wg-best-practices-os-developers
tz
Our great sponsors
wg-best-practices-os-developers | tz | |
---|---|---|
16 | 75 | |
622 | 1,419 | |
5.9% | - | |
9.7 | 9.1 | |
5 days ago | 2 days ago | |
JavaScript | C | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg-best-practices-os-developers
-
12 Free Courses To Help You Develop More Secure Software - Shift Security Left
You will learn about the different checks provided by OpenSSF Scorecard, how to configure the checks for your environment, and how to automate their implementation.
-
Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding
In April 2014, the Linux Foundation Executive Director Jim Zemlin seized the opportunity to get visibility and managed to get Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware to all pledge to commit at least $100,000 a year for at least three years to the Core Infrastructure Initiative. The initiative continued for many years and eventually transformed into the Open Source Security Foundation. Also due to Heartbleed, the European Commission launched the EU-Free and Open Source Software Auditing project and spent at least a million euros on auditing OpenSSL, the Apache Server, KeePass, and other security-critical open source software.
-
Compiler Options Hardening Guide for C and C++
https://github.com/ossf/wg-best-practices-os-developers/issu...
The idea of using `-fsanitize-minimal-runtime` is interesting. I don't have any direct experience with that option. I've created an issue to investigate maybe adding that to the guide. Thanks for the tip!
-
OSCM: The Open Source Consumption Manifesto
These are technical details that are out of the scope of this article, but we think that it is important to mention them because the security strategy of a company should be based on a solid foundation, and these frameworks show that there are already some good starting points, companies don't have to start from scratch. If you want to know more about them or other ways to improve the security of your software supply chain, visit the OpenSSF website.
-
Best practices for effective attack surface analysis
Participating in the cybersecurity community can be a useful way to gain information about security trends and possible risks. Organizations such as the OWASP, OpenSSF, SANS Institute, and ISC2 promote the exchange of information between organizations and can raise the alarm about emerging issues or hacking strategies.
-
Need help with use cases for my new open-source project that deals with open-source security
You might find Awesome Security or Other Security Awesome Lists and the Open Source Security Foundation helpful
-
Wake-up call: why it's urgent to deal with your hardcoded credentials
Today corporations, open source projects, nonprofit foundations, and even governments are all trying to figure out how to improve the global software supply chain security. While these efforts are more than welcome, for the moment, there is hardly any straightforward way for organizations to improve on that front.
- 'Securing Open Source Software Act' Introduced to US Senate
-
Great Time at JavaZone 2022
Cross industry best practices - openssf.org
- Ask HN: Who is hiring? (June 2022)
tz
-
RFC 3339 vs. ISO 8601
A link was added from "Europe/Kiev" to "Europe/Kyiv" in the included-by-default backward file [0], so that any user that doesn't exclude that file will simply treat the old name as an alias for the new name.
[0] https://github.com/eggert/tz/commit/e13e9c531fc48a04fb8d064a...
-
A Guide to Date and Time Formatting in JavaScript
timeZone: Determines the current timezone to use to display the time e.g. America/Los_Angeles. Full list can be found on IANA time zone database
-
Navigating the timezone nightmare in product development
"Eire" is in there, for instance, to deal with software that assumes that the "is_dst" half of the year is during the (northern) summer, but Ireland technically does it the other way around -- a distinction relevant only to computers.
https://github.com/eggert/tz/blob/c3e966c59b02b1f47f0b7b0e4a...
The only other timezone that currently has a non-1h offset for DST -- Ireland's is -1 hours -- is Australia/Lord_Howe, which has a 30-min positive leap.
-
coolest discoveries at ucla
Prof Paul Eggert is currently the editor and coordinator of the Time Zone Database of IANA, which enables timestamps on official documents and photos.
-
Small parser for the tzdb text file format (based on Esrap)
I've looked at it, but wanted to work with the tz source repository directly (I think local-time gets their zone files from Ubuntu). Also getting zic running in a portable way seemed too much of a hassle. The text file format is not all that complicated and documented in the zic manual pretty well. This approach is also chosen by the JDK as far as I can tell.
- Time Zone Database
-
Software developers in 60s
Subscribe to tz-announce for more fun: https://www.iana.org/time-zones
-
Regional Daylight Saving Timezone changed but not reflected in Android
Unfortunately, you just wait. The person(s) at IANA who manages The Time Zone Database is certainly aware, and from there it "just" has to percolate down to Google and your phone.
-
Google home can't even tell the right time.
most systems use https://www.iana.org/time-zones
-
What is your opinion of Daylight Saving Time?
And have you looked at the TZ database? My God it's a hot mess, and for good reason: human governments are terrible at creating code. Worse even than beginning CS students, because at least CS students know they don't know what they're doing, while politicians are both stupid and arrogant enough to think they're not stupid.
What are some alternatives?
tpm2-tss - OSS implementation of the TCG TPM2 Software Stack (TSS2)
lcurses - Lua bindings for Curses
aper - A Rust data structure library built on state machines.
microsoft-foss-fund - The Microsoft FOSS Fund provides a direct way for Microsoft engineers to participate in the nomination and selection process to help communities and projects they are passionate about. The FOSS Fund provides $10,000 sponsorships to open source projects as selected by Microsoft employees.
bicep - Bicep is a declarative language for describing and deploying Azure resources
rp-hal - A Rust Embedded-HAL for the rp series microcontrollers
Zulip - Zulip server and web application. Open-source team chat that helps teams stay productive and focused.
powertools-lambda-python - A developer toolkit to implement Serverless best practices and increase developer velocity.
serverless-graphql - Serverless GraphQL Examples for AWS AppSync and Apollo
polonius - Defines the Rust borrow checker.
zotero - Zotero is a free, easy-to-use tool to help you collect, organize, annotate, cite, and share your research sources.
PowerShell - PowerShell for every system!