Seth Michael Larson's Avatar

Seth Michael Larson

@sethmlarson.dev.bsky.social

Security and Fellow, Python Software Foundation 🐍 Minnesoootan, he/him, #Python, #opensource, #security 🌐 https://sethmlarson.dev

2,753 Followers  |  287 Following  |  389 Posts  |  Joined: 12.09.2023  |  1.6626

Latest posts by sethmlarson.dev on Bluesky

Post image Post image

Worlds colliding! Lego and Pikmin Bloom are both highlighting specifically β€œBlue Hibiscus” πŸŒΊπŸ’™

Happy community weekend fellow #PikminBloom players!

10.08.2025 17:34 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

No I love word-of-mouth recommendations, it's preferable IMO!

09.08.2025 01:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

β€œSorry for speeding, I'm listening to the Sonic Adventure 2 OST” πŸ”΅πŸŸ‘β€©
Randomly found in the wild. I approve of the music choice haha

08.08.2025 23:02 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
New Pocket integration Great news for Pocket users! You no longer have to switch between services to access your saved articles. With our new Pocket...

This article is top of Google and looks promising?

www.inoreader.com/blog/2025/03...

I'm not up to speed on how dead/non-cooperative Pocket is w/ exporting your data.

08.08.2025 16:39 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

I was never a massive Pocket user, but I keep and label my collection of URLs in @inoreader.com right now (also what @molly.wiki recommends).

08.08.2025 16:28 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Preventing ZIP parser confusion attacks on Python package installers - The Python Package Index Blog PyPI will begin warning and will later reject wheels that contain differentiable ZIP features or incorrect RECORD files.

The Python Package Index is introducing new restrictions to protect Python package installers and inspectors from ZIP confusion attacks. There is no evidence that this vulnerability has been exploited. Read the blog post for more information:

07.08.2025 16:17 β€” πŸ‘ 16    πŸ” 6    πŸ’¬ 0    πŸ“Œ 0
Preview
Unmasking Phantom Dependencies with Software Bill-of-Materials as Ecosystem Neutral Metadata The Python Software Foundation Security Developer-in-Residence, Seth Larson,Β published a new white paperΒ with Alpha-Omega about the work to solve the "Phantom Dependency" problem. The white paper details the approach, challenges, and insights into the creation and acceptance of PEP 770 and adopting Software Bill-of-Materials (SBOMs) to improve the measurability of Python packages.Β 

Check out the 'Unmasking Phantom Dependencies with Software Bill-of-Materials as Ecosystem-Neutral Metadata' white paper by PSF Security Developer-in-Residence Seth Larson, focused on improved transparency and security across the #Python ecosystem!

07.08.2025 12:50 β€” πŸ‘ 9    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
Extracting 20+ NES & Famicom ROMs from Animal Crossing Animal Crossing for the GameCube was a game far ahead of its time and one of my personal favorites growing up. One of the most beloved features was the addition of playable NES games as rare collec...

I updated my post to also mention the "Multiboot" ROMs for NES games that can be played on a Gameboy Advance. These ROMs are the same as the ones for the NES emulator, but compiled for the GBA CPU:

sethmlarson.dev/extracting-n...

#gameboy #gba #nes #gamecube #animalcrossing

06.08.2025 13:10 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Thank you for publishing blog posts about your work in addition to the videos. They're both much appreciated, and web content is much easier to search and reference :)

06.08.2025 02:16 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Wikipedia Editors Adopt β€˜Speedy Deletion’ Policy for AI Slop Articles β€œThe ability to quickly generate a lot of bogus content is problematic if we don't have a way to delete it just as quickly.”

pay very close attention to Wikipedia to find a way out of the AI slop internet www.404media.co/wikipedia-ed...

05.08.2025 15:43 β€” πŸ‘ 2060    πŸ” 649    πŸ’¬ 10    πŸ“Œ 41
Exo Attack Leaderboard High scores for Exo Attack

There are now 20 people competing on the Exo Attack leaderboard. Woohoo!

Sure, 20 isn't a lot. But that's 20 people playing an *E-Reader* game. I'll bet you didn't have that on your 2025 bingo card :)

www.retrodotcards.com/leaderboards...

05.08.2025 16:13 β€” πŸ‘ 20    πŸ” 5    πŸ’¬ 1    πŸ“Œ 0

#AnimalCrossing for the #GameCube most beloved feature has to be the inclusion of playable NES and Famicom games as rare furniture items.

What if you wanted to play those ROMs on a different emulator without jumping into your town?

πŸ‘‰ sethmlarson.dev/extracting-n...

05.08.2025 13:21 β€” πŸ‘ 5    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Our family is a fan of Hi-Chews haha

04.08.2025 22:56 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Ichiban Candy and Snacks

This is a haul from Ichiban Candy and Snacks in Chicago Chinatown

ichibancandy.com

04.08.2025 22:51 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Grape Soda, Grape, Black Cherry, Blue Hawaii, Yogurt, Yuzu Lime, Key Lime Pie, Kiwi, Green Apple, PiΓ±a Colada, Lemon, Mai Tai, Tropical Smoothie, Orange, Mango Chamoy, Juicy Blood Orange, Juicy Strawberry, Mango, Strawberry, Watermelon, Juicy Peach, White Strawberry, Strawberry Icecream, and Lychee

04.08.2025 22:50 β€” πŸ‘ 8    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Preview
Curate your own newspaper with RSS Escape newsletter inbox chaos and algorithmic surveillance by building your own enshittification-proof newspaper from the writers you already read

Newsletter: In a media landscape dominated by algorithmic feeds that aim to manipulate and extract, sometimes the most radical thing you can do is choose to read what you want, when you want, without anyone watching over your shoulder.

Here’s how to use RSS.
www.citationneeded.news/curate-with-...

31.07.2025 16:33 β€” πŸ‘ 2597    πŸ” 1006    πŸ’¬ 125    πŸ“Œ 159
Preview
Curate your own newspaper with RSS Escape newsletter inbox chaos and algorithmic surveillance by building your own enshittification-proof newspaper from the writers you already read

I'm a heavy RSS user like @molly.wiki and also recommend @inoreader.com :

www.citationneeded.news/curate-with-...

31.07.2025 17:41 β€” πŸ‘ 6    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
How Elastisearch and OpenSearch built their SDKs

You can only read the first two parts if you’re not a paid subscriber, but this companion piece is freely available on my blog: quentin.pradet.me/blog/how-ela...

29.07.2025 15:28 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Feels very surreal but this is a general PSA that you should go and chase your dreams/aspirations. Even if they feel scary. Even if they feel too big.

Do it, scared ✨

28.07.2025 21:50 β€” πŸ‘ 25    πŸ” 4    πŸ’¬ 0    πŸ“Œ 1

Today I realized I’m going to be:

– the 10th RM ever
– the first Canadian RM, and
– the first woman to serve in this role

If you ask me, that’s all really, really cool.

28.07.2025 21:45 β€” πŸ‘ 132    πŸ” 18    πŸ’¬ 9    πŸ“Œ 0

Heads Up, #Python Developers!

There is an active phishing attack targeting PyPI users.

β€’ Threat: Emails from noreply@pypj.org (with a 'j') link to a fake login page.
β€’ Action: Do not click any links. If you already did, change your PyPI password ASAP.
β€’ Note: PyPI itself has not been breached.

28.07.2025 14:35 β€” πŸ‘ 57    πŸ” 40    πŸ’¬ 3    πŸ“Œ 2

OpenAPI is incredibly popular and useful, but it is also flawed as a general-purpose API description tool. We hit many issues when using it to describe Elasticsearch APIs.

25.05.2025 18:32 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 2    πŸ“Œ 0
Preview
Phishing attack? I just received this email (link deliberately broken): As part of our ongoing account maintenance and security procedures, we’re asking users to verify their email addresses. Please follow [this li...

🚨 Be aware there's a potential phishing campaign targeting #PyPI / #Python package maintainers:

discuss.python.org/t/phishing-a...

26.07.2025 23:14 β€” πŸ‘ 5    πŸ” 10    πŸ’¬ 1    πŸ“Œ 0
Preview
Welcome the 3.16 and 3.17 Release Manager: Savannah Bailey! Each release manager shepherds a pair of consecutive Python versions through alphas, betas, release candidates, bugfix releases, and security releases to end-of-life. Following 17 months of prerelease...

Here goes nothin'...I'm the Release Manager for Python 3.16 and 3.17, y'all!
discuss.python.org/t/welcome-th...

25.07.2025 18:32 β€” πŸ‘ 153    πŸ” 17    πŸ’¬ 15    πŸ“Œ 2
Preview
Google’s AI Is Destroying Search, the Internet, and Your Brain Google’s AI Overview, which is easy to fool into stating nonsense as fact, is stopping people from finding and supporting small businesses and credible sources.

The part I still don't understand is a large portion of the internet monetizes traffic via Google Adsense. By replacing search with a chatbot, thereby encouraging people not to visit websites, they're cannibalizing their own revenue sources in a way that they'll never be able to recoup with AI.

23.07.2025 19:32 β€” πŸ‘ 267    πŸ” 53    πŸ’¬ 16    πŸ“Œ 5
Preview
Nintendo Switch 2 physical game price differences Last week I was able to purchase a Nintendo Switch 2. The console was due to arrive on Monday, so I also picked up a physical copy of Mario Kart World for $80 USD (compared to $70 USD for digital)....

I wrote about the Nintendo Switch 2 price difference for physical media:

sethmlarson.dev/nintendo-swi...

23.07.2025 17:41 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Graph titled "TIOBE Programming Community Index" and subtitled "Source: www.tiobe.com", showing difference colored lines rising and falling. The left hand column shows "Ratings %" and the bottom row shows years, 2002 through 2024. Underneath, there is a line listing different programming languages, including Python. Underneath, there is a small chart showing Python as #1 with a rating of 26.98% and an increase of 10.85%.

Graph titled "TIOBE Programming Community Index" and subtitled "Source: www.tiobe.com", showing difference colored lines rising and falling. The left hand column shows "Ratings %" and the bottom row shows years, 2002 through 2024. Underneath, there is a line listing different programming languages, including Python. Underneath, there is a small chart showing Python as #1 with a rating of 26.98% and an increase of 10.85%.

Python jumped 10%+ on the TIOBE index this month πŸ€©πŸπŸ“ˆ thanks to the entire #Python communityβ€”maintainers, educators, contributors, and usersβ€”for helping make Python what it is today!

www.tiobe.com/tiobe-index/

22.07.2025 13:52 β€” πŸ‘ 40    πŸ” 12    πŸ’¬ 1    πŸ“Œ 3

The security section by @sethmlarson.dev is great!

One cool thing: it links to this guide to becoming a CVE Numbering Authority as an open source software project, created by Seth and Art Manion (CVE Board member) and published by the @openssf.org.

github.com/ossf/wg-vuln...

15.07.2025 15:10 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Email has algorithmic curation, too Communication technologies should optimally be reliable, especially when both parties have opted-in to consistent reliable delivery. I don't want someone else to decide whether I receive a text mes...

Email has algorithmic curation, too πŸ“¨βž‘πŸ”₯

sethmlarson.dev/email-has-al...

15.07.2025 13:40 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
A hard drawn aesthetic of a Nintendo GameCube with an Animal Crossing forest and character on top. The logo for "Animal Forest e+" is shown beside the diorama

A hard drawn aesthetic of a Nintendo GameCube with an Animal Crossing forest and character on top. The logo for "Animal Forest e+" is shown beside the diorama

Purchased this t-shirt print from #FavoriteVegetable πŸ₯¦

favoritevegetable.com

I really love their art style, so this one is probably getting framed like a print :) There's still a few sizes left of their limited drops.

#AnimalCrossing #GameCube

14.07.2025 17:45 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@sethmlarson.dev is following 20 prominent accounts