@sethmlarson@fosstodon.org
@sethmlarson@fosstodon.org avatar

sethmlarson

@sethmlarson@fosstodon.org

:python: PSF Security Developer-in-Residence 🐍 PSF Fellow ✨ Minnesoootan, he/him

This profile is from a federated server and may be incomplete. Browse more on the original instance.

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Did you know @Tidelift is hosting tomorrow? 😱 Upstream is a free online-only conference about open source, I'll be in the hallway track for part of the day! Drop in and say hello :ablobcatwave:

This years theme is "Unusual solutions to the usual problems".

The schedule is looking to be great, there's a discussion about "life after xz" with tons of perspectives, a few sessions on public sector and OSS, and of course maintainer-focused sessions too!

https://upstream.live/schedule

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

The funny thing about iOS Lockdown Mode is you get to see how absolutely gigantic some URLs can get with tracking information... 👀

webology, to random
@webology@mastodon.social avatar

@sethmlarson in non-security news... https://www.theverge.com/2024/6/3/24170572/modretro-chromatic-game-boy-color-palmer-luckey-price-release-date

sethmlarson,
@sethmlarson@fosstodon.org avatar

@webology I like it, but probably won't be getting one. The most interesting feature IMO is the USB-C video out, wish that Analogue had something similar!

webology, to random
@webology@mastodon.social avatar

While this is good advice, pinned GitHub Actions are not immutable because they share the same syntax as a label.

This means that someone can delete the image tied to an SHA and replace it with a label (that matches the SHA) to point it to a different image.

GitHub could fix this by migrating to a new syntax, but I suspect Docker is the underline issue here. https://s.ovalerio.net/@dethos/112552632476543887

sethmlarson,
@sethmlarson@fosstodon.org avatar

@pradyunsg @webology This is good to know! Thank you for confirming this.

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

I'm running a small experiment in human curation, I keep a collection of cool stuff that I'm interested in on my website:

https://sethmlarson.dev/links

If you're into software, retro-gaming, security, or maybe just things that I find amusing, give it a peek! :)

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

This is a /really/ great read about how software needlessly requiring always-on and fast internet are failing users: https://brr.fyi/posts/engineering-for-slow-internet

sethmlarson,
@sethmlarson@fosstodon.org avatar

@brainwane Yuuup. There were a few points in there too that I hadn't thought about to conclusion as well, like being able to side-step your application's built-in download process and provide it with the file it intended to download that you've fetched through a more reliable process.

It makes total sense to me now that I've read it, but I've always framed the problem as "applications themselves have to do better", but the ability to use a local file improves so many use-cases.

sethmlarson, to python
@sethmlarson@fosstodon.org avatar

Want to follow along with Nate Ohlson who's working on adopting hardened compiler options for #Python as a part of Google Summer of Code 2024? They're publishing to Mastodon!

https://fosstodon.org/@nohlson@social.python-gsoc.org

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Currently wishing there was a better plural of "trie"

swallez, to random
@swallez@mastodon.tetaneutral.net avatar

How old pinballs work. The sheer ingenuity in these devices is amazing. Nowadays all this logic is handled in software. https://www.youtube.com/watch?v=XeDCCNFAULk

sethmlarson,
@sethmlarson@fosstodon.org avatar

@swallez Thanks for sharing this, love these deep-dives! I already have a list of pinball nerds to forward this along :)

webology, to random
@webology@mastodon.social avatar

@sethmlarson I woke up with a random thought that didn't quite fit into a GitHub issue.

Would it make sense to publish your monthly pypi-data dataset on Hugging Face?

I ask because it's starting to feel like a standard for data people. Plus, libraries like DuckDB support it natively.

There are a few in the pypi space https://huggingface.co/datasets?search=pypi including https://huggingface.co/datasets/KingfernJohn/kfj-pypi-packages-metadata

Very few see frequent updates though.

sethmlarson,
@sethmlarson@fosstodon.org avatar

@webology Oh huh! I would be okay doing that if it'd mean folks are able to use the data more easily :)

ianlewis, to random
@ianlewis@hachyderm.io avatar

I just published a bit on GitHub Artifact Attestations and how they relate to SLSA and Sigstore. Hopefully it can serve as a helpful supplement to GitHub's own blog post.
https://www.ianlewis.org/en/understanding-github-artifact-attestations

sethmlarson,
@sethmlarson@fosstodon.org avatar

@ianlewis Thanks for writing this up Ian! I really appreciate you calling out SLSA build level 3 specifically, there's so much confusion about "what is build provenance, what is publish provenance" and in my mind SLSA build 3 = build provenance, SLSA build 2 = publish provenance"

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Might have to unfollow a bunch of YouTubers making Thousand Year Door content, people are out here putting spoilers in video titles 😬

fohrloop, to python
@fohrloop@fosstodon.org avatar

Can sigtore signatures be uploaded to PyPI, and is there / would there be any use for them?

I was reading through https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ and noticed the .sigstore files were only uploaded to GitHub Releases.

sethmlarson,
@sethmlarson@fosstodon.org avatar

@fohrloop coming with PEP 740 from @yossarian https://discuss.python.org/t/pep-740-index-support-for-digital-attestations/44498

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

It's official now: I'm keynoting Taiwan this September! 🤩

https://twitter.com/PyConTW/status/1793884640379335026

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

It's tough seeing Paper Mario: The Thousand Year Door for Switch being released today and so many hyped people and I'll likely need to wait for a week before I can start playing in earnest 😭

sethmlarson,
@sethmlarson@fosstodon.org avatar

@carlton Yes! It's got all new art and apparently some new content as well (which I don't know about, no spoilers!)

sethmlarson,
@sethmlarson@fosstodon.org avatar

@carlton I might like the game... 😅

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Oh my https://udm14.com/

sethmlarson,
@sethmlarson@fosstodon.org avatar

Why it matters https://tedium.co/2024/05/17/google-web-search-make-default/

jezdez, to random
@jezdez@publicidentity.net avatar

As the only @jazzband roadie, I want to confirm having gotten repeated offers from Tim (and from others) to help with Jazzband maintenance.

Ultimately and not very ironically, I’ve not had the chance to accept it since the hardest part has not been achieved in Jazzband. (1/3) https://fosstodon.org/@CodenameTim/112485191596931090

sethmlarson,
@sethmlarson@fosstodon.org avatar

@jezdez @jazzband Thank you for everything you do Jannis, you've created an incredible project with none of the tools and platform support that are available today and you should be proud of that. I'm humbled to be a small part of the journey :)

CodenameTim, to django
@CodenameTim@fosstodon.org avatar

I'm looking for some help running a GitHub organization dedicated to supporting community-maintained third-party packages.

I've written up an introduction here: https://www.better-simple.com/django/2024/05/22/looking-for-help-django-commons/

You can join here: https://github.com/django-commons/membership

sethmlarson,
@sethmlarson@fosstodon.org avatar

@CodenameTim I finally found the thing I was looking for and thinking about, Otterdog from Eclipse! (written in Python)

https://github.com/eclipse-csi/otterdog

sethmlarson,
@sethmlarson@fosstodon.org avatar

@jezdez @CodenameTim Right?? I would like to adopt this in Jazzband too. Maybe we can copy each others work ;)

brainwane, to python
@brainwane@social.coop avatar

Here is a blog post with links and references to accompany my closing keynote today at #PyConUS , on stories from a few years working on #Python packaging.

http://harihareswara.net/posts/2024/references-pycon-us-keynote/

#PyConStories

sethmlarson,
@sethmlarson@fosstodon.org avatar

@brainwane Can I add annotations for when I teared up, cuz there's a decent amount of that, too 💜

sethmlarson,
@sethmlarson@fosstodon.org avatar

@brainwane Honestly you got me in the second content slide, "caring through infrastructure". I knew it'd probably happen at some point but all I could think was "dang, already!" 😭

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • ngwrru68w68
  • modclub
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • megavids
  • GTA5RPClips
  • tacticalgear
  • normalnudes
  • tester
  • osvaldo12
  • everett
  • cubers
  • ethstaker
  • anitta
  • provamag3
  • Leos
  • cisconetworking
  • lostlight
  • All magazines
    •