Seth Larson
-
The “Open Source Maintainer Security Forum” Open Space will be in Room 202C at 3PM today 🐍🛡️
If you’re a project maintainer and want to discuss security, how to keep your project secure, or how to handle vulnerability reports: come and find us! 👋
👉 https://us.pycon.org/2026/schedule/open-spaces/#OpenSpace-43
#Python #PyCon #PyConUS #PyConUS2026 #security #oss #opensource
-
RE: https://fosstodon.org/@pycon/116538489589981492
This talk from @andrewnez grows more and more important as the days go on... it's a must watch!
-
#PyConUS is only a few days away! 🤩 As usual I’ll be covering the event exclusively on Mastodon (specifically the NEW “Trailblazing #Python Security” talk track on Saturday May 16th).
Time to reshare my hack for quick #Mastodon toot templates with event #hashtags:
https://sethmlarson.dev/quick-mastodon-toot-templates-for-event-hashtags
-
Little blog post for anyone who's interested in Epilogue Retrace and is like me: has a pre-USB-C iPhone and runs Linux instead of Windows or macOS 😢
https://sethmlarson.dev/epilogue-retrace-iphone-13-pro-ubuntu
-
-
Hey #Python library maintainers! 👋 I sometimes see pull requests from well-meaning users about bumping minimum versions of dependencies to "fix security vulnerabilities". Here's a resource you can link to about why this strategy doesn't work in practice:
https://sethmlarson.dev/library-version-specifiers-not-for-vulnerabilities
-
RE: https://mastodon.social/@7ASecurity/116521920390604616
💪 “urllib3's supply chain posture was described as exceptionally strong, with advanced compliance across SLSA Source, Build, and Provenance requirements. The project maintainers were helpful, responsive, and engaged throughout the audit, ensuring that 7ASecurity had the necessary access and information at all times”
Excellent work @illiav and @quentinpradet! 👏
-
I'm running a “ #Security for #OpenSource Maintainers” space at #PyConUS 2026 again this year. Bring challenges, feedback, and your experiences with the security tooling and “landscape” to share and learn from others.
Date will be announced closer to the event, hope to see you there!
-
The only difference in holidays between the North American (NTSC) and PAL Animal Crossing: Population Growing calendars is Spring Cleaning Day and Labor Day.
Labor Day in Animal Crossing is May 1st in PAL (International Workers Day) and the 1st Monday in September in NTSC (Labor Day, US).
Spring Cleaning Day is March 15th in PAL, May 1st in NTSC.
Read more: https://sethmlarson.dev/animal-crossing-calendar#regional-differences
-
RE: https://mastodon.social/@andrewnez/116478133377243019
Workflow security continues to be a common cause of compromises of open source projects.
If you're using GitHub Actions and don't want this to happen to your project: use Zizmor and treat the findings seriously, especially insecure triggers and user-controllable template injections.
-
pip 26.1 is an incredible release, thank you to the pip maintainers!! 💜
– Relative dependency cooldown support!
– Installing from pylock.toml
– Multiple security fixesRead the full blog post by @ichard26
https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/
-
I reworked my #Retroachievements play activity and progress tracker to only account for "Progression" and "Win Condition" achievements. Now I'm feeling a lot more confident about finishing “Legend of Zelda: Oracle of Seasons”. My estimated remaining play time dropped from 25 hours to 5 hours... 😅
-
I built a small progress calculator for #RetroAchievements using their API, and it's showing ~23h to beat LOZ Oracle of Seasons based on my progress speed. Compare that to 18h estimate from "Time to Beat"... this has been accurate to my feelings. I've been loving the @delta_emulator + Pocket Taco + RetroAchievements combination so far :)
https://github.com/sethmlarson/retroachievements-play-activity
-
-
:calculator: LAN Party Calculator for Mario Kart, Kirby Air Ride, and F-Zero
https://sethmlarson.dev/lan-party-calculator-for-mario-kart-kirby-air-riders-and-f-zero
-
I just received my pre-ordered GameSir “Pocket Taco” this morning and found the setup to be non-trivial for pairing with an iPhone and configuring the controller with the @delta_emulator Here’s the exact steps to setup and start playing with this new controller:
🌮 https://sethmlarson.dev/getting-started-with-gamesir-pocket-taco-iphone-delta-emulator
#gaming #delta #emulation #retrogaming #controller #gamesir #pockettaco #iphone #ios
-
The popular #Python library “Requests” needs your help! @nateprewitt plans to add type hints to the API and is requesting feedback:
https://sethmlarson.dev/python-library-requests-is-adding-type-hints-and-needs-your-help
-
#GoodFirstIssue adding support for relative dependency cool-downs to pip. This would be a massive security improvement for users who can then set-and-forget a reasonable cooldown duration in their global pip config.
-
I don't play a lot of Legend of Zelda games. Link’s Awakening surprised me how much the game respects your time and fit into my life. Now I am looking for more pocket-sized LOZ games to play next.
-
#FediDonutFriday maple bacon Valentine's Day edition! I've got some time away from computers coming up, and I'm looking forward to the break... phew
-
Interesting blog post about text classification using compression, specifically the new "compression.zstd" module contributed by @emmatyping
-
CW: #uspol, upsetting imagery, crashed cars, injuries
Just in case you've heard that ICE operations are "winding down" in Minneapolis and St. Paul. This happened just this morning:
https://bsky.app/profile/andrewkarre.bsky.social/post/3melwi55orm2w
-
#FediDonutFriday coincides with a national shutdown in the USA today. See you in two weeks 🍩✌️
-
#Pikmin 2 coming to Nintendo Classics, will the treasure hoard be the same...? 👀
-
#FediDonutFriday in federally occupied Minnesota: Maple & Bacon
-
Have you ever noticed that the food graphics in Super Smash Bros. and Kirby Air Riders is flat “billboarded” stock images of food? This artistic decision from director Masahiro Sakurai has persisted through 8 games over nearly 25 years.
While researching every game with this art style and all 150+ unique food images I ended up fixing wikis, reviewing a seasonal KitKat flavor, and preserving an uncatalogued image of tempura soba.
https://sethmlarson.dev/food-jpegs-in-super-smash-bros-and-kirby-air-riders
-
I missed the first #FediDonutFriday of the year! 🍩 My next blog post will include many foods, including donuts, so here's a little preview (and peace offering for more donut Fridays in 2026)
-
Also I was very tempted to publish my #blogroll with the original title of "Drawing with zero-width characters" by Benjamin Swerdlow... it definitely crowds out the other recent entries 🤣
-
First post in 2026 and we're cutting spritesheets like cookies with #Pillow and #Python 🍪 I needed this for a future project on the blog, maybe you will get some use, too!
https://sethmlarson.dev/cutting-spritesheets-like-cookies-with-python-and-pillow
-
PEP 770 was accepted in April of this year, what has happened since then?
* Published a white paper on PEP 770 and phantom dependencies
* Auditwheel, manylinux, and cibuildwheel adoption
* Over 300 projects already ship with PEP 770 SBOM data
* Fedora and Red Hat adopted PEP 770 for Python packagesRead more: https://sethmlarson.dev/pep-770-sbom-data-from-pypi-fedora-and-redhat
-
urllib3 used "DeprecationWarning" for 3 years to deprecate API features and it didn't work, so what do we do instead?
#python #deprecation #deprecate #api
https://sethmlarson.dev/deprecations-via-warnings-dont-work-for-python-libraries
-
#FediDonutFriday on a #PikminBloom Community Week walk! 🍩
-
Any #PikminBloom players out there? The arrival of Ice Pikmin 🧊🌱 means that collecting complete sets of decor within an event just got more difficult... 😬
I created a #Python script which simulates the number of seedlings required before and after the addition of Ice Pikmin.
Read more: https://sethmlarson.dev/ice-pikmin-and-difficulty-of-pikmin-bloom-event-decor-sets
-
Loving the energy from Hank this fine #Pizzamas
-
I am interested in learning more about #passkeys (aka #passwordless). I've read a few older articles about how, due to the requirement of never allowing a "decrypted" key, passkeys are not portable across "providers".
So if you want to move from an iPhone to Android and you have passkeys associated with your keyring there's no way to move those passkeys to your new phone, you'd be regenerating them all for every service. Is this still the case in 2025, or has progress been made on this front?
-
Did you know that #gzip streams may contain filenames?
https://sethmlarson.dev/gzip-files-and-streams-may-contain-names
-
It's scary to be "on pace" for being able to try all the new food items at the Minnesota #StateFair... Trina and I are at 20/41 new items tried and we have two of 4 visits remaining in the year 😬
-
It's Minnesota #StateFair opening day, Trina and I are going (our first time to the opener) so if you're at the fair sometime tonight give me a ping! :)
-
I'm happy to announce that #urllib3 has a new lead maintainer: @illiav 👏 Illia has been contributing to urllib3 for over 3 years now and I'm confident will make a great lead of the project. I'll continue to maintain the project alongside my other co-maintainers @quentinpradet and @shazow
-
Thanks to the @sovtechfund and #AlphaOmega I was able to attend #UNOpenSourceWeek 2025 🇺🇳 representing the @ThePSF and focusing on how maintaining, supporting, and securing #OpenSource is a non-negotiable part of worldwide Digital Public Infrastructure (DPI). The trip was an inspiring reminder how many incredibly smart and talented people are working on this problem together.
-
It's here! The 2024 annual report for #urllib3, a relatively quiet year that included work on HTTP/2 and Web Assembly (WASM). We include our plans for Python 2 deprecation, please take a look. $3,300 worth of bounty issues exist today!
-
This model has me excited, web pages that asynchronously load #Python and #Pyodide for a seamless experience for the user while allowing developers to use Python.
https://kai.bi/post/run-python-programs-easily-in-the-browser
-
Hot off the presses!!! 🔥 Find me at #AllThingsOpen tomorrow and tell me how you're supporting your open source middle-stack for a #urllib3 sticker!
-
Cracking into some Fishwife x Fly By Jing chili crisp salmon tonight... 😋 #tinnedfish
https://eatfishwife.com/products/smoked-salmon-with-flybyjing-sichuan-chili-crisp
-
Lunar new year is approaching quickly, and that means it's bánh tét and dưa mắm week in our house 😋
-
#urllib3 landed its first HTTP/2 PR, many more where that came from!
We're still fundraising to release HTTP/2 support, forward this URL to folks who have been wanting HTTP/2 support in #Python:
https://opencollective.com/urllib3/updates/urllib3-is-fundraising-for-http-2-support
-
I've successfully migrated from #TinyLetter to @buttondown, took a few hours but mostly painless (and I like the subscribe form embed).
-
📦 We released #urllib3 v2.1.0 today! This release removes many of the features that have been deprecated for removal in v2. Security fixes will continue to be available in v1.26.x thanks to @[email protected]