Seeing the Axios #compromise on #npm, and as Asfaload enables the detection of unauthorised publications in case of an account hijack,I feel there must be serious opportunities for the project.Take a look at https://www.asfaload.com/ and let me know if you have suggestions! #security #supplychain #opensource
Asfaload
@asfaload
- 12 Followers
- 7 Following
- 72 Posts
Securing internet downloads, see https://www.asfaload.com
Asfaload project,aiming to provide an auditable multisig file downloads auth,passed 1000 commits: https://github.com/asfaload/asfaload In this LLMs age,it might become an even less interesting metric,but if only for me,it reflects the time and energy I put in the project #buildinpublic #opensource #rustlang
Trying to make Asfaload both secure and future proof by using sha256 oids in its #git backend. This has a performance cost as we need to shell out to the CLI, the libraries support of sha256 oids being WIP. Hoping we don't need to go back to sha1 oids as converting later would be a disrupting change
When you #buildinpublic, you also make mistakes in public. No one should not feel bad about it when it happens. I'll share my most recent mistake, anyone willing to follow? Today I realised that in my test pipeline most tests ran twice, leading to loooooong test runs. I discovered it by chance 😬
As my use of #ai has increased gradually (https://asfaload.com/blog/ai_use/), I have more #code #review work on my plate. I have just installed tuicr (https://tuicr.dev/) in the #docker image I use for development (https://github.com/asfaload/agents_container) , and it looks very helpful to ease review of code generated by an #agent
You have to start somewhere: happy with the 10 ⭐ the project got on GitHub: https://github.com/asfaload/asfaload #buildinpublic #foss #opensource #rustlang
RE: https://infosec.exchange/@pcwizz/115329175155159831
I just watched this talk about #rustlang #appsec and my to-do list just got some new high priority items! Interesting talk, especially for the pointers to recommended tools. https://m.youtube.com/watch?v=5qyuV62nJyM
You know that feeling as a #developer when you see something in your #software doesn't work as you expected, but you then realise it was you that was wrong and your #code was doing exactly what's needed?
#development #devs #tests
#development #devs #tests
In the Asfaload codebase, there was a pattern that kept appearing: using #rust enum to wrap trait implementations. It offers great flexibility, clean #code, all with full #typesafety and no dynamic dispatch. I haven't seen it described often, let's change that! https://www.asfaload.com/blog/rust-trait-enum/