Asfaload can now use your ed25519 ssh keys to sign artifacts! No additional key to manage for Asfaload.

I will probably use the #linux kernel's policy on #ai coding #agents in my projects like @asfaload.bsky.social . In short, add a "Assisted-by: AGENT_NAME:MODEL_VERSION [TOOL1] [TOOL2]" tag to the commits. Humans commit and take responsabilities, but agent use is traced.

I'm having a good experience with getaurora.dev/en/ and #immutable #linux #distribution using #kde , based on universal-blue.org. Integrates distrobox, tailscale, automatic and atomic updates. Only small quirk encountered until now is copy paste between terminals for different containers

A question for #security experts: I'm using #rustlang 's pkcs5 crate that only proposes cbc mode for scrypt(eg this function: scrypt_aes256cbc). Having read GCM is much better than CBC, should I look for an alternative? This is a new project without back compat required.
#crypto #cryptography #help

Not sure it is the right order: our documentation is deployed before our backend is even online :-D
www.asfaload.com/doc/
The fastest way to deploy the doc was using rust-lang.github.io/mdBook/ , incidentally a #rustlang project like us.
#buildinpublic #mdbook #security #softwaresupplychain

Seeing the Axios #compromise on #npm, and as Asfaload enables the detection of unauthorised publications in case of an account hijack,I feel there must be serious opportunities for the project.Take a look at www.asfaload.com and let me know if you have suggestions! #security #supplychain #opensource

Germany Mandates ODF for Public Administration in Sovereign Digital Stack Germany requires Open Document Format in its new sovereign digital framework, standardizing document use across public administrations.

Finally, an administration mandates #odf: linuxiac.com/germany-mand...
Mandating odf was a suggestion I shared in my eu consultation answer a couple weeks ago. Not sure it is the case, but all tenders should also mandate open formats. Let's hope other in #eu follow. #foss #opensource

Asfaload project,aiming to provide an auditable multisig file downloads auth,passed 1000 commits: github.com/asfaload/asf... In this LLMs age,it might become an even less interesting metric,but if only for me,it reflects the time and energy I put in the project #buildinpublic #opensource #rustlang

Just after posting about tuicr.dev, I discovered during a review that an agent removed a bunch of tests rather than adapt them. #codereview is not optional with #ai #agents...

I find tuicr.dev really useful to #review #ai generated #code ( #rustlang in my case). I've added it to my container config to run agents if anyone is interested: github.com/asfaload/age...

When you #buildinpublic, you also make mistakes in public. No one should not feel bad about it when it happens. I'll share my most recent mistake, anyone willing to follow? Today I realised that in my test pipeline most tests ran twice, leading to loooooong test runs. I discovered it by chance 😬

As my use of #ai has increased gradually (asfaload.com/blog/ai_use/), I have more #code #review work on my plate. I have just installed tuicr (tuicr.dev) in the #docker image I use for development (github.com/asfaload/age...) , and it looks very helpful to ease review of code generated by an #agent

GitHub - asfaload/asfaload: Generic multisig signoff solution Generic multisig signoff solution. Contribute to asfaload/asfaload development by creating an account on GitHub.

You have to start somewhere: happy with the 10 ⭐ the project got on GitHub: github.com/asfaload/asf... #buildinpublic #foss #opensource #rustlang

An intro to the world of auditing Rust code YouTube video by Oxidize Conference

I just watched this talk about #rustlang #appsec and my to-do list just got some new high priority items! Interesting talk, especially for the pointers to recommended tools. m.youtube.com/watch?v=5qyu...

In my case it was my understanding of the situation that was incorrect.I thought the completion of an aggregate signature in @asfaload.bsky.social was happening too early, before all member signatures were collected. Until I realized the 'missing' signature had been collected at initialisation time

You know that feeling as a #developer when you see something in your #software doesn't work as you expected, but you then realise it was you that was wrong and your #code was doing exactly what's needed?
#development #devs #tests

In the Asfaload codebase, there was a pattern that kept appearing: using #rust enum to wrap trait implementations. It offers great flexibility, clean #code, all with full #typesafety and no dynamic dispatch. I haven't seen it described often, let's change that! www.asfaload.com/blog/rust-tr...

Happy of the #progress of the project. Those commit and PR numbers are not something to pay much attention too, but it confirms the #project is much alive and progresses continuously.

My Music TL;DR: I like writing songs, mainly for my own amusement, about things that I’m familiar with, which usually means web development, security, and working with other people. I have a long hist…

If you're a #developer, here is some #music you should know about: marcus.bointon.com/music/
Or did you already know songs about #pairprogramming #tailwind #laravel #fediverse #php #webhooks and other dev-themes?

How to run setup code before any tests run in Rust? I have a Rust app (a simple interpreter) that needs some setup (initialize a repo) before the environment is usable. I understand that Rust runs its tests (via cargo test) in a multithreaded manne...

Maybe using std::sync::Once is the way to go.
stackoverflow.com/a/58006287

#rustlang #tests

Something like described here (beforeAll): jestjs.io/docs/setup-t...

For my #rustlang project's I was looking at possibly switching to nextest, but it doesn't seem to support "a common setup running once and used by all tests in the binary", which I will probably want to implement to shorten my #tests runs....

GitHub - asfaload/asfaload: Generic multisig signoff solution Generic multisig signoff solution. Contribute to asfaload/asfaload development by creating an account on GitHub.

🎉 First time I could go through the whole chain:
- register multisig from a github project
- activate it by signing it
- register a release
- sign it
- download a release artifact and authenticate it

github.com/asfaload/asf...

#buildinpublic #progress #rust

I contributed to the #eu consultation regarding #foss #opensource #freesoftware . Did you? You can still do it until 3 Feb (tomorrow!). interoperable-europe.ec.europa.eu/collection/o...

After the thrills of talking about the project with fellow #fosdem visitors, I'm back at the programming desk. Signals regarding @asfaload.bsky.social were positive, keeping me motivated to #buildinpublic this #opensource #multisig solution!

Some #fun at #fosdem

Asfaload flyer

No asfaload talk at #fosdem this year, but I prepared the design of an A4 flyer, see blog post asfaload.com/blog/fosdem2...
And image here:
asfaload.com/blog/fosdem2...
#buildinpublic #promo #flyer #foss

Always good to see #fosdem there. It's taking place next week btw!

Events though I now put it clearly in my AGENTS.md file, my #ai #agent fails using the constants used in the project and continues to hardcode values. Every review adds a commit titled 'no hardcoded values' [1] ! What more can I do?.... #llms #opencode #glm #rust
1: github.com/asfaload/asf...

My use of llms for programming has evolved so drastically that I thought it was interesting enough write a blog post about it: asfaload.com/blog/ai_use/
#ai #llms #programming