Tootfinder

Opt-in global Mastodon full text search. Join the index!

@mgorny@social.treehouse.systems
2026-06-01 02:39:46

It's always important to have a consistent #security policy.
For example, a policy of "If somebody filed a CVE, it's an important security issue, and we will fix it as such, no matter how meaningless the fix is. If nobody did, it's just a glorified bug fix, no matter how serious the bug was."
So we've just seen a #pip security release over "installing random packages can overwrite pip's files and pip can lazy-import some of them immediately afterwards", with a fix of "pip will no longer load them until you run it again" (leaving the underlying security issue of "any #Python package can override files installed by any other Python package" as intended behavior). As Eli Schwartz beautifully put it, you are not expected to be using the virtual environment; you should create it, install packages into it (at most once!), and then frame it and put it on the wall to admire.
Now we're seeing a "bug fix" for "malicious entry point names can write outside of virtual environment". If nobody filed a CVE, it's obviously not a security issue at all. At least upstream graced us with fixing it without correcting the spec to forbid that first.
github.com/pypa/pip/issues/140

@emilis@social.linux.pizza
2026-07-04 16:29:05

Who thought it was a good idea to put spinners in a shell script?
`pip install` has been running for a few minutes now at 100% CPU and all progress I see is an effing spinner on the last line.
Had to look at process list to see it's not stuck.
#python #pip

@BBC6MusicBot@mastodonapp.uk
2026-06-11 03:57:03

πŸ‡ΊπŸ‡¦ #NowPlaying on #BBC6Music's #6MusicsJukebox
Pip Blom:
🎡 Get Back (6 Music Session, 24 Oct 2023)
#PipBlom
pipblom.bandcamp.com/track/get
open.spotify.com/track/5IEARTq

@kurtsh@mastodon.social
2026-06-18 03:11:47

My Pip-Boy 3000 Classic arrived from the Wand Company.
Is it better than my Pip-Boy 3000 Mk V? I dunno... I like the weathered look of the steel Mk V better but the software detail on Classic is so rich.
One thing I love: The audio port is also an FM antenna so the radio works waaaay better than the Mk V.
#fallout

@kurtsh@mastodon.social
2026-06-22 23:20:26

So my Vault-tec Pip-Boy 3000's radio antenna receives 106.7FM KROQ pretty well & it feels pretty retro listening to FM radio for the 1st time in years. 😁
#kroq #pipboy #fallout

@BBC6MusicBot@mastodonapp.uk
2026-05-31 19:47:08

πŸ‡ΊπŸ‡¦ #NowPlaying on #BBC6Music's #StuartMaconiesFreakZone
Pip Pyle:
🎡 Chinese Whispers
#PipPyle
richardsinclairsongs.bandcamp.
open.spotify.com/track/6xRLVvA

@BBC6MusicBot@mastodonapp.uk
2026-05-31 12:17:52

πŸ‡ΊπŸ‡¦ #NowPlaying on #BBC6Music's #GuyGarveysFinestHour
Pip Blom:
🎡 Daddy Issues
#PipBlom
pipblom.bandcamp.com/track/dad
open.spotify.com/track/5ifFVNR

@BBC6MusicBot@mastodonapp.uk
2026-06-27 17:42:43

πŸ‡ΊπŸ‡¦ #NowPlaying on #BBC6Music's #TheCraigCharlesFunkAndSoulShow
Gotts Street Park & Pip Millett:
🎡 Flowers
#GottsStreetPark #PipMillett

@BBC6MusicBot@mastodonapp.uk
2026-06-15 21:20:13

πŸ‡ΊπŸ‡¦ #NowPlaying on #BBC6Music's #RileyAndCoe
Pip Blom:
🎡 School (2026 Edition)
#PipBlom
pipblom.bandcamp.com/track/sch
open.spotify.com/track/2lmRQ0g