Seth Larson

TIL “@here” only notifies online users on Discord and Slack

2026-06-18T00:00:00Z

I'm in a few Discord servers of friends and we get together in-person regularly. Whenever I was the one organizing an event I would attempt to ping everyone details in the Discord using @here.

After the initial ping I would usually follow-up with folks over text, which is fine and expected part of organizing. More often than not, invitees would be way more responsive over text than over Discord. I created an SMS BCC tool because of how effective texting is for organizing events.

Turns out that @here is functionally different from @everyone or @channel on Slack and Discord. @here only sends notifications to users that are currently online 🟢, not offline ⚫ or “away” 🟡. This makes @here useful for when you’re trying to play an online multiplayer game or chat synchronously... but not for planning a hang-out in advance. So none of my usually-offline friends on Discord would get my initial notification, only the follow-ups. I’ll be using @channel for this purpose from now on.

I learned this from a friend and three people including me were not aware of this distinction, so I figure I have to share this on the blog. Maybe this will help you increase the turn-out for the next event you host for Discord friends. What other Discord or Slack hacks am I probably unaware of? Send them to me via email or on social media.

Happy organizing!

Thanks for reading ♥ I would love to hear your thoughts! Contact me via Mastodon, Bluesky, or email. Browse the blog archive. Check out my blogroll.

Linting is important for code review: screen included

2026-06-11T00:00:00Z

Today I was reviewing a pull request for some Python code when I saw a semicolon in the diff. Screenshot provided below, which as we all know is the best way to share text on the internet:

I was just about to leave a comment, but then I scrolled the page a bit and...

Ah. Time to clean my laptop screen then... 🧼🫧

Thanks for reading ♥ I would love to hear your thoughts! Contact me via Mastodon, Bluesky, or email. Browse the blog archive. Check out my blogroll.

Are insecure code completions a vulnerability?

2026-06-10T00:00:00Z

Three months ago I saw that PyCharm shipped with a “Full Line Completion” plugin that “uses a local deep learning model to suggest entire lines of code”. These suggestions manifest as whole-line suggestions after you start typing and can be accepted with Tab. Essentially auto-complete for entire lines.

I decide to test this functionality. I started by writing import urllib3, created a new line, and then typed u and received a suggested completion for the line marked below with a dashed border. I was not impressed by the result:

import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

Accepting this line would mean that any insecure requests made with urllib3 would not result in a user-visible warning. I didn't accept this suggestion and then began to instantiate a urllib3.PoolManager and what I feared would come next was confirmed:

import urllib3

urllib3.PoolManager(
    cert_reqs='CERT_NONE',

The suggestion offered to disable certificate verification (CERT_NONE) which would make every request made by the PoolManager susceptible to monster-in-the-middle (MITM) attacks. Accepting this code as-is would mean the program I am writing has a severe vulnerability. If I had accepted the prior suggestion too, then urllib3 would have no chance to warn the user about this mistake prior to productionizing this code.

Clearly something insecure is going on here, but for a CVE to be assigned we have to decide which software component is vulnerable. Does this behavior warrant a CVE at all? I am not sure which is unfortunate, without a security-angle to a bug report companies are less likely to prioritize reports.

I reported this behavior to JetBrains for “Full Line Code Completion” v253.29346.142 and clearly their support staff weren't certain whether this defect was a security vulnerability or not either. When I asked to publish a blog post about this behavior after they confirmed this report wasn’t a “direct security vulnerability” (which I agree with) but then was asked not to publicize my report and referred to PyCharm’s Coordinated Disclosure Policy so... which is it? Security vulnerability or not?

I ended up waiting the 90 days anyway and I didn't hear back with any substantive update from the development team. I double-checked again today using “Full Line Code Completion” v261.24374.152 and the behavior is identical, suggesting the same insecure code for both contexts.

This isn’t meant to be a specific dig at PyCharm or JetBrains, I have no-doubt that examples like this exist in every code generation model available. I don’t think using CVEs for this purpose is appropriate or helpful for users, either. But not prioritizing and addressing this behavior at the source means more work to mitigate the potential for insecure code to be accepted by users who are trusting what is offered to them by their IDE.

What do you think? I am interested in knowing your thoughts about this specific class of issue with code generation models.

Thanks for reading ♥ I would love to hear your thoughts! Contact me via Mastodon, Bluesky, or email. Browse the blog archive. Check out my blogroll.

Is the Super Smash Bros. Brawl donut from Mister Donut?

2026-06-05T00:00:00Z

Happy Donut Day (and #FediDonutFriday) to those who celebrate! 🍩 Present and Correct shared a link to the Mister Donut museum on Bluesky and upon clicking through I was greeted with a familiar face: a chocolate ring donut.

Strangely, I've seen this chocolate ring donut before: from the hours staring at sprite-sheets from the Super Smash Bros. and Kirby Air Riders franchises. That donut looked just like the one from Super Smash Bros. Brawl.

“But Seth”, I hear you say, “chocolate ring donuts all look the same anyway!” Maybe... and yet...

Funnily enough, the Render96 wiki, which collects origins for artwork for many games like Super Smash Bros., lists the donut from Super Smash Bros. Melee as one of the few foods where the origin is not known. Could this donut also be a Mister Donut? We'll probably never know!

Thanks for reading ♥ I would love to hear your thoughts! Contact me via Mastodon, Bluesky, or email. Browse the blog archive. Check out my blogroll.

How much “Super Mario” per year?

2026-05-29T00:00:00Z

It's impossible to objectively quantify art, but we try anyway. For example: Is “Super Mario” a good video-game franchise?

Looking at review scores, Super Mario includes some of the most universally-acclaimed games ever published: Galaxy, Galaxy 2, and Odyssey are respectively the #4, #5, and #13 highest ranking video-games of all time on Metacritic, all with 97 overall. Chances seem good?

What if we tried quantifying art in a different and slightly more reductive way? This blog post introduces and calculates a new unit: “Super Mario per year”. If you enjoy this franchise like I do then this unit is of particular importance to you.

Calculating “Super Mario per year”

There have been ~19 titles (and two add-ons) published to what I consider the "main-line" Super Mario games, both 2D and 3D. Below is a table with every title, the year it was published, and the approximate duration to play. This last column is the most subjective, because there’s speed-runners, casual players, completionists. If you think any value is way off, [email protected]">send me an email.

Game	2D/3D	Platform	Year	Time to Beat
Super Mario Bros.	2D	NES	1985	5 hours
Super Mario Bros. Lost Levels	2D	NES	1986	10 hours
Super Mario Bros. 2	2D	NES	1988	5 hours
Super Mario Bros. 3	2D	NES	1988	5 hours
Super Mario Land	2D	GB	1989	5 hours
Super Mario World	2D	SNES	1990	10 hours
Super Mario Land 2	2D	GB	1992	10 hours
Super Mario 64	3D	N64	1996	15 hours
Super Mario Sunshine	3D	GC	2002	20 hours
New Super Mario Bros.	2D	DS	2006	10 hours
Super Mario Galaxy	3D	Wii	2007	15 hours
New Super Mario Bros. Wii	2D	Wii	2009	5 hours
Super Mario Galaxy 2	3D	Wii	2010	15 hours
Super Mario 3D Land	3D	3DS	2011	15 hours
New Super Mario Bros. 2	2D	3DS	2012	10 hours
New Super Mario Bros. U	2D	Wii U	2012	15 hours
Super Mario 3D World	3D	Wii U	2013	20 hours
Super Mario Odyssey	3D	Switch	2017	25 hours
Bowser's Fury (Super Mario 3D World)	3D	Switch	2021	5 hours
Super Mario Bros. Wonder	2D	Switch	2023	15 hours
Meetup at Bellabel Park (Super Mario Bros. Wonder)	2D	Switch	2026	5 hours

Using the table above we can calculate approximately how much new Super Mario gameplay is published on average per year.

Year	All-Time Avg	10-Year Avg (10YA)	2D (10YA)	3D (10YA)
1985	5.0	5.0	5.0	0.0
1986	7.5	7.5	7.5	0.0
1987	5.0	5.0	5.0	0.0
1988	6.2	6.2	6.2	0.0
1989	6.0	6.0	6.0	0.0
1990	6.7	6.7	6.7	0.0
1991	5.7	5.7	5.7	0.0
1992	6.2	6.2	6.2	0.0
1993	5.6	5.6	5.6	0.0
1994	5.0	5.0	5.0	0.0
1995	4.5	5.0	5.0	0.0
1996	5.4	6.0	4.5	1.5
1997	5.0	5.0	3.5	1.5
1998	4.6	5.0	3.5	1.5
1999	4.3	4.0	2.5	1.5
2000	4.1	3.5	2.0	1.5
2001	3.8	2.5	1.0	1.5
2002	4.7	4.5	1.0	3.5
2003	4.5	3.5	0.0	3.5
2004	4.2	3.5	0.0	3.5
2005	4.0	3.5	0.0	3.5
2006	4.3	4.5	1.0	3.5
2007	4.8	4.5	1.0	3.5
2008	4.6	4.5	1.0	3.5
2009	4.6	5.0	1.5	3.5
2010	5.0	6.5	1.5	5.0
2011	5.4	8.0	1.5	6.5
2012	6.1	10.5	4.0	6.5
2013	6.6	10.5	4.0	6.5
2014	6.3	10.5	4.0	6.5
2015	6.1	10.5	4.0	6.5
2016	5.9	10.5	4.0	6.5
2017	6.5	12.0	3.0	9.0
2018	6.3	10.5	3.0	7.5
2019	6.1	10.5	3.0	7.5
2020	6.0	10.0	2.5	7.5
2021	5.9	9.0	2.5	6.5
2022	5.8	7.5	2.5	5.0
2023	6.0	6.5	1.5	5.0
2024	5.9	4.5	1.5	3.0
2025	5.7	4.5	1.5	3.0
2026	5.7	5.0	2.0	3.0

This table will help you calculate approximately how much Super Mario is coming in the next decade. The current 10-year window pace shows 5 hours of Super Mario per year.

Looking at the trends, it looks like we may have already passed peak 2D and 3D Mario individually. This table also shows how overdue we are for a new big 3D Super Mario title, the last entry being Super Mario Odyssey almost a decade ago in 2017.

If I were to somewhat morbidly apply these numbers I can estimate how much more new “Super Mario” gameplay I’m likely to experience. Let’s be optimistic and apply the “All-Time Average” instead of the “10-Year Average”: the resulting number is 256 hours. Around 10 games of similar size to “Super Mario Odyssey”... seems good to me!

Super Mario Blogroll

If you want to read more Super Mario writing here are a few personal selections from my blogroll:

“Mario 101: For Super Players” by Drew Mackie
“Super Mario Bros was designed on graph paper” by Nicolás Valencia
“The most Mario colors” by Louie Mantia

Happy gaming!

Thanks for reading ♥ I would love to hear your thoughts! Contact me via Mastodon, Bluesky, or email. Browse the blog archive. Check out my blogroll.