Seth Michael Larson

Highlighted articles

If you're a first time reader, welcome! 👋 Below are the articles that I'm most proud of so if you're looking for a place to start then look no further:

How does UTF-8 turn “😂” into “F09F9882”?
Deep-dive into how the UTF-8 encoding works bit-by-bit with hand-crafted flow chart diagrams along with some historical perspective.

Quirks of Python package versioning
PEP 440 describes how Python package versions are structured and behave. Let's explore the stranger side of Python package versions.

Security for package maintainers
Package maintainers have extremely privileged accounts with any unauthorized access having the potential to affect millions of users. What are some secure account configurations and best practices that can keep this nightmare scenario from happening to you?

Archive

Proposal for Software Bill-of-Materials for CPython (2023-11-22)
Querying every file in every release on the Python Package Index (2023-11-14)
OSS Security RFI, Guide to become a CNA, and PEP 639 (2023-11-07)
“For You” is not for me (2023-10-31)
Patching the libwebp vulnerability across the Python ecosystem (2023-10-25)
Quarterly report for Q3 2023 on the PSF Blog (2023-10-17)
Reproducible builds for CPython source tarballs (2023-10-10)
Python 3.12.0 from a supply chain security perspective (2023-10-04)
Starting on Software Bill-of-Materials (SBOM) for CPython (2023-09-26)
CPython vulnerabilities are now published to the Open Source Vulnerability Database (2023-09-19)
Security Developer in Residence Weekly Report #10 (2023-09-13)
Visualizing the CPython Release Process (2023-09-05)
Python Security Response Team handling of CVE-2023-40217 (2023-08-26)
Reconciling elegance and secure-by-design in APIs (2023-08-21)
Security Developer-in-Residence – Weekly Report #7 (2023-08-18)
Security Developer-in-Residence – Weekly Report #6 (2023-08-04)
Quirks of Python package versioning (2023-08-03)
Security Developer-in-Residence – Weekly Report #5 (2023-07-28)
Security Developer-in-Residence – Weekly Report #4 (2023-07-21)
Security Developer-in-Residence – Weekly Report #3 (2023-07-15)
Security Developer-in-Residence – Weekly Report #2 (2023-07-07)
Security Developer-in-Residence – Weekly Report #1 (2023-06-30)
I am the first PSF Security Developer-in-Residence (2023-06-22)
urllib3 v2.0.0 is now generally available (2023-04-26)
Google Assured OSS (2023-04-14)
Python and SLSA 💃 (2023-03-18)
Testing multiple Python versions with nox and pyenv (2023-03-04)
urllib3 in 2022 (2023-01-04)
Working on urllib3 full-time for one week (2022-12-27)
Ubuntu 22.10 on Dell XPS 15 9520 (2022-11-19)
Switching git back to GPG signing (2022-08-25)
Preparing for the wave of open source funding (2022-08-23)
Help us test system trust stores in Python (2022-07-26)
Get paid to contribute to urllib3 (Newsletter #7) (2022-06-21)
People in your software supply chain (2022-05-31)
Security for package maintainers (2022-03-01)
Move or recover your Wordle statistics (2022-02-17)
How does UTF-8 turn “😂” into “F09F9882”? (2022-02-08)
Strict Python function parameters (2022-01-23)
Problems with testing Python pre-releases and pip caching (2022-01-13)
urllib3 raised $15,000 in 2021 (Newsletter #6) (2021-12-29)
Experimental APIs in Python 3.10 and the future of trust stores (2021-11-27)
Tests aren’t enough: Case study after adding type hints to urllib3 (2021-10-18)
The problem with Flask async views and async globals (2021-08-01)
Everything to know about Requests v2.26.0 (2021-07-13)
urllib3 Newsletter #5 (2021-06-29)
urllib3 Newsletter #4 (2021-05-03)
urllib3 Newsletter #3 (2020-12-28)
urllib3 Newsletter #2 (2020-11-13)
urllib3 Newsletter #1 (2020-10-05)
API Design for Optional Async Context Managed Resources (2020-08-10)
TIL: Getting HTTP Status Codes from Flask errorhandler (2020-07-24)
Designing Libraries for Async and Sync I/O (2020-06-27)
Why URLs are Hard: Path Params & urlparse (2020-04-10)
urllib3 in 2020 (2020-03-14)
Review of 2019 for urllib3 (2019-12-28)
HTTP Header Compression (2019-12-06)
Designing for Real-World HTTPS (2019-11-26)
Sponsored Work on urllib3 (2019-11-11)