Security means securing people where they are

from blog ENOSUCHBLOG, | ↗ original
↗ original
Standard disclaimer: These are my personal opinions, not the opinions of my employer, PyPI, or any open source I projects I participate in (either for funsies or because I’m paid to). In particular, nothing I write below can be interpreted to imply (or imply the negation of) similar opinions by any of the above, except where explicitly stated.
This is a short summary. ↗ Open original to view full content

Related

List of Articles about Programming Skepticism
Blog on Hillel Wayne | original ↗
Skin in the Game
Armin Ronacher's Thoughts and Writings | original ↗
My Maintenance Policy
Filippo Valsorda | original ↗
Don't worry about LLMs
Vicki Boykis | original ↗
on the xz backdoor
erock's devlog | original ↗
The Python Package Index Should Get Rid Of Its Training Wheels
Loris Cro's Personal Website | original ↗
Skin in the Game
Armin Ronacher's Thoughts and Writings | original ↗
The Security/Product Design Correspondence
Technical Journal | original ↗
Some Diversity Advice I Give
Cogito, Ergo Sumana | original ↗
Is Sourceforge.net safe anymore to download software
Prahlad Yeri | original ↗

More from ENOSUCHBLOG

zizmor would have caught the Ultralytics workflow vulnerability
6 Dec 2024 | original ↗

TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.

Introducing zizmor: now you can have beautiful clean workflows
27 Oct 2024 | original ↗

This is an announcement for zizmor, a new tool for finding security issues in GitHub Actions setups. You can run it on one or more workflow definitions1, and it’ll emit cargo-style diagnostics, SARIF, or JSON as you please. Support for custom actions (e.g. action.yml within actions/checkout or similar) is planned, but not implemented yet. ↩

YAML feature extraction with yamlpath
10 Sept 2024 | original ↗

Another Rust crate announcement: this time I’m announcing yamlpath, a small library for format-preserving YAML feature extraction.

Tracking and publishing my TILs
18 Aug 2024 | original ↗

Mini-post.

Approximating sum types in Python with Pydantic
12 Aug 2024 | original ↗

TL;DR: You can use Pydantic’s support for tagged unions to approximate sum types in Python; go right to Sum types in Python (and onwards) to see how it’s done.