Lego set for the Gameboy DMG

Received the #Lego #Gameboy as a gift! My chances of doing buildaboy.co by @nataliethenerd.com have suddenly increased astronomically.

Creating a personalised bin calendar Every year I use Python and a bit of CSS to create a fridge calendar that tells me about bin day.

Creating a personalised bin calendar: alexwlchan.net/2026/bin-cal...

I wrote a quick post about how I create my a fridge calendar that tells me about bin day.

Python stdlib + CSS = 🚮 💚

pip supports this option, too via --min-release-age. Relative dependency cooldowns (e.g. "7 days" or "P7D") are coming in pip v26.1 which can be configured globally in your pip.conf

Lockdown Mode for Apple devices Back in September 2023 the libwebp vulnerability (also known as BLASTPASS) was being actively exploited to target a journalist's mobile device. After reading the report from Citizen Lab I learned a...

My write-up on the feature after a year of using Lockdown Mode:

sethmlarson.dev/ios-lockdown...

Apple says no one using Lockdown Mode has been hacked with spyware | TechCrunch The tech giant's claim that it has not seen any successful spyware attacks targeting Apple devices with Lockdown Mode enabled comes amid a leak of hacking tools targeting users running devices with ol...

I've been an #iOS Lockdown Mode user (and iCloud Advanced Data Security) for ~2 years now, it breaks a few things but... might be worth it to be Cellebrite and zero-day proof these days?

techcrunch.com/2026/03/27/a...

#security #iphone

We're working lots with Arrow these days.
I needed a tool to do some debug/filtering.

So I've built a thing!

If that helps you as much as it helps me, use it, feedbacks and PRs are welcome. 🥳

Studies into the abstraction of cartridge designs into letter forms.

Lots of research into cartridge types, and pages of these as I tried to see what aspects of each cart to use, how much to abstract it, and what letters to assign them to. Turned out way better than it would have otherwise due to a bunch of great feedback from @supernatetendo.bsky.social as well.

Phone with two Pocket Tacos on either end completely obscuring the emulator on screen.

@thewulffden.com @bob.thewulffden.com Got the GameSir Pocket Taco from your review. Love it so far!

Wikipedia Bans AI-Generated Content “In recent months, more and more administrative reports centered on LLM-related issues, and editors were being overwhelmed.”

NEW: Wikipedia has banned AI-generated content.

Limit candidate packages to those that were uploaded prior to the given date. Accepts RFC 3339 timestamps (e.g., 2006-12-02T02:07:43Z), local dates in the same format (e.g., 2006-12-02) resolved based on your system's configured time zone, a "friendly" duration (e.g., 24 hours, 1 week, 30 days), or an ISO 8601 duration (e.g., PT24H, P7D, P30D). Durations do not respect semantics of the local time zone and are always resolved to a fixed number of seconds assuming that a day is 24 hours (e.g., DST transitions are ignored). Calendar units such as months and years are not allowed. May also be set with the UV_EXCLUDE_NEWER environment variable.

In light of the fallout from the LiteLLM supply chain attack, I just learned that you can exclude newly published package versions when installing with uv using exclude-newer.

Why pylock.toml includes digital attestations A Python project got hacked where malicious releases were directly uploaded to PyPI. I said on Mastodon that had the project used trusted publishing with digital attestations, then people using a pylo...

I said digital attestations and `pylock.toml` would have helped with the litellm attack. People asked for more details, so I wrote a blog post explaining why it would have helped.

snarky.ca/why-pylock-t...

@webhdx.bsky.social @dolphindepot.bsky.social 👀

God, I really hate what open source is becoming.

Commenting a humongous block of text as an "analysis" with a line at the end that you are an AI agent is not helpful.

Not to be dramatic but the volume of slop right now is an attack on maintainers.

github.com/python/cpyth...

LAN Party Calculator (Mario Kart, Kirby Air Riders, F‑Zero) Nintendo has multiple popular racing franchises, including Mario Kart, Kirby Air Ride, and F-Zero. Each of these franchises spans multiple titles and consoles and have ways to play with more than o...

🧮 LAN Party Calculator for Mario Kart, Kirby Air Ride, and F-Zero

sethmlarson.dev/lan-party-ca...

#gaming #mariokart #kirbyairriders #fzero #nintendo

LAN Party Calculator (Mario Kart, Kirby Air Riders, F‑Zero) Nintendo has multiple popular racing franchises, including Mario Kart, Kirby Air Ride, and F-Zero. Each of these franchises spans multiple titles and consoles and have ways to play with more than o...

🧮 LAN Party Calculator for Mario Kart, Kirby Air Ride, and F-Zero

sethmlarson.dev/lan-party-ca...

#gaming #mariokart #kirbyairriders #fzero #nintendo

Stop trusting mutable references: how Eclipse Foundation projects should harden GitHub Actions after the Trivy compromise On March 19, 2026, an attacker used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action, and replace all 7 tags in aquas...

I published a blog post that lists recommendations and outlines concrete steps that open source projects can (should?) take to reduce the risk of supply chain breaches similar to the recent Trivy incident: mikael.barbero.tech/blog/post/20...

If the Python core team started a weekly/monthly newsletter, what would y'all want out of it? What would make you excited to see the notification in your inbox?

@emmatyping.dev and I were brainstorming a bit on this the other day, inspired a bit by @thisweekinrust.bsky.social.

Getting started with the GameSir “Pocket Taco” with iPhone and Delta emulator GameSir shipped the pre-orders for the “Pocket Taco” mobile controller on March 15th and I received mine today. This controller uses Bluetooth and a padded grip mechanism to add physical buttons to...

Received my pre-ordered GameSir “Pocket Taco” this morning and found the setup to be non-trivial for iPhone and configuring the controller with the @deltaemulator.com Here’s the exact steps to setup and start playing with this new controller:

🌮 sethmlarson.dev/getting-star...

#gaming #retrogaming

We’re looking at adding inline types to Requests. If you have typed codebases that use Requests, we’d love feedback!

github.com/psf/requests...

Python library “Requests” needs you to test type hints Requests is a popular HTTP client library available on the Python Package Index (PyPI). Sitting in the top 10 packages by downloads on PyPI, this library is used by many, many projects. This librar...

The popular #Python library “Requests” needs your help! @nateprewitt@fosstodon.org plans to add type hints to the API and is requesting feedback:

sethmlarson.dev/python-libra...

#typing #http #typehints

Open Source Security work isn't “Special” I gave this keynote at OpenSSF Community Day NA 2025 in Denver, Colorado. There is a recording published on YouTube. This talk was given as the Security-Developer-in-Residence at the Python ...

This matches my suggestion in “Open Source Security work isn't Special”, where I argued against the assumption that security work is done only by few privileged maintainers.

sethmlarson.dev/security-wor...

Kudos to GitHub for improving this important feature! 🚀

Investing in the security advisory experience on GitHub 🔐 · community · Discussion #189802 We hear you: the signal-to-noise problem is real Over the past few months, we've heard from maintainers across the ecosystem - in community discussions, in support channels, and directly - that the...

Exciting news for projects on GitHub looking to use the private vulnerability reporting / security advisories features:

“We're working toward enabling fine-grained permissions for security advisories - create, read, edit, and close/accept/publish”

github.com/orgs/communi...

New this year at #PyConUS 2026:
🔐Trailblazing Python Security Track!

Join us on Saturday, May 16th in Long Beach, CA to learn from experts & shape the future of the Python security landscape.

Get all the details and check out the full schedule here: pycon.blogspot.com/2026/03/atte...

Trailblazing Python Security PyCon US 2026

Very excited for @pycon.us - there's an entire #Security focused track chaired by @juanitagomezr.bsky.social & @sethmlarson.dev

Come on out to Long Beach, CA in May, listen to me talk about @pypi.org #SupplyChain

Check it out here: us.pycon.org/2026/tracks/...

#Python #PyCon #PyConUS #OpenSource

I’ve added human.json to my website Evan Hahn recently blogged about adding support for the “human.json protocol” to his website. I read the specification and thought this seemed like a straightforward protocol to implement. I've fol...

Inspired by @evanhahn.com’s blog post I've added “human.json” to my website. This simple protocol allows vouching for your network of friends on the web.

sethmlarson.dev/ive-added-hu...

PyCon US 2026 Keynote Speakers (from left to right): Rachell Calhoun, Tim Schilling, Lin Qiao, Pablo Galindo Salgado, amanda casari

Python friends, it’s time. 🐍

The #PyConUS 2026 schedule is LIVE!

Start planning your talks, meet the keynote speakers, and register for tutorials, summits & events!

🔗 us.pycon.org/2026/schedule/

Full details: pycon.blogspot.com/2026/03/laun...

Easy-to-use solar panels are coming, but utilities are trying to delay them Utilities are convincing lawmakers around the U.S. to delay bills that would allow people to buy solar panels, plug them into an outlet and begin generating electricity.

Utilities are convincing lawmakers around the U.S. to delay bills that would allow people to buy solar panels, plug them into an outlet and begin generating electricity. n.pr/4ul3y2p

Python Insider The official blog of the Python core development team.

ICYMI, there is a new blog for #Python ! 🥳

blog.python.org

Give it a follow in your #RSS reader of choice, I am hoping to see more exciting Python content beyond just release notes published there.

List of Nintendo racing games like Mario Kart, F-Zero, and Kirby Air Ride grouped by console.

TIL about the <optgroup> #HTML element. I feel like I learn so much about HTML and JS whenever I create an interactive piece for the blog 🤩

developer.mozilla.org/en-US/docs/W...

Pocket friend here! I'm pretty sure I think "primarily" "in words" and don't believe LLMs are sentient.