wg-best-practices-os-developers
PostHog
Our great sponsors
wg-best-practices-os-developers | PostHog | |
---|---|---|
16 | 99 | |
626 | 17,013 | |
5.9% | 7.2% | |
9.7 | 10.0 | |
about 14 hours ago | 6 days ago | |
JavaScript | Python | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg-best-practices-os-developers
-
12 Free Courses To Help You Develop More Secure Software - Shift Security Left
You will learn about the different checks provided by OpenSSF Scorecard, how to configure the checks for your environment, and how to automate their implementation.
-
Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding
In April 2014, the Linux Foundation Executive Director Jim Zemlin seized the opportunity to get visibility and managed to get Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware to all pledge to commit at least $100,000 a year for at least three years to the Core Infrastructure Initiative. The initiative continued for many years and eventually transformed into the Open Source Security Foundation. Also due to Heartbleed, the European Commission launched the EU-Free and Open Source Software Auditing project and spent at least a million euros on auditing OpenSSL, the Apache Server, KeePass, and other security-critical open source software.
-
Compiler Options Hardening Guide for C and C++
https://github.com/ossf/wg-best-practices-os-developers/issu...
The idea of using `-fsanitize-minimal-runtime` is interesting. I don't have any direct experience with that option. I've created an issue to investigate maybe adding that to the guide. Thanks for the tip!
-
OSCM: The Open Source Consumption Manifesto
These are technical details that are out of the scope of this article, but we think that it is important to mention them because the security strategy of a company should be based on a solid foundation, and these frameworks show that there are already some good starting points, companies don't have to start from scratch. If you want to know more about them or other ways to improve the security of your software supply chain, visit the OpenSSF website.
-
Best practices for effective attack surface analysis
Participating in the cybersecurity community can be a useful way to gain information about security trends and possible risks. Organizations such as the OWASP, OpenSSF, SANS Institute, and ISC2 promote the exchange of information between organizations and can raise the alarm about emerging issues or hacking strategies.
-
Need help with use cases for my new open-source project that deals with open-source security
You might find Awesome Security or Other Security Awesome Lists and the Open Source Security Foundation helpful
-
Wake-up call: why it's urgent to deal with your hardcoded credentials
Today corporations, open source projects, nonprofit foundations, and even governments are all trying to figure out how to improve the global software supply chain security. While these efforts are more than welcome, for the moment, there is hardly any straightforward way for organizations to improve on that front.
-
'Securing Open Source Software Act' Introduced to US Senate
https://github.com/ossf/wg-best-practices-os-developers/blob...
-
Great Time at JavaZone 2022
Cross industry best practices - openssf.org
- Ask HN: Who is hiring? (June 2022)
PostHog
-
How Telemetry Saved my Open-Source Platform
It would be a shame not to mention PostHog as the telemetry provider we are using, since it turned out to be extremely useful. Because it is hard to find people who will talk with you about your product, gathering statistics gave us a much greater insight into our users.
-
Free tools for developers to build their apps
6- PostHog
-
Using Analytics on My Website
Hi HN, PostHog employee here. I'm working on our Web Analytics product, which is currently in beta. It's fun to see us mentioned here :)
I should mention that we have a ton of SDKs (see https://posthog.com/docs/libraries) for back end frameworks and languages, so if you wanted to use PostHog without any client-side JS you could send pageviews and other events manually, but for the vast majority of people it makes more sense to use our JS snippet.
Hijacking this comment to share the roadmap for web analytics https://github.com/PostHog/posthog/issues/18547. It's very much in the launch-early-and-be-embarassed phase, but I would love to hear any feedback or suggestions that people have, particularly if you're already a PostHog user.
-
Show HN: Flywheel
how's this different than https://posthog.com/ ?
-
Open Source alternatives to tools you Pay for
PostHog - Open Source Alternative to Mixpanel
- Show HN: Monitor your webapp with minimal setup
-
Ask HN: Where to Store Logs?
Don't insert the logs/events/analytics into your Application DB. Usually, you send those to specialist datastores (OLAP etc) that process such high volume of data. You can use something like clickhouse [0] for example or use 3rd party SAAS solutions like posthog [1] etc that are built on top of clickhouse
[0] https://clickhouse.com
[1] https://posthog.com
-
Ask HN: What would you use to build a mostly CRUD back end today?
I may use Flask-Admin initially to offload the "CRUD" operations to have an initial prototype fast but then drop it ASAP because I don't want to write a "flask-admin application" to fight against later on. If the application is mainly "CRUD", then Flask-Admin is suitable.
Now...
Would you do a breakdown/list of all the jobs you've done by sector/vertical and by function/role and by application functionality?
- [0]: https://flask.palletsprojects.com
- [1]: https://flask-admin.readthedocs.io/en/latest
- [2]: https://flask.palletsprojects.com/en/2.3.x/patterns/celery
- [3]: https://sentry.io
- [4]: https://posthog.com
- [5]: https://www.docker.com
-
Ask HN: Who is hiring? (July 2023)
PostHog | Remote (US/Europe timezones) | Full stack engineer, technical ex-founder, tech lead | https://posthog.com
PostHog is the only open-source Product OS, combining product analytics, session recordings, feature flags, cdp and a data warehouse in one.
We have a culture of written async communication (see our handbook [0]), lots of individual responsibility and an opportunity to make a huge impact. Being fully remote means we're able to create a team that is truly diverse. We're based all over the world, and the team includes former YC founders, CTOs turned developers and recent grads.
To apply see https://posthog.com/careers or email us [email protected]
[0] https://posthog.com/handbook/
-
planetsin.space -- a PI management and reminder tool
There seems to be posthog.com analytics and AB or feature flag functionality that is blocked by adblockers. Probably that?
What are some alternatives?
tpm2-tss - OSS implementation of the TCG TPM2 Software Stack (TSS2)
Snowplow - The enterprise-grade behavioral data engine (web, mobile, server-side, webhooks), running cloud-natively on AWS and GCP
tz - Time zone database and code
Matomo - Empowering People Ethically with the leading open source alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. Liberating Web Analytics. Star us on Github? +1. And we love Pull Requests!
aper - A Rust data structure library built on state machines.
Sentry - Developer-first error tracking and performance monitoring
Plausible Analytics - Simple, open source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.
bicep - Bicep is a declarative language for describing and deploying Azure resources
Grafana - The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
Zulip - Zulip server and web application. Open-source team chat that helps teams stay productive and focused.
openreplay - Session replay and analytics tool you can self-host. Ideal for reproducing issues, co-browsing with users and optimizing your product.