Python Bytes

Michael Kennedy and Brian Okken

Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.

  1. 1 DAY AGO

    #480: Proud Parents

    Topics covered in this episode: Using Django Tasks in production Co-authored with Claude? PyPI packages are increasing rapidly httpx2 Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Using Django Tasks in production Tim Schilling shares how the Djangonaut Space website has been using Django’s new tasks framework and some of the info missing from the official Django docs. Tasks require a third party package, django-tasks-db to actually run the tasks. Article walks through all changes necessary to get an email process running to notify admins of new testimonials. Cool simple example. With the db backend, you can monitor progress of tasks in the admin, to see which tasks are scheduled, completed, or have errors. Some wishes for the community to implement new tutorial in the Django docs Django Debug toolbar panel for tasks test/mock backend Great title for wish list: Thinks I’d like to see, but I’m too lazy to implement myself. Michael #2: Co-authored with Claude? Via Nik T. We don’t put “executed on macOS”, “edited with PyCharm”, etc. in our commits. Why Claude? Seems like a growth hack to me, that I don’t really care to participate in. Some projects that have formalized their thoughts on this: The Generative AI Policy Landscape in Open Source Adjust to turn off in ~/.claude/settings.json see the docs. { "attribution": { "commit": "", "pr": "" } } Brian #3: PyPI packages are increasing rapidly Artem Golubin There’s been an increase of published packages per week on PyPI A pretty big increase in the last handful of months. 30% increase since 2025, clearly due to AI Artem is building hexora, a malicious Python code detector. Cool package too, it can: Audit project dependencies to catch potential supply-chain attacks Detect malicious scripts found on platforms like Pastebin, GitHub, or open directories Analyze IoC files from past security incidents Audit new packages uploaded to PyPi. Artem is using hexora to analyze recently published pypi packages and many are obviously vibecoded and trigger false positives for abuses of eval, exec, and subprocess Side note: I don’t think that’s necessarily a false positive. Not malicious, but maybe a stupid-code-detector? Lots are LLM related, Lots have bots contributing code Publishing rate is crazy, dozens to hundreds of published versions in a day is a bug, not a feature Brian’s proposal, PyPI should limit releases per day for any package to something a sane human would do, even if they make a mistake on a release, to maybe like 2-3, definitely under 10, in a day. And if the repo has obvious agent contributors listed, maybe lower to the limit to 1-2 a day? Honestly, “move fast and break things” doesn’t apply to breaking the commons. Michael #4: httpx2 More on the httpx, httpxyz, etc changes: Pydantic people started their own fork, httpx2. Michiel says “while we think httpxyz was definitely needed, we welcome httpx2 and think it should be the ‘blessed’ fork.” Kludex, who is among other things maintainer of Starlette, was considering a fork As it stands, httpx2 is lacking the performance improvements they added to httpxyz. But it will not be long before they will add those, too. Also they already made some smart decisions: they are switching from certifi to truststore they are switching to compression.zstd on Python 3.14+, enabling zstd compression by default they merged httpcore and vendored it in their repository Discussion on Hacker News Extras Brian: The Four Horsemen of the LLM Apocalypse - Anarcat Django/JetBrains 2026 developer survey is open Pyrefly 1.0 : “meaning we are confident that Pyrefly is ready for production use.” Michael: Just about ready to release Python Web Security: OWASP Top 10 with Agentic AI course. Be sure to be on the courses newsletter to get notified. Joke: Proud Parents

    33 min

  2. 11 MAY

    #479: Talking About Types

    Topics covered in this episode: httpxyz one month in Learn concurrency - a deep dive into multithreading with Python pip 26.1 - lockfiles and dependency cooldowns Python 3.15 sentinal values from PEP 661 Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: httpxyz one month in First version of httpxyz contained just the fixes to get zstd working, and the fixes to get the test suite running on python 3.14, some ‘housekeeping’ changes related to the renaming End of March: a compatibility shim that allows you to use httpxyz even with third-party packages that import httpx themselves, as long as you import httpxyz first. Importing httpxyz automatically registers it under the httpx name in sys.modules , see https://httpxyz.org/httpx-compatibility/ Fixed a WHOLE bunch of performance related issues by forking httpcore Brian #2: Learn concurrency - a deep dive into multithreading with Python Nikos Vaggalis “Whenever you are trying to speed up code using multiple cores, always ask yourself: “Do these threads need to talk to each other right now?” If the answer is yes, it will be slow. The best parallel code splits a big job into completely isolated chunks, processes them separately, and merges the results at the finish line.” Good overview of thread concurrency with Python and how that’s been improved dramatically with free-threaded Python Defines lots of terms you come across, including “embarrassingly parallel multithreading” There’s a counter example that’s nice Start with a shared resource, a counter, and multiple threads updating it Attempt to fix with threading.Lock(), which fixes it, but slows things down Good explanation of why Proper fix with concurrent.futures and separating the work of different threads so that they can be independent and their results can be combined when they’re all finished. Michael #3: pip 26.1 - lockfiles and dependency cooldowns Python 3.9 is no longer supported Experimental: installing from pylock files Dependency cooldowns (see my post about this) Lifting several 2020 resolver limitations Brian #4: Python 3.15 sentinal values from PEP 661 MISSING = sentinel("MISSING") def next_value(default: int | MISSING = MISSING): ... if default is MISSING: ... Take a name str as a constructor parameter Intended to be compared with is operator, similar to None Sentinal objects can be used as a type, also similar to None and can be combined with other types with |. Unlike None, sentinal values are truthy. (Elipses ... are also truthy) This seems like a strange choice. but I guess it must have made sense to someone. It does force you to use is instead of depending on False-ness, so I guess it’ll make code using sentinels more readable. Interesting that the PEP was started in 2021, and we’re finally getting it this year. Extras Brian: Before GitHub - Armin Ronacher tenacity - cross-platform multi-track audio editor/recorder learned about it from Armin’s article Joke: Joke option Make it myself Seems similar to what people think about software now Links httpxyz one month in httpxyz.org/httpx-compatibility Learn concurrency - a deep dive into multithreading with Python pip 26.1 - lockfiles and dependency cooldowns my post about this Python 3.15 sentinal values from PEP 661 Before GitHub tenacity Make it myself

    36 min

  3. 4 MAY

    #478: Iodine tablets and potable water

    Topics covered in this episode: profiling-explorer Reverting the incremental GC in Python 3.14 and 3.15 VSCode AI Co-author defaults to on, then off django freeze Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: profiling-explorer Adam Johnson And intro post Python: introducing profiling-explorer “profiling-explorer is a tool for exploring profiling data from Python’s built-in profilers, which are stored in pstats files. ” Features Dark mode Click the calls, internal ms, or cumulative ms column headers to sort by that column. Use the search box to filter by filename or function name. Hover by a filename + line number pair to reveal the copy button, which copies the location to your clipboard for faster opening. Click the callers or callees links on the right of a row (not pictured above) to see the callers or callees of that function. Michael #2: Reverting the incremental GC in Python 3.14 and 3.15 Python 3.14 shipped with a new incremental garbage collector, but production reports of severe memory pressure (Neil Schemenauer measured up to 5× peak RSS on pathological cyclic workloads) have pushed the core team and Steering Council to revert it in both 3.14 and 3.15 - returning to the 3.13-era generational GC. This is the second time the inc GC has been pulled back: it was also reverted right before 3.13.0 final, and it shipped in 3.14 without going through the PEP process. The tradeoff is real: Neil's benchmarks showed max GC pause times of 1.3ms with inc GC versus 26ms with the generational one - great for latency-sensitive apps, terrible for memory-constrained ones. Release manager Hugo van Kemenade will ship 3.14.5 early with the revert, and Gregory Smith floated the idea of a 3.14.5rc1 - the first patch-release RC since 3.9.2 back in 2021. Tim Peters spent the thread doing live forensics on Windows, running a toy deque program that should cap at 1GB and watching it balloon to 15.6GB on a 16GB machine - and discovered the gen0 collector effectively never fires under the new scheme. Tim's bigger meta-point: CPython has a chronic shortage of real-world GC benchmarks, pyperformance has "basically no interesting" cyclic workloads, and users almost never share real data - so core devs keep flying blind on changes like this. Django maintainer Adam Johnson published a blog post mid-thread documenting a real memory "leak" in Django's migration system caused by inc GC, with a manual gc.collect() workaround - the listener-facing receipt that this wasn't just theoretical. If the inc GC comes back for 3.16, it'll go through a proper PEP, and the discussion is already shifting toward keeping both collectors available via a startup flag - which Neil and Sergey Miryanov have both prototyped. Brian #3: VSCode AI Co-author defaults to on, then off VSCode merges Enabling ai co author by default - 3 week ago Ton’s of “why would you do this” and related comments VSCode merges Change default for git.addAICoAuthor to off - yesterday Take-away, don’t rely on default, set addAICoAuthor to off yourself Michael #4: django freeze Convert your dynamic django site to a static one with one line of code. Just run python manage.py generate_static_site :) Features Generate the static version of your Django site, optionally compressed .zip file Generate/download the static site using urls (only superuser and staff) Follow sitemap.xml urls Follow internal links founded in each page Follow redirects Report invalid/broken urls Selectively include/exclude media and static files Custom base url (very useful if the static site will run in a specific folder different by the document-root) Convert urls to relative urls (very useful if the static site will run offline or in an unknown folder different by the document-root) Prevent local directory index Extras Brian: Thinking Less, Trusting More: GenAI’s Impacts on Students’ Cognitive Habits Michael: Vercel breached, employee to blame Introducing the new Talk Python web player GitHub uptime (a couple of views 1, 2) Joke: Friends in tech

    40 min

  4. 20 APR

    #477: Lazy, Frozen, and 31% Lighter

    Topics covered in this episode: Django Modern Rest Already playing with Python 3.15 Cutting Python Web App Memory Over 31% tryke - A Rust-based Ptyhon test runner with a Jest-style API Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Django Modern Rest Modern REST framework for Django with types and async support Supports Pydantic, Attrs, and msgspec Has ai coding support with llms.txt See an example at the “showcase” section Brian #2: Already playing with Python 3.15 3.15.0a8, 2.14.4 and 3.13.13 are out Hugo von Kemenade beta comes in May, CRs in Sept, and Final planned for October But still, there’s awesome stuff here already, here’s what I’m looking forward to: PEP 810: Explicit lazy imports PEP 814: frozendict built-in type PEP 798: Unpacking in comprehensions with * and ** PEP 686: Python now uses UTF-8 as the default encoding Michael #3: Cutting Python Web App Memory Over 31% I cut 3.2 GB of memory usage from our Python web apps using five techniques: async workers import isolation the Raw+DC database pattern local imports for heavy libraries disk-based caching See the full article for details. Brian #4: tryke - A Rust-based Ptyhon test runner with a Jest-style API Justin Chapman Watch mode, Native async support, Fast test discovery, In-source testing, Support for doctests, Client/server mode for fast editor integrations, Pretty, per-assertion diagnostics, Filtering and marks, Changed mode (like pytest-picked), Concurrent tests, Soft assertions, JSON, JUnit, Dot, and LLM reporters Honestly haven’t tried it yet, but you know, I’m kinda a fan of thinking outside the box with testing strategies so I welcome new ideas. Extras Brian: Why are’t we uv yet? Interesting take on the “agents prefer pip” Problem with analysis. Many projects are libraries and don’t publish uv.lock file Even with uv, it still often seen as a developer preference for non-libarries. You can sitll use uv with requirements.txt PyCon US 2026 talks schedule is up Interesting that there’s an AI track now. I won’t be attending, but I might have a bot watch the videos and summarize for me. :) What has technology done to us? Justin Jackson Lean TDD new cover Also, 0.6.1 is so ready for me to start f-ing reading the audio book and get on with this shipping the actual f-ing book and yes I realize I seem like I’m old because I use “f-ing” while typing. Michael: Python 3.14.4 is out Beanie 2.1 release Joke: HumanDB - Blazingly slow. Emotionally consistent.

    46 min

  5. 6 APR

    #476: Common themes

    Topics covered in this episode: Migrating from mypy to ty: Lessons from FastAPI Oxyde ORM Typeshedded CPython docs Raw+DC Database Pattern: A Retrospective Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Migrating from mypy to ty: Lessons from FastAPI Tim Hopper I saw this post by Sebastián Ramírez about all of his projects switching to ty FastAPI, Typer, SQLModel, Asyncer, FastAPI CLI SqlModel is already ty only - mypy removed This signals that ty is ready to use Tim lists some steps to apply ty to your own projects Add ty alongside mypy Set error-on-warning = true Accept the double-ignore comments Pick a smaller project to cut over first Drop mypy when the noise exceeds the signalAdd ty alongside mypy Related anecdote: I had tried out ty with pytest-check in the past with difficulty Tried it again this morning, only a few areas where mypy was happy but ty reported issues At least one ty warning was a potential problem for people running pre-releases of pytest, Not really related: packaging.version.parse is awesome Michael #2: Oxyde ORM Oxyde ORM is a type-safe, Pydantic-centric asynchronous ORM with a high-performance Rust core. Note: Oxyde is a young project under active development. The API may evolve between minor versions. No sync wrappers or thread pools. Oxyde is async from the ground up Includes oxyde-admin Features Django-style API - Familiar Model.objects.filter() syntax Pydantic v2 models - Full validation, type hints, serialization Async-first - Built for modern async Python with asyncio Rust performance - SQL generation and execution in native Rust Multi-database - PostgreSQL, SQLite, MySQL support Transactions - transaction.atomic() context manager with savepoints Migrations - Django-style makemigrations and migrate CLI Brian #3: Typeshedded CPython docs Thanks emmatyping for the suggestion Documentation for Python with typeshed types Source: typeshedding_cpython_docs Michael #4: Raw+DC Database Pattern: A Retrospective A new design pattern I’m seeing gain traction in the software space: Raw+DC: The ORM pattern of 2026 I’ve had a chance to migrate three of my most important web app. Thrilled to report that yes, the web app is much faster using Raw+DC Plus, this was part of the journey to move from 1.3 GB memory usage to 0.45 GB (more on this next week) Extras Brian: Lean TDD 0.5 update Significant rewrite and focus Michael: pytest-just (for just command file testing), by Michael Booth Something going on with Encode httpx: Anyone know what's up with HTTPX? And forked starlette and uvicorn: Transfer of Uvicorn & Starlette mkdocs: The Slow Collapse of MkDocs django-rest-framework: Move to django commons? Certificates at Talk Python Training Joke: Neue Rich

    32 min

  6. 30 MAR

    #475: Haunted warehouses

    Topics covered in this episode: Lock the Ghost Fence for Sandboxing MALUS: Liberate Open Source Harden your GitHub Actions Workflows with zizmor, dependency pinning, and dependency cooldowns Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course **Patreon SupportersConnect with the hosts** Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Lock the Ghost The five core takeaways: PyPI "removal" doesn't delete distribution files. When a package is removed from PyPI, it disappears from the index and project page, but the actual distribution files remain accessible if you have a direct URL to them. uv.lock uniquely preserves access to ghost packages. Because uv.lock stores direct URLs to distribution files rather than relying on the index API at install time, uv sync can successfully install packages that have already been removed, even with cache disabled. No other Python lock file implementation tested behaved this way. This creates a supply chain attack vector. An attacker could upload a malicious package, immediately remove it to dodge automated security scanning, and still have it installable via a uv.lock file, or combine this with the xz-style strategy of hiding malicious additions in large, auto-generated lock files that nobody reviews. Removed package names can be hijacked with version collisions. When an owner removes a package, the name can be reclaimed by someone else who can upload different distribution types under the same version number, as happened with "umap." Lock files help until you regenerate them, then you're exposed. Your dependency scanning needs to cover lock files, not just manifest files. Scanning only pyproject.toml or requirements.txt misses threats embedded in lock files, which is where the actual resolved URLs and hashes live. Brian #2: Fence for Sandboxing Suggested by Martin Häcker “Some coding platforms have since integrated built-in sandboxing (e.g., Claude Code) to restrict write access to directories and/or network connectivity. However, these safeguards are typically optional and not enabled by default.” “JY Tan (on cc) has extracted the sandboxing logic from Claude Code and repackaged it into a standalone Go binary.” Source code on GitHub: https://github.com/Use-Tusk/fence Related: Simon Willison lethal trifecta for AI agents article from June 2025 Claude Code Sandboxing Michael #3: MALUS: Liberate Open Source via Paul Bauer The service will generate the specs of a library with one AI and build the newly licensed library using the specs with another AI circumventing the licensing and copyright rules. AI that has not been trained on open source reads the docs and API signature, creates a spec. Another AI processes that spec into working software. Is it a real site? Are they accepting real money, or are they just trying to cause a stir around copyright? Brian #4: Harden your GitHub Actions Workflows with zizmor, dependency pinning, and dependency cooldowns Matthias Schoettle Avoid things like this: hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far Extras Brian: GitHub is asking to spy on us, that’s nice Michael: Michael’s new SaaS for podcasters: InterviewCue DigitalOcean’s Spaces cold storage for infrequently accessed data Minor issue about my fire and forget post, was a latent bug? Fire and Forget at Textual follow up article Joke: Can you?

    41 min

  7. 23 MAR

    #474: Astral to join OpenAI

    Topics covered in this episode: Starlette 1.0.0 Astral to join OpenAI uv audit Fire and forget (or never) with Python’s asyncio Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Starlette 1.0.0 As a reminder, Starlette is the foundation for FastAPI Starlette 1.0 is here! - fun blog post from Marcello Trylesinski “The changes in 1.0 were limited to removing old deprecated code that had been on the way out for years, along with a few bug fixes. From now on we'll follow SemVer strictly.” Fun comment in the “What’s next?” section: “Oh, and Sebastián, Starlette is now out of your way to release FastAPI 1.0. 😉” Related: Experimenting with Starlette 1.0 with Claude skills Simon Willison example of the new lifespan mechanism, very pytest fixture-like @contextlib.asynccontextmanager async def lifespan(app): async with some_async_resource(): print("Run at startup!") yield print("Run on shutdown!") app = Starlette( routes=routes, lifespan=lifespan ) Michael #2: Astral to join OpenAI via John Hagen, thanks Astral has agreed to join OpenAI as part of the Codex team Congrats Charlie and team Seems like **Ruff** and uv play an important roll. Perhaps ty holds the most value to directly boost Codex (understanding codebases for the AI) All that said, these were open source so there is way more to the motivations than just using the tools. After joining the Codex team, we'll continue building our open source tools. Simon Willison has thoughts discuss.python.org also has thoughts The Ars Technica article has interesting comments too It’s probably the death pyx Simon points out “pyx is notably absent from both the Astral and OpenAI announcement posts.” Brian #3: uv audit Submitted by Owen Lemont Pieces of uv audit have been trickling in. uv 0.10.12 exposes it to the cli help Here’s the roadmap for uv audit I tried it out on a package and found a security issue with a dependency not of the project, but of the testing dependencies but only if using Python 3.10, even though I’m using 3.14 Kinda cool Looks like it generates a uv.lock file, which includes dependencies for all project supported versions of Python and systems, which is a very thorough way to check for vulnerabilities. But also, maybe some pointers on how to fix the problem would be good. No --fix yet. Michael #4: Fire and forget (or never) with Python’s asyncio Python’s asyncio.create_task() can silently garbage collect your fire-and-forget tasks starting in Python 3.12 Formerly fine async code can now stop working, so heads up The fix? Use a set to upgrade to a strong ref and a callback to remove it Is there a chance of task-based memory leaks? Yeah, maybe. Extras Brian: Nobody Gets Promoted for Simplicity - interesting read and unfortunate truth in too many places. pytest-check - All built-in check helper functions in this list also accept an optional xfail reason. example: check.equal(actual, expected, xfail="known issue #123") Allows some checks to still cause a failure to happen because you no longer have to mark the whole test as xfail Michael: TurboAPI - FastAPI + Pydantic compatible framework in Zig (see follow up) Pyramid 2.1 is out (yes really! :) first release in 3 years) Vivaldi 7.9 adds minimalist hide mode. Migrated pythonbytes.fm and talkpython.fm to Raw+DC design pattern Robyn + Chameleon package Joke: We now have translation services

    46 min

  8. 16 MAR

    #473: A clean room rewrite?

    Topics covered in this episode: chardet ,AI, and licensing refined-github pgdog: PostgreSQL connection pooler, load balancer and database sharder Agentic Engineering Patterns Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: chardet ,AI, and licensing Thanks Ian Lessing Wow, where to start? A bit of legal precedence research. Chardet dispute shows how AI will kill software licensing, argues Bruce Perens on the Register Also see this GitHub issue. Dan Blanchard, maintainer of a Python character encoding detection library called chardet, released a new version of the library under a new software license. (LGPL → MIT) Dan is allowed to make this change because v7 is a complete “clean room” rewrite using AI BTW, v7 is WAY better: The result is a 48x increase in detection speed for a project that lives in the hot loops of many projects. That will lead to noticeable performance increases for literally millions of users (the package gets ~130M downloads per month). It paves a path towards inclusion in the standard library (assuming they don’t institute policies against using AI tools). Thread-safe detect() and detect_all() with no measurable overhead; scales on free-threaded Python 3.13t+ An individual claiming to be Mark Pilgrim, the original creator of the library, opened an issue in the project's GitHub repo arguing that Blanchard had no right to change the software license, citing the LPGL requirement that the license remain unchanged. A 'complete rewrite' is irrelevant, since they had ample exposure to the originally licensed code (i.e. this is not a 'clean room' implementation). Blanchard disagreed, citing how version 7.0.0 and 6.0.0 compare when subjected to JPlag, a library for detecting plagiarism. Blanchard told The Register he had wanted to get chardet added to the Python standard library for more than a decade since it’s a core dependency to most Python projects. Brian #2: refined-github Suggested by Matthias Schöttle A browser plugin that improves the GitHub experience A sampling Adds a build/CI status icon next to the repo’s name. Adds a link back to the PR that ran the workflow. Enables tab and shift tab for indentation in comment fields. Auto-resizes comment fields to fit their content and no longer show scroll bars. Highlights the most useful comment in issues. Changes the default sort order of issues/PRs to Recently updated. But really, it’s a huge list of improvements Michael #3: pgdog: PostgreSQL connection pooler, load balancer and database sharder PgDog is a proxy for scaling PostgreSQL. It supports connection pooling, load balancing queries and sharding entire databases. Written in Rust, PgDog is fast, secure and can manage thousands of connections on commodity hardware. Features PgDog is an application layer load balancer for PostgreSQL Health Checks: PgDog maintains a real-time list of healthy hosts. When a database fails a health check, it's removed from the active rotation and queries are re-routed to other replicas Single Endpoint: PgDog can detect writes (e.g. INSERT, UPDATE, CREATE TABLE, etc.) and send them to the primary, leaving the replicas to serve reads Failover: PgDog monitors Postgres replication state and can automatically redirect writes to a different database if a replica is promoted Sharding: PgDog is able to manage databases with multiple shards Brian #4: Agentic Engineering Patterns Simon Willison So much great stuff here, especially Anti-patterns: things to avoid And 3 sections on testing Red/green TDD First run the test Agentic manual testing Extras Brian: uv python upgrade will upgrade all versions of Python installed with uv to latest patch release suggested by John Hagen Coding After Coders: The End of Computer Programming as We Know It NY Times Article Suggested by Christopher Best quote: “Pushing code that fails pytest is unacceptable and embarrassing.” Michael: Talk Python Training users get a better account dashboard Package Managers Need to Cool Down Will AI Kill Open Source, article + video My Always activate the venv is now a zsh-plugin, sorta. Joke: Ergonomic keyboard Also pretty good and related: Claude Code Mandated Links legal precedence research Chardet dispute shows how AI will kill software licensing, argues Bruce Perens this GitHub issue citing JPlag refined-github Agentic Engineering Patterns Anti-patterns: things to avoid Red/green TDD First run the test Agentic manual testing uv python upgrade Coding After Coders: The End of Computer Programming as We Know It Suggested by Christopher a better account dashboard Package Managers Need to Cool Down Will AI Kill Open Source Always activate the venv now a zsh-plugin Ergonomic keyboard Claude Code Mandated claude-mandated.png blobs.pythonbytes.fm/keyboard-joke.jpeg?cache_id=a6026b

    46 min
See All (480)

Hosts & Guests

About

Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.

Information

  • Creator
    Michael Kennedy and Brian Okken
  • Years Active
    2016 - 2026
  • Episodes
    480
  • Rating
    Clean
  • Copyright
    © Copyright 2016-2026
  • Show Website
    Python Bytes

You Might Also Like