Our great sponsors
-
If anyone is looking to do some open source contributions on a mature, production Ruby on Rails site, I highly recommend contributing to the rubygems.org project. The code is extremely clean and the repo is very, very well run.
-
This is fantastic work by the RubyGems maintainers!
One interesting (IMO) aspect of this: there are secondary package ecosystems that piggyback on RubyGems that don't qualify for the 2FA mandate at the moment (since, as user-installed packages, they don't have quite the same volume as an extremely popular library package).
The biggest one I can thing of is CocoaPods[1] -- huge swaths of the iOS and macOS ecosystems rely on it, but it has "only" 57 million RubyGems downloads[2] and therefore doesn't qualify as a top-100 package. This demonstrates (again, IMO) the need for manual curation on top of a uniform policy for the top N packages.
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
ios-application
A native, lightweight and secure one-time-password (OTP) client built for iOS; Raivo OTP!
I recently migrated all of my 2FA logins to Raivo [0]. It's iOS-only but open source and very nicely built. The key feature that made me switch is that it can export by 2FA tokens as a backup.
I got worried when I started thinking about this scenario, and realized Google Authenticator offers no way to back up the tokens. The only way out is to transfer to a new device using a QR code. They pretty much lock you in to using Google Authenticator.
And, crucially, backing up the phone DOESN'T SAVE THE TOKENS.
I almost learned this the hard way when I got a new phone, restored from backup, and right before I wiped my old phone I decided on a lark to check that Google Authenticator was working on the new one. The app was there, but the tokens were not.
