wg-best-practices-os-developers
Metabase
wg-best-practices-os-developers | Metabase | |
---|---|---|
16 | 67 | |
640 | 36,592 | |
5.6% | 1.1% | |
9.7 | 10.0 | |
4 days ago | 3 days ago | |
JavaScript | Clojure | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg-best-practices-os-developers
-
12 Free Courses To Help You Develop More Secure Software - Shift Security Left
You will learn about the different checks provided by OpenSSF Scorecard, how to configure the checks for your environment, and how to automate their implementation.
-
Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding
In April 2014, the Linux Foundation Executive Director Jim Zemlin seized the opportunity to get visibility and managed to get Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware to all pledge to commit at least $100,000 a year for at least three years to the Core Infrastructure Initiative. The initiative continued for many years and eventually transformed into the Open Source Security Foundation. Also due to Heartbleed, the European Commission launched the EU-Free and Open Source Software Auditing project and spent at least a million euros on auditing OpenSSL, the Apache Server, KeePass, and other security-critical open source software.
-
Compiler Options Hardening Guide for C and C++
https://github.com/ossf/wg-best-practices-os-developers/issu...
The idea of using `-fsanitize-minimal-runtime` is interesting. I don't have any direct experience with that option. I've created an issue to investigate maybe adding that to the guide. Thanks for the tip!
-
OSCM: The Open Source Consumption Manifesto
These are technical details that are out of the scope of this article, but we think that it is important to mention them because the security strategy of a company should be based on a solid foundation, and these frameworks show that there are already some good starting points, companies don't have to start from scratch. If you want to know more about them or other ways to improve the security of your software supply chain, visit the OpenSSF website.
-
Best practices for effective attack surface analysis
Participating in the cybersecurity community can be a useful way to gain information about security trends and possible risks. Organizations such as the OWASP, OpenSSF, SANS Institute, and ISC2 promote the exchange of information between organizations and can raise the alarm about emerging issues or hacking strategies.
-
Need help with use cases for my new open-source project that deals with open-source security
You might find Awesome Security or Other Security Awesome Lists and the Open Source Security Foundation helpful
-
Wake-up call: why it's urgent to deal with your hardcoded credentials
Today corporations, open source projects, nonprofit foundations, and even governments are all trying to figure out how to improve the global software supply chain security. While these efforts are more than welcome, for the moment, there is hardly any straightforward way for organizations to improve on that front.
-
'Securing Open Source Software Act' Introduced to US Senate
https://github.com/ossf/wg-best-practices-os-developers/blob...
-
Great Time at JavaZone 2022
Cross industry best practices - openssf.org
- Ask HN: Who is hiring? (June 2022)
Metabase
-
HackTheBox - Writeup Analytics
Remote Code Execution via H2
-
Blazer: Business Intelligence Made Simple
We've used it for about a year - Blazer is okay if you need a quick SQL query console, but we found it lacking as an actual business intelligence tool. The support for graphs and dashboards is limited, for graphs it requires you to structure the query in an exact way as you can see in the Blazer readme.
After some research on available alternatives that don't break the bank, we decided to deploy a self-hosted instance of Metabase[0]. This took only a few minutes to set up using their Docker image[1] and it has much better graphing capabilities and you can easily put a custom layout together for dashboards. Upgrading is similarly easy (just redeploy). Also easy to configure: data sources, hiding or changing the data type of a column, G Suite sign-in for our domain. Highly recommend it if you need anything more than Blazer's table output.
[0]: https://github.com/metabase/metabase
-
Is Tableau Dead?
I've never used Tableau, but heard a lot of hate about it. However, in my previous role, we were big fans of Metabase (https://metabase.com). You can also self-host it, which was a huge win for us.
-
My mental model of Clojure transducers
It seems folks want a working example. Here's one in prod:
Metabase is a BI tool, backend written mostly in Clojure. Like basically all BI tools they have this intermediate representation language thing so you write the same thing in "MBQL (metabase query language)" and it theoretically becomes same query in like, Postgres and Mongo and whatever. End user does not usually write MBQL, it's a service for the frontend querybuilding UI thing and lots of other frontend UI stuff mainly in usage.
Whole processing from MBQL -> your SQL or whatever is done via a buncha big-ass transducers. Metabase is not materially faster than other BI tools (because all the other BI tools do something vaguely similar in their langs) but it's pretty comparable speed and the whole thing was materially written by like 5 peeps
https://github.com/metabase/metabase/blob/master/src/metabas...
(nb: I used to work for Metabase but currently do not. but open core is open core)
- Upgrade Your Metabase Installation
-
Upgrade your Metabase installation immediately
They haven't released the source, and the compiled versions are non-trivial to diff (e.g. there are nondeterministic numbers from the clojure compiler that seem to have changed from one to the other, and .clj files have been removed from the jar).
The old version has `hash=1bb88f5`, which is a public commit: https://github.com/metabase/metabase/commit/1bb88f5
-
Launch HN: Twenty.com (YC S23) – open-source CRM
We are unsure about the right license to use, so this is a great feedback. We had a MIT license one week ago that we know that we cannot hold on long term and we felt we were lying to the community by keeping an MIT license and changing it in one year.
By using AGPL, we feel it's the right level of restriction. It's the license used by Metabase for example (https://github.com/metabase/metabase) that many companies use internally.
-
Ask HN: Open-Source Self-Hosted No-Code Platforms?
The solution really depends on what sort of problems you are trying to solve and who your customers are.
There are a fair few low-code solutions out there for reporting and data visualisation that are great for finance and marketing teams for example. e.g. https://metabase.com/ , https://evidence.dev/
For multipurpose SMB workflows and organisational processes, I have used n8n in the recent past and found it was quite good and incredibly easy to maintain. https://n8n.io/engineering-resources/
For enterprise processes I'd go with Camunda (solely based on recommendations and not first hand experience). Although only parts of their platform are OSS https://github.com/camunda
Bear in mind that some of these are not suitable if you want to build something that competes with them while taking their OSS code. But are perfectly fine otherwise.
-
916 days of Emacs
Anyway, I have a collection of scripts that merge ActivityWatch data from all my machines and WakaTime exports to a PostgreSQL database which I then query with a project called Metabase. If you're curious, the scripts are in a repository called sqrt-data. I've been playing with this for ~4-5 years already I think.
-
Ask HN: Who is hiring? (April 2023)
Metabase | https://metabase.com | REMOTE | Full-time | Backend, Frontend, Full Stack, and DevOps engineers
Metabase is open source analytics software that lets anyone in your company rummage around in the databases you have. It connects to a number of databases / data warehouses (BigQuery, Redshift, Snowflake, Postgres, MySQL, etc).
What are some alternatives?
tpm2-tss - OSS implementation of the TCG TPM2 Software Stack (TSS2)
Apache Superset - Apache Superset is a Data Visualization and Data Exploration Platform [Moved to: https://github.com/apache/superset]
tz - Time zone database and code
lightdash - Self-serve BI to 10x your data team ⚡️
aper - A Rust data structure library built on state machines.
appsmith - Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.
Plausible Analytics - Simple, open source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.
Elasticsearch - Free and Open, Distributed, RESTful Search Engine
bicep - Bicep is a declarative language for describing and deploying Azure resources
superset - Apache Superset is a Data Visualization and Data Exploration Platform
Zulip - Zulip server and web application. Open-source team chat that helps teams stay productive and focused.
Redash - Make Your Company Data Driven. Connect to any data source, easily visualize, dashboard and share your data.