sethmlarson.dev

Regex character “$” doesn't mean “end-of-string”

March 9, 2024

When I first discovered this behavior all I could think was that "I can't be the only one who doesn't know this". Here's a short article about some platform-...

New article: Windows SBOM progress and conference plans for 2024

February 28, 2024

This is the final weekly report of February 2024 (and likely until April due to travel plans). This report covers a short update on Windows artifact SBOMs...

New article: Windows SBOM work and Alpha-Omega 2023 annual report

February 22, 2024

Getting started with SBOMs for Python Windows artifactsAlpha-Omega has published its 2023 annual report with quotes from Deb Nicholson and IProposal for...

New article: Websites without servers or networking

February 19, 2024

What would a local web without HTTP, servers, or networking look like? This article is a theory-crafting session based on a feature that has been removed...

New article: Challenges while building SBOM infrastructure for CPython

February 14, 2024

Today I go over the challenges I encountered so far when building the SBOM infrastructure for CPython, both technical and social. This was presented to the...

Software Bill-of-Materials documents are now available for CPython

February 8, 2024

CPython now has official Software Bill-of-Materials (SBOM) documents starting in 3.12.2! 🥳 You can read the announcement on the PSF blog which has info about...

Security Developer-in-Residence weekly report #26: Releases on PyPI are never "done"

January 24, 2024

This is the 26th weekly report for the Security Developer-in-Residence role: Discussion of open-ended PyPI releases and PEP 740 (digital attestations on...

New article: Defending against the PyTorch supply chain attack PoC

January 17, 2024

This is the 25th weekly report from the Security Developer-in-Residence role. This week I discuss how to defend from the proof-of-concept attack on PyTorch...

New article: urllib3 is fundraising for HTTP/2 support!

January 16, 2024

2023 was a transformative year for urllib3, headlined by the first stable release of v2.0 after multiple years of development. This release sets the stage...

Starting 2024 off strong for securing Python (SBOM, provenance, macOS build repro, software IDs, oh my!)

January 9, 2024

2024 has only just begun and there's already so much to talk about. Here's a summary of topics in the first weekly report for 2024 from the Security...

New article: 2023 year in review

December 31, 2023

2023 was a transformative year for me, so much has happened and I'm thankful for the good times with family and friends. Read my 2023 year in review...

Last weekly report of 2023: some thoughts about publish and build provenance

December 28, 2023

This is the last weekly report in 2023 for the Security Developer-in-Residence role, look forward to more in 2024! This article has some loose thoughts about...

New article: AI and Wonder

December 27, 2023

Do you feel a sense of wonder when experiencing AI-generated works of art? Read more: https://sethmlarson.dev/ai-and-wonder

New article: Security Developer-in-Residence Weekly Report #22

December 20, 2023

The second-to-last weekly report of 2023, this one is mostly a status report of Software Bill-of-Materials support for CPython and a few other projects. Read...

New article: Mahjong tiles and Unicode variation selectors

December 18, 2023

This is a short post about to learn about a small Unicode feature while admiring Mahjong glyphs. Enjoy! Read more: https://sethmlarson.dev/unicode-variation-...

New article: Python listed as memory-safe language by CISA

December 14, 2023

The US government organization CISA (Cybersecurity and Infrastructure Security Agency) released new recommendations regarding memory-safety of programming...

New article: Review of the Security Developer-in-Residence role in 2023

December 6, 2023

With 2023 on the way out, I've been putting together multiple end-of-year reports detailing what I've accomplished in the first 6 months as the Security...