks is a tool that significantly adds assurance.

Read More >>