sethmlarson.dev

Email has algorithmic curation, too

July 15, 2025

I associate “algorithmic curation” with social media platforms like TikTok, YouTube, Instagram, and Twitter, but not with email. Maybe that thinking should...

Setting Discord status from physical GameCube console

July 8, 2025

Platinum GameCube with a Memcard Pro GC setting a Discord status Have you seen me "playing my GameCube" on Discord recently? This article is a tutorial...

Open Source Security work isn't "Special"

July 3, 2025

Why is security work unlike any other contribution to an open source project? Contributing bug fixes, documentation, community management, and governance can...

Hand-drawn QR codes

July 1, 2025

I picked up a grid paper sticky-note pad from a new local stationery store in Minneapolis. My first project: hand-drawing a small QR code and scanning it...

Pikmin 2 International Treasure Hoard

June 3, 2025

Pikmin 2 is a GameCube game about collecting treasure on an alien planet. One of the most distinguishing features of the treasures is that they sometimes use...

A(nimal Cros)SCII

May 8, 2025

I took the time to map the character encoding for Animal Crossing GC town, player, and passwords to Unicode characters. I’m calling the resulting encoding...

Voicemail for notifications

May 5, 2025

What if notifications are going the way of phone calls as a many-to-many attention-demanding “network” with a worsening value-to-noise ratio? Voicemail for...

Better boosting on Mastodon with smart clients

May 1, 2025

Happy May Day (aka International Workers’ Day) Today I wrote about how smarter Mastodon clients could improve the “boosting” experience, a-la TCP congestion...

Add Mastodon toot templates to your phone home screen

April 23, 2025

Are you attending #PyConUS (or any event) and want to keep Mastodon hashtag templates on your phone home screen? Here's what I'm doing this year to make...

Nintendo Switch 2 thoughts: DRM, digital/physical, prices, and GameCube?

April 3, 2025

I quickly wrote some thoughts about yesterdays' Switch 2 announcement, including a few things not included in the presentation like the prices, the physical...

Don't bring slop to a slop fight

March 25, 2025

I hear a common refrain whenever I talk about generative AI being abused in every communication channel: “just use AI to detect the AI”. This article...

I fear for the unauthenticated web

March 20, 2025

LLM and AI companies continue to be in the news for destroying public goods like the open web (not mentioned: climate, water, social media, democracy). But...

Fediverse Donut Club (#FediDonutFriday)

March 14, 2025

I’m creating a Fediverse Donut Club! Follow the #FediDonutFriday hashtag on your Fediverse instance to join. I'm interested in how we can make online...

Your GitHub Copilot access has been renewed 🤡

March 7, 2025

It's that magical time of the month again: “Your GitHub Copilot access has been renewed”.

Building software for connection (#2: Consensus)

February 11, 2025

This is the second article in a series about building “software for connection”. This article examines the “secret code system” in Animal Crossing for the...

New 7-part article series on “Software for Connection”

February 3, 2025

Hey friends! I'm excited to be publishing the first article in a 7-part series about “Software for Connection”. Let's explore some software paradigms for...

urllib3 2024 Annual Report

January 22, 2025

The 2024 annual report for urllib3 is now available, this year on co-maintainer Quentin Pradet’s blog instead of my own to switch things up. This was a...

Disabling Copilot on GitHub

January 19, 2025

Finally! GitHub has released the first feature I’ve enjoyed in months: a way to disable the annoying GitHub Copilot prompt on the home screen. Read more:...

Slop security reports for open source

December 3, 2024

I've noticed a concerning trend of "slop security reports" being sent to open source projects, whether because of LLMs, spurious scanning results, or a lack...

New article: How do I pay for a web page?

November 24, 2024

I'm working on a personal project for paying my favorite creators on the web. Part of that work includes trying to find /how/ to pay the hundreds of web...

New article: Visualizing the end-to-end Python package SBOM data flow

November 22, 2024

Happy Friday! As a part of my work to create a standard for including SBOM documents in Python packages I realized that it can be tough to “see the forest...

New article: SEGA Genesis & Mega Drive games and ROMs from Steam

November 20, 2024

SEGA is discontinuing the “Genesis and Mega Drive Classics Collection” on Steam on December 9th. This set of games is a cheap way to purchase ROMs for these...

New article: Promising early results for SBOMs in Python packages

November 14, 2024

Today I published some early validation results from my "SBOM for Python packages" project. TLDR: I forked auditwheel and added some rudimentary SBOM record-...

Writing a blog on the internet (Blog-iversary!)

November 11, 2024

Today is my 5-year blog-iversary! 😊 Writing had a positive impact on my life, I would love to see more people writing and sharing on the internet. I wrote...

Omnivore is shutting down soon: Migrate data and subscriptions

October 30, 2024

Omnivore recently announced they were bought by ElevenLabs, which is an AI company funded by Trump-supporting VC firm Andreessen Horowitz. As a part of this...

New article: Python and Sigstore

October 21, 2024

Did you know that CPython artifacts are signed with Sigstore? I’ve introduced a PEP which deprecates PGP signatures for CPython artifacts. Find out about the...

PyCon Taiwan 2024 Keynote slides and links

September 24, 2024

“Bytes, Pipes, and People” I delivered the PyCon Taiwan 2024 keynote this past weekend. The topic was about software security in decentralized and diverse...

New article: “YouTube without YouTube Shorts“

July 22, 2024

Are you like me and enjoy long-form creators on YouTube, but find YouTube Shorts to be a drain on your time? Disable YouTube Watch History to stay away from...

Thoughts on “Lockdown Mode”: the feature that stops BLASTPASS

July 2, 2024

I've been using “Lockdown Mode” on my iPhone for almost a year following the BLASTPASS / libwebp vulnerability. Here are my thoughts on the feature: Lockdown...

Automating Python Software Foundation vulnerability infrastructure

June 24, 2024

The Python Software Foundation is a CVE Numbering Authority which manages vulnerability data for CPython and pip. This article describes our vulnerability...

Bringing supply chain security (and stickers!) to PyCon US 2024

May 10, 2024

Next week is PyCon US 2024 in Pittsburgh and I’ll be there! Where I’ll be during PyCon US 2024 (and maybe where you want to be too?)New and exclusive “secure...

Backup Game Boy ROMs and saves on Ubuntu

May 6, 2024

Are you a retro gaming enthusiast and Ubuntu user like me? Here's a guide on using GB Operator and Playback to backup Game Boy ROMs and saves. Read more:...

Isolating risk in the CPython release process

May 2, 2024

Today’s report for the Security Developer-in-Residence role includes: Modifying the CPython release process in GitHub Actions to isolate the source artifacts...

CPython release automation, SBOMs for Windows artifacts coming soon!

April 10, 2024

Published the 33rd weekly report for the Security Developer-in-Residence role: CPython source and docs builds are now automated. More improvements...

Security Developer-in-Residence Weekly Report #32

March 29, 2024

I'm back from vacation and have a few events and conferences to report on: Summary of the CISA Open Source Security SummitHardening CPython against memory...

Regex character “$” doesn't mean “end-of-string”

March 9, 2024

When I first discovered this behavior all I could think was that "I can't be the only one who doesn't know this". Here's a short article about some platform-...

New article: Windows SBOM progress and conference plans for 2024

February 28, 2024

This is the final weekly report of February 2024 (and likely until April due to travel plans). This report covers a short update on Windows artifact SBOMs...

New article: Windows SBOM work and Alpha-Omega 2023 annual report

February 22, 2024

Getting started with SBOMs for Python Windows artifactsAlpha-Omega has published its 2023 annual report with quotes from Deb Nicholson and IProposal for...

New article: Websites without servers or networking

February 19, 2024

What would a local web without HTTP, servers, or networking look like? This article is a theory-crafting session based on a feature that has been removed...

New article: Challenges while building SBOM infrastructure for CPython

February 14, 2024

Today I go over the challenges I encountered so far when building the SBOM infrastructure for CPython, both technical and social. This was presented to the...

Software Bill-of-Materials documents are now available for CPython

February 8, 2024

CPython now has official Software Bill-of-Materials (SBOM) documents starting in 3.12.2! 🥳 You can read the announcement on the PSF blog which has info about...

Security Developer-in-Residence weekly report #26: Releases on PyPI are never "done"

January 24, 2024

This is the 26th weekly report for the Security Developer-in-Residence role: Discussion of open-ended PyPI releases and PEP 740 (digital attestations on...

New article: Defending against the PyTorch supply chain attack PoC

January 17, 2024

This is the 25th weekly report from the Security Developer-in-Residence role. This week I discuss how to defend from the proof-of-concept attack on PyTorch...

New article: urllib3 is fundraising for HTTP/2 support!

January 16, 2024

2023 was a transformative year for urllib3, headlined by the first stable release of v2.0 after multiple years of development. This release sets the stage...

Starting 2024 off strong for securing Python (SBOM, provenance, macOS build repro, software IDs, oh my!)

January 9, 2024

2024 has only just begun and there's already so much to talk about. Here's a summary of topics in the first weekly report for 2024 from the Security...

New article: 2023 year in review

December 31, 2023

2023 was a transformative year for me, so much has happened and I'm thankful for the good times with family and friends. Read my 2023 year in review...

Last weekly report of 2023: some thoughts about publish and build provenance

December 28, 2023

This is the last weekly report in 2023 for the Security Developer-in-Residence role, look forward to more in 2024! This article has some loose thoughts about...

New article: AI and Wonder

December 27, 2023

Do you feel a sense of wonder when experiencing AI-generated works of art? Read more: https://sethmlarson.dev/ai-and-wonder

New article: Security Developer-in-Residence Weekly Report #22

December 20, 2023

The second-to-last weekly report of 2023, this one is mostly a status report of Software Bill-of-Materials support for CPython and a few other projects. Read...

New article: Mahjong tiles and Unicode variation selectors

December 18, 2023

This is a short post about to learn about a small Unicode feature while admiring Mahjong glyphs. Enjoy! Read more: https://sethmlarson.dev/unicode-variation-...