James Bennett
@b-list.org
Django/Python guy. Tip your servers and normalize your Unicode.
he/him
Angry politics and other non-tech parts of me are at @ubernostrum.bsky.social
Elsewhere:
https://www.b-list.org/
https://infosec.exchange/@ubernostrum
https://github.com/ubernostrum
he/him
Angry politics and other non-tech parts of me are at @ubernostrum.bsky.social
Elsewhere:
https://www.b-list.org/
https://infosec.exchange/@ubernostrum
https://github.com/ubernostrum
Any multi-user application with a backing persistent data store is a distributed system and you have to think about distributed-system problems when building it send skeet
November 24, 2025 at 1:07 AM
Any multi-user application with a backing persistent data store is a distributed system and you have to think about distributed-system problems when building it send skeet
Reposted by James Bennett
8675309 is prime, and so is 8675311, so if you ever need a middlin'-large pair of adjacent primes to test your cryptographic suite, all you need is a 1980s earworm and a +2 and you're all set.
Man, everything is so bleak, anyone got a fun fact or little bit of trivia they want to share
November 21, 2025 at 3:28 AM
8675309 is prime, and so is 8675311, so if you ever need a middlin'-large pair of adjacent primes to test your cryptographic suite, all you need is a 1980s earworm and a +2 and you're all set.
Reposted by James Bennett
Doctor says, 'Dont worry, parser design is simple. Great programmer Kate Compton has written the parser you seek’
November 16, 2025 at 2:44 PM
Doctor says, 'Dont worry, parser design is simple. Great programmer Kate Compton has written the parser you seek’
So Omarchy is apparently a dilettante’s poorly-designed and poorly-built idea of what a “hacker” operating system should look like.
Which means it is literally the Cybertruck of Linux.
Which means it is literally the Cybertruck of Linux.
October 27, 2025 at 4:13 PM
So Omarchy is apparently a dilettante’s poorly-designed and poorly-built idea of what a “hacker” operating system should look like.
Which means it is literally the Cybertruck of Linux.
Which means it is literally the Cybertruck of Linux.
Reposted by James Bennett
as a condition of funding, we were asked to affirm that we wouldn’t undertake any diversity, equity, and inclusion work, whether or not we used the government funds to do so. The PSF simply couldn’t agree to that statement,
October 27, 2025 at 2:47 PM
as a condition of funding, we were asked to affirm that we wouldn’t undertake any diversity, equity, and inclusion work, whether or not we used the government funds to do so. The PSF simply couldn’t agree to that statement,
Reposted by James Bennett
TLDR; The PSF has made the decision to put our community and our shared diversity, equity, and inclusion values ahead of seeking $1.5M in new revenue. Please read and share. pyfound.blogspot.com/2025/10/NSF-...
🧵
🧵
The official home of the Python Programming Language
www.python.org
October 27, 2025 at 2:47 PM
TLDR; The PSF has made the decision to put our community and our shared diversity, equity, and inclusion values ahead of seeking $1.5M in new revenue. Please read and share. pyfound.blogspot.com/2025/10/NSF-...
🧵
🧵
Tried to say “Jira queries” and it almost came out of my mouth as “chilaquiles”. Caught myself in time.
Chilaquiles would be nicer, though.
Chilaquiles would be nicer, though.
October 22, 2025 at 8:23 PM
Tried to say “Jira queries” and it almost came out of my mouth as “chilaquiles”. Caught myself in time.
Chilaquiles would be nicer, though.
Chilaquiles would be nicer, though.
Reposted by James Bennett
Two things can be true at once:
1. Internet technology makes it possible to decentralise a network and have it remain highly reliable.
2. Partition tolerance & availability of internet technology makes it cheaper and easier for one company to build a highly reliably central network at a huge scale.
1. Internet technology makes it possible to decentralise a network and have it remain highly reliable.
2. Partition tolerance & availability of internet technology makes it cheaper and easier for one company to build a highly reliably central network at a huge scale.
October 20, 2025 at 4:20 PM
Two things can be true at once:
1. Internet technology makes it possible to decentralise a network and have it remain highly reliable.
2. Partition tolerance & availability of internet technology makes it cheaper and easier for one company to build a highly reliably central network at a huge scale.
1. Internet technology makes it possible to decentralise a network and have it remain highly reliable.
2. Partition tolerance & availability of internet technology makes it cheaper and easier for one company to build a highly reliably central network at a huge scale.
New #Python package release: akismet 25.10.0.
Highlights include:
* Python 3.14 compatibility
* A new pytest plugin to make it easier to test your use of the Akismet clients.
www.b-list.org/projects/aki...
Highlights include:
* Python 3.14 compatibility
* A new pytest plugin to make it easier to test your use of the Akismet clients.
www.b-list.org/projects/aki...
akismet
A Python wrapper for the Wordpress Akismet spam-detection service. All operations of the Akismet service are supported, including checking comments …
www.b-list.org
October 20, 2025 at 6:26 AM
New #Python package release: akismet 25.10.0.
Highlights include:
* Python 3.14 compatibility
* A new pytest plugin to make it easier to test your use of the Akismet clients.
www.b-list.org/projects/aki...
Highlights include:
* Python 3.14 compatibility
* A new pytest plugin to make it easier to test your use of the Akismet clients.
www.b-list.org/projects/aki...
Today was when I realized that the Mail app icon on iOS and macOS has Apple’s address in tiny print on the back of the envelope.
Apparently macOS has had it for a while, but on iOS it was just added.
Apparently macOS has had it for a while, but on iOS it was just added.
October 18, 2025 at 12:27 AM
Today was when I realized that the Mail app icon on iOS and macOS has Apple’s address in tiny print on the back of the envelope.
Apparently macOS has had it for a while, but on iOS it was just added.
Apparently macOS has had it for a while, but on iOS it was just added.
Now that #Python 3.14 is out and Python 3.9 is finally EOL, I'm really looking forward to using pattern matching, string enums, and keyword-only dataclasses in more codebases.
October 17, 2025 at 12:42 AM
Now that #Python 3.14 is out and Python 3.9 is finally EOL, I'm really looking forward to using pattern matching, string enums, and keyword-only dataclasses in more codebases.
Reposted by James Bennett
it's kinda weird that all the software i am expected to use for work are all written by distributed teams, go, python, postgres, linux, chrome, k8s etc
and despite being told "the best teams work in an office together" i don't know of any software i use that's actually written that way
and despite being told "the best teams work in an office together" i don't know of any software i use that's actually written that way
October 13, 2025 at 5:00 PM
it's kinda weird that all the software i am expected to use for work are all written by distributed teams, go, python, postgres, linux, chrome, k8s etc
and despite being told "the best teams work in an office together" i don't know of any software i use that's actually written that way
and despite being told "the best teams work in an office together" i don't know of any software i use that's actually written that way
We no longer have to social-engineer the humans because now we can social-engineer their LLM assistants instead.
This stuff is one step up from "Hi, I'm the password inspector, and I need to check your passwords to make sure they're valid".
www.legitsecurity.com/blog/camolea...
This stuff is one step up from "Hi, I'm the password inspector, and I need to check your passwords to make sure they're valid".
www.legitsecurity.com/blog/camolea...
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.
www.legitsecurity.com
October 13, 2025 at 9:25 PM
We no longer have to social-engineer the humans because now we can social-engineer their LLM assistants instead.
This stuff is one step up from "Hi, I'm the password inspector, and I need to check your passwords to make sure they're valid".
www.legitsecurity.com/blog/camolea...
This stuff is one step up from "Hi, I'm the password inspector, and I need to check your passwords to make sure they're valid".
www.legitsecurity.com/blog/camolea...
Reposted by James Bennett
Just released! 🚀
Please install and enjoy Python 3.14! 🥧
discuss.python.org/t/python-3-1...
#Python #Python314 #release
Please install and enjoy Python 3.14! 🥧
discuss.python.org/t/python-3-1...
#Python #Python314 #release
October 7, 2025 at 2:29 PM
Just released! 🚀
Please install and enjoy Python 3.14! 🥧
discuss.python.org/t/python-3-1...
#Python #Python314 #release
Please install and enjoy Python 3.14! 🥧
discuss.python.org/t/python-3-1...
#Python #Python314 #release
Reposted by James Bennett
Minnesota Achievements In Computer Stuff
- The Gopher protocol
- Control Data
- Tinyurl
- Oregon Trail
- ???
- The Gopher protocol
- Control Data
- Tinyurl
- Oregon Trail
- ???
October 5, 2025 at 4:49 AM
Minnesota Achievements In Computer Stuff
- The Gopher protocol
- Control Data
- Tinyurl
- Oregon Trail
- ???
- The Gopher protocol
- Control Data
- Tinyurl
- Oregon Trail
- ???
Concentrating control in Dane-Geld Central counts as paying Dane-Geld, in case anyone was wondering.
"Though we know we should defeat you, we have not the time to meet you.
We will therefore pay you cash to go away."
And that is called paying the Dane-geld;
But we've proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane.
We will therefore pay you cash to go away."
And that is called paying the Dane-geld;
But we've proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane.
We never pay any-one Dane-geld,
No matter how trifling the cost;
For the end of that game is oppression and shame,
And the nation that plays it is lost!
No matter how trifling the cost;
For the end of that game is oppression and shame,
And the nation that plays it is lost!
September 27, 2025 at 6:56 AM
Concentrating control in Dane-Geld Central counts as paying Dane-Geld, in case anyone was wondering.
Reposted by James Bennett
in case you're not sure who dhh is, he's a danish counterstrike player and race car owner who writes essays like "i am smarter than you" and "foreigners bad"
rich enough not to worry about consequences but at the very same time, still desperate for status, a man two friends short of a podcast
rich enough not to worry about consequences but at the very same time, still desperate for status, a man two friends short of a podcast
September 19, 2025 at 5:30 PM
in case you're not sure who dhh is, he's a danish counterstrike player and race car owner who writes essays like "i am smarter than you" and "foreigners bad"
rich enough not to worry about consequences but at the very same time, still desperate for status, a man two friends short of a podcast
rich enough not to worry about consequences but at the very same time, still desperate for status, a man two friends short of a podcast
Look, I've had some rough conference experiences myself, but it has never occurred to me to compare one of them to the Nazi invasion of Poland.
September 15, 2025 at 8:50 PM
Look, I've had some rough conference experiences myself, but it has never occurred to me to compare one of them to the Nazi invasion of Poland.
Today's a good day to remind people Richard Stallman once wrote he saw nothing wrong with "voluntary" sexual relationships between adults and children, and downplayed an alleged rape of a child to defend a friend associated with Epstein.
And he is somehow a member in good standing of the FSF Board.
And he is somehow a member in good standing of the FSF Board.
September 9, 2025 at 5:46 AM
Today's a good day to remind people Richard Stallman once wrote he saw nothing wrong with "voluntary" sexual relationships between adults and children, and downplayed an alleged rape of a child to defend a friend associated with Epstein.
And he is somehow a member in good standing of the FSF Board.
And he is somehow a member in good standing of the FSF Board.
I do not want him on the Board.
I do not think he struck a chord.
I would not trust him with a groat.
I did not trust him with my vote.
I don't want Python in his hands.
I did not vote for Angry Franz.
I do not think he struck a chord.
I would not trust him with a groat.
I did not trust him with my vote.
I don't want Python in his hands.
I did not vote for Angry Franz.
September 2, 2025 at 10:39 PM
I do not want him on the Board.
I do not think he struck a chord.
I would not trust him with a groat.
I did not trust him with my vote.
I don't want Python in his hands.
I did not vote for Angry Franz.
I do not think he struck a chord.
I would not trust him with a groat.
I did not trust him with my vote.
I don't want Python in his hands.
I did not vote for Angry Franz.
Increasingly convinced that anti-passkeys rants are just Jade Helm type conspiracy theories for tech people who are susceptible to that stuff.
September 2, 2025 at 7:41 PM
Increasingly convinced that anti-passkeys rants are just Jade Helm type conspiracy theories for tech people who are susceptible to that stuff.
Whenever someone says “attestation”, mentally replace it with “public-key cryptography” and re-evaluate the statement.
September 1, 2025 at 9:49 PM
Whenever someone says “attestation”, mentally replace it with “public-key cryptography” and re-evaluate the statement.
Reposted by James Bennett
PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over #PyPI accounts through password resets. #Python #OpenSource #SupplyChain #Security
Preventing Domain Resurrection Attacks - The Python Package Index Blog
PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over PyPI accounts through password resets.
blog.pypi.org
August 18, 2025 at 5:32 PM
PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over #PyPI accounts through password resets. #Python #OpenSource #SupplyChain #Security
If you know someone who’s harassing itch.io staffers over something they didn’t do and don’t control, you can do your part to make the world a better place by unplugging that person’s internet connection.
August 15, 2025 at 3:19 AM
If you know someone who’s harassing itch.io staffers over something they didn’t do and don’t control, you can do your part to make the world a better place by unplugging that person’s internet connection.