detritus of #drugs...
this #trashtodon discovery sent me down a rabbit-hole that led to (regulation of) flavored vaping, with retailers (possibly manufacturers too?) branching out to flavored NO2
Dane 🇮🇪🇺🇦🇻🇪🖖⚛️☮️☸️🕉️
boosted
a #CargoShip on the horizon off #LosAngeles. ETA, my pic, December 2022
This is a rather good explainer about China’s manufacturing layout, and why certain industries seem to cluster around specific cities.
I think many US cities were shaped like this: Detroit, Pittsburgh, Seattle etc. and largely for the same reason, and I think a lot of them still echo their manufacturing past. But none of them are at the widespread scale that we find in China any more. And this is yet another reason why it’s exceedingly difficult to replicate China’s manufacturing capacity in the US today. It’s not just money; it’s millions of people arranging their lives around manufacturing.
Chip Butty
boosted
I am always amazed at how seemingly disorganised group of open source developers can build such a robust and unbeattable supply chain. Why do you think that's the case? And all this even with very little or no money 🤔🤯
#opensource #open #coding #code #supplychain
I am always amazed at how seemingly disorganised group of open source developers can build such a robust and unbeattable supply chain. Why do you think that's the case? And all this even with very little or no money 🤔🤯
#opensource #open #coding #code #supplychain
@oldrawgabbit
I've said it before and I'll keep saying it till in sinks in:
Showboating galactic criminal Zaphod Beeblebrox from "The Hitchhiker's Guide to the Galaxy" was elected president NOT to run the galaxy but to distract attention away from those who do. #THHG
@oldrawgabbit
#DonTheCon... who made "Affordability" the centerpiece of his 2024 re-election campaign... now calls #affordability "a #Democrat con-job".
Well, it certainly WAS a #ConJob, as #inflation was going DOWN under #Biden after #DisasasterDon destroyed the #SupplyChain by ignoring #Covid.
But now inflation is back up, and the same guy who RAILED about inflation under #Biden, is now admitting it was all a con-job.
Yeah. We knew that. 😞
https://www.pbs.org/newshour/politics/watch-trump-says-the-word-affordability-is-a-con-job-by-the-democrats
STOP OCCUPATION 🍉 S. Costa
boosted
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.
https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html
#python #bootstrap #pypi #itsecurity #py #domaintakeover #domain #takeover #coding #cybersecurity #supplychain #attack #packaging #itsec #infosec
pvergain (framapiaf)
and 1 other
boosted
There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects.
TL,DR: Adopt Trusted Publishing 🔐🚀📦
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.
https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html
#python #bootstrap #pypi #itsecurity #py #domaintakeover #domain #takeover #coding #cybersecurity #supplychain #attack #packaging #itsec #infosec
There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects.
TL,DR: Adopt Trusted Publishing 🔐🚀📦
Andrew Nesbitt
boosted
New @pypi blog
TL, DR:
- Trusted Publishing used for 25% of all files uploaded in Oct 2025
- GitLab Self-Managed now in beta
- Pending Publishers can be added for Organizations, too!
#Python #SupplyChain #Security
Read it here: https://blog.pypi.org/posts/2025-11-10-trusted-publishers-coming-to-orgs/
New @pypi blog
TL, DR:
- Trusted Publishing used for 25% of all files uploaded in Oct 2025
- GitLab Self-Managed now in beta
- Pending Publishers can be added for Organizations, too!
#Python #SupplyChain #Security
Read it here: https://blog.pypi.org/posts/2025-11-10-trusted-publishers-coming-to-orgs/
phildini
boosted
⚞NEW⚟ “Trailblazing Python Security” dedicated talk track coming for #PyConUS 🛡️ 🐍🔥 We are looking for sponsors interested in supporting security in the Python ecosystem:
⚞NEW⚟ “Trailblazing Python Security” dedicated talk track coming for #PyConUS 🛡️ 🐍🔥 We are looking for sponsors interested in supporting security in the Python ecosystem:
A short intro to systems thinking by examining how China’s digital yuan & smart logistics slash delays and improve information flow as a case study.
https://dialecticaldispatches.substack.com/p/chinas-systemic-shift
More German companies are choosing Japan as their manufacturing hub for Asia, according to a survey by the German Chamber of Commerce and Industry in Japan. https://www.japantimes.co.jp/business/2025/09/22/companies/german-companies-japan-survey/?utm_medium=Social&utm_source=mastodon #business #companies #germany #germanjapanrelations #ahkjapan #supplychain #manufacturing #china #southeastasia
Charly Coste 🇫🇷
boosted
PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over #PyPI accounts through password resets. #Python#OpenSource#SupplyChain#Security
https://blog.pypi.org/posts/2025-08-18-preventing-domain-resurrections/
PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over #PyPI accounts through password resets. #Python#OpenSource#SupplyChain#Security
https://blog.pypi.org/posts/2025-08-18-preventing-domain-resurrections/
Yogthos
boosted
The #future of #robotics is unfolding in #Hubei, and the #world is taking notice. At the 3rd #China#International#SupplyChain#Expo (#CISCE) in #Beijing, the province cemented its role as a #powerhouse in #humanoid robotics, hosting a high-profile #matchmaking #conference that drew #global #leaders, #innovators, and #investors. https://cnbusinessforum.com/hubei-takes-center-stage-in-global-humanoid-robotics-innovation-at-cisce-2025/