Asfaload

A new release of asfald, our downloader transparently validating chksums! github.com/asfaload/asf...
Most important feat: report vulnerability window,i.e. time between publication and mirroring of chksums. During that time an attacker could update file in release undetected.
#buildinpublic #release

GitHub - asfaload/asfasign: Generic multisig signoff solution Generic multisig signoff solution. Contribute to asfaload/asfasign development by creating an account on GitHub.

Starting a new project from scratch in a new language is often a trial and error approach. Such is the case for the implementation of our generic multisig signoff solution in #rustlang As we #buildinpublic, you can follow progress at github.com/asfaload/asf... Only 3 commits at this time ;-)

GitHub - joernio/joern: Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc - joernio/joern

github.com/joernio/joern is a multi language code analysis tool. Its release checksums are mirrored by Asfaload to increase the security of downloading it. Check how at asfaload.com/asfald/ #codeanalysis #opensource

Would be cool if sharing with #buildinpublic brought some discussion, let's see what this brings!

Another item originated from Asfaload: reusing the code interacting with Github I also published freshstuff.net , inspired by the long discontinued Freshmeat
This is not the focus of Asfaload, but could provide some additional visibility.

GitHub - asfaload/checksums: Copies of public checksums, usable to increase downloads security Copies of public checksums, usable to increase downloads security - asfaload/checksums

First deliverable: a checksums mirror github.com/asfaload/checksums usable with our CLI downloader: asfaload.com/asfald/
Using checksums originating from another location than the download server increases security.

Just discovered #buildinpublic, which is what I've done with asfaload.com but without any public :-). It started with the goal to provide authenticated downloads, but became a more general multisig sign-off solution. All developed in the open and under open source licenses (AGPLv3 or MPLv2) 🧵

GitHub - StyraInc/regal: Regal is a linter and language server for Rego, bringing your policy development experience to the next level! Regal is a linter and language server for Rego, bringing your policy development experience to the next level! - StyraInc/regal

With its checksums on the Asfaload mirror, Regal github.com/StyraInc/regal , a linter for #policy definitions used by the open policy agent www.openpolicyagent.org/docs, a #cncf graduate project , can be downloaded with additional security, see www.asfaload.com/asfald/

Ever missed Freshmeat? This is for you: get a continuously updated stream of newly published Github releases at www.freshstuff.net
And releases whose checksums files are mirrored by Asfaload are marked as such

Release v0.73.3 · cloudflare/pint Fixed Fixed incorrect value in This pint run would create N comment(s), which is more than the limit ... comments when using GitHub or GitLab with pint ci command.

A new release of @cloudflare.social 's pint, the #prometheus rule #linter has been published at github.com/cloudflare/p..., and its checksums are already available on asfaload's mirror to let you download with increased security. Check how at www.asfaload.com/asfald/ #security

github.com/pdfcpu/pdfcpu is a #pdf processing library in #go that you can download with additional #security using asfald (see www.asfaload.com/asfald/ )

GitHub - rusq/slackdump: Save or export your private and public Slack messages, threads, files, and users locally without admin privileges. Save or export your private and public Slack messages, threads, files, and users locally without admin privileges. - rusq/slackdump

Need to export your Slack data? this tool can help github.com/rusq/slackdump and as it publishes checksums in its release, our checksums mirror increases the security of your downloads, check out how at www.asfaload.com/asfald/ #slack #export #data #tool

Convert your images on the fly to webp thanks to github.com/webp-sh/webp... which can be downloaded with increased safety using asfald, for more info see www.asfaload.com/asfald/
#webp #server #golang

@neovim.io released version 0.11, a significant release available at github.com/neovim/neovi...! With our checksums mirror you can download it with additional security. Check out how at asfaload.com/asfald #neovim

Rancher Labs' GKE and AKS operators can be downloaded with additional security guarantees with asfald, check how here: www.asfaload.com/asfald
Their releases are at github.com/rancher/gke-... and github.com/rancher/aks-...
#security #k8s #Cloud

GitHub - EricCrosson/git-disjoint: Group commits by issue into GitHub PRs Group commits by issue into GitHub PRs. Contribute to EricCrosson/git-disjoint development by creating an account on GitHub.

Today's project discovery: github.com/EricCrosson/...
Group your commits by issue into Github PRs. Lets you work on one branch and push to distinct PRs afterwards.
Check how to download it with additional safety at www.asfaload.com/asfald/ #github #git #softwaredevelopment

Release v1.73.1 · huaweicloud/terraform-provider-huaweicloud

#terraform providers are often published with checksums. That's also the case of the huawei cloud provider: github.com/huaweicloud/...
See how you can download it with automatic checksums validation at asfaload.com/asfald

GitHub - Permify/permify: An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application. An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application. - Permify/permify

Friday project discovery: Permify (github.com/Permify/perm...) is an open source authorization as a service inspired by Google Zanzibar, and as they publish checksums, it can be downloaded with additional safety with asfald: www.asfaload.com/asfald/ #security #authorization

Thanks! I'll take a look, and will possibly reach out as it's always interesting to share experiences. :wq

Github://pulumi/pulumi · asfaload/checksums@3aba2bf

The copies on our mirror of checksums are now taken much more rapidly. This reduces even more the attack window (eg replacing a file and its checksums file). For example the checksums of this pulumi release were taken less than 3 mins after release: github.com/asfaload/che...

We had a breakthrough in our search of a satisfying procedure to handle lost and compromised keys, as well as account reinitialisation. All possible without having to trust. Will formalise all this, looking forward to have it implemented!
#security #multisig #signature #softwaresupplychain

GitHub - obalunenko/shipping-pack-optimizer: Golang API & UI for optimizing product pack shipments Golang API & UI for optimizing product pack shipments - obalunenko/shipping-pack-optimizer

Looking at our checksums mirror allows me to discover some niche software, this week it is a shipping pack optimiser: github.com/obalunenko/s...
Download it with additional confidence with our downloader asfald: www.asfaload.com/asfald/
#software #shipping #optimization

FOSDEM 2025 - Increasing security of internet downloads with Asfaload

My 15 minutes lightning talk at @fosdem.bsky.social about Asfaload is now online at fosdem.org/2025/schedul...
#fosdem #lightning #video

GitHub - tursodatabase/limbo: Limbo is a project to build the modern evolution of SQLite. Limbo is a project to build the modern evolution of SQLite. - tursodatabase/limbo

@tur.so 's modern evolution of sqlite github.com/tursodatabas... can be downloaded with added security with @asfaload.bsky.social's tool www.asfaload.com/asfald. Give it a try, it gets and validates checksums from an independent source in addition to the github release.

The biggest downside for me is the tooling that is not as good as in some other ecosystems (I'm using neovim). I'm still a fan though as I explained in a similar blog post a couple of months ago: www.asfaload.com/blog/conside...

Legally it is absolutely ok [1], I just wanted to let you know and check you were personally ok with it.

1: www.apache.org/licenses/GPL...

Just added the release-revocation process in our spec at github.com/asfaload/spe...

Next process to add: how do we handle a key compromise. Follow this issue if you're interestd: github.com/asfaload/spe...

As always, interested in questions, comments, remarks. Let me know here or on github.

GitHub - asfaload/collector: checksums collector checksums collector. Contribute to asfaload/collector development by creating an account on GitHub.

Adding some test to our backend. Using FsHttp is a pleasure, as is using it in tests combined with Suave. And as FsHttp's Apache 2 license is compatible with our choice of AGPLv3, I copied some test helpers making it even easier. I hope you're fine with it @schlenkr.bsky.social #fsharp

GitHub - Escape-Technologies/cloudfinder: Detect the cloud / hosting provider of a given host. Fast, static & offline Detect the cloud / hosting provider of a given host. Fast, static & offline - Escape-Technologies/cloudfinder

Here is friday's discovery of a project which can be downloaded more safely with our downloader asfald: github.com/Escape-Techn... lets you determine the cloud / hosting provider of a given host.
See how to use asfalod at www.asfaload.com/asfald/
#friday #project #discovery #security

I'm giving an ignite talk @cfgmgmtcamp.bsky.social tuesday about increasing security of internet downloads with Asfaload.
15s per auto-advancing slides, will be fun! Details and slides at www.asfaload.com/blog/cfgmgmt...
#cfgmgmt #talk #security