Aww shucks, that's where I live
05.03.2026 03:05
π 0
π 0
π¬ 0
π 0
Aww shucks, that's where I live
You're here and didn't say hello???!
Thanks @fastly.com for taking some time to ask me questions and share my responses - it's quite unique to work on a system like this
It's a Timemore Mirror scale Nano - and it's very pretty, and matches my other white/off-white coffee decor
Single shot of espresso
Very cool! I wonder if the recent Claude Chrome Extension would make this simpler, did you check that out?
I was just as surprised as you!!
I go between espresso and instant (yes, I know, two ends of a spectrum!)
12 grams is what my coffee maker basket is comfortable with, I'll try 13 sometime to see if that extra gram fits in properly
Photos of countertop precision scale with coffee beans showing 12.0 on the digital display
That satisfying feeling when you scoop out precisely 12 grams of coffee beans for your first cup on first try
Sounds like a solid engineering effort
Well, was it complete? π
Deprecate confusing APIs like βos.path.commonprefix()β. After fixing a vulnerability in #pip, I started digging into the confusing API and found more than I expected.
π sethmlarson.dev/deprecate-co...
#python #oss #opensource #security
We're hiring! The PSF is looking for a full-time, remote, US-based Infrastructure Engineer to help keep PyPI, python.org, docs.python.org, and PyCon US running for millions of Python users worldwide π Apply here:
Mostly Opus 4.6, and it is smart enough to farm out subtasks to Sonnet
It definitely puts you in the seat of the product owner, and makes you think more about some of the language you use - how much to do you get into the implementation of a specific behavior, vs expressing the desired outcome clearly and succinctly enough.
All of this hinges on good test suites!
Claude Code is improving faster than ever, and I'm impressed by their ability to make it better without me tinkering with MCPs, Skills, or other things. It knows when to enter planning mode, ask me very good, targeted questions to answering a batch before proceeding with some new design.
PyPI does not exist to be your personal or commercial software distribution platform, especially if you intentionally obfuscate your code.
The @opensource.org definition includes:
> Deliberately obfuscated source code is not allowed.
More: opensource.org/osd
Since then, we've also added an extra layer of confirmation for TOTP logins from a new location, which while can be annoying, may also inspire folks to use Webauthn more.
Read more about that here: blog.pypi.org/archive/2025...
If they were using Webauthn, nothing happened, since the browser/device wouldn't prompt the user since the domains don't match - strengthening the case for non-TOTP.
TL,DR the attack used a web proxy in front of PyPI, and users with TOTP method saw a site that looked valid, entered their username, password, which was captured by the proxy and forwarded along to PyPI, and then presented with a web form for their TOTP, which they entered and was captured as well.
The one question asked at the end was "How did the attackers bypass 2FA?"
The answer is a little deeper in our blog post: blog.pypi.org/posts/2025-0...
Since you can never be everywhere at #FOSDEM, sometimes you have to watch back some of the dev room talks you missed.
@lawngno.me from the @rustfoundation.org gave a great talk: A phishy case study - attacks on crates.io and others (namely @pypi.org and npmjs.com )
Watch fosdem.org/2026/schedul...
One specific workspace we share has a password reauthentication policy, which is a little annoying
If you are on an AI transformation journey, don't make the mistake of reducing the Intelligence from your team by removing employees, focusing on the Artificial part
![Picture of log lines with:
INFO/MainProcess] mingle: searching for neighbors
INFO/MainProcess] mingle: all alone](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:xxjp63eq5el5s2xbgvsqvryt/bafkreib4bv2rj2dkt6ekjxfinksl74svg23qa5kx5essmwng2cjyjceqjm@jpeg)
Picture of log lines with: INFO/MainProcess] mingle: searching for neighbors INFO/MainProcess] mingle: all alone
I know, sometimes that's just how it is
I can take a free picture of your brain, but I cannot commit to returning to the same state I found it...
TIL, thanks for breaking that down for me!
The challenge, which is not new, is in evaluation of the components we use - it's still software procurement, even if we didn't have to pay for it
This gap already exists with human -driven development, and we are likely to see it even more often since we can now spit out mediocre code faster than ever
One effect of vibe coding is likely to be a widening gap between "usable" and "excellent" software