Veit Schiele

@veit
830 Followers
931 Following
1.8K Posts
Author of @Python4DataScience, @JupyterTutorial and @PyViz tutorial • @pyberlin organiser • Development, consulting and operation of privacy compliant web services @cusy​.
#Python #Jupyter #PyViz #DataScience tfr
cusyhttps://cusy.io/en/about/team/veit
GitHubhttps://github.com/veit
LinkedInhttps://www.linkedin.com/in/veit-schiele/
Veit Schiele22h ago
It’s hard enough these days to keep up to date with Linux security. Dirty Frag and Copy Fail are already keeping countless Linux admins busy, and then, the day before yesterday, Fragnesia came along: https://github.com/v12-security/pocs/tree/main/fragnesia
#Linux #ITSecurity #Fragnesia
pocs/fragnesia at main · v12-security/pocs

poc it like it's hot. Contribute to v12-security/pocs development by creating an account on GitHub.

GitHub
Veit Schiele3d ago
Hugo van Kemenade4d ago

RE: https://code4lib.social/@acdha/116558806694701121

Do not use pull_request_target.
Do not use caches in publish workflows.
Use dependency cooldowns.
Use Zizmor.
Tell GitHub to make Actions secure by default.
#GitHub #GitHubActions

Veit Schiele4d ago
Daniel Stenberg (@bagder) from curl provides important security advice for FOSS maintainers: ‘Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools.
Not using AI code analyzers in your project means that you leave adversaries and attackers time and opportunity to find and exploit the flaws you don’t find.’
https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/
#ITSecurity #FOSS #OpenSource #AI
Mythos finds a curl vulnerability

yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that Anthropic would not release this model to the public yet but instead … Continue reading Mythos finds a curl vulnerability →

daniel.haxx.se
Veit SchieleMay 7
Yesterday, the article by Frank (@hofmannedv) and me on open licences for documents, images, audio, video, fonts and hardware was published in @linuxmagazine: https://www.linux-magazine.com/Issues/2026/307/Non-Software-Licenses
#OpenSource #OpenHardware
Keep It Free » Linux Magazine

Linux users associate open source licenses with software, but a bevy of licenses are available for documents, images, audio/video, fonts, and hardw...

Linux Magazine
Veit SchieleApr 30
Now elementary-data has also been hit: for just under half a day, a malicious version 0.23.3 was available on PyPI, which had stolen credentials such as SSH keys, AWS login details, API tokens and wallet files. The attack was carried out via a script injection vulnerability in one of the GitHub Actions workflows. Cooldown helps protect against such attacks, as we have described here: https://python-basics-tutorial.readthedocs.io/en/latest/packs/apps.html#dependency-cooldowns
See also:
https://www.elementary-data.com/post/security-incident-report-malicious-release-of-elementary-oss-python-cli-v0-23-3
https://osv.dev/vulnerability/MAL-2026-3083
#Python #PyPI #GitHub #ITSec
Apps

App projects are suitable for web servers, scripts and CLI. We can also create them with uv init --package: myapp/pyproject.toml, The pyproject.toml file contains a scripts entry point myapp:main: ...

Python Basics
Veit SchieleApr 27
Seth LarsonApr 27

pip 26.1 is an incredible release, thank you to the pip maintainers!! 💜

– Relative dependency cooldown support!
– Installing from pylock.toml
– Multiple security fixes

Read the full blog post by @ichard26

https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/

#python #pypi #pip #security #oss #opensource

What's new in pip 26.1 - lockfiles and dependency cooldowns!

pip 26.1 adds support for dependency cooldowns, experimental support for reading/installing from standard lockfiles (pylock.toml), fixes several long-standing limitations of the 2020 resolver, and drops support for Python 3.9.

Richard Si
Veit SchieleApr 24
Python for Data ScienceApr 24
We have integrated two features from Git 2.54:
• Git history: https://www.python4data.science/en/latest/productive/git/workflows/clean-history.html#git-history
• Configuration-based Git hooks: https://www.python4data.science/en/latest/productive/git/advanced/hooks/#configuration-based-hooks
#Git
Rewriting history

There are several commands in Git for rewriting history. git rebase -i is the best known and most flexible: you can reorder, merge, edit and remove commits. However, this flexibility comes with a d...

Python for Data Science
Veit SchieleApr 23
Python for Data ScienceApr 23
The testing section has been extensively revised:
• Test examples for cusy.tasks
• Added Hypothesis extensions
• Agile software development using test-driven development and behaviour-driven development
https://python-basics-tutorial.readthedocs.io/en/latest/test/
#Python #pytest #Agile #TDD #BDD
Testing

Basically, a distinction is made between static and dynamic test procedures. Static test procedures, are used to check the source code, although this is not executed. They are divided into- reviews...

Python Basics
Veit SchieleApr 16
Enshitification at scale – Anthropic appears to be introducing an identity verification process for Claude. According to the FAQ, this is handled by Persona, a service provider with links to Peter Thiel, and may require official photo ID as well as a live selfie: https://support.claude.com/en/articles/14328960-identity-verification-on-claude
#Enshitification #Anthropic #Claude #Persona #PeterThiel #Privacy
Identity verification on Claude | Claude Help Center

Veit SchieleApr 16
Python for Data ScienceApr 16
Today is our last day at PyConDE (@pyconde). We’re looking forward to having lots more interesting conversations with you, whether there are any new developments in research software using Python or on LLM coding agents
#PyConDE #RSE #Python #AI #LLM