Notices by Seth Larson (sethmlarson@fosstodon.org)

It's frustrating that every announcement for a new security feature that includes the word "GitHub" immediately gets swarmed by comments and conspiracy theories about GitHub.

I'm an anti-monopolist and want there to be a multitude of ways we build open source software, but I believe security features are different: mostly because they are either enabled by default or largely ignored.

GitHub is important to support because it's where 84% (372,841 / 440,821) of Python packages on PyPI are built.

I published a new small project called "whichprovides" that's an abstraction over many package manager ecosystems, mostly for generating Package URLs to include in SBOMs:

#python #opensource #oss #sbom

https://sethmlarson.dev/new-project-whichprovides

@glyph Loved your #nbpy talk! You mentioned that many libraries on PyPI aren't testing in browser so in case you hadn't seen this yet, urllib3 is being tested in Firefox and Chrome:

https://github.com/urllib3/urllib3/blob/main/.github/workflows/ci.yml#L113

It's definitely not free and the config has been contributed by someone outside of our core team, definitely not straightforward to maintain. Would welcome this becoming much easier for Python projects to do!

Very good thread from @inthehands, LLMs cement the patterns of today and actual engineering and long-term problem solving require slow careful iteration and improvement.

https://hachyderm.io/@inthehands/114373816449701933

I've taken an interest in peer-to-peer and CRDT technologies lately. I'm going to poke around with this collection of modules I saw on HN: https://p2panda.org/

Honestly, sharing this article because I love the visualization at the end. Feeling this hard for digital spaces, we don't need everything to be TikTok.

https://rakhim.exotext.com/but-what-if-i-really-want-a-faster-horse

"I encourage maintainers to reject user feedback that is much more properly directed to some commercial software vendor who has not implemented the specification correctly"

💯 This is the way. Don't bend to deviations from specs, even if it means a user is unhappy.

https://alexgaynor.net/2025/mar/25/postels-law-and-the-three-ring-circus/

The worst part of iOS Lockdown Mode is that your friends can't text you GIFs... 🥲

Short-and-sweet video about "Skinner's Box" and how it relates to frictionless user experiences like social media and infinite scrolling:

https://www.youtube.com/watch?v=bNOol5OTasw

It's the first #FediDonutFriday 🍩 I'm starting a donut club for the Fediverse, let's get donuts together!

https://sethmlarson.dev/fedi-donut-friday

https://sethmlarson.dev/post-malone-oreos

Turns out 'Circles' was about Oreo cookies all along... ⚫⚪

Lovely interview about my friend @picandocodigo who has been blogging about video games since 2007 💜

https://tecnolocuras.com/entrevistas/conversaciones-con-blogueros-fernando-briano/

When was the last time you shared words of appreciation, your thoughts, or started a conversation with the author of *something* on the web? (specifically words, not likes/retoots)

I think the web would be a better place if more of this was happening.

If there's a piece of web content that you really loved and stuck with you *for all this time* and you're still thinking about it right now... go figure out who made it and send them a message! 💜

Minnesotans, you should be calling Amy to let her know what you think about her cosponsoring this bill. Donald Trump has already told you what he intends to do with the Take It Down Act.

https://fed.brid.gy/r/https://bsky.app/profile/did:plc:cak4klqoj3bqgk5rj6b4f5do/post/3ljq5cvkle22d

I'll be covering the #Python Language Summit 2025 again at #PyConUS! ⌨️💥

https://discuss.python.org/t/python-language-summit-at-pycon-us-2025-in-pittsburgh/82901

Might as well keep a running list of things I discover. My USB security key worked on the very first try for authenticating.

Contrast that with Firefox where sometimes I'll get a random "failed" error and then it'll work on a retry. I am not certain what the source of this issue is, and I'm not convinced it's Firefox's fault (Bitwarden REALLY wants to be the one to prompt you for your hardware key)

I abhor notification indicators, so I'm really happy that I can disable absolutely all of them so far. Although I wish there was more contextual options to simply "make this go away", usually you have to dig into settings and find each individual item.

Just got a notification from @Inoreader about "automatically summarizing articles"... is it so unbelievable that people want to read what they've subscribed to? 😢

So I'm trying out #VIvaldi browser (@Vivaldi) on #Ubuntu and I'll report back with what I think.

So far the initial setup and tinkering has been going well, I've got my password manager, feed reader all setup. Every optional piece of fluff that is "useful for someone but not me" has been dismissable or can be hidden from view. Great initial impression 👍

https://vivaldi.com

Positive action after an investigation, yay! https://www.404media.co/public-library-ebook-service-to-cull-ai-slop-after-404-media-investigation-3/?ref=daily-stories-newsletter