Cornice provides helpers to build & document REST-ish Web Services withPyramid, with decent default behaviors. Flash for safari mac. It has validation features, and can beintegrated with tools like Colander for complex validations.
Cornice can automatically generate Sphinx-based documentation for your APIs.
Air Mozilla is the Internet multimedia presence of Mozilla, with live and pre-recorded shows, interviews, news snippets, tutorial videos, and features about the Mozilla community. Git is an example of a VCS, and GitHub is a web site + infrastructure that provides a Git server plus a number of really useful tools for working with git repositories individually or in teams, such as reporting issues with the code, reviewing tools, project management features such as assigning tasks and task statuses, and more.
Circus is a process & socket manager. It can be used to monitor and controlprocesses and sockets.
With Circus you can control a whole stack from the command-line or a webinterface, and have real-time statistics.
Metlog is a service for applications to capture and inject arbitrary data intoa backend storage suitable for out-of-band analytics and processing.
It's a client-server system that has almost no impact on your applicationperformances. You can use it to send stats to Logstash for instance, usingvarious transports like UDP and ZeroMQ. Netscape for mac.
Powerhose turns your CPU-bound tasks into I/O-bound tasks so your Pythonapplications are easier to scale.
Video servers for mac. Powerhose is an implementation of the Request-Reply Broker pattern in ZMQ, withsome extra features around.
Wat? Another message queue?
Given the proliferation of message queue's, one could be inclined to believethat inventing more is not the answer. Using an existing solution was attemptedmultiple times with most every existing message queue product.
The others failed (for our use-cases).
Queuey is meant to handle some unique conditions that most other message queuesolutions either don't handle, or handle very poorly. Many of them for exampleare written for queues or pub/sub situations that don't require possibly longerterm (multiple days) storage of not just many messages but huge quantities ofqueues.
Tokenlib is a generic support library for signed-token-based auth schemes. Weare using it to generate HMAC tokens for ourtoken-server project.
Vaurien is a TCP proxy which will let you simulate chaos between yourapplication and a backend server.
Collect, aggregate, and visualize your data. That's the long-term goal at least, currently heka works as an agent deployed in nodes to collect data, and as an aggregator that agents can relay data into that will then save it to a permanent store (or multiple ones).
- 1Overview and Purpose
- 2Guidelines
- 3Implementation
GitHub is a wonderful ecosystem with many extensions to make certain workflows easier. However, if you are in the 1% that host a 'sensitive' repository on GitHub, you may want to follow the suggestions below.
The permissions model on GitHub, especially for older OAuth authenticated apps, is quite broad -- what you enable for one project applies to all projects you have access to.
This can expose repositories with sensitive information to risks, without the repository admins being aware of risks. The following guidelines should be applied to all sensitive repositories (defined below) hosted on GitHub.
The purpose of this checklist is to provide a base level of protection against compromise of credentials that may have the ability to modify repository resources (code, wikis, issues, etc.). Those credentials could belong either to an individual, or given to GitHub extensions.
These guidelines were developed by the Firefox Operations Security team. Direct any questions or comments on the guidelines to secops+github mozilla.com.
For implementation assistance contact the owners of your GitHub organization.
Terminology
As used in this document, the following terms have specific meanings.
- Repositories containing code that is directly or indirectly part of the Firefox product delivered by Mozilla.
- Repositories containing code that is run in production as part of services supporting the build, release, or ongoing operations of Firefox.
- Repositories containing PII or 3rd party IP which Mozilla has a contractual obligation to protect
The guidelines below are strongly encouraged, and may be required by some groups. If you have reasons for not adopting individual ones, please document that for future reference.
Each checklist below is in MARKDOWN format to be copy/pasted into Github issues.
Membership
Repository
Mozilla Github Fenix
Initial
The following 3 recommendations should be implemented first:
- Use of 2fa by everyone associated with the sensitive repository.
- Implementing signed commits and tags into your workflows. Note: While conceptually 'simple', in practice it is difficult to enforce and audit when GitHub web commits and commits from automation are used (which is almost always). For now, tags used to mark releases should be signed.
- Hosting in a Mozilla staff managed organization.
The other recommendations should follow as soon as practical.
Ongoing
- Review repository and organization settings. Many of the guidelines require the cooperation of individuals to implement. At the moment, there is no automated way to assess the degree of implementation. Until such automation is in place, manual checking should be done on a regular basis. Once a quarter is recommended.
- Review Guidance for changes. The guidance should be reviewed for applicability to each sensitive repository on a regular basis. The recommendation is to do this on any significant change, or once a year.
Mozilla Github Io
Just 'flipping the switch' on some of these guidelines can, for some teams, be disruptive, and possibly add excessive friction. Please review collected solutions to various problems on the Problems and Options page. Consult with the security team supporting your project if you have any questions.
The goal is to minimize risk to an appropriate level for each repository.
Mozilla Github Tutorial