RSS BotThe Missing Bundler Features
Why birds were the only dinosaurs to survive mass extinction
Theseus, a static Windows emulator
This Week in Plasma: Per-Screen Virtual Desktops and Wayland Session Restore
High-performance 2D graphics rendering on the CPU using sparse strips
The fastest way to match characters on ARM processors?
Stupid RCU Tricks: Corner-Case RCU Implementations
Defense in Depth: A Practical Guide to Python Supply Chain Security
Defense in Depth: A Practical Guide to Python Supply Chain Security - Lemmy: Bestiverse
Layer your defenses and don’t trust any single control. Use Ruff with security rules to catch bugs in your code before they ship. Pin all your dependencies with cryptographic hashes using uv lock or uv pip compile --generate-hashes so nobody can swap out packages on you. Run pip-audit in CI to catch known CVEs before they hit production. Generate SBOMs with CycloneDX so when the next Ultralytics-style compromise drops, you can answer “are we affected?” in minutes instead of days. If you’re publishing packages, ditch the long-lived API tokens and switch to Trusted Publishing with OIDC. This generates attestations automatically via Sigstore, linking your packages back to source repos. Organizations running internal mirrors can add a 7-day delay to let the community be your canary - but only if you’ve got the infrastructure to maintain it. Nothing here is perfect. Hash pinning stops tampering but won’t save you from a malicious package you installed on day one. Scanning finds known CVEs but misses zero-days. Attestations prove where code came from, not whether it’s safe. That’s why you layer them - when one control fails, the others catch it. Start with linting and pinning for quick wins, add scanning and SBOMs next, then level up to advanced stuff as you mature. Comments [https://lobste.rs/s/ghsneu/defense_depth_practical_guide_python]
corpus: self-hosted listenbrainz and last.fm frontend
corpus: self-hosted listenbrainz and last.fm frontend - Lemmy: Bestiverse
Works as a self-hosted proxy that fetches listening history from either Last.fm [http://Last.fm] or MusicBrainz and adds metadata from MusicBrainz (falling back to Last.fm [http://Last.fm] and Discogs) and caches cover images to an S3 bucket. Everything is stored in DuckDB (each user has their own database) and it’s been humming along quite well even for larger profiles (200k scrobbles). I always worry that these services can disappear without a warning and with them also amazingly extensive listening histories. I used LLMs quite a lot as I was learning about Purescript and Elm on the fly on the weekends and this is one of the projects I have been thinking about for a long time since other alternatives just seemed a bit lackluster. Comments [https://lobste.rs/s/qxhzxh/corpus_self_hosted_listenbrainz_last_fm]
Introducing Glyph Protocol for Terminals
