Notices by Seth Larson (sethmlarson@fosstodon.org)

@badnetmask What features are missing from the solutions that you already mentioned compared to Gists (pages/files in repo)? Comments? A single count of stars per "gist"?

Did you know that premier #Python talent uses @pycon Sponsors pages as a high-signal "Job Board"? Sponsoring a Python conference shows that your company is serious about Python and wants the community of practitioners to know it! 💜

This is how I found my previous job at #Elastic. Elastic was a Gold tier sponsor for PyCon 2019, thank you Elastic! 👏

So what Python talent are you missing out on by not having your name on this page, both this year and next? 🤔

👉 https://us.pycon.org/2025/sponsorship/why-sponsor/

/Everyone/ is trying their best, there's always more work to do than there is time for.

I received this email reminder after publishing the latest release of "Truststore" about hardening our publish workflow. This is one of the improvements that PyPI implemented after the Ultralytics supply-chain attack last year to guide folks towards more secure publishing workflows (https://blog.pypi.org/posts/2024-12-11-ultralytics-attack-analysis/).

#python #pypi #oss #opensource #security

Some really good news: Sovereign Tech Agency (@sovtechfund) has announced their first cohort of Fellows, and among them is a friend: @hugovk 🥳

Congrats Hugo and everyone! Having chatted with Mirko last year I am really excited for this program to show how impactful paying a handful of maintainers full-time can be.

Read Hugo's blog on the Fellowship: https://hugovk.dev/blog/2025/im-excited-to-join-the-sovereign-tech-fellowship/

This article is quite different than what I normally publish, so feedback is really appreciated for this one. What do you think about it? The length, the topic, the fact that it's a series instead of one big article?

https://fosstodon.org/@sethmlarson/113940888121118990

If I can stop going to Target, then you can too. I've probably been in a Target at least weekly since I was born.

Very proud of my representative Ilhan Omar who is speaking with many others in front of USAID HQ (#uspol) https://www.youtube.com/watch?v=stI7ZIb9FDg

FYI "Just following orders" doesn't mean you're safe from the crimes you're committing.

Also, WIRED is running a $5 for a year sale right now, if journalism like this continues it will be very worth supporting.

#uspol

https://www.wired.com/story/elon-musk-government-young-engineers/

https://sethmlarson.dev/significant-whitespace

The threat of Trump EOs has caused the National Science Foundation to pause grant review panels. Critically for Python and PyPI security I spent most of December authoring and submitting a proposal to the "Safety, Security, and Privacy of Open Source Ecosystems" program. What happens now is uncertain to me.

Shuttering R&D only leaves open source software users more vulnerable, this is nonsensical in my mind given America's dependence on software manufacturing.

https://www.npr.org/sections/shots-health-news/2025/01/27/nx-s1-5276342/nsf-freezes-grant-review-trump-executive-orders-dei-science

@dansup :blobcatsweat: We're gonna need more Expansion Paks!

These news articles clearly aren't reaching a wide enough audience, because every time I say that I'll be buying older cars without software/connectivity I get a bunch of surprised Pikachu faces.

https://www.wired.com/story/subaru-location-tracking-vulnerabilities/

And I love Subaru, I've driven one for the past 15+ years. Great for Minnesota with the right tires, you just will never get stuck ever.

It's here! The 2024 annual report for #urllib3, a relatively quiet year that included work on HTTP/2 and Web Assembly (WASM). We include our plans for Python 2 deprecation, please take a look. $3,300 worth of bounty issues exist today!

https://quentin.pradet.me/blog/urllib3-in-2024.html

FYI, I've backed the @pixelfed Kickstarter, maybe you should too?

https://www.kickstarter.com/projects/pixelfed/pixelfed-foundation-2024-real-ethical-social-networks

Pixelfed is being slammed with traffic right now, send them some support if you support their mission :)

https://mastodon.online/@mastodonmigration/113822619296882086

Meta is scared of Pixelfed. This is the biggest endorsement of Pixelfed that I've seen so far.

https://fosstodon.org/@mastodonmigration@mastodon.online/113819524021365621

This model has me excited, web pages that asynchronously load #Python and #Pyodide for a seamless experience for the user while allowing developers to use Python.

https://kai.bi/post/run-python-programs-easily-in-the-browser

What the fuck is happening over at Meta???

Fake AI profile of a "Black queer momma of 2" that Meta is proudly putting its name on ("AI managed by Meta" in the profile) featuring pictures of fake charity donations and children.

https://mastodon.social/@kjhealy/113765040222504912

@baconandcoconut In our case it was blind assumptions, I wouldn't expect them to check social media but internalizing how we sign off on our own cards or texting to clarify are well-within the realm of expectations for them. I would not be surprised if for both family members this was their first experiences with a married couple that didn't share a family name.