wg-best-practices-os-developers
studio
Our great sponsors
wg-best-practices-os-developers | studio | |
---|---|---|
16 | 35 | |
626 | 1,692 | |
6.5% | - | |
9.7 | 9.8 | |
2 days ago | about 2 months ago | |
JavaScript | TypeScript | |
Apache License 2.0 | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg-best-practices-os-developers
-
12 Free Courses To Help You Develop More Secure Software - Shift Security Left
You will learn about the different checks provided by OpenSSF Scorecard, how to configure the checks for your environment, and how to automate their implementation.
-
Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding
In April 2014, the Linux Foundation Executive Director Jim Zemlin seized the opportunity to get visibility and managed to get Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware to all pledge to commit at least $100,000 a year for at least three years to the Core Infrastructure Initiative. The initiative continued for many years and eventually transformed into the Open Source Security Foundation. Also due to Heartbleed, the European Commission launched the EU-Free and Open Source Software Auditing project and spent at least a million euros on auditing OpenSSL, the Apache Server, KeePass, and other security-critical open source software.
-
Compiler Options Hardening Guide for C and C++
https://github.com/ossf/wg-best-practices-os-developers/issu...
The idea of using `-fsanitize-minimal-runtime` is interesting. I don't have any direct experience with that option. I've created an issue to investigate maybe adding that to the guide. Thanks for the tip!
-
OSCM: The Open Source Consumption Manifesto
These are technical details that are out of the scope of this article, but we think that it is important to mention them because the security strategy of a company should be based on a solid foundation, and these frameworks show that there are already some good starting points, companies don't have to start from scratch. If you want to know more about them or other ways to improve the security of your software supply chain, visit the OpenSSF website.
-
Best practices for effective attack surface analysis
Participating in the cybersecurity community can be a useful way to gain information about security trends and possible risks. Organizations such as the OWASP, OpenSSF, SANS Institute, and ISC2 promote the exchange of information between organizations and can raise the alarm about emerging issues or hacking strategies.
-
Need help with use cases for my new open-source project that deals with open-source security
You might find Awesome Security or Other Security Awesome Lists and the Open Source Security Foundation helpful
-
Wake-up call: why it's urgent to deal with your hardcoded credentials
Today corporations, open source projects, nonprofit foundations, and even governments are all trying to figure out how to improve the global software supply chain security. While these efforts are more than welcome, for the moment, there is hardly any straightforward way for organizations to improve on that front.
-
'Securing Open Source Software Act' Introduced to US Senate
https://github.com/ossf/wg-best-practices-os-developers/blob...
-
Great Time at JavaZone 2022
Cross industry best practices - openssf.org
- Ask HN: Who is hiring? (June 2022)
studio
-
ROS 2 Iron Irwini Release
> Especially a tool like RViz is always missing. And in many many robotics video I see (of a moderately complex robot), there's ROS's RViz on some screen.
I would love the future robotics development stack to be more modular, so that (for example) future middleware solutions don't need to also bundle their own visualization software. This was direct inspiration for creating Foxglove Studio[0] for visualization and MCAP[1] for logging - both work great with ROS, or equally well without it.
[0] https://github.com/foxglove/studio
[1] https://github.com/foxglove/mcap
-
Generic eCAL / Foxglove Communication Bridge
That's the true strength of combining existing open source solutions. Thanks for the great support of Foxglove Inc. over the past few years.
-
Ask HN: Who is hiring? (March 2023)
Foxglove | Remote (US time zones) | Full Time or Contract | https://foxglove.dev/
Foxglove is the leading observability platform for robotics developers. We help robotics and AV companies log, ingest, organize, and visualize multimodal data. Join our small, highly experienced, and fast moving team. Prior experience working in robotics or AV is a bonus but not necessary.
* Senior Frontend Engineer (TypeScript, React, bonus if you have WebGL experience)
* Senior Full Stack Engineer (TypeScript, Go)
* Senior SRE/Infrastructure/DevOps Engineer (GCP, AWS, Azure, Terraform, K8s)
https://foxglove.dev/careers
Email in profile if you have questions.
-
Sniper robot treats 500k plants per hour with 95% less chemicals
It's a common misconception that you need a ML or robotics PhD to work in the field. There are plenty of frontend & backend web engineering, data engineering, and infrastructure/devops roles available at robotics companies - you don't need to be a domain expert.
For example, at Foxglove[0] we are building open source web-based visualization and data management for robotics (shameless plug: currently hiring).
[0] https://foxglove.dev/
-
Understanding a Small ROS bag file
You can use the rosbag commandline-tool to figure out all of this: http://wiki.ros.org/rosbag/Commandline rosbag info for example can give you some of the type/number of messages information. For more complex stuff, you could use https://foxglove.dev/ to visualize and inspect rosbags
-
Ask HN: What interesting problems are you working on? ( 2022 Edition)
Web-based data visualization for robotics and self-driving. Robotics is such an interesting industry, and we're only scratching the surface of what new tools are needed.
Try it live here (hit "view sample data"): https://studio.foxglove.dev/
And it's open source! https://github.com/foxglove/studio
Shameless plug - we're hiring: https://foxglove.dev/careers
-
Recording your JSON data to MCAP, a file format that support multiple serialization formats
When our team at Foxglove announced MCAP, we wanted to empower teams to spend less time building commodity tools and more time tackling their hardest robotics challenges.
- Brainstorming ideas for a cloud/web based control system for construction robotics
-
Ask HN: Who is hiring? (June 2022)
Foxglove | Remote (Americas/Oceania) | Full Time or Contract | https://foxglove.dev/
Dev tools for robotics and autonomous vehicles.
Robotics will have a massive positive impact on the world economy and global human productivity over the coming decade. At Foxglove, we're building powerful web-based open source & commercial tools to accelerate this trend.
We're a small, highly experienced, and fast moving team. We're looking to hire several more people (most roles don't require previous robotics experience, unless specified below):
- Senior Frontend Engineer (react, typescript, some webgl+wasm)
- Senior Full Stack Engineer (typescript, some golang)
- First Product Manager (robotics/AV experience required)
- First Account Executive (infrastructure SaaS experience required)
https://foxglove.dev/
https://foxglove.dev/careers
-
Ask HN: Can you share websites that are pushing the utility of browsers forward?
React + Typescript. Forgot to mention it’s open source so you can see for yourself:
https://github.com/foxglove/studio
What are some alternatives?
tpm2-tss - OSS implementation of the TCG TPM2 Software Stack (TSS2)
webviz - web-based visualization libraries
tz - Time zone database and code
Grafana - The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
aper - A Rust data structure library built on state machines.
TimescaleDB - An open-source time-series SQL database optimized for fast ingest and complex queries. Packaged as a PostgreSQL extension.
Plausible Analytics - Simple, open source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.
PostHog - 🦔 PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host.
bicep - Bicep is a declarative language for describing and deploying Azure resources
cli - Official Command Line Interface for the IPinfo API (IP geolocation and other types of IP data)
Zulip - Zulip server and web application. Open-source team chat that helps teams stay productive and focused.
jamstack.org - The official Jamstack site