hashlink
vis_avs_dx
hashlink | vis_avs_dx | |
---|---|---|
2 | 1 | |
15 | 43 | |
- | - | |
0.0 | 4.1 | |
about 3 years ago | almost 4 years ago | |
XSLT | C++ | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hashlink
-
Grand jury subpoena for Signal user data, Central District of California
What's missing is a way to pin web apps so that you always get the previous version (and can opt in to subsequent versions after checking their hash from a trusted source).
There is a clever way of doing this, using a bookmarklet, a dataURI, and SRI, but the UX isn't great.[0] If something like Hashlinks[1] were supported by browsers, though, this could work quite nicely.
[0] https://news.ycombinator.com/item?id=17776456
[1] https://w3c-ccg.github.io/hashlink/
-
Why the World Needs a Software Bill of Materials Now
> What about websites though?
It is possible for a web page to specify the expected hash of a script file, which the browser will enforce. This is called SRI (Subresource Integrity).[0]
Of course that still leaves the bootstrapping problem of how the page itself can be guaranteed to have a specific hash, but fortunately there is a clever hack that can be done with bookmarklets[1], or the page can just be saved and loaded/served locally.
While that works technically, the UX isn't great because the address bar won't show the domain of the remote server (although browsers seem to be hiding the address bar from the user more and more). A better solution would be for browsers to support Hashlinks[2], which would allow a bookmark to point to a remote page with fixed contents.
[0] https://developer.mozilla.org/en-US/docs/Web/Security/Subres...
[1] https://news.ycombinator.com/item?id=17776456
[2] https://github.com/w3c-ccg/hashlink
vis_avs_dx
-
Why the World Needs a Software Bill of Materials Now
When I develop software, the source code repo contains a text file with all the third-party stuff I have used, both linked and copy-pasted, along with the URLs where I got the code and their licenses.
Not precisely a BOM and I maintain them for different reason, but overall I think pretty close to what’s proposed. Couple examples from my open-source projects: https://github.com/Const-me/vis_avs_dx/blob/master/legal.txt https://github.com/Const-me/Vrmac/blob/master/Pre-existing%2...
What are some alternatives?
Signal-Desktop - A private messenger for Windows, macOS, and Linux.
seL4 - The seL4 microkernel
rekor - Software Supply Chain Transparency Log