Asfaload
LightNews LightNews
asfaload.bsky.social
Asfaload
@asfaload.bsky.social
10 followers 2 following 51 posts
https://www.asfaload.com
www.asfaload.com
Posts Media Videos Starter Packs
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Jun 24
A new release of asfald, our downloader transparently validating chksums! github.com/asfaload/asf...
Most important feat: report vulnerability window,i.e. time between publication and mirroring of chksums. During that time an attacker could update file in release undetected.
#buildinpublic #release
Release v0.6.0 · asfaload/asfald
0.6.0 (2025-06-24) Features add flag to overwrite existing files (ebb8589) print vulnerability window of index (158048c) print vulnerability window of index (640e316) refuse to overwrite existing ...
github.com
1 4
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Jun 24
Starting a new project from scratch in a new language is often a trial and error approach. Such is the case for the implementation of our generic multisig signoff solution in #rustlang As we #buildinpublic, you can follow progress at github.com/asfaload/asf... Only 3 commits at this time ;-)
GitHub - asfaload/asfasign: Generic multisig signoff solution
Generic multisig signoff solution. Contribute to asfaload/asfasign development by creating an account on GitHub.
github.com
1
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Jun 20
github.com/joernio/joern is a multi language code analysis tool. Its release checksums are mirrored by Asfaload to increase the security of downloading it. Check how at asfaload.com/asfald/ #codeanalysis #opensource
GitHub - joernio/joern: Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc
Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc - joernio/joern
github.com
2
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Jun 11
Would be cool if sharing with #buildinpublic brought some discussion, let's see what this brings!
1 1
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Jun 11
Another item originated from Asfaload: reusing the code interacting with Github I also published freshstuff.net , inspired by the long discontinued Freshmeat
This is not the focus of Asfaload, but could provide some additional visibility.
Freshstuff - 2025-06-11
freshstuff.net
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Jun 11
First deliverable: a checksums mirror github.com/asfaload/checksums usable with our CLI downloader: asfaload.com/asfald/
Using checksums originating from another location than the download server increases security.
GitHub - asfaload/checksums: Copies of public checksums, usable to increase downloads security
Copies of public checksums, usable to increase downloads security - asfaload/checksums
github.com
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Jun 11
Just discovered #buildinpublic, which is what I've done with asfaload.com but without any public :-). It started with the goal to provide authenticated downloads, but became a more general multisig sign-off solution. All developed in the open and under open source licenses (AGPLv3 or MPLv2) 🧵
Asfaload: Generalized Multisignature Sign-Off — Asfaload
Asfaload provides a generalized multisignature sign-off solution for authenticating digital artifacts and processes.
asfaload.com
3 3
asfaload.bsky.social
Asfaload @asfaload.bsky.social · May 30
With its checksums on the Asfaload mirror, Regal github.com/StyraInc/regal , a linter for #policy definitions used by the open policy agent www.openpolicyagent.org/docs, a #cncf graduate project , can be downloaded with additional security, see www.asfaload.com/asfald/
GitHub - StyraInc/regal: Regal is a linter and language server for Rego, bringing your policy development experience to the next level!
Regal is a linter and language server for Rego, bringing your policy development experience to the next level! - StyraInc/regal
github.com
asfaload.bsky.social
Asfaload @asfaload.bsky.social · May 19
Ever missed Freshmeat? This is for you: get a continuously updated stream of newly published Github releases at www.freshstuff.net
And releases whose checksums files are mirrored by Asfaload are marked as such
Freshstuff - 2025-05-19
www.freshstuff.net
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Apr 25
A new release of @cloudflare.social 's pint, the #prometheus rule #linter has been published at github.com/cloudflare/p..., and its checksums are already available on asfaload's mirror to let you download with increased security. Check how at www.asfaload.com/asfald/ #security
Release v0.73.3 · cloudflare/pint
Fixed Fixed incorrect value in This pint run would create N comment(s), which is more than the limit ... comments when using GitHub or GitLab with pint ci command.
github.com
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Apr 23
github.com/pdfcpu/pdfcpu is a #pdf processing library in #go that you can download with additional #security using asfald (see www.asfaload.com/asfald/ )
github.com
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Apr 11
Need to export your Slack data? this tool can help github.com/rusq/slackdump and as it publishes checksums in its release, our checksums mirror increases the security of your downloads, check out how at www.asfaload.com/asfald/ #slack #export #data #tool
GitHub - rusq/slackdump: Save or export your private and public Slack messages, threads, files, and users locally without admin privileges.
Save or export your private and public Slack messages, threads, files, and users locally without admin privileges. - rusq/slackdump
github.com
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Apr 4
Convert your images on the fly to webp thanks to github.com/webp-sh/webp... which can be downloaded with increased safety using asfald, for more info see www.asfaload.com/asfald/
#webp #server #golang
GitHub - webp-sh/webp_server_go: Go version of WebP Server. A tool that will serve your JPG/PNG/BMP/SVGs as WebP/AVIF format with compression, on-the-fly.
Go version of WebP Server. A tool that will serve your JPG/PNG/BMP/SVGs as WebP/AVIF format with compression, on-the-fly. - webp-sh/webp_server_go
github.com
1
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Mar 28
@neovim.io released version 0.11, a significant release available at github.com/neovim/neovi...! With our checksums mirror you can download it with additional security. Check out how at asfaload.com/asfald #neovim
github.com
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Mar 21
Rancher Labs' GKE and AKS operators can be downloaded with additional security guarantees with asfald, check how here: www.asfaload.com/asfald
Their releases are at github.com/rancher/gke-... and github.com/rancher/aks-...
#security #k8s #Cloud
What is asfald? — Asfaload
www.asfaload.com
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Mar 14
Today's project discovery: github.com/EricCrosson/...
Group your commits by issue into Github PRs. Lets you work on one branch and push to distinct PRs afterwards.
Check how to download it with additional safety at www.asfaload.com/asfald/ #github #git #softwaredevelopment
GitHub - EricCrosson/git-disjoint: Group commits by issue into GitHub PRs
Group commits by issue into GitHub PRs. Contribute to EricCrosson/git-disjoint development by creating an account on GitHub.
github.com
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Mar 7
#terraform providers are often published with checksums. That's also the case of the huawei cloud provider: github.com/huaweicloud/...
See how you can download it with automatic checksums validation at asfaload.com/asfald
Release v1.73.1 · huaweicloud/terraform-provider-huaweicloud
github.com
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Feb 28
Friday project discovery: Permify (github.com/Permify/perm...) is an open source authorization as a service inspired by Google Zanzibar, and as they publish checksums, it can be downloaded with additional safety with asfald: www.asfaload.com/asfald/ #security #authorization
GitHub - Permify/permify: An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application.
An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application. - Permify/permify
github.com
1
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Feb 27
Thanks! I'll take a look, and will possibly reach out as it's always interesting to share experiences. :wq
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Feb 27
The copies on our mirror of checksums are now taken much more rapidly. This reduces even more the attack window (eg replacing a file and its checksums file). For example the checksums of this pulumi release were taken less than 3 mins after release: github.com/asfaload/che...
Github://pulumi/pulumi · asfaload/checksums@3aba2bf
github.com
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Feb 21
We had a breakthrough in our search of a satisfying procedure to handle lost and compromised keys, as well as account reinitialisation. All possible without having to trust. Will formalise all this, looking forward to have it implemented!
#security #multisig #signature #softwaresupplychain
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Feb 21
Looking at our checksums mirror allows me to discover some niche software, this week it is a shipping pack optimiser: github.com/obalunenko/s...
Download it with additional confidence with our downloader asfald: www.asfaload.com/asfald/
#software #shipping #optimization
GitHub - obalunenko/shipping-pack-optimizer: Golang API & UI for optimizing product pack shipments
Golang API & UI for optimizing product pack shipments - obalunenko/shipping-pack-optimizer
github.com
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Feb 14
My 15 minutes lightning talk at @fosdem.bsky.social about Asfaload is now online at fosdem.org/2025/schedul...
#fosdem #lightning #video
FOSDEM 2025 - Increasing security of internet downloads with Asfaload
fosdem.org
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Feb 14
@tur.so 's modern evolution of sqlite github.com/tursodatabas... can be downloaded with added security with @asfaload.bsky.social's tool www.asfaload.com/asfald. Give it a try, it gets and validates checksums from an independent source in addition to the github release.
GitHub - tursodatabase/limbo: Limbo is a project to build the modern evolution of SQLite.
Limbo is a project to build the modern evolution of SQLite. - tursodatabase/limbo
github.com
asfaload.bsky.social
Asfaload @asfaload.bsky.social · Feb 11
The biggest downside for me is the tooling that is not as good as in some other ecosystems (I'm using neovim). I'm still a fan though as I explained in a similar blog post a couple of months ago: www.asfaload.com/blog/conside...
Why you should consider F# — Asfaload
www.asfaload.com
1