flipt
Key Transparency
Our great sponsors
| flipt | Key Transparency | |
|---|---|---|
| 19 | 4 | |
| 3,301 | 1,557 | |
| 2.9% | - | |
| 9.9 | 1.0 | |
| 7 days ago | almost 3 years ago | |
| Go | Go | |
| GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
flipt
-
Ask HN: How did you build feature flags?
We at https://flipt.io are putting on a buy vs build webinar in a couple of weeks to discuss this very thing as it's a common question that engineering teams seem to have.
If you're interested in attending its taking place on LinkedIn on April 17: https://www.linkedin.com/events/buildvs-buy-pickingafeaturef...
-
Open Policy Agent
We're currently evaluating OPA for adding RBAC to our open-source application [0]. We plan on using the Go API [1] and doing the policy eval directly in our app since our app is also written in Go.
The thinking is we'll have some basic built-in policies (like admins can do X, editors can do Y, etc) but also allow users to configure their own policies if they want by writing rego and loading their policy rules at startup time (via config). We'd document the inputs that we pass to the evaluation call such as request headers, IP, role, etc.
I'm curious if anyone has ever tried something like this or similar?
[0] https://github.com/flipt-io/flipt
[1] https://www.openpolicyagent.org/docs/latest/integration/#int...
-
GitHub issues from top Open Source Golang Repositories that you should contribute to
Flipt - Clickhouse integration for flag eval analytics
-
οΈππ Top 3 DevOps Trends to Watch Out for in 2024 π
At Flipt, we continually discuss technologies that can bring change to the industry. In this article, we delve into cutting-edge top trends and tools that can redefine DevOps and platform engineering this year.
-
οΈππ 3 Must Know Tools for Top DevOps Engineers π·
In this article, I will share the DevOps tools that we've used at Flipt and in previous roles (such as at InfluxDB). These tools are relevant for any modern software project.
-
οΈπ¨βπ§ 3 Tiny Fixes You Can Make To Start Contributing to Any Open Source Project π
But after onboarding 50+ contributors to Flipt, I realized there are ways to make starts easy for newbies.
-
π₯ The Single Best Tip To Attract More Contributors To Your GitHub Projectπ‘
In this article, I will share the effort-based issue labeling system we use at Flipt to deal with this problem.
-
3 Basic Traits That Every Successful Open Source Developer Has
Flipt has reached 3k GitHub stars β this week.
-
Save 500+ Hours of Maintenance Work With These 3 GitHub Actions
In this article, Iβm sharing 3 GitHub Actions we use at Flipt that saved us more than 500 developer hours.
-
3 Best Code Quality Tools For Your Open Source Project
In this article, Iβll share 3 tools we use at Flipt to maintain high code quality and ship features reliably.
Key Transparency
-
DTLS-SRTP spoofing
However, a MITM controlling the signaling server could manipulate any attempt to communicate the fingerprint between the endpoints. Hence why certificate verification should be out-of-band (with regards to the signaling server). The most common solution I've seen is that the call participants can just read the fingerprints to each other and ensure they match. But there are other solutions including using a trusted third party, or even key transparency... because blockchain.
-
Key transparency: A transparent and secure way to look up public keys
Archived. Not sure when. :( I'm not sure what if anything is a decent replacement/substitute.
In the README examples I see text about what I think is Certificate Transparency. That was definitely the first thing this made me think of. There's also a lot of talk in the project about CONIKS[1], & associate research papers are about 'bringing key transparency to end users'.
The scenarios[2] are interesting, but I'm not sure fully how this project helps. They explicitly call out Upspin for encrypted storage, which was linked recently[3].
It appears to make heavy use of the Trillian cryptographically verifiable data store[4].
[1] https://www.schneier.com/blog/archives/2016/04/coniks.html
[2] https://github.com/google/keytransparency/blob/master/docs/s...
[3] https://news.ycombinator.com/item?id=31520559
[4] https://github.com/google/trillian
-
Why Doesn't Email Use Certificates?
Key Transparency is an example of such a system, built on a highly scalable backend system (Trillian, which powers Certificate Transparency), but it's been under development for several years without a production deployment.
What are some alternatives?
Flagr - Flagr is a feature flagging, A/B testing and dynamic configuration microservice
Vault - A tool for secrets management, encryption as a service, and privileged access management
nginx-prometheus - Turn Nginx logs into Prometheus metrics
SFTPGo - Fully featured and highly configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob
flagsmith - Open Source Feature Flagging and Remote Config Service. Host on-prem or use our hosted version at https://flagsmith.com/
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
minio - The Object Store for AI Data Infrastructure
nsq - A realtime distributed messaging platform
traefik - The Cloud Native Application Proxy
etcd - Distributed reliable key-value store for the most critical data of a distributed system