aper
wg-best-practices-os-developers
aper | wg-best-practices-os-developers | |
---|---|---|
8 | 16 | |
292 | 640 | |
0.7% | 5.6% | |
0.0 | 9.7 | |
about 1 year ago | 3 days ago | |
JavaScript | JavaScript | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
aper
- Aper: a Rust library for data synchronization using state machines.
-
You might not need a CRDT (Conflict-free Replicated Data Type)
The relevance here is that this post mentions their new Rust library Aper (https://aper.dev/). In addition, CRDTs are a favorite topic of Raph Levien, AKA the Rust GUI guy, and featured in the Xi editor, his first major Rust project (retrospective here: https://raphlinus.github.io/xi/2020/06/27/xi-retrospective.html).
-
You might not need a CRDT
It's also super refreshing to see the work on Aper [1] [2] (a Rust library implementing state machine synchronization across a trusted network). Looking forward next series of articles here!
[1]: https://aper.dev/
[2]: https://github.com/drifting-in-space/aper
-
CRDTs make multiplayer text editing part of Zed's DNA
Our Aper (https://aper.dev) implements a number of similar concepts (state machine replication with optimistic local transitions + rollback). I 100% agree that it’s an easier model to reason about.
Your approach with cursors is clever, that part I haven’t seen elsewhere.
-
Ask HN: Who is hiring? (June 2022)
Drifting in Space | Full-time | NYC | https://driftingin.space
We make Jamsocket (https://jamsocket.com/), which allows application developers to spin up and connect to server-side compute. This allows browser-based applications to do computationally-intensive things that are otherwise impossible in the browser.
We went through YC and just raised a seed round and are looking to build up our team. We are based in NYC but are open to remote for experience candidates.
Our tech stack includes Rust, NATS, Docker, Postgres, TypeScript.
We have lots of fun technical problems that get into the nitty-gritty of networking and operating systems, plus fun open-source stuff like Aper (https://aper.dev/). We are excited to build a diverse team and encourage non-traditional candidates to apply.
Email [email protected] or see more details here: https://www.ycombinator.com/companies/drifting-in-space/jobs...
wg-best-practices-os-developers
-
12 Free Courses To Help You Develop More Secure Software - Shift Security Left
You will learn about the different checks provided by OpenSSF Scorecard, how to configure the checks for your environment, and how to automate their implementation.
-
Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding
In April 2014, the Linux Foundation Executive Director Jim Zemlin seized the opportunity to get visibility and managed to get Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware to all pledge to commit at least $100,000 a year for at least three years to the Core Infrastructure Initiative. The initiative continued for many years and eventually transformed into the Open Source Security Foundation. Also due to Heartbleed, the European Commission launched the EU-Free and Open Source Software Auditing project and spent at least a million euros on auditing OpenSSL, the Apache Server, KeePass, and other security-critical open source software.
-
Compiler Options Hardening Guide for C and C++
https://github.com/ossf/wg-best-practices-os-developers/issu...
The idea of using `-fsanitize-minimal-runtime` is interesting. I don't have any direct experience with that option. I've created an issue to investigate maybe adding that to the guide. Thanks for the tip!
-
OSCM: The Open Source Consumption Manifesto
These are technical details that are out of the scope of this article, but we think that it is important to mention them because the security strategy of a company should be based on a solid foundation, and these frameworks show that there are already some good starting points, companies don't have to start from scratch. If you want to know more about them or other ways to improve the security of your software supply chain, visit the OpenSSF website.
-
Best practices for effective attack surface analysis
Participating in the cybersecurity community can be a useful way to gain information about security trends and possible risks. Organizations such as the OWASP, OpenSSF, SANS Institute, and ISC2 promote the exchange of information between organizations and can raise the alarm about emerging issues or hacking strategies.
-
Need help with use cases for my new open-source project that deals with open-source security
You might find Awesome Security or Other Security Awesome Lists and the Open Source Security Foundation helpful
-
Wake-up call: why it's urgent to deal with your hardcoded credentials
Today corporations, open source projects, nonprofit foundations, and even governments are all trying to figure out how to improve the global software supply chain security. While these efforts are more than welcome, for the moment, there is hardly any straightforward way for organizations to improve on that front.
-
'Securing Open Source Software Act' Introduced to US Senate
https://github.com/ossf/wg-best-practices-os-developers/blob...
-
Great Time at JavaZone 2022
Cross industry best practices - openssf.org
- Ask HN: Who is hiring? (June 2022)
What are some alternatives?
plane - 🔥 🔥 🔥 Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
tpm2-tss - OSS implementation of the TCG TPM2 Software Stack (TSS2)
google-search-results-nodejs - SerpApi client library for Node.js. Previously: Google Search Results Node.js.
tz - Time zone database and code
plane - A distributed system for running WebSocket services at scale.
Plausible Analytics - Simple, open source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.
bicep - Bicep is a declarative language for describing and deploying Azure resources
Mattermost - Mattermost is an open source platform for secure collaboration across the entire software development lifecycle..
Zulip - Zulip server and web application. Open-source team chat that helps teams stay productive and focused.
peritext - A CRDT for asynchronous rich-text collaboration, where authors can work independently and then merge their changes.
serverless-graphql - Serverless GraphQL Examples for AWS AppSync and Apollo