msquic
winget-pkgs
Our great sponsors
msquic | winget-pkgs | |
---|---|---|
19 | 98 | |
3,822 | 7,988 | |
1.7% | 2.0% | |
9.6 | 10.0 | |
3 days ago | 4 days ago | |
C | PowerShell | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
msquic
- Msquic: Cross-platform C implementation of QUIC protocol for C, C++, C#, Rust
-
Avoiding HTTP/3 (for a while) as a pragmatic default
I referred to sockets as an API design, not to express an opinion on whether you should place your protocol implementations inside or outside the kernel. (Although that’s undeniably an interesting question that by all rights should have been settled by now, but isn’t.)
Even then, I didn’t mean you should reproduce the Berkeley socket API verbatim (ZeroMQ-style); multiple streams per connection does not sound like a particularly good fit to it (although apparently people have managed to fit SCTP into it[1]?). I only meant that with the current mainstream libraries[2,3,4], establishing a QUIC connection and transmitting bytestreams or datagrams over it seems quite a bit more involved than performing the equivalent TCP actions using sockets.
[1] https://datatracker.ietf.org/doc/html/rfc6458
[2] https://quiche.googlesource.com/quiche
-
My plan for making 256bit signed and unsigned integers in C. Please help me understand this concept better.
The documentation of MS QUIC says it is cross-platform, it should work on Linux, it has a CMake preset for Linux and you can download the prebuilt binary releases for Linux.
- Best performing quic implementation?
-
Show HN: Protect Your CI/CD from SolarWinds-Type Attacks with This Agent
Hello HN, my name is Varun, and I am the co-founder of StepSecurity. Here is the backstory about Harden-Runner. We thoroughly researched past software supply chain security incidents. The devastating breaches of SolarWinds, Codecov, and others, have one thing in common – they attacked the CI/ CD pipeline or the build server.
These incidents made it clear that a purpose-built security agent was needed for CI/ CD. While there are numerous agents available for desktops and servers, such as from CrowdStrike and Lacework, none have been tailored specifically to address the unique risks present in CI/CD pipelines.
With the understanding that a specialized solution was needed to secure CI/CD environments, we developed Harden-Runner, an open-source solution tailored specifically for GitHub Actions hosted runners. It can be seamlessly integrated into your workflow by simply adding a step. The agent installation process is also lightning-fast, taking no more than 5 seconds to complete.
Harden-Runner's security agent is designed to closely monitor all aspects of the workflow run, including DNS, network, file, and process events. This allows for real-time identification of any potential security breaches. To prevent incidents like the Codecov breach, where exfiltration of credentials occurred, Harden-Runner allows you to set policies that restrict outbound traffic at both the DNS and network layers. Additionally, we are actively working on implementing further restrictions at the application layer, such as using HTTP verbs and paths, to provide an even more comprehensive security solution.
An excellent example of how Harden-Runner effectively blocks outbound traffic can be found in the following link: https://app.stepsecurity.io/github/microsoft/msquic/actions/.... As you can see, all traffic to unauthorized endpoints is highlighted in red, indicating that it has been blocked; this is because these endpoints are not included in the allowed list defined in the GitHub Actions workflow file, which can be viewed here: https://github.com/microsoft/msquic/blob/aaecb0fac5a3902dd24....
One of the key features of Harden-Runner's monitoring capabilities is its ability to detect any tampering or alteration of files during the build process, similar to the SolarWinds incident. To further enhance security and protect against potential malicious tools or attempts to disable the agent, Harden-Runner includes a disable-sudo mode. This mode effectively disables the use of 'sudo' on the hosted runner, providing an additional layer of protection
Harden-Runner has already been adopted by over 600 open-source repositories: https://github.com/step-security/harden-runner/network/depen.... To fully understand the capabilities of Harden-Runner and how it can protect against past supply chain attacks, please try out our attack simulator GitHub repository at https://github.com/step-security/attack-simulator. I would love to hear your feedback.
-
Least painful path to multiplatform builds?
https://github.com/microsoft/msquic (QUIC / HTTP3)
-
msquic VS MsQuic.Net - a user suggested alternative
2 projects | 15 Jul 2022
- The Illustrated QUIC Connection
- Msquic - Cross-platform, C implementation of the IETF QUIC protocol.
winget-pkgs
-
FFmpeg 7.0 Released
7.0 is now available: https://github.com/microsoft/winget-pkgs/pull/147886
-
Packaging up NVIDIA driver updates...
I researched this for a WinGet thing: https://github.com/microsoft/winget-pkgs/pull/110618
-
2 spaces? 4 spaces? One tab?
Ah, reminds me of that time I requested a .editorconfig file in a Microsoft repo: https://github.com/microsoft/winget-pkgs/issues/329
-
MS and Windows gets a lot of (well deserved) hate, but winget is just fantastic!
Take dropbox as an example. This is what the yaml manifest looks like for that if you install it through winget. It literally has a hardcoded link to an .exe installer hosted by dropbox and then just set the flags to silent. I am not spreading misinformation, you are.
-
Windows is the malware compatibility layer for everything
It's not quite the same though, as there are different considerations when using a repository of things a unified group has decided should be included and built (or slightly modified existing) packages for and a repo where anyone can submit a package that will go through some level of vetting. In the end I still believe most this discussion is really about individuals and how much trust they apply towards different groups and sources and is not really about Linux or Windows in particular as much.
- PowerToys Release 0.71
-
installed from winget, where is it located?
I never used winget, but probably: - https://github.com/microsoft/winget-pkgs/issues/107858 - https://github.com/Genymobile/scrcpy/issues/4027
-
The Unreasonable Effectiveness of VLC - A Comprehensive Exploration of a Multimedia Powerhouse
It's probably not on the Store, winget pulls from both the Store and a community collection of manifests on GitHub: https://github.com/microsoft/winget-pkgs
-
Seven.zip
I think that's part of the problem, if you don't have that package manager to bootstrap your signature key ring, DNS is your next best bootstrap. It is, of course, a terrible bootstrap for trust, but it is one so many users on Windows have been relying on for such a long time.
For power users on any modern Windows 10/Windows 11 there is at least WinGet now. Its manifests repo is becoming a very interesting (open) source of truth for common Windows applications. Admittedly, it in most cases doesn't seem to be checking specific code signatures in most cases either, but at least includes SHA checksums.
For instance, 7zip's manifests: https://github.com/microsoft/winget-pkgs/tree/master/manifes...
It's too bad there's still not a great option for "average user that doesn't know/trust how to use a CLI", given how sadly polluted the Microsoft Store can be for many common, especially Open Source, applications. For direct instance, because winget kindly includes Microsoft Store results when searching, there is a "7zip 22" in the Microsoft Store that costs some amount of money (winget details say "PaidUnknownPrice" for the pricing information; I'm on a corporate machine right now with the actual Store access locked so can't search in the actual Store right now) and the Publisher is listed as RepackagerExpress.com. (That website currently doesn't go anywhere, giving it a spot check.)
Having seen this, I may boot up my personal machine and try to report this specific Store listing for violating the Store's Open Source policies, though I'm unsure if such whackamole is all that useful. (Seems like it might be a useful winget feature request for it to provide Store Report URLs.)
-
App deployment switches
For example, see that Firefox has /S here.
What are some alternatives?
quiche - 🥧 Savoury implementation of the QUIC transport protocol and HTTP/3
ansible.windows - Windows core collection for Ansible
lsquic - LiteSpeed QUIC and HTTP/3 Library
Scoop - A command-line installer for Windows.
quinn - Async-friendly QUIC implementation in Rust
ctags - A maintained ctags implementation
openmptcprouter - OpenMPTCProuter is an open source solution to aggregate multiple internet connections using Multipath TCP (MPTCP) on OpenWrt
appget - Free and open package manager for Windows.
shadowsocks-rust - A Rust port of shadowsocks
winget-intune-win32 - Repository containing examples of how to use winget from Intune, also in system context.
mvfst - An implementation of the QUIC transport protocol.
gsudo - Sudo for Windows