New 7-part article series on “Software for Connection”
Hey friends! I'm excited to be publishing the first article in a 7-part series about “Software for Connection”. Let's explore some software paradigms for...
urllib3 2024 Annual Report
The 2024 annual report for urllib3 is now available, this year on co-maintainer Quentin Pradet’s blog instead of my own to switch things up. This was a...
Disabling Copilot on GitHub
Finally! GitHub has released the first feature I’ve enjoyed in months: a way to disable the annoying GitHub Copilot prompt on the home screen. Read more:...
Slop security reports for open source
I've noticed a concerning trend of "slop security reports" being sent to open source projects, whether because of LLMs, spurious scanning results, or a lack...
New article: How do I pay for a web page?
I'm working on a personal project for paying my favorite creators on the web. Part of that work includes trying to find /how/ to pay the hundreds of web...
New article: Visualizing the end-to-end Python package SBOM data flow
Happy Friday! As a part of my work to create a standard for including SBOM documents in Python packages I realized that it can be tough to “see the forest...
New article: SEGA Genesis & Mega Drive games and ROMs from Steam
SEGA is discontinuing the “Genesis and Mega Drive Classics Collection” on Steam on December 9th. This set of games is a cheap way to purchase ROMs for these...
New article: Promising early results for SBOMs in Python packages
Today I published some early validation results from my "SBOM for Python packages" project. TLDR: I forked auditwheel and added some rudimentary SBOM record-...
Writing a blog on the internet (Blog-iversary!)
Today is my 5-year blog-iversary! 😊 Writing had a positive impact on my life, I would love to see more people writing and sharing on the internet. I wrote...
Omnivore is shutting down soon: Migrate data and subscriptions
Omnivore recently announced they were bought by ElevenLabs, which is an AI company funded by Trump-supporting VC firm Andreessen Horowitz. As a part of this...
New article: Python and Sigstore
Did you know that CPython artifacts are signed with Sigstore? I’ve introduced a PEP which deprecates PGP signatures for CPython artifacts. Find out about the...
PyCon Taiwan 2024 Keynote slides and links
“Bytes, Pipes, and People” I delivered the PyCon Taiwan 2024 keynote this past weekend. The topic was about software security in decentralized and diverse...
New article: “YouTube without YouTube Shorts“
Are you like me and enjoy long-form creators on YouTube, but find YouTube Shorts to be a drain on your time? Disable YouTube Watch History to stay away from...
Thoughts on “Lockdown Mode”: the feature that stops BLASTPASS
I've been using “Lockdown Mode” on my iPhone for almost a year following the BLASTPASS / libwebp vulnerability. Here are my thoughts on the feature: Lockdown...
Automating Python Software Foundation vulnerability infrastructure
The Python Software Foundation is a CVE Numbering Authority which manages vulnerability data for CPython and pip. This article describes our vulnerability...
Bringing supply chain security (and stickers!) to PyCon US 2024
Next week is PyCon US 2024 in Pittsburgh and I’ll be there! Where I’ll be during PyCon US 2024 (and maybe where you want to be too?)New and exclusive “secure...
Backup Game Boy ROMs and saves on Ubuntu
Are you a retro gaming enthusiast and Ubuntu user like me? Here's a guide on using GB Operator and Playback to backup Game Boy ROMs and saves. Read more:...
Isolating risk in the CPython release process
Today’s report for the Security Developer-in-Residence role includes: Modifying the CPython release process in GitHub Actions to isolate the source artifacts...
CPython release automation, SBOMs for Windows artifacts coming soon!
Published the 33rd weekly report for the Security Developer-in-Residence role: CPython source and docs builds are now automated. More improvements...
Security Developer-in-Residence Weekly Report #32
I'm back from vacation and have a few events and conferences to report on: Summary of the CISA Open Source Security SummitHardening CPython against memory...