Blog Directory
Community Blog

Seth Larson

Seth Larson — PSF Security Developer-in-Residence

Python security and open source infrastructure, plus retro gaming preservation and emulation.

I paid $50 plus shipping on eBay for this PNG. This is the closest I'll get to NFTs.

sethmlarson.dev

Seth Larson is the Python Software Foundation's first Security Developer-in-Residence, and his blog reflects exactly the kind of mind that job requires — someone who can write a serious PEP on software supply chain security one week and spend the next extracting hidden JPEG files from GameCube ROMs. His posts alternate between deep Python ecosystem work and delightfully nerdy side projects involving retro games, QR codes, and Unicode oddities.

Written by Seth Larson.

About This Blog
Activity

Regular

Publishes weekly or bi-weekly

Followers

1

Category

Independent Blog

Languages

English

Feed Accessibility

How this blog's content is accessed through Blogs Are Back.

Full Content

RSS feed includes complete post content for reading in-app

Proxy Required

Feed is fetched through our proxy for browser compatibility

Proxy Post Links

Post pages are loaded through our proxy for compatibility

Embeddable

Posts can be displayed inline in the reader view

Latest Posts

Recent posts from Seth Larson's RSS feed.

Respecting maintainer time should be in security policies

Generative AI tools becoming more common means that vulnerability reports these days are loooong. If you're an open source maintainer, you unfortunately know what I'm talking about. Markdown-formatted, more than five headings, similar in length to a blog post, and characterized as a vulnerability worthy of its own domain name. This makes triaging vulnerabilities by often under-resourced maintainer more difficult, time-consuming, and stressful. Whether a report is a genuine vulnerability or not,...

Automated public shaming of open source maintainers

This is a follow-up to “New era of slop security reports for open source”. Matplotlib, the unfortunate target of this new type of harassment, publishes a clear generative AI use policy. That boundary was not respected by generative AI users and a pull request was opened by an OpenClaw agent. If the website the agent's GitHub comment links to is any indication, within 4 days of deployment this agent generated a “take-down blog post” intended to publicly shame an open source maintainer (who ha...

Cooler Analytics

You don't need analytics on your blog, but maybe you need analytics for your cooler? The last place you’d expect to find analytics. Last Sunday was the Superbowl in the USA, where former Vikings quarterback Sam Darnold and the Seahawks trounced the Patriots 29–13. We were also reminded who the top players are in the USA economy. Surprise, it's still generative AI, cryptocurrencies, sports betting, and surveillance. Anyway, Trina and I hosted a Superbowl watch-party and I take pride in...

Dumping Nintendo e‑Reader Card “ROMs”

The Nintendo e‑Reader was a peripheral released for the Game Boy Advance in 2001. The Nintendo e‑Reader allowed scanning “dotcode strips” to access extra content within games or to play mini-games. Today I'll show you how to use the GB Operator, a Game Boy ROM dumping tool, in order to access the ROM encoded onto e‑Reader card dotcodes. I'll be demonstrating using a new entrant to e‑Reader game development for the venerable platform: Retro Dot Codes by Matt Greer. Matt regularly posts about h...

Use “\A...\z”, not “^...$” with Python regular expressions

Two years ago I discovered a potential foot-gun with the Python standard library “re” module. I blogged about this behavior, and turns out that I wasn't only one who didn't know this: The article was #1 on HackerNews and the most-read article on my blog in 2024. In short the unexpected behavior is that the pattern “^Hello$” matches both “Hello” and “Hello\n”, and sometimes you don't intend to match a trailing newline. This article serves as a follow-up! Back in 2024 I created a table showing...

Similar Blogs

If you enjoy Seth Larson, you might also like these blogs.

F

Filippo Valsorda

words.filippo.io

Go security team member writing about cryptography and open source maintenance.

alexwlchan

alexwlchan.net

Software developer on Python, digital preservation, and creative coding.

Andrew Nesbitt

nesbitt.io

Package management and open source metadata expert. Building Ecosyste.ms, open datasets and tools for critical open source infrastructure.

Robert Heaton

robertheaton.com

Thoughtful essays on programming, security, and the human side of software.

Follow Seth Larson

If you like your technical writing served with genuine curiosity and occasional retro gaming archaeology, Seth's blog delivers both.

Follow on Blogs Are BackVisit Blog
http://sethmlarson.dev/feed