@sethmlarson@fosstodon.org
@sethmlarson@fosstodon.org avatar

sethmlarson

@sethmlarson@fosstodon.org

:python: PSF Security Developer-in-Residence 🐍 PSF Fellow ✨ Minnesoootan, he/him

This profile is from a federated server and may be incomplete. Browse more on the original instance.

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Memcard Pro GC arrived today, got to backup saves, some around ~20 years old, to a microSD card and soon my laptop 🥹

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Sustainability is a security issue. Consumers only have demands for a burnt out maintainer and the only help that arrives has long-term malicious intentions.

https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/

sethmlarson, (edited ) to python
@sethmlarson@fosstodon.org avatar

xz/liblzma backdoor (CVE-2024-3094) is trending.

https://openwall.com/lists/oss-security/2024/03/29/4

bundles xz v5.2.5 and earlier which don't contain the backdoored binary files. is also not affected due to using Debian Bookworm, not Sid.

Querying PyPI packages and Python Dockerhub images doesn't show any xz 5.6.x binaries.

From what I've gathered from others, the backdoor appears to target sshd (SSH server) on glibc-based distros, so if you're using Ubuntu or Fedora check that you aren't affected.

sethmlarson,
@sethmlarson@fosstodon.org avatar

https://discuss.python.org/t/cpython-pypi-and-many-python-packages-are-not-affected-by-the-backdoor-of-xz/49873

sethmlarson,
@sethmlarson@fosstodon.org avatar

@hynek ahhh! Good eye, fixed.

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

While I was away my article on unexpected behavior of "$" in regular expressions hit #1 on Hacker News (and I only discovered this fact by receiving hate mail).

If you missed it and use "$" in Python regular expressions you might be interested:

https://sethmlarson.dev/regex-%24-matches-end-of-string-or-newline

sethmlarson,
@sethmlarson@fosstodon.org avatar

@hynek In my case it was about how the topic was "so obvious that it wasn't even worth writing about" 🤷

sethmlarson,
@sethmlarson@fosstodon.org avatar

@hynek I already laugh at hate mail, thanks for another laugh at an even funnier interpretation! 🤣

sethmlarson,
@sethmlarson@fosstodon.org avatar

@quentinpradet Yes! Thank you for snagging the screenshot too! 💜

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Back from vacation! 👋 I covered the CISA OSS Security Summit, Google Summer of Code 2024, SOSS Community Day NA in this weekly report:

https://sethmlarson.dev/security-developer-in-residence-weekly-report-32

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Bought this cute pin from a popup shop in Tokyo called "Mochi Mochi duck". So much wonderfully funny artwork from this artist 🦆🍡

https://twitter.com/mochimochiducks

Popup shop with a duck being spread onto toast and a duck eating another duck blob that's sleeping

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

I'm back from vacation, so if I haven't replied to something in the past 2 weeks I'll hopefully get to it soon! Feel free to reach out and ping :)

quentinpradet, to random
@quentinpradet@fosstodon.org avatar

New blog post! From ES|QL to Pandas dataframes in Python: https://www.elastic.co/search-labs/blog/articles/esql-pandas-dataframes-python

What is ES|QL, you may ask? The future of Elasticsearch querying, in my opinion: https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html

sethmlarson,
@sethmlarson@fosstodon.org avatar

@quentinpradet Great post! I'm so happy that ESQL is available, huge upgrade to query ergonomics :)

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

I learned about some platform-specific regex behavior of the "$" character:

https://sethmlarson.dev/regex-%24-matches-end-of-string-or-newline

sethmlarson,
@sethmlarson@fosstodon.org avatar

@hynek I pushed a small change that adds my own expectation, basically I assumed that the newline matching behavior wasn't present if multiline mode was disabled. Other regex implementations have this behavior, but Python doesn't!

webology, to random
@webology@mastodon.social avatar

🎮 Dave the Diver: https://micro.webology.dev/2024/03/08/dave-the-diver.html

sethmlarson,
@sethmlarson@fosstodon.org avatar

@webology Love this! I need to write about games more often, they're a big part of how I define myself. I used to play a mobile game about making hotdogs and hamburgers in a restaurant, very simplistic mechanically but remember rolling with laughter at it with my brother. Good times!

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Obsessed with the pair of nuthatches that inhabit the tree on my property and frequent my feeder 🥰

brettcannon, to MarvelSnap
@brettcannon@fosstodon.org avatar

I wasn't expecting to like playing with Pixie in , but I seem to be winning pretty consistently with the card.

https://marvelsnapzone.com/decks/lady-pixie-luck/.

sethmlarson,
@sethmlarson@fosstodon.org avatar

@brettcannon That effect seems good!

BajoranEngineer, to random
@BajoranEngineer@mastodon.online avatar

I'm working to help a critical contributor of
@BlackPythonDevs who has not been approved for a grant to @pycon

Would someone or a few someone's match my $300 contribution?

This is a landmark year with its founder @kjaymiller giving a keynote and the boom in membership.

sethmlarson,
@sethmlarson@fosstodon.org avatar

@BajoranEngineer I'm in contact with Jay!

mattrambles, to random
@mattrambles@t00t.cloud avatar

Final post in the series: “My Content”

https://garden.mattstein.com/notes/people-content-29-my-content

Toots all sound the same, so please imagine this one landing with a resounding thud.

■■■■■■■■■■ 100% 🎉

sethmlarson,
@sethmlarson@fosstodon.org avatar

@mattrambles 👏 👏 👏 Well done! I've enjoyed each one of these posts.

sethmlarson, to python
@sethmlarson@fosstodon.org avatar

Following the White House's report on memory safety my article on being memory safe has been getting lots of attention 😊

https://sethmlarson.dev/security-developer-in-residence-weekly-report-21

AlSweigart, to random
@AlSweigart@mastodon.social avatar

deleted_by_author

    •
    sethmlarson,
    @sethmlarson@fosstodon.org avatar

    @AlSweigart I use Bitwarden, haven't had any complaints so far :)

    sethmlarson, to random
    @sethmlarson@fosstodon.org avatar

    Got my first "I found your name in the licenses of my app, can you help me" today, another OSS maintainer bingo square filled ✅

    sethmlarson,
    @sethmlarson@fosstodon.org avatar

    @webology Now that Signal allows for usernames I can finally publish it publicly without exposing my phone number and within a week I received this request. The friend requests from Discord are definitely a thing too.

    tintvrtkovic, to random
    @tintvrtkovic@mastodon.social avatar

    Do millennials even iron any more? No one in my household does.

    https://aus.social/@dgar/111991865211194603

    sethmlarson,
    @sethmlarson@fosstodon.org avatar

    @tintvrtkovic Only the nice stuff, everything else doesn't need it.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • thenastyranch
  • rosin
  • GTA5RPClips
  • osvaldo12
  • love
  • Youngstown
  • slotface
  • khanakhh
  • everett
  • kavyap
  • mdbf
  • DreamBathrooms
  • ngwrru68w68
  • provamag3
  • magazineikmin
  • InstantRegret
  • normalnudes
  • tacticalgear
  • cubers
  • ethstaker
  • modclub
  • cisconetworking
  • Durango
  • anitta
  • Leos
  • tester
  • JUstTest
  • All magazines
    •