Glyph

@glyph
7.3K Followers
350 Following
35.6K Posts

he/him

You probably heard about me because I am the founder of the Twisted python networking engine open source project. But I’m also the author and maintainer of several other smaller projects, a writer and public speaker about software and the things software affects (i.e.: everything), and a productivity nerd due to my ADHD. I also post a lot about politics; I’d personally prefer to be apolitical but unfortunately the global rising tide of revanchist fascism is kind of dangerous to ignore.

postshttps://blog.glyph.im/
disclosureshttps://blog.glyph.im/pages/disclosures.html
codehttps://github.com/glyph
patronshttps://www.patreon.com/creatorglyph
Glyph10h ago

RE: https://mastodon.social/@glyph/116627317646590362

now I'm really wondering what the apparently substantial number of "yes" votes were thinking here

Glyph21h ago
Show threadillegal instruction23h ago
I cannot imagine how much it fucks up kids to simultaneously be told "don't plagiarize!" but also "YOU MUST USE THE PLAGIARISM MACHINE. IT IS THE FUTURE WHETHER YOU LIKE IT OR NOT"
Glyph21h ago
illegal instruction23h ago
When this bubble pops, I fear the worst long term consequences of it will be on today's generation of children whose education it interfered with.
Glyph1d ago
I feel there is a risk I might slightly overuse this thing https://trek.epicrandomness.com
Glyph1d ago
Is it OK if your web server's document root is attacker controlled?
yes
10.1%
no
89.9%
Poll ended at .
Glyph2d ago
aei  3d ago
why does everyone write webapps and ship electron when you have such great native UI frameworks here! for example... *opens GObject docs* oh- um.. *opens Qt docs* oh... *looks up native windows development* oh no....
Glyph2d ago

Regular scheduled weekly update for patrons is up! This one is my post-conference report for PyCon and a report on some of the work that it inspired.

https://www.patreon.com/posts/patreon-post-21-158907338

Glyph2d ago
Al Sweigart2d ago
I want to make freeware apps that are like how software used to be before enshittification. I'm trying to come up with a name. Good Old Ware? I don't want it to be just for nostalgic nerds though. I need a name with mainstream appeal.
Glyph2d ago
dreid2d ago

If you're in CA, don't vote for Sonja Shaw.
If you have friends and family in CA, tell them not to vote for Sonja Shaw.

Don't let a Moms For "Liberty" transphobe weirdo be in charge of public education in California.

https://calmatters.org/california-voter-guide-2026/superintendent-of-public-instruction/#sonja-shaw

Superintendent of Public Instruction

Lawmakers Anthony Rendon, Al Muratsuchi and Josh Newman are running for superintendent in 2026, but Richard Barrera is backed by the California Teachers Association.

CalMatters
Glyph2d ago
Show threadJames Bennett2d ago

@zzzeek The problem Trusted Publishing aims to solve is that if you let a pipeline auto-publish to PyPI for you, and it has a long-lived PyPI credential for doing that, it's very easy to accidentally expose that credential, and then an attacker who gets it can use it to upload packages for as long as it takes you to notice and revoke the credential.

Trusted Publishing replaces that with a more complex (behind the scenes) dance where the pipeline authenticates to PyPI and is given a short-lived narrow-scoped token. If it gets leaked, an attacker has only a very brief window of time in which to notice and try to exploit before the token expires.