fedimint
cargo-auditable
Our great sponsors
fedimint | cargo-auditable | |
---|---|---|
28 | 23 | |
524 | 547 | |
6.3% | 4.4% | |
9.9 | 7.9 | |
about 16 hours ago | about 1 month ago | |
Rust | Rust | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
fedimint
-
Current state of exchanges
Maybe Fediment could be a promising way to store your Bitcoin. I've been keeping an eye on how this is progressing.
-
What are peoples’ thoughts on collaborative custody?
You might be interested in what is going on with Fedimint
-
How would crypto work when we become a space society
Something like planetary fedimints or similar https://fedimint.org/
-
I started a podcast to demystify Bitcoin.
I hate to say it, but I believe most people aren't responsible. I think new options to on-board people which bring more comfort will be needed for mass adoption. Maybe a community custody platform such as Fediment or whatever the folks over at Ego Death Capital are up to that seems to have Jeff Booth and others just ecstatic. However I fear massive on-boarding comes with a lot of people still trusting an investment firm.
- What’s the latest on Fediment?
-
Got the Ledger Live from Microsoft store and it took all my ETH
You might find https://fedimint.org/ interesting if you're not familiar - i could see bitcoin custody becoming a community centric thing but time will tell :D
- Self Custody Issues
-
error while setting up the fedimint federation
when i start the scripts this error keeps popping up . I am running the scripts referring to this github repo https://github.com/fedimint/fedimint/blob/master/docs/dev-running.md
-
The digital pound: A new form of money for households and businesses?
Fedminit: https://fedimint.org
In Cashu, a mint is a single custodian, while Fedimint is designed around a multiple federated mints in a multisig. Both issue e-tokens signed with blind signatures. Both of them also integrate with the Lightning network, so users of the minted cash can make use of the rest of Bitcoin ecosystem for payments.
-
Snowden on the Lightning Network on Nostr
The Bitcoin base chain can handle about 7 transactions per second, lighting theoretical upper limit is up to 1,000,000 transactions per second. You can use lighting without managing a node yourself. There are even projects[0] in development that allows for community custody, so it stays trustless even when using a custodian.
0: https://fedimint.org/
cargo-auditable
-
Rust Offline?
Further we use cargo-auditable and cargo-audit as part of both our pipeline and regular scanning of all deployed services. This makes our InfoSec and Legal super happy since it means they can also monitor compliance with licenses and patch/update timings.
-
Hey Rustaceans! Got a question? Ask here (15/2023)!
This exists, see cargo auditable.
-
The Rust Implementation Of GNU Coreutils Is Becoming Remarkably Robust
The Rust community seems to have settled on a perfectly reasonable way to address bit-rot in statically linked binaries. https://github.com/rust-secure-code/cargo-auditable
-
Release Engineering Is Exhausting So Here's cargo-dist
Would you be open to integrating cargo auditable into this pipeline in some form? It seems like a great match.
-
Swift Achieved Dynamic Linking Where Rust Couldn't
> and static compilation probably just hides the problem unless security scanners these days can identify statically compiled vulnerable versions of libraries
Some scanners like trivy [1] can scan statically compiled binaries, provided they include dependency version information (I think go does this on its own, for rust there's [2], not sure about other languages).
It also looks into your containers.
The problem is what to do when it finds a vulnerability. In a fat app with dynamic linking you could exchange the offending library, check that this doesn't break anything for your use case, and be on your way. But with static linking you need to compile a new version, or get whoever can build it to compile a new version. Which seems to be a major drawback of discouraging fat apps.
1: https://github.com/aquasecurity/trivy
2: https://github.com/rust-secure-code/cargo-auditable
-
'cargo auditable' can now be used as a drop-in replacement for Cargo
I have investigated a bunch of standardized formats - SPDX, CycloneDX, etc. All of them are unsuitable for a variety of reasons, chief of which are being way too verbose and including timestamps, which would break reproducible builds.
-
sccache now supports GHA as backend
The fix for interoperability with cargo auditable has also shipped in the latest release of sccache. You can use the released sccache now instead of building it from git!
-
`cargo audit` can now scan compiled binaries
I've been working to bring vulnerability scanning to Rust binaries by creating cargo auditable, which embeds the list of dependencies and their versions into the compiled binary. This lets you audit the binary you actually run, instead of the Cargo.lock file in some repo somewhere.
-
Here's how to patch the upcoming OpenSSL vulnerability in Rust
cargo auditable solves this problem by embedding the list of dependencies and their versions into the binaries. But until it becomes part of Cargo and gets enabled by default, static linking will remain problematic.
- Introducing cargo-auditable: audit Rust binaries for known bugs or vulnerabilities in production
What are some alternatives?
crane - A Nix library for building cargo projects. Never build twice thanks to incremental artifact caching.
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
nostr - a truly censorship-resistant alternative to Twitter that has a chance of working
auto-fuzz-test - Effortlessly fuzz libraries with large API surfaces
rustshop - Rust Shop is a fake cloud-based software company that you can fork.
cargo-supply-chain - Gather author, contributor and publisher data on crates in your dependency graph.
trezor-firmware - :lock: Trezor Firmware Monorepo
eve-rs - A simple, intuitive, express-like HTTP library
fluttermint
svntogit-community - Automatic import of svn 'community' repo (read-only mirror)
nocargo - [alpha] Build Rust crates with Nix Build System.
sandbox - A sand simulation game