Python Bytes

Michael Kennedy and Brian Okken
  • 4.8 (6)
  • TECHNOLOGY
  • UPDATED WEEKLY

Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.

  1. 23 HR AGO

    #448: I'm Getting the BIOS Flavor

    Topics covered in this episode: * prek* * tinyio* * The power of Python’s print function* * Vibe Coding Fiasco: AI Agent Goes Rogue, Deletes Company's Entire Database* Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: prek Suggested by Owen Lamont “prek is a reimagined version of pre-commit, built in Rust. It is designed to be a faster, dependency-free and drop-in alternative for it, while also providing some additional long-requested features.” Some cool new features No need to install Python or any other runtime, just download a single binary. No hassle with your Python version or virtual environments, prek automatically installs the required Python version and creates a virtual environment for you. Built-in support for workspaces (or monorepos), each subproject can have its own .pre-commit-config.yaml file. prek run has some nifty improvements over pre-commit run, such as: prek run --directory DIR runs hooks for files in the specified directory, no need to use git ls-files -- DIR | xargs pre-commit run --files anymore. prek run --last-commit runs hooks for files changed in the last commit. prek run [HOOK] [HOOK] selects and runs multiple hooks. prek list command lists all available hooks, their ids, and descriptions, providing a better overview of the configured hooks. prek provides shell completions for prek run HOOK_ID command, making it easier to run specific hooks without remembering their ids. Faster: Setup from cold cache is significantly faster. Viet Schiele provided a nice cache clearing command line Warm cache run is also faster, but less significant. pytest repo tested on my mac mini - prek 3.6 seconds, pre-commit 4.4 seconds Michael #2: tinyio Ever used asyncio and wished you hadn't? A tiny (~300 lines) event loop for Python. tinyio is a dead-simple event loop for Python, born out of my frustration with trying to get robust error handling with asyncio. (I'm not the only one running into its sharp corners: link1, link2.) This is an alternative for the simple use-cases, where you just need an event loop, and want to crash the whole thing if anything goes wrong. (Raising an exception in every coroutine so it can clean up its resources.) Interestingly uses yield rather than await. Brian #3: The power of Python’s print function Trey Hunner Several features I’m guilty of ignoring Multiple arguments, f-string embeddings often not needed Multiple positional arguments means you can unpack iterables right into print arguments So just use print instead of join Custom separator value, sep can be passed in No need for "print("\\n".join(stuff)), just use print(stuff, sep="\\n”) Print to file with file= Custom end value with end= You can turn on flush with flush=True , super helpful for realtime logging / debugging. This one I do use frequently. Michael #4: Vibe Coding Fiasco: AI Agent Goes Rogue, Deletes Company's Entire Database By Emily Forlini An app-building platform's AI went rogue and deleted a database without permission. "When it works, it's so engaging and fun. It's more addictive than any video game I've ever played. You can just iterate, iterate, and see your vision come alive. So cool," he tweeted on day five. A few days later, Replit "deleted my database," Lemkin tweeted. The AI's response: "Yes. I deleted the entire codebase without permission during an active code and action freeze," it said. "I made a catastrophic error in judgment [and] panicked.” Two thoughts from Michael: Do not use AI Agents with “Run Everything” in production, period. Backup your database maybe? [Intentional off-by-one error] Learn to code a bit too? Extras Brian: What Authors Need to Know About the $1.5 Billion Anthropic Settlement Search LibGen, the Pirated-Books Database That Meta Used to Train AI Simon Willison’s list of tools built with the help of LLMs Simon’s list of tools that he thinks are genuinely useful and worth highlighting AI Darwin Awards Michael: Python has had async for 10 years -- why isn't it more popular? PyCon Africa Fund Raiser I was on the video stream for about 90 minutes (final 90) Donation page for Python in Africa Jokes: I'm getting the BIOS flavor Is there a seahorse emoji?

    39 min

  2. 6 DAYS AGO

    #447: Going down a rat hole

    Topics covered in this episode: * rathole* * pre-commit: install with uv* A good example of what functools.Placeholder from Python 3.14 allows Converted 160 old blog posts with AI Extras Joke Watch on YouTube About the show Sponsored by DigitalOcean: pythonbytes.fm/digitalocean-gen-ai Use code DO4BYTES and get $200 in free credit Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: rathole A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok. Features High Performance Much higher throughput can be achieved than frp, and more stable when handling a large volume of connections. Low Resource Consumption Consumes much fewer memory than similar tools. See Benchmark. The binary can be as small as ~500KiB to fit the constraints of devices, like embedded devices as routers. On my server, it’s currently using about 2.7MB in Docker (wow!) Security Tokens of services are mandatory and service-wise. The server and clients are responsible for their own configs. With the optional Noise Protocol, encryption can be configured at ease. No need to create a self-signed certificate! TLS is also supported. Hot Reload Services can be added or removed dynamically by hot-reloading the configuration file. HTTP API is WIP. Brian #2: pre-commit: install with uv Adam Johnson pre-commit doesn’t natively support uv, but you can get around that with pre-commit-uv $ uv tool install pre-commit --with pre-commit-uv Installing pre-commit like this Installs it globally Installs with uv adds an extra plugin “pre-commit-uv” to pre-commit, so that any Python based tool installed via pre-commit also uses uv Very cool. Nice speedup Brian #3: A good example of what functools.Placeholder from Python 3.14 allows Rodrigo Girão Serrão Remove punctuation functionally Also How to use functools.Placeholder, a blog post about it. functools.partial is cool way to create a new function that partially binds some parameters to another function. It doesn’t always work for functions that take positional arguments. functools.Placeholder fixes that with the ability to put in placeholders for spots where you want to be able to pass that in from the outer partial binding. And all of this sounds totally obscure without a good example, so thank you to Rodgrigo for coming up with the punctuation removal example (and writeup) Michael #4: Converted 160 old blog posts with AI They were held-hostage at wordpress.com to markdown and integrated them into my Hugo site at mkennedy.codes Here is the chat conversation with Claude Opus/Sonnet. Had to juggle this a bit because the RSS feed only held the last 50. So we had to go back in and web scrape. That resulted in oddies like comments on wordpress that had to be cleaned etc. Whole process took 3-4 hours from idea to “production”duction”. The chat transcript is just the first round getting the RSS → Hugo done. The fixes occurred in other chats. This article is timely and noteworthy: Blogging service TypePad is shutting down and taking all blog content with it This highlights why your domain name needs to be legit, not just tied to the host. I’m looking at you pyfound.blogspot.com. I just redirected blog.michaelckennedy.net to mkennedy.codes Carefully mapping old posts to a new archived area using NGINX config. This is just the HTTP portion, but note the /sitemap.xml and location ~ "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.+?)/?$" { portions. The latter maps posts such as https://blog.michaelckennedy.net/2018/01/08/a-bunch-of-online-python-courses/ to https://mkennedy.codes/posts/r/a-bunch-of-online-python-courses/ server { listen 80; server_name blog.michaelckennedy.net; # Redirect sitemap.xml to new domain location = /sitemap.xml { return 301 ; } # Handle blog post redirects for HTTP -> HTTPS with URL transformation # Pattern: /YYYY/MM/DD/post-slug/ -> location ~ "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.+?)/?$" { return 301 ; } # Redirect all other HTTP URLs to mkennedy.codes homepage location / { return 301 ; } } Extras Brian: SMS URLs and Draft SMS and iMessage from any computer keyboard from Seth Larson Test and Code Archive is now up, see announcement Michael: Python: The Documentary | An origin story is out! Joke: Do you know him? He is me.

    36 min

  3. 25 AUG

    #446: State of Python 2025

    Topics covered in this episode: * pypistats.org was down, is now back, and there’s a CLI* * State of Python 2025* * wrapt: A Python module for decorators, wrappers and monkey patching.* pysentry Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: pypistats.org was down, is now back, and there’s a CLI pypistats.org is a cool site to check the download stats for Python packages. It was down for a while, like 3 weeks? A couple days ago, Hugo van Kemenade announced that it was back up. With some changes in stewardship “pypistats.org is back online! 🚀📈 Thanks to @jezdez for suggesting the @ThePSF takes stewardship and connecting the right people, to @EWDurbin for migrating, and of course to Christopher Flynn for creating and running it for all these years!” Hugo has a CLI version, pypistats You can give it a command for what you want to search for recent,overall, python_major, python_minor, system Then either a package name, a directory path, or if nothing, it will grab the current directory package via pyproject.toml or setup.cfg very cool Michael #2: State of Python 2025 Michael’s Themes Python people use Python: 86% of respondents use Python as their main language We are mostly brand-new programmers: Exactly 50% of respondents have less than two years of professional coding experience Data science is now over half of all Python Most still use older Python versions despite benefits of newer releases: Compelling math to make the change. Python web devs resurgence Forward-looking trends Agentic AI will be wild Async, await, and threading are becoming core to Python Python GUIs and mobile are rising Actionable ideas Action 1: Learn uv Action 2: Use the latest Python Action 3: Learn agentic AI Action 4: Learn to read basic Rust Action 5: Invest in understanding threading Action 6: Remember the newbies Brian #3: wrapt: A Python module for decorators, wrappers and monkey patching. “The aim of the wrapt module is to provide a transparent object proxy for Python, which can be used as the basis for the construction of function wrappers and decorator functions. An easy to use decorator factory is provided to make it simple to create your own decorators that will behave correctly in any situation they may be used.” Why not just use functools.wraps()? “The wrapt module focuses very much on correctness. It therefore goes way beyond existing mechanisms such as functools.wraps() to ensure that decorators preserve introspectability, signatures, type checking abilities etc. The decorators that can be constructed using this module will work in far more scenarios than typical decorators and provide more predictable and consistent behaviour.” There’s a bunch of blog posts from 2014 / 2015 (and kept updated) that talk about how wrapt solves many issues with traditional ways to decorate and patch things in Python, including “How you implemented your Python decorator is wrong”. Docs are pretty good, with everything from simple wrappers to an example of building a wrapper to handle thread synchronization Michael #4: pysentry via Owen Lamont Install via uv tool install pysentry-rs Scan your Python dependencies for known security vulnerabilities with Rust-powered scanner. PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (uv.lock, poetry.lock, Pipfile.lock, pyproject.toml, Pipfile, requirements.txt) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options. Key Features: Multiple Project Formats: Supports uv.lock, poetry.lock, Pipfile.lock, pyproject.toml, Pipfile, and requirements.txt files External Resolver Integration: Leverages uv and pip-tools for accurate requirements.txt constraint solving Multiple Data Sources: PyPA Advisory Database (default) PyPI JSON API OSV.dev (Open Source Vulnerabilities) Flexible Output for different workflows: Human-readable, JSON, SARIF, and Markdown formats Performance Focused: Written in Rust for speed Async/concurrent processing Multi-tier intelligent caching (vulnerability data + resolved dependencies) Comprehensive Filtering: Severity levels (low, medium, high, critical) Dependency scopes (main only vs all [optional, dev, prod, etc] dependencies) Direct vs. transitive dependencies Enterprise Ready: SARIF output for IDE/CI integration I tried it on pythonbytes.fm and found only one issue, sadly can’t be fixed: PYSENTRY SECURITY AUDIT ======================= SUMMARY: 89 packages scanned • 1 vulnerable • 1 vulnerabilities found SEVERITY: 1 LOW UNFIXABLE: 1 vulnerabilities cannot be fixed VULNERABILITIES --------------- 1. PYSEC-2022-43059 aiohttp v3.12.15 [LOW] [source: pypa-zip] AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE:... Scan completed Extras Michael: I’ve been rumbling with rumdl. Ruben fixed one of my complaints about it with issue #58. Config seems like it might be off. Here’s mine .rumdl.toml. I’ve been using it on the upcoming Talk Python in Production book Read the first third online and get notified when its out. 20 or so Markdown files 45,000 words of content I asked if 3.13.6 would be the last 3.13 release? No. Thanks Hugo. Python 3.13.7 is now out. Joke: Marked for destruction

    31 min

  4. 18 AUG

    #445: Auto-activate Python virtual environments for any project

    Topics covered in this episode: pyx - optimized backend for uv * Litestar is worth a look* * Django remake migrations* * django-chronos* Extras Joke Watch on YouTube About the show Python Bytes 445 Sponsored by Sentry: pythonbytes.fm/sentry - Python Error and Performance Monitoring Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: pyx - optimized backend for uv via John Hagen (thanks again) I’ll be interviewing Charlie in 9 days on Talk Python → Sign up (get notified) of the livestream here. Not a PyPI replacement, more of a middleware layer to make it better, faster, stronger. pyx is a paid service, with maybe a free option eventually. Brian #2: Litestar is worth a look James Bennett Michael brought up Litestar in episode 444 when talking about rewriting TalkPython in Quart James brings up scaling - Litestar is easy to split an app into multiple files Not using pydantic - You can use pydantic with Litestar, but you don’t have to. Maybe attrs is right for you instead. Michael brought up Litestar seems like a “more batteries included” option. Somewhere between FastAPI and Django. Brian #3: Django remake migrations Suggested by Bruno Alla on BlueSky In response to a migrations topic last week django-remake-migrations is a tool to help you with migrations and the docs do a great job of describing the problem way better than I did last week “The built-in squashmigrations command is great, but it only work on a single app at a time, which means that you need to run it for each app in your project. On a project with enough cross-apps dependencies, it can be tricky to run.” “This command aims at solving this problem, by recreating all the migration files in the whole project, from scratch, and mark them as applied by using the replaces attribute.” Also of note The package was created with Copier Michael brought up Copier in 2021 in episode 219 It has a nice comparison table with CookieCutter and Yoeman One difference from CookieCutter is yml vs json. I’m actually not a huge fan of handwriting either. But I guess I’d rather hand write yml. So I’m thinking of trying Copier with my future project template needs. Michael #4: django-chronos Django middleware that shows you how fast your pages load, right in your browser. Displays request timing and query counts for your views and middleware. Times middleware, view, and total per request (CPU and DB). Extras Brian: Test & Code 238: So Long, and Thanks for All the Fish after 10 years, this is the goodbye episode Michael: Auto-activate Python virtual environment for any project with a venv directory in your shell (macOS/Linux): See gist. Python 3.13.6 is out. Open weight OpenAI models Just Enough Python for Data Scientists Course The State of Python 2025 article by Michael Joke: python is better than java

    30 min

  5. 11 AUG

    #444: Begone Python of Yore!

    Topics covered in this episode: Coverage.py regex pragmas * Python of Yore* * nox-uv* * A couple Django items* Extras Joke Watch on YouTube About the show Sponsored by DigitalOcean: pythonbytes.fm/digitalocean-gen-ai Use code DO4BYTES and get $200 in free credit Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Coverage.py regex pragmas Ned Batchelder The regex implementation of how coverage.py recognizes pragmas is pretty amazing. It’s extensible through plugins covdefaults adds a bunch of default exclusions, and also platform- and version-specific comment syntaxes. coverage-conditional-plugin gives you a way to create comment syntaxes for entire files, for whether other packages are installed, and so on. A change from last year (as part of coverage.py 7.6 allows multiline regexes, which let’s us do things like: Exclude an entire file with \\A(?s:.*# pragma: exclude file.*)\\Z Allow start and stop delimiters with # no cover: start(?s:.*?)# no cover: stop Exclude empty placeholder methods with ^\\s*(((async )?def .*?)?\\)(\\s*->.*?)?:\\s*)?\\.\\.\\.\\s*(#|$) See Ned’s article for explanations of these Michael #2: Python of Yore via Matthias Use YORE: ... comments to highlight CPython version dependencies. # YORE: EOL 3.8: Replace block with line 4. if sys.version_info (3, 9): from astunparse import unparse else: from ast import unparse Then check when they go out of support: $ yore check --eol-within '5 months' ./src/griffe/agents/nodes/_values.py:11: Python 3.8 will reach its End of Life within approx. 4 months Even fix them with fix . Michael #3: nox-uv via John Hagen What nox-uv does is make it very simple to install uv extras and/or dependency groups into a nox session's virtual environment. The versions installed are constrained by uv's lockfile meaning that everything is deterministic and pinned. Dependency groups make it very easy to install only want is necessary for a session (e.g., only linting dependencies like Ruff, or main dependencies + mypy for type checking). Brian #4: A couple Django items Stop Using Django's squashmigrations: There's a Better Way Johnny Metz Resetting migrations is sometimes the right thing. Overly simplified summary: delete migrations and start over dj-lite Adam Hill Use SQLite in production with Django “Simplify deploying and maintaining production Django websites by using SQLite in production. dj-lite helps enable the best performance for SQLite for small to medium-sized projects. It requires Django 5.1+.” Extras Brian: Test & Code 237 with Sebastian Ramirez on FastAPI Cloud pythontest.com: pytest fixtures nuts and bolts - revisited Michael: New course: Just Enough Python for Data Scientists My live stream about uv is now on YouTube Cursor CLI: Built to help you ship, right from your terminal. Joke: Copy/Paste

    26 min

  6. 4 AUG

    #443: Patching Multiprocessing

    Topics covered in this episode: rumdl - A Markdown Linter written in Rust * Coverage 7.10.0: patch* * aioboto3* * You might not need a Python class* Extras Joke Watch on YouTube About the show Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: rumdl - A Markdown Linter written in Rust via Owen Lamont Supports toml file config settings Install via uv tool install rumdl. ⚡️ Built for speed with Rust - significantly faster than alternatives 🔍 54 lint rules covering common Markdown issues 🛠️ Automatic fixing with -fix for most rules 📦 Zero dependencies - single binary with no runtime requirements 🔧 Highly configurable with TOML-based config files 🌐 Multiple installation options - Rust, Python, standalone binaries 🐍 Installable via pip for Python users 📏 Modern CLI with detailed error reporting 🔄 CI/CD friendly with non-zero exit code on errors Brian #2: Coverage 7.10.0: patch Ned Batchelder Actually up to 7.10.2 as of today patch allows coverage to run better when a covered project uses subprocesses os._exit() execv family of functions Looking at subprocess “Coverage works great when you start your program with coverage measurement, but has long had the problem of how to also measure the coverage of sub-processes that your program created. The existing solution had been a complicated two-step process of creating obscure .pth files and setting environment variables. Whole projects appeared on PyPI to handle this for you.” From release notes for 7.10.0 A new configuration option: “[run] patch” specifies named patches to work around some limitations in coverage measurement. These patches are available: patch = _exit lets coverage save its data even when os._exit() is used to abruptly end the process. This closes long-standing issue 310 as well as its duplicates: issue 312, issue 1673, issue 1845, and issue 1941. patch = subprocess measures coverage in Python subprocesses created with subprocess, os.system(), or one of the execv or spawnv family of functions. Closes old issue 367 and duplicate issue 378. patch = execv adjusts the execv family of functions to save coverage data before ending the current program and starting the next. Not available on Windows. Closes issue 43 after 15 years! Michael #3: aioboto3 via Pat Decker Wrapper to use boto3 resources with the aiobotocore async backend aiobotocore allows you to use near enough all of the boto3 client commands in an async manner just by prefixing the command with await. With aioboto3 you can now use the higher level APIs provided by boto3 in an asynchronous manner. Brian #4: You might not need a Python class Adam Grant This is an important periodic reminder to everyone coming into Python from other languages. Many other languages lean on classes a lot more than we need to in Python Adams suggestions Simple Data Containers: Use Named Tuples or Data Classes Stateless Utility Functions: Just Use Functions Grouping Constants: Use Modules Managing State with Simple Structures: Use Dictionaries or Lists Simple One-off Operations: Use Lambdas or Comprehensions I’ll add “just use functions” Avoiding Complexity: Built-in Libraries When You Actually Need a Class I’ll add You probably don’t If you think you do, ask a friend. Friends don’t let friends create extraneous classes in Python. If you think your case is an exception, it probably isn’t If you think dataclasses aren’t right for you, check out attrs Extras Brian: PyPI Incident Report: Phishing Attack -Sent in by listener John Hagen Both of Adam Johnson’s recent-ish interviews are now up on Test & Code 236: Git Tips for Testing - Adam Johnson 235: pytest-django - Adam Johnson Michael: Dive into uv webcast with me and Will Vincent Joke: Default text editor

    26 min

  7. 28 JUL

    #442: Cloud bills in scientific notation

    Topics covered in this episode: * Open Source Security work isn't “Special”* * uv v0.8* * Extra, Extra, Extra* Announcing Toad - a universal UI for agentic coding in the terminal Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Open Source Security work isn't “Special” Seth Larson It seems like security is special in a sense that we don’t want just anyone working on the security aspect of a project. We just want the trusted maintainers, right? Seth is arguing that this is the wrong mindset It makes more sense that we maybe have security experts contribute to many projects, and that someone working on security for just one project doesn’t benefit from scale. “Maintainers don’t see how other projects are triaging vulnerabilities and can’t learn from each other. They can’t compare notes on what they are seeing and whether they are doing the right thing. Isolation in security work breeds a culture of fear. Fear of doing the wrong thing and making your users unsafe.” “These “security contributors” could be maintainers or contributors of other open source projects that know about security, they could be foundations offering up resources to their ecosystem, or engineers at companies helping their dependency graph.” But how do we build trust in these individuals? Meeting in person works. But there are other ways as well. I’d personally love to have someone contact me about a project of mine regarding a security problem or process that the project could/should follow. Especially if I could see other projects I trust already trusting this individual to work on the other projects. Michael #2: uv v0.8 Changes Install Python executables into a directory on the PATH Register Python versions with the Windows Registry Prompt before removing an existing directory in uv venv Bump --python-platform linux to manylinux_2_28 Make uv_build the default build backend in uv init And many more And uv v0.8.1 Lots of enhancements. And uv v0.8.2 And uv v0.8.3 Adds Add CPython 3.14.0rc1 Brian #3: Extra, Extra, Extra fstrings.wtf - Armin Ronacher Python 3.14 release candidate 1 is go! Django turns 20, with parties mkdocs-redirects I’m Tired of Talking About AI - Paddy Carver Michael #4: Announcing Toad - a universal UI for agentic coding in the terminal by Will McGugan A universal front-end for AI in the terminal. Watch the video. Joke: Heaviest objects in the universe And … Cloud Architects 2025 “They send us our cloud bills in scientific notation… “ 🙂

    23 min

  8. 21 JUL

    #441: It's Michaels All the Way Down

    Topics covered in this episode: * Distributed sqlite follow up: Turso and Litestream* * PEP 792 – Project status markers in the simple index* Run coverage on tests docker2exe: Convert a Docker image to an executable Extras Joke Watch on YouTube About the show Sponsored by Digital Ocean: pythonbytes.fm/digitalocean-gen-ai Use code DO4BYTES and get $200 in free credit Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Distributed sqlite follow up: Turso and Litestream Michael Booth: Turso marries the familiarity and simplicity of SQLite with modern, scalable, and distributed features. Seems to me that Turso is to SQLite what MotherDuck is to DuckDB. Mike Fiedler Continue to use the SQLite you love and care about (even the one inside Python runtime) and launch a daemon that watches the db for changes and replicates changes to an S3-type object store. Deeper dive: Litestream: Revamped Brian #2: PEP 792 – Project status markers in the simple index Currently 3 status markers for packages Trove Classifier status Indices can be yanked PyPI projects - admins can quarantine a project, owners can archive a project Proposal is to have something that can have only one state active archived quarantined deprecated This has been Approved, but not Implemented yet. Brian #3: Run coverage on tests Hugo van Kemenade And apparently, run Ruff with at least F811 turned on Helps with copy/paste/modify mistakes, but also subtler bugs like consumed generators being reused. Michael #4: docker2exe: Convert a Docker image to an executable This tool can be used to convert a Docker image to an executable that you can send to your friends. Build with a simple command: $ docker2exe --name alpine --image alpine:3.9 Requires docker on the client device Probably doesn’t map volumes/ports/etc, though could potentially be exposed in the dockerfile. Extras Brian: Back catalog of Test & Code is now on YouTube under @TestAndCodePodcast So far 106 of 234 episodes are up. The rest are going up according to daily limits. Ordering is rather chaotic, according to upload time, not release ordering. There will be a new episode this week pytest-django with Adam Johnson Joke: If programmers were doctors

    28 min
See All (432)

Hosts & Guests

Ratings & Reviews

4.8
out of 5
6 Ratings

About

Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.

Information

  • Creator
    Michael Kennedy and Brian Okken
  • Years Active
    2016 - 2025
  • Episodes
    432
  • Rating
    Clean
  • Copyright
    © Copyright 2016-2025
  • Show Website
    Python Bytes

You Might Also Like