Seth Michael Larson
@sethmlarson.dev
Security and Fellow, Python Software Foundation 🐍 Minnesoootan, he/him, #Python, #opensource, #security #retrogaming
🌐 https://sethmlarson.dev
🌐 https://sethmlarson.dev
Pinned
Reposted by Seth Michael Larson
New @pypi.org blog
TL, DR:
- Trusted Publishing used for 25% of all files uploaded in Oct 2025
- @gitlab.com Self-Managed now in beta
- Pending Publishers can be added for Organizations, too!
#Python #SupplyChain #Security
Read it here: blog.pypi.org/posts/2025-1...
TL, DR:
- Trusted Publishing used for 25% of all files uploaded in Oct 2025
- @gitlab.com Self-Managed now in beta
- Pending Publishers can be added for Organizations, too!
#Python #SupplyChain #Security
Read it here: blog.pypi.org/posts/2025-1...
Trusted Publishing is popular, now for GitLab Self-Managed and Organizations - The Python Package Index Blog
Expansion of Trusted Publishers feature for more impact
blog.pypi.org
November 10, 2025 at 8:08 PM
New @pypi.org blog
TL, DR:
- Trusted Publishing used for 25% of all files uploaded in Oct 2025
- @gitlab.com Self-Managed now in beta
- Pending Publishers can be added for Organizations, too!
#Python #SupplyChain #Security
Read it here: blog.pypi.org/posts/2025-1...
TL, DR:
- Trusted Publishing used for 25% of all files uploaded in Oct 2025
- @gitlab.com Self-Managed now in beta
- Pending Publishers can be added for Organizations, too!
#Python #SupplyChain #Security
Read it here: blog.pypi.org/posts/2025-1...
Reposted by Seth Michael Larson
Here we are again: stunned & full of hope, because of you–each of you wonderful humans in the #Python community. Since we shared the news about our withdrawal from the NSF grant opportunity two weeks ago, we've received >$160,000 in donations across 1,937 donors, which includes 313 new Members–WOW!
November 10, 2025 at 4:50 PM
Here we are again: stunned & full of hope, because of you–each of you wonderful humans in the #Python community. Since we shared the news about our withdrawal from the NSF grant opportunity two weeks ago, we've received >$160,000 in donations across 1,937 donors, which includes 313 new Members–WOW!
Coverage from the @thenewstack.io about overwhelmingly positive support from the #Python community after our announcement re: NSF grant withdrawal. Yall are amazing 💜
thenewstack.io/psf-gets-a-d...
thenewstack.io/psf-gets-a-d...
PSF Gets a Donor Surge After Rejecting Anti-DEI Federal Grant
The Python Software Foundation's courageous refusal of an anti-DEI $1.5 million federal grant immediately triggered an extraordinary outpouring of community support.
thenewstack.io
November 10, 2025 at 3:17 PM
Coverage from the @thenewstack.io about overwhelmingly positive support from the #Python community after our announcement re: NSF grant withdrawal. Yall are amazing 💜
thenewstack.io/psf-gets-a-d...
thenewstack.io/psf-gets-a-d...
Reposted by Seth Michael Larson
A new blog post that goes over how Pixel Pup's puzzle pack cards work.
www.mattgreer.dev/blog/hacking...
www.mattgreer.dev/blog/hacking...
Hacking My Own E-Reader Game
Extending an e-Reader game by scanning in new cards that alter its code
www.mattgreer.dev
November 9, 2025 at 6:05 PM
A new blog post that goes over how Pixel Pup's puzzle pack cards work.
www.mattgreer.dev/blog/hacking...
www.mattgreer.dev/blog/hacking...
Reposted by Seth Michael Larson
Senate update: Republicans are now trying to sneak a backdoor national abortion ban into their government funding bill. Republicans will stop at nothing to control women's health care decisions.
November 8, 2025 at 9:05 PM
Senate update: Republicans are now trying to sneak a backdoor national abortion ban into their government funding bill. Republicans will stop at nothing to control women's health care decisions.
It's happening! Kirby Air Riders global test ride is today and I'll be online, likely smiling from ear-to-ear. If you've got a #Switch2 it's a free download ⭐
My Nintendo FC: SW‑7757‑6777‑0188
www.nintendo.com/us/store/pro...
#kirbyairriders #kirby #kirbyairride #nintendo #nintendoswitch
My Nintendo FC: SW‑7757‑6777‑0188
www.nintendo.com/us/store/pro...
#kirbyairriders #kirby #kirbyairride #nintendo #nintendoswitch
Kirby™ Air Riders: Global Test Ride for Nintendo Switch 2 - Nintendo Official Site
Buy Kirby™ Air Riders: Global Test Ride and shop other great Nintendo products online at the official My Nintendo Store.
www.nintendo.com
November 8, 2025 at 2:51 PM
It's happening! Kirby Air Riders global test ride is today and I'll be online, likely smiling from ear-to-ear. If you've got a #Switch2 it's a free download ⭐
My Nintendo FC: SW‑7757‑6777‑0188
www.nintendo.com/us/store/pro...
#kirbyairriders #kirby #kirbyairride #nintendo #nintendoswitch
My Nintendo FC: SW‑7757‑6777‑0188
www.nintendo.com/us/store/pro...
#kirbyairriders #kirby #kirbyairride #nintendo #nintendoswitch
Any #PikminBloom players out there? The arrival of Ice Pikmin means that collecting complete sets of decor within an event just got more difficult... 😬
I created a #Python script to simulate the number of seedlings required before and after the change.
Read more: sethmlarson.dev/ice-pikmin-a...
I created a #Python script to simulate the number of seedlings required before and after the change.
Read more: sethmlarson.dev/ice-pikmin-a...
November 6, 2025 at 2:13 PM
Any #PikminBloom players out there? The arrival of Ice Pikmin means that collecting complete sets of decor within an event just got more difficult... 😬
I created a #Python script to simulate the number of seedlings required before and after the change.
Read more: sethmlarson.dev/ice-pikmin-a...
I created a #Python script to simulate the number of seedlings required before and after the change.
Read more: sethmlarson.dev/ice-pikmin-a...
Reposted by Seth Michael Larson
Mozilla deployed an AI bot that overwrote 20 years of volunteer Japanese translations, without consultation. JP community leader resigned, and the offer from Mozilla is to "hop on a quick call to understand why they're struggling". FFS.
HN discussion: news.ycombinator.com/item?id=4583...
HN discussion: news.ycombinator.com/item?id=4583...
End of Japanese community | Hacker News
news.ycombinator.com
November 6, 2025 at 7:57 AM
Mozilla deployed an AI bot that overwrote 20 years of volunteer Japanese translations, without consultation. JP community leader resigned, and the offer from Mozilla is to "hop on a quick call to understand why they're struggling". FFS.
HN discussion: news.ycombinator.com/item?id=4583...
HN discussion: news.ycombinator.com/item?id=4583...
Reposted by Seth Michael Larson
Democrats are currently ahead in 63 (!!!) races in the Virginia House of Delegates.
If this holds, it would be one of the largest state legislature swings in the last 4 years.
Its an absolute bloodbath for anti-trans Republicans.
If this holds, it would be one of the largest state legislature swings in the last 4 years.
Its an absolute bloodbath for anti-trans Republicans.
November 5, 2025 at 2:48 AM
Democrats are currently ahead in 63 (!!!) races in the Virginia House of Delegates.
If this holds, it would be one of the largest state legislature swings in the last 4 years.
Its an absolute bloodbath for anti-trans Republicans.
If this holds, it would be one of the largest state legislature swings in the last 4 years.
Its an absolute bloodbath for anti-trans Republicans.
Reposted by Seth Michael Larson
Update 2025-11-03: thanks to the PSF's boost, we have now received $14622.43; 86.0% of our total match of $17000 . I am hopeful that we can close that 14% gap by tomorrow!
November 3, 2025 at 10:23 PM
Update 2025-11-03: thanks to the PSF's boost, we have now received $14622.43; 86.0% of our total match of $17000 . I am hopeful that we can close that 14% gap by tomorrow!
Reposted by Seth Michael Larson
As the PSF heads into our end-of-year fundraiser this month, we want to “connect the dots” and share a full picture of our current financial outlook: what’s happening, why, and how you can help sustain the future of Python and the PSF. 🧵
Connecting the Dots: Understanding the PSF’s Current Financial Outlook
As the PSF heads into our end-of-year fundraiser, we want to share information to help “connect the dots” and show a more complete picture of the PSF’s current financial outlook. You’ve heard from us on subjects related to our financial position from several different angles recently (a list of those posts is below). We’ve prioritized proactive communications, because we believe in transparency, we have trust in our community, and we value keeping you informed— we know how invested in and impacted by our work you are. We now want to pull those threads together in order to create some shared clarity on the big picture, and, hopefully, inspire you to action to support our fundraising efforts.
pyfound.blogspot.com
November 4, 2025 at 12:12 PM
As the PSF heads into our end-of-year fundraiser this month, we want to “connect the dots” and share a full picture of our current financial outlook: what’s happening, why, and how you can help sustain the future of Python and the PSF. 🧵
Reposted by Seth Michael Larson
So far, this investigative journalism piece has 100% satisfaction in the comments. 🥛 🐄 You should check it out with this friendly @racketmn.com gift link. If you like what you read, please become a Racket member for more great local alt weekly content! racketmn.com/its-all-the-...
It's All the Same Milk! - Racket
A gallon of whole milk can cost anywhere from $2.16 to $4.95. Why?
racketmn.com
November 3, 2025 at 11:23 PM
So far, this investigative journalism piece has 100% satisfaction in the comments. 🥛 🐄 You should check it out with this friendly @racketmn.com gift link. If you like what you read, please become a Racket member for more great local alt weekly content! racketmn.com/its-all-the-...
Reposted by Seth Michael Larson
I was laid off from Teen Vogue today along with multiple other staffers, and today is my last day.
certainly more to come from me when the dust has settled more, but to my knowledge, after today, there will be no politics staffers at Teen Vogue.
certainly more to come from me when the dust has settled more, but to my knowledge, after today, there will be no politics staffers at Teen Vogue.
November 3, 2025 at 7:52 PM
I was laid off from Teen Vogue today along with multiple other staffers, and today is my last day.
certainly more to come from me when the dust has settled more, but to my knowledge, after today, there will be no politics staffers at Teen Vogue.
certainly more to come from me when the dust has settled more, but to my knowledge, after today, there will be no politics staffers at Teen Vogue.
Everyone who mentioned wanting to donate to the PSF but couldn't because we didn't yet support Stripe.... now is your time!!! Also if you saw these comments elsewhere asking for Stripe, we would appreciate you sharing this news there, too :)
📣 First things first– we heard you loud and clear: Stripe has been added to our donation and membership sign up pages! Thank you for persisting through our previously limited payment options, and we hope the new Stripe checkout will make donating an easier experience 🙏
November 3, 2025 at 5:39 PM
Everyone who mentioned wanting to donate to the PSF but couldn't because we didn't yet support Stripe.... now is your time!!! Also if you saw these comments elsewhere asking for Stripe, we would appreciate you sharing this news there, too :)
Lazy Imports are coming to #Python! This is huge for CLIs written in Python :)
discuss.python.org/t/pep-810-ex...
discuss.python.org/t/pep-810-ex...
PEP 810: Explicit lazy imports
Dear PEP 810 authors. The Steering Council is happy to unanimously[1] accept “PEP 810, Explicit lazy imports”. Congratulations! We appreciate the way you were able to build on and improve the previ...
discuss.python.org
November 3, 2025 at 5:12 PM
Lazy Imports are coming to #Python! This is huge for CLIs written in Python :)
discuss.python.org/t/pep-810-ex...
discuss.python.org/t/pep-810-ex...
Reposted by Seth Michael Larson
The Steering Council has accepted PEP 810 (explicit lazy imports) for Python 3.15!
discuss.python.org/t/pep-810-ex...
#Python #PEP810 #LazyImports #lazy #Python315
discuss.python.org/t/pep-810-ex...
#Python #PEP810 #LazyImports #lazy #Python315
PEP 810: Explicit lazy imports
Dear PEP 810 authors. The Steering Council is happy to unanimously[1] accept “PEP 810, Explicit lazy imports”. Congratulations! We appreciate the way you were able to build on and improve the previ...
discuss.python.org
November 3, 2025 at 4:29 PM
The Steering Council has accepted PEP 810 (explicit lazy imports) for Python 3.15!
discuss.python.org/t/pep-810-ex...
#Python #PEP810 #LazyImports #lazy #Python315
discuss.python.org/t/pep-810-ex...
#Python #PEP810 #LazyImports #lazy #Python315
Reposted by Seth Michael Larson
Wooo, unanimous acceptance of 810!
Python is getting lazy imports!
So excited about this!
discuss.python.org/t/pep-810-ex...
Python is getting lazy imports!
So excited about this!
discuss.python.org/t/pep-810-ex...
PEP 810: Explicit lazy imports
Dear PEP 810 authors. The Steering Council is happy to unanimously[1] accept “PEP 810, Explicit lazy imports”. Congratulations! We appreciate the way you were able to build on and improve the previ...
discuss.python.org
November 3, 2025 at 4:36 PM
Wooo, unanimous acceptance of 810!
Python is getting lazy imports!
So excited about this!
discuss.python.org/t/pep-810-ex...
Python is getting lazy imports!
So excited about this!
discuss.python.org/t/pep-810-ex...
It's November and many folks use this month to write more. I'll be trying to do the same :) Here I created a small single-item RSS feed for #Nintendo Classics games on #NSO (and a "code-golfed" Oxford comma algorithm using f-strings). Take a peek:
sethmlarson.dev/rss-feed-for...
sethmlarson.dev/rss-feed-for...
RSS feed for new Nintendo Classics games
It's November! Many folks use this month to write
more, whether it's a novel or generating text.
I'm going to be trying to write and share more often, too.
So here's something I created for mostly...
sethmlarson.dev
November 3, 2025 at 1:41 PM
It's November and many folks use this month to write more. I'll be trying to do the same :) Here I created a small single-item RSS feed for #Nintendo Classics games on #NSO (and a "code-golfed" Oxford comma algorithm using f-strings). Take a peek:
sethmlarson.dev/rss-feed-for...
sethmlarson.dev/rss-feed-for...
⚞NEW⚟ “Trailblazing Python Security” dedicated talk track coming for #PyConUS 🛡️ 🐍🔥 We are looking for sponsors interested in supporting security in the Python ecosystem:
pycon.blogspot.com/2025/10/pyco...
bsky.app/profile/pyco...
#python #opensource #oss #security #supplychain
pycon.blogspot.com/2025/10/pyco...
bsky.app/profile/pyco...
#python #opensource #oss #security #supplychain
October 31, 2025 at 6:35 PM
⚞NEW⚟ “Trailblazing Python Security” dedicated talk track coming for #PyConUS 🛡️ 🐍🔥 We are looking for sponsors interested in supporting security in the Python ecosystem:
pycon.blogspot.com/2025/10/pyco...
bsky.app/profile/pyco...
#python #opensource #oss #security #supplychain
pycon.blogspot.com/2025/10/pyco...
bsky.app/profile/pyco...
#python #opensource #oss #security #supplychain
Reposted by Seth Michael Larson
The wait is over — #PyConUS 2026 is here! 🙌
The #PyConUS 2026 site is now LIVE and the Call for Proposals is OPEN! We can't wait to welcome you to Long Beach, CA this spring and spotlight the incredible work happening across the Python community 🐍
👉 Details: pycon.blogspot.com/2025/10/pyco...
The #PyConUS 2026 site is now LIVE and the Call for Proposals is OPEN! We can't wait to welcome you to Long Beach, CA this spring and spotlight the incredible work happening across the Python community 🐍
👉 Details: pycon.blogspot.com/2025/10/pyco...
October 31, 2025 at 6:09 PM
The wait is over — #PyConUS 2026 is here! 🙌
The #PyConUS 2026 site is now LIVE and the Call for Proposals is OPEN! We can't wait to welcome you to Long Beach, CA this spring and spotlight the incredible work happening across the Python community 🐍
👉 Details: pycon.blogspot.com/2025/10/pyco...
The #PyConUS 2026 site is now LIVE and the Call for Proposals is OPEN! We can't wait to welcome you to Long Beach, CA this spring and spotlight the incredible work happening across the Python community 🐍
👉 Details: pycon.blogspot.com/2025/10/pyco...
Reposted by Seth Michael Larson
Have you been considering donating, but worried that we might be running out of space? Worry not! A new challenger appears! @Yhg1s has committed ANOTHER $5000 match, raising our total matching funds to $17,000, which (modulo a few additional receipts I need to process) means we are down to 43%.
October 31, 2025 at 2:53 AM
Have you been considering donating, but worried that we might be running out of space? Worry not! A new challenger appears! @Yhg1s has committed ANOTHER $5000 match, raising our total matching funds to $17,000, which (modulo a few additional receipts I need to process) means we are down to 43%.
Reposted by Seth Michael Larson
Archive formats like ZIP and tar can be abused to undermine the integrity of Python package users 📦 Learn how PSF Developer-in-Residence Seth Larson is strengthening Python's security with the #Python community in the new white paper "Slippery ZIPs and Sticky tar-pits" with Alpha-Omega:
Improving security and integrity of Python package archives
Security and integrity of the Python packaging ecosystem is critical, and the smallest unit of a packaging ecosystem is a "package". Python packages use existing archive formats like ZIP and tar to distribute Python projects to their users. Archives seem simple on the surface, but many ZIP and tar features can be abused to confuse implementations into seeing different contents of the same archive.
pyfound.blogspot.com
October 30, 2025 at 3:12 PM
Archive formats like ZIP and tar can be abused to undermine the integrity of Python package users 📦 Learn how PSF Developer-in-Residence Seth Larson is strengthening Python's security with the #Python community in the new white paper "Slippery ZIPs and Sticky tar-pits" with Alpha-Omega:
Reposted by Seth Michael Larson
This week, the #python Software Foundation rejected a $1.5MM NSF grant, due to a requirement that the PSF abandon diversity work.
So I joined forces with Python folks (@offby1, @petrillic, @amethyst) and we're matching up to $12,000 of donations to the PSF. 🧵
So I joined forces with Python folks (@offby1, @petrillic, @amethyst) and we're matching up to $12,000 of donations to the PSF. 🧵
October 29, 2025 at 9:26 PM
This week, the #python Software Foundation rejected a $1.5MM NSF grant, due to a requirement that the PSF abandon diversity work.
So I joined forces with Python folks (@offby1, @petrillic, @amethyst) and we're matching up to $12,000 of donations to the PSF. 🧵
So I joined forces with Python folks (@offby1, @petrillic, @amethyst) and we're matching up to $12,000 of donations to the PSF. 🧵
Reposted by Seth Michael Larson
PyPI serves billions of requests daily- but sustaining it isn’t free. The PSF joined the OpenSSF & others in calling for organizations to invest in sustainable open infrastructure. Learn what this means for #PyPI, the PSF, & how our community can pitch in:
Open Infrastructure is Not Free: PyPI, the Python Software Foundation, and Sustainability
In September, the Python Software Foundation (PSF) co-signed the Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship Letter published by the Open Source Security Foundation (OpenSSF) as a steward of the Python Package Index (PyPI). As a follow up, I would like to share a bit more about the concerns expressed in this letter as they relate to our community and the PSF.
pyfound.blogspot.com
October 29, 2025 at 1:11 PM
PyPI serves billions of requests daily- but sustaining it isn’t free. The PSF joined the OpenSSF & others in calling for organizations to invest in sustainable open infrastructure. Learn what this means for #PyPI, the PSF, & how our community can pitch in: