open_safety
go
open_safety | go | |
---|---|---|
14 | 2,075 | |
35 | 119,718 | |
- | 0.7% | |
2.6 | 10.0 | |
almost 2 years ago | 4 days ago | |
Rust | Go | |
MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
open_safety
-
Any sufficiently advanced uninstaller is indistinguishable from malware
Malware delivered as an email with a link to a zip file containing a .js file is one of the most common methods of delivery, right behind word macros. The "map the .js extension to notepad.exe" is a common security trick with a measurable, immediate drop in malware in large orgs. You can deploy it via GPO or InTune.
Personal promotion, I built this as a better alternative:
https://github.com/technion/open_safety
Note the built in .js parser hasn't basically ever updated, if you're writing for this you're writing like you're targetting IE5.
- How to build windows application clean / virus free for online distribution?
- Security Cadence: Use Default Apps to Help Prevent Accidental Launching of Malicious File Types
- Have you ever been hit with ransomware?
-
Microsoft's Small Step to Disable Macros Is a Win for Security
Allow me to reference my own workaround for those vectors:
https://github.com/technion/open_safety
- Am I the only one who finds Rust to be centered around Linux? Any Windows devs want to share their experience with Rust?
- State-of-the-art EDRs are not perfect, fail to detect common attacks
- Is shipping the produced .exe the only thing one needs to ship in order to ship a Rust program?
-
How to Rapidly Improve at Any Programming Language
https://github.com/technion/open_safety
The time I've spent on the Github actions is substantively higher than the time I've spent on the .rs files. Of course you can't "test actions before commit" in the way you can actual code, so I kept having to make branches, make 15 commits like "try action fix again", followed by squashing them all down and merging.
- To enable trust, install this certificate in the Trusted Root Certification Authorities store.
go
-
Go: the future encoding/json/v2 module
A Discussion about including this package in Go as encoding/json/v2 has been started on the Go Github project on 2023-10-05. Please provide your feedback there.
-
Evolving the Go Standard Library with math/rand/v2
I like the Principles section. Very measured and practical approach to releasing new stdlib packages. https://go.dev/blog/randv2#principles
The end of the post they mention that an encoding/json/v2 package is in the works: https://github.com/golang/go/discussions/63397
-
Microsoft Maintains Go Fork for FIPS 140-2 Support
There used to be the GO FIPS branch :
https://github.com/golang/go/tree/dev.boringcrypto/misc/bori...
But it looks dead.
And it looks like https://github.com/golang-fips/go as well.
-
Borgo is a statically typed language that compiles to Go
I'm not sure what exactly you mean by acknowledgement, but here are some counterexamples:
- A proposal for sum types by a Go team member: https://github.com/golang/go/issues/57644
- The community proposal with some comments from the Go team: https://github.com/golang/go/issues/19412
Here are some excerpts from the latest Go survey [1]:
- "The top responses in the closed-form were learning how to write Go effectively (15%) and the verbosity of error handling (13%)."
- "The most common response mentioned Go’s type system, and often asked specifically for enums, option types, or sum types in Go."
I think the problem is not the lack of will on the part of the Go team, but rather that these issues are not easy to fix in a way that fits the language and doesn't cause too many issues with backwards compatibility.
[1]: https://go.dev/blog/survey2024-h1-results
-
AWS Serverless Diversity: Multi-Language Strategies for Optimal Solutions
Now, I’m not going to use C++ again; I left that chapter years ago, and it’s not going to happen. C++ isn’t memory safe and easy to use and would require extended time for developers to adapt. Rust is the new kid on the block, but I’ve heard mixed opinions about its developer experience, and there aren’t many libraries around it yet. LLRD is too new for my taste, but **Go** caught my attention.
-
How to use Retrieval Augmented Generation (RAG) for Go applications
Generative AI development has been democratised, thanks to powerful Machine Learning models (specifically Large Language Models such as Claude, Meta's LLama 2, etc.) being exposed by managed platforms/services as API calls. This frees developers from the infrastructure concerns and lets them focus on the core business problems. This also means that developers are free to use the programming language best suited for their solution. Python has typically been the go-to language when it comes to AI/ML solutions, but there is more flexibility in this area. In this post you will see how to leverage the Go programming language to use Vector Databases and techniques such as Retrieval Augmented Generation (RAG) with langchaingo. If you are a Go developer who wants to how to build learn generative AI applications, you are in the right place!
-
From Homemade HTTP Router to New ServeMux
net/http: add methods and path variables to ServeMux patterns Discussion about ServeMux enhancements
-
Building a Playful File Locker with GoFr
Make sure you have Go installed https://go.dev/.
- Fastest way to get IPv4 address from string
- We now have crypto/rand back ends that ~never fail
What are some alternatives?
csv-injection-payloads - 🎯 CSV Injection Payloads
v - Simple, fast, safe, compiled language for developing maintainable software. Compiles itself in <1s with zero library dependencies. Supports automatic C => V translation. https://vlang.io
music-vibes - Desktop app for translating audio output into vibrations
TinyGo - Go compiler for small places. Microcontrollers, WebAssembly (WASM/WASI), and command-line tools. Based on LLVM.
xwin - A utility for downloading and packaging the Microsoft CRT headers and libraries, and Windows SDK headers and libraries needed for compiling and linking programs targeting Windows.
zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
ntfs - An implementation of the NTFS filesystem in a Rust crate, usable from firmware level up to user-mode.
Nim - Nim is a statically typed compiled systems programming language. It combines successful concepts from mature languages like Python, Ada and Modula. Its design focuses on efficiency, expressiveness, and elegance (in that order of priority).
Windows-Sandbox-Utilities - A public repository for useful developments surrounding Windows Sandbox
Angular - Deliver web apps with confidence 🚀
Stacktribution - A tiny webapp to generate proper attribution to a Stack Overflow's answer.
golang-developer-roadmap - Roadmap to becoming a Go developer in 2020