InstapaperScraper v1.3.1rc1 Released

Your Dockerfile's FROM line is a trust decision. 🔐 A developer using Label Studio just opened a GitHub issue asking the team to swap their python base image for Docker Hardened Images (DHI) after repeatedly hitting vulnerabilities in image scans. It's a pattern I see constantly: → Team builds a great app → Base image carries hidden CVEs → Security scan fails → Everyone scrambles The fix? Start from a hardened base. DHI ships with a minimal attack surface, no unnecessary packages, and regular security updates baked in. And since earlier this year, it's free under Apache 2.0. Small Dockerfile change. Big security posture improvement. 🔗 See the issue: https://lnkd.in/gQ8YNnJx #ContainerSecurity #Docker #DHI #DevSecOps #DockerHardenedImages #Kubernetes

🎉 InstapaperScraper v1.3.1 – Production Release We’re excited to announce that v1.3.1 is now officially live on PyPI and GitHub! This stable release focuses on strengthening security, improving compatibility, and enhancing developer experience. Key Highlights: 🔒 Security fix – Prevent path traversal in output filenames 🔒 API validation – Ensure folder_id and slug values are URL‑safe ⚙️ Compatibility update – Dropped Python 3.9 (EOL) support Install via PyPI today! 👉 pip install instapaper-scraper==1.3.1 #InstapaperScraper #Python #OpenSource #ProductivityTools #LinkedInTech

Logout in AuthShield was supposed to be straightforward. User clicks logout. Token gets invalidated. Done. Except a JWT cannot be invalidated. It is a signed string. There is nothing to delete. It just keeps working until it expires. That one realization pulled on everything else. If logout needs a blacklist, access tokens need to be short-lived so the blacklist stays small. If tokens are short-lived, users cannot stay logged in without constantly re-authenticating. That means two tokens - a short-lived access token for requests, a long-lived refresh token to silently replace it. But a long-lived refresh token is a theft target. So it rotates on every use. But rotation alone does not stop an attacker who uses the token before the real user does. Token families. Every refresh token belongs to a chain tied to a single login. The moment an already-rotated token is used again, the entire chain is revoked. Attacker and real user both get logged out. Four problems. Each one hiding behind the previous one. Full breakdown with the Python implementation in the blog. Link in the comments 👇 #BackendEngineering #Python #JWT #Security #Authentication #SoftwareEngineering

Excited to share Snapitty v0.2.1 , a Windows desktop tool built by QA, for QA. Snapitty helps testers capture, organize, manage, and export testing evidence faster. Key highlights: ✅ Floating capture widget ✅ Batch runs and test case organization ✅ Crop, paste, and note-based evidence ✅ DOCX evidence pack export ✅ Built with Python, PySide6, and SQLite QA evidence should not be messy. Snapitty is my attempt to make it cleaner and faster. Download: https://lnkd.in/dFt9Bgvp #QA #SoftwareTesting #ManualTesting #TestingTools #Python #PySide6 #QualityAssurance #Snapitty

🚨AlterKS Quarantine Feature Not every suspicious package is malicious. Sometimes you need to investigate. AlterKS has a quarantine feature. It isolates risky packages into a separate virtual environment instead of blocking them outright. alterks quarantine list alterks quarantine inspect <package> <version> alterks quarantine release <package> <version> Your main environment stays clean. Your security team gets time to review. No guesswork. As of v0.3.2, quarantine creates real isolated venvs with full manifest tracking. PyPI: https://lnkd.in/dbw_XEiv GitHub: https://lnkd.in/dT-haNSG Blog post: https://lnkd.in/dx4WzySg #Python #ApplicationSecurity #DeveloperExperience

Critical vulnerability CVE-2026-5752 in Terrarium sandbox risks root access. Terrarium, a Python sandbox in Docker containers, suffers JavaScript prototype traversal flaw. Exploitation allows sandbox escape and root code execution on host. This affects any organization running untrusted code in containers. Attackers can access sensitive files and pivot across container networks. Mitigate by disabling code submissions, segmenting networks, deploying WAFs, monitoring containers, restricting access, managing containers securely, and updating dependencies.

I got tired of SSHing into servers one by one to run the same command. So I built something about it, and just shipped it as my first open source Python package. It's called sshrunner. You give it a list of servers, a command, and it runs everything in parallel over SSH. That's really it. No complicated setup. No agents. Just: pip install sshrunner It also handles jump hosts, saves per-host logs, and has an interactive mode where you type a command once and it broadcasts to every server at the same time. 👀 The CI setup was a rabbit hole of its own. I wanted real tests, not mocks, so I spun up 3 actual SSH containers with Docker Compose on every push. Turns out netcat will happily tell you a port is open before SSH is actually ready. The fix? Switch to ssh-keyscan and wait for the real banner. ✅ Small thing, took way too long to figure out 😅 Building it taught me a lot, paramiko internals, threading, packaging on PyPI, and more CI debugging than I'd like to admit. Still early, v0.1.2, lots on the roadmap. Would genuinely love feedback from anyone who does a lot of server wrangling. 👉 GitHub: https://lnkd.in/dHjXpCwJ 👉 PyPI: https://lnkd.in/dgG4mHQC #Python #OpenSource #DevOps #SSH #Automation #GitHubActions

Pipelock v2.2 Companion proxy generator. Session recovery CLI. RFC 9421 signed mediation envelopes. Receipt coverage on every transport. Open-format conformance suite with a reference Python verifier. Operator surface, not new categories. Open-source agent firewall. Single Go binary. Apache 2.0 core.

Stop memorizing IP addresses. 🛑 I got tired of typing ssh root@192.1xx.xx.xxx from memory every time I needed to check a server. So, I built ssh-to-server — a tiny CLI tool that turns your SSH config into an interactive menu. Why use it? 📂 Zero Config: It automatically reads your existing ~/.ssh/config. ⌨️ Interactive UI: Pick a server using arrow keys or quick number shortcuts. 🛠️ Respects your setup: Works with your IdentityFile, custom ports, and proxy jumps. Is it revolutionary? No. Does it save me from 20 daily typos? Absolutely🤓 Built with Python, Click, and a healthy dose of terminal customization procrastination. 📦 Install it: uv tool install ssh-to-server (or pip install ssh-to-server) 🔗 GitHub: https://lnkd.in/eh--kjfZ If your SSH config is longer than your shopping list, this one's for you. 🤝 #Python #DevOps #CLI #OpenSource #Productivity

LLM Tool-Use Accuracy Testing Harness"Messtone LLC Measuring" CData's MCP interacting with external systems via the Model Context Protocol (MCP): Installation # Clone the repository git clone https://lnkd.in/ezu8GPr3 -ai-accuracy-test-harness.git cd connect ai-accuracy-test-harness # Create virtual environment python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate # Install dependencies pip install -r requirements.txt # Configure environment cp .env .messtone .env # Edit .env with robertharper_Messtone credentials