wg-best-practices-os-developers
Plausible Analytics
Our great sponsors
wg-best-practices-os-developers | Plausible Analytics | |
---|---|---|
16 | 302 | |
622 | 18,213 | |
5.9% | 2.6% | |
9.7 | 9.8 | |
4 days ago | 2 days ago | |
JavaScript | Elixir | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg-best-practices-os-developers
-
12 Free Courses To Help You Develop More Secure Software - Shift Security Left
You will learn about the different checks provided by OpenSSF Scorecard, how to configure the checks for your environment, and how to automate their implementation.
-
Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding
In April 2014, the Linux Foundation Executive Director Jim Zemlin seized the opportunity to get visibility and managed to get Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware to all pledge to commit at least $100,000 a year for at least three years to the Core Infrastructure Initiative. The initiative continued for many years and eventually transformed into the Open Source Security Foundation. Also due to Heartbleed, the European Commission launched the EU-Free and Open Source Software Auditing project and spent at least a million euros on auditing OpenSSL, the Apache Server, KeePass, and other security-critical open source software.
-
Compiler Options Hardening Guide for C and C++
https://github.com/ossf/wg-best-practices-os-developers/issu...
The idea of using `-fsanitize-minimal-runtime` is interesting. I don't have any direct experience with that option. I've created an issue to investigate maybe adding that to the guide. Thanks for the tip!
-
OSCM: The Open Source Consumption Manifesto
These are technical details that are out of the scope of this article, but we think that it is important to mention them because the security strategy of a company should be based on a solid foundation, and these frameworks show that there are already some good starting points, companies don't have to start from scratch. If you want to know more about them or other ways to improve the security of your software supply chain, visit the OpenSSF website.
-
Best practices for effective attack surface analysis
Participating in the cybersecurity community can be a useful way to gain information about security trends and possible risks. Organizations such as the OWASP, OpenSSF, SANS Institute, and ISC2 promote the exchange of information between organizations and can raise the alarm about emerging issues or hacking strategies.
-
Need help with use cases for my new open-source project that deals with open-source security
You might find Awesome Security or Other Security Awesome Lists and the Open Source Security Foundation helpful
-
Wake-up call: why it's urgent to deal with your hardcoded credentials
Today corporations, open source projects, nonprofit foundations, and even governments are all trying to figure out how to improve the global software supply chain security. While these efforts are more than welcome, for the moment, there is hardly any straightforward way for organizations to improve on that front.
- 'Securing Open Source Software Act' Introduced to US Senate
-
Great Time at JavaZone 2022
Cross industry best practices - openssf.org
- Ask HN: Who is hiring? (June 2022)
Plausible Analytics
-
Plausible as an alternative to Google Analytics
I just swapped out Google Analytics with Plausible for AINIRO.IO. It’s only been a week, but so far I am super jazzed about it. First of all, Plausible doesn’t use cookies, so I can completely drop all cookie disclaimers and popups I had because of GDPR. Second of all, the site scores significantly better on load time. This results in a 10x better user experience for my website visitors, while making sure the website is still 100% conforming to GDPR laws.
-
Simple no bs persistent notepad
No clue what you mean, browser cache might even clear itself without you doing anything manually. This thing makes no sense.
Nowhere ever did it say Tech Demo anywhere, not in the HN headline, not on the page itself. No, thanks. And even as a tech demo, there is nothing impressive going in. It is stores shit to local storage, I guess. Lol, I just looked this up, and it was in Firefox on 2009 already? WHAT? https://developer.mozilla.org/en-US/docs/Web/API/Window/loca... I never used it myself directly, but I remember reading about some API that kind of is the new version of cookies that can store more and better and I think that is it. 2009, I would swear what I think about was newer, maybe I am mixing something up, maybe not.
It has unnecessarily tracking from the comment above, not sure if it even sends all your notes to https://plausible.io, and I do not care. For me, this fails as a tech demo or whatever the fuck It's supposed to be. Sorry to not get all excited about everything posted here. In 2009 it for sure would ;)
-
Using Analytics on My Website
If you already use Posthog, Web Analytics has been in Public Beta for quite some time.[1]
If I remember correctly, CloudFlare Analytics does not need you to register your domain with them. I personally feel keeping domain registration coupled with your DNS provider is not a good idea.
Plausible[2] has an Open Source self-hostable version but is not so updated in sync with their SaaS version.
Umami[3] is another simple, clean one. And, of course, as many have suggested, Matomo is the other well-established one. If you want to avoid maintaining a hosting routine, a lot do the hosting out of the box these days. PikaPods[4] was good when I tried and played around for a while.
1. https://posthog.com/docs/web-analytics
-
Open Source alternatives to tools you Pay for
Plausible - Open Source Alternative to Google Analytics
-
11 Ways to Optimize Your Website
There are many good, lightweight, and open-source alternatives to Google Analytics, such as Plausible, Matomo, Fathom, Simple Analytics, and so on. Many of these options are open-source, and can be self-hosted.
-
Ask HN: What is the least obnoxious way to ask for cookie permissions?
You log the IP address, referrer, user agent and the requested page URL but you don't set a unique cookie to identify the user.
This still gets you plenty of actionable analytics information: where geographically people are located (via GeoIP), what pages are most popular, what platforms (including desktop vs mobile) people are using.
I've been using https://plausible.io for analytics on a bunch of my sites for a couple of years now and I honestly don't miss the extra level of detail I got from cookie-based analytics I've used in the past.
- Ask HN: Is Google Analytics that useful?
-
A Developer's Guide to Blogging
The analytics provider I've gone with is Plausible. Sadly it's not free - about $9 a month - but it's easy to use, lightweight (the script is less than 1kb), and respects privacy, so it's worth a look IMO.
-
Best alternative to GA4 when Google Ads is your most important channel?
Plausible
-
It Took Me a Decade to Find the Perfect Personal Website Stack – Ghost+Fathom
Or you need to use some other static site generator to build the HTML table from JSON.
Something very simple, but yet so difficult.
I liked that it was possible to use SQLite3 in production for Ghost. It worked very well and scales as well since it is mostly read operation, but they are officially dropping support for production and using only MySQL. I guess the one argument was, that sending emails for many subscribers was too much for SQLite.
There is also another good analytics service, without cookies and also fully GDPR compliant: https://plausible.io/
What are some alternatives?
tpm2-tss - OSS implementation of the TCG TPM2 Software Stack (TSS2)
Umami - Umami is a simple, fast, privacy-focused alternative to Google Analytics.
tz - Time zone database and code
Fathom Analytics - Fathom Lite. Simple, privacy-focused website analytics. Built with Golang & Preact.
aper - A Rust data structure library built on state machines.
GoatCounter - Easy web analytics. No tracking of personal data.
bicep - Bicep is a declarative language for describing and deploying Azure resources
PostHog - 🦔 PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host.
zotero - Zotero is a free, easy-to-use tool to help you collect, organize, annotate, cite, and share your research sources.
ctop - Top-like interface for container metrics
Zulip - Zulip server and web application. Open-source team chat that helps teams stay productive and focused.
pirsch - Pirsch is a drop-in, server-side, no-cookie, and privacy-focused analytics solution for Go.