Advertisement · 728 × 90

Posts by ciaran

The Axios supply chain attack used individually targeted social engineering The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved …

Partial blame to Microsoft and Zoom for normalizing the need to install new software just to make video calls, despite browsers being perfectly capable. They make it extra hard to even find the web-only links.

simonwillison.net/2026/Apr/3/s...

2 weeks ago 137 27 1 3

jk, it’s lovely

3 months ago 1 0 0 0

upper west side shite! imo

3 months ago 2 0 2 0

who could this be about?

4 months ago 1 0 1 0

more grist for my “calling something safe doesn’t make it so” mill…

4 months ago 1 0 0 0

it’s damning that the GitHub actions “safe_sleep” bug highlighted here was ever merged in the first place, but truly incredible that it went unfixed for so long. in any case, congrats to Zig

4 months ago 1 0 1 0

wait, is Streetsblog secretly printing money?

5 months ago 2 0 0 0
The PSF has withdrawn $1.5 million proposal to US government grant program In January 2025, the PSF submitted a proposal to the US government National Science Foundation under the Safety, Security, and Privacy of Open Source Ecosystems program to address structural vulnerabilities in Python and PyPI. It was the PSF’s first time applying for government funding, and navigating the intensive process was a steep learning curve for our small team to climb. Seth Larson, PSF Security Developer in Residence, serving as Principal Investigator (PI) with Loren Crary, PSF Deputy Executive Director, as co-PI, led the multi-round proposal writing process as well as the months-long vetting process. We invested our time and effort because we felt the PSF’s work is a strong fit for the program and that the benefit to the community if our proposal were accepted was considerable. We were honored when, after many months of work, our proposal was recommended for funding, particularly as only 36% of new NSF grant applicants are successful on their first attempt. We became concerned, however, when we were presented with the terms and conditions we would be required to agree to if we accepted the grant. These terms included affirming the statement that we “do not, and will not during the term of this financial assistance award, operate any programs that advance or promote DEI, or discriminatory equity ideology in violation of Federal anti-discrimination laws.” This restriction would apply not only to the security work directly funded by the grant, **but to any and all activity of the PSF as a whole**. Further, violation of this term gave the NSF the right to “claw back” previously approved and transferred funds. This would create a situation where money we’d already spent could be taken back, which would be an enormous, open-ended financial risk. Diversity, equity, and inclusion are core to the PSF’s values, as committed to in our mission statement: > _The mission of the Python Software Foundation is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of**a diverse and international community** of Python programmers._ Given the value of the grant to the community and the PSF, we did our utmost to get clarity on the terms and to find a way to move forward in concert with our values. We consulted our NSF contacts and reviewed decisions made by other organizations in similar circumstances, particularly The Carpentries. In the end, however, the PSF simply can’t agree to a statement that we won’t operate any programs that “advance or promote” diversity, equity, and inclusion, as it would be a betrayal of our mission and our community. We’re disappointed to have been put in the position where we had to make this decision, because we believe our proposed project would offer invaluable advances to the Python and greater open source community, protecting millions of PyPI users from attempted supply-chain attacks. The proposed project would create new tools for automated proactive review of all packages uploaded to PyPI, rather than the current process of reactive-only review. These novel tools would rely on capability analysis, designed based on a dataset of known malware. Beyond just protecting PyPI users, the outputs of this work could be transferable for all open source software package registries, such as NPM and Crates.io, improving security across multiple open source ecosystems. In addition to the security benefits, the grant funds would have made a big difference to the PSF’s budget. The PSF is a relatively small organization, operating with an annual budget of around $5 million per year, with a staff of just 14. $1.5 million over two years would have been quite a lot of money for us, and easily the largest grant we’d ever received. Ultimately, however, the value of the work and the size of the grant were not more important than practicing our values and retaining the freedom to support every part of our community. The PSF Board voted unanimously to withdraw our application. Giving up the NSF grant opportunity—along with inflation, lower sponsorship, economic pressure in the tech sector, and global/local uncertainty and conflict—means the PSF needs financial support now more than ever. We are incredibly grateful for any help you can offer. If you're already a PSF member or regular donor, you have our deep appreciation, and we urge you to share your story about why you support the PSF. Your stories make all the difference in spreading awareness about the mission and work of the PSF. How to support the PSF: * Become a Member: When you sign up as a Supporting Member of the PSF, you become a part of the PSF. You’re eligible to vote in PSF elections, using your voice to guide our future direction, and you help us sustain what we do with your annual support. * Donate: Your donation makes it possible to continue our work supporting Python and its community, year after year. * Sponsor: If your company uses Python and isn’t yet a sponsor, send them our sponsorship page or reach out to sponsors@python.org today. The PSF is ever grateful for our sponsors, past and current, and we do everything we can to make their sponsorships beneficial and rewarding.

The Python Software Foundation shows more spine than every single tech giant in just one single decision.

> Diversity, equity, and inclusion are core to the PSF’s values

pyfound.blogspot.com/2025/10/NSF-funding-stat...

5 months ago 84 306 2 1

no, it’s usually more like kweeveen

6 months ago 3 0 1 0
Advertisement

my point is, it’s a name that’s different from Kevin. It’d be like if you were named Juan, but someone decided to call you John because “Juan just means John”.

6 months ago 3 0 0 0

no, it means Caoimhín 🙄

6 months ago 31 1 4 0

that seems like it could be very helpful

10 months ago 0 0 0 0
Preview
proposal: simd: architecture-specific SIMD intrinsics under a GOEXPERIMENT · Issue #73787 · golang/go Proposal Details SIMD is crucial for achieving high performance in many modern workloads. While Go currently allows access to SIMD via hand-written assembly, this approach has significant drawbacks...

Finally a #golang SIMD proposal I can get behind in overall terms! <3 github.com/golang/go/is...

10 months ago 3 1 0 0

arguably, that’s better

1 year ago 1 0 0 0
Using Type Aliasing To Make net/http Make Sense Using Type Aliasing To Make net/http Make Sense Two of Go’s strong points – that it deservedly receives much praise for – are its simplicity relative to other programming languages and its robust and ...

wrote a bit about Go's net/http package and fixing some of its, imo, unfortunate naming choices with type aliases

1 year ago 1 0 1 0

the illegal sharing of sensitive information is bad and all, but I would say planning to murder scores of people over oil is worse

1 year ago 1 0 0 0

it’s wild to see people disputing this. I’ve met many ppl, come to think of it all young men, who’s entire life savings are in crypto. none of them are rich

1 year ago 0 0 0 0

symlinks should be outlawed fr

1 year ago 1 0 1 0

using “native code” as a euphemism for Go is funny to me ngl

1 year ago 2 0 0 0
Advertisement
XOR

A remarkably comprehensive write-up of what xor is and why it’s useful www.chiark.greenend.org.uk/~sgtatham/qu...

1 year ago 174 24 10 2

damn I hope life isn’t just listening to pogues songs as they become increasingly relatable and then you die

1 year ago 1 0 0 1

The saying the government doesn't use SQL to your .gov page suffering an SQL injection attack pipeline.

1 year ago 64 24 4 3

right up there with this bit of charlatanism

1 year ago 2 0 0 0

Konsole is goated… I feel like I’m missing something wrt the hype around ghostty, wezterm, et al

1 year ago 0 0 0 0

if you do know how to code, there’s absolutely no reason to pay $200/month for an LLM. If you don’t know how to code, how would you evaluate and debug its output?

1 year ago 1 0 0 0

otoh, you can learn to code for free

1 year ago 14 0 1 0
Learning C: Bitten by Strings Learning C: Bitten by Strings TLDR: In C, string literals aren’t just pointers and they aren’t just arrays either.

decided to document some of my follies learning c

1 year ago 0 0 0 0
Advertisement

anybody have a lobste.rs invite to spare? 🥺

1 year ago 1 0 0 0
"Imbolc or Imbolg, also called (Saint) Brigid's Day (Irish: Lá Fhéile Bríde, Scottish Gaelic: Là Fhèill Brìghde, Manx: Laa'l Breeshey), is a Gaelic traditional festival marking the beginning of spring."

"Imbolc or Imbolg, also called (Saint) Brigid's Day (Irish: Lá Fhéile Bríde, Scottish Gaelic: Là Fhèill Brìghde, Manx: Laa'l Breeshey), is a Gaelic traditional festival marking the beginning of spring."

"February-isn't-Spring" people, remove the coloniser from your mind

1 year ago 860 214 33 13
Post image

gonna start pronouncing it gigabyte from now on

1 year ago 1 0 0 1