Page de couverture de Python Bytes

Python Bytes

Python Bytes

Auteur(s): Michael Kennedy and Brian Okken
Écouter gratuitement

Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.Copyright 2016-2026 Politique
Épisodes
  • #484 All our tools

    #484 All our tools
    Jun 16 2026
    Topics covered in this episode: pi + superpowersTerminal: Warp.dev + OhMyZSH{Blink,kitty} + mosh + tmuxClaude codeMacWhisper or HandyTailscaleExtrasJokeWatch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python TrainingSix Feet Up is hosting a LinkedIn Live Connect with the hostsMichael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)Calvin: @calvinhp@sixfeetup.social / @calvinhp.com (bsky)Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesday at 7am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Calvin #1: pi + superpowers terminal-first, open-source coding agentSession management is a first-class citizenExtension model is what makes pi special — it's aggressively composableSuperpowers brings a structured software development methodology as loadable skillsSteps back and asks you what you're really trying to do“hand you the keys to the car” mode vs guardrails might not be for everyone Michael #2: Terminal: Warp.dev + OhMyZSH If you’re using the base terminal with default settings, you have so much head-room for improvement.I’ve been using Warp.dev since Elvis talked me into it. ;)Remarkable terminal but the AI side of things is a bit junky, can be turned offOhMyZSH gives better autocomplete e.g. git branch [HTML_REMOVED] lists all branches in the local repo!Commandbookapp.com is excellent to keep the terminal focused on terminal things and more server commands and other automation in Command Book. Calvin #3: {Blink,kitty} + mosh + tmux Kitty Terminal — GPU-accelerated terminal emulator for macOS, Linux, and Windows with support for graphics, ligatures, and a powerful tiling layout system built right in.Blink Shell — The go-to terminal for iPad/iPhone power users; full SSH and Mosh client with a gorgeous interface built specifically for mobile professional workflows.Mosh — Mobile Shell replaces SSH for remote connections, surviving network switches, sleep cycles, and flaky Wi-Fi with zero dropped sessions — essential for staying connected to long-running agentic jobs.tmux — Terminal multiplexer that keeps sessions alive on your Linux server indefinitely; detach from a Mosh session on your Mac, reconnect from your iPad, and your agent is right where you left it.The combo — Kitty or Blink + Mosh + tmux creates a "persistent remote brain" pattern: your beefy Linux homelab runs the compute-heavy agent sessions 24/7, and any device becomes a thin client to drop in and out at will. Michael #4: Claude code I prefer the IDE experience, the new PyCharm + Claude integration is really good. VS Code too. Why IDE? Because we should still be present with our code and managing context is much easier.Use the best/latest models on high thinking. “Speed” is not your friend, it’s just shortcuts.Create skills and agents and use them.Curate your own rules (e.g. Talk Python’s Claude.md)Works well on non-coding things. Just create a folder, put a ton of files in there and it’s like NotebookLM + Chat + more. Calvin #5: MacWhisper or Handy Transcribes your speech using your choice of Whisper or Parakeet models.All transcription is done on your device, no data leaves your machine.Automatic Speaker Recognition with local models.Handy is more basic, but open source and runs on all platforms. Michael #6: Tailscale No need to open ports at all, Tailscale makes machines inside the same network accessible to each otherWorks great for laptops, desktops, etc. But also available for servers. Though I still use cloud firewalls for servers.How I use it: My dev database server, preloaded with QA data, is always running on my home mac mini m4 pro. All my apps look for that server before looking locally and tailscale makes them always accessible to each otherMy local LLMs expose OpenAI API compatible APIs. Tailscale makes these accessible even while traveling or at a coffee shop.Use my mini as an exit node. All traffic is routed outbound from my local fiber network. Great to restricted IPs like accessing my servers without caring about the local IP.Screen share back to my home machines even while traveling.Listen to the Talk Python episode with Alex for a deeper conversation. Extras Calvin: Telescopo great Mac Markdown viewer/editor. Michael:One more: Typora markdown editor.Created formal documentation for many of my open source packages using Great Docs.Via Mark Little: Statement on the US government directive to suspend access to Fable 5 and Mythos 5 Joke: No second date
    Voir plus Voir moins
    50 min
  • #483 Thanks Brian

    #483 Thanks Brian
    Jun 9 2026
    Topics covered in this episode: Vulnerability and malware checks in uvHTTP GET requests with the Python standard libraryMillions of AI agents imperiled by critical vulnerability in open source packagealembic-git-revisionsExtrasJokeWatch on YouTube About the show Goodbye and Thanks Brian Thanks Calvin for being part of this and future episodes! Also new time for the live show. Thanks Brian for all the hard work over the years. Calvin #1: Vulnerability and malware checks in uv release just yesterday by Astral https://astral.sh/blog/uv-audituv audit scans dependencies for known vulnerabilities and abandoned packages via the OSV database — runs 4–10x faster than pip-auditMalware check runs on every install/sync, catching actively malicious packages (credential stealers, etc.) before they execute — including ones PyPI quarantined but lockfiles can still referenceEnable malware scanning with UV_MALWARE_CHECK=1 — it's opt-in and in previewFuture roadmap includes a resolver that steers toward vulnerability-free versions and install-time warnings scoped to newly added deps only Michael #2: HTTP GET requests with the Python standard library If you’re doing HTTP in Python, you’re probably using one of three popular libraries: requests, httpx, or urllib3.There have been issues with httpx lately.Niquest is another option: Drop-in replacement for Requests. Automatic HTTP/1.1, HTTP/2, and HTTP/3. WebSocket, and SSE included.But maybe less is more, especially in the age of agentic AIA good candidate needs two things to be true at once, not one: the used surface is small, and the behavior behind that surface is shallow. Calvin #3: Millions of AI agents imperiled by critical vulnerability in open source package "BadHost" (CVE-2026-48710) is a critical vulnerability in Starlette — the ASGI framework underlying FastAPI — with 325 million weekly downloads; also affects vLLM, LiteLLM, and most MCP server toolingThe exploit is trivial: injecting a single character into an HTTP Host header bypasses path-based authentication, and can lead to credential theft, SSRF, and in some cases remote code executionMCP servers are a prime target since they store credentials for external services (email, databases, cloud accounts) — exposed data in the wild includes biopharma clinical trial DBs, full mailboxes, HR/PII pipelines, and AWS topologyFix is available — patch to Starlette 1.0.1 immediately; use the free scanner at mcp-scan.nemesis.services to check if your servers are still running a vulnerable versionOpen source sustainability footnote: the maintainer triages near-daily security reports solo, in his free time — most are AI-generated noise, and real ones like this still compete for the same evenings and weekends Michael #4: alembic-git-revisions By Julien Danjou from MergifyAutomatic Alembic migration chaining based on git commit history. No more Multiple head revisions are present for given argument 'head'.See the introductory articleCaused by two migrations landed with the same down_revision, and Alembic doesn’t know which one comes first. The fix is always the same: someone manually edits the migration file to re-chain the revisions.The insight: git already knows the order Extras Calvin: GNU make can do pattern matching in the target. Not new at all, mentioned in the 1994-era docs. just and task don’t have this super power on the target name yet. train-%: uv run ./train.py $* --save-hyper-params --overwrite $(TRAIN_ARGS) Michael: Updated my HTTP client using packages from httpx to httpx2: listmonk, umami, and memberful. For motivation, see this reddit thread. Joke: Accurate
    Voir plus Voir moins
    29 min
  • #482 Mr. Beast's episode

    #482 Mr. Beast's episode
    Jun 1 2026
    Topics covered in this episode: CVE-2026-48710: A Maintainer's Perspectivedaily-stars-explorerMarkdown to pdf with pandoc and typstpostman2pytestExtrasJokeWatch on YouTube About the show Brian #1: CVE-2026-48710: A Maintainer's Perspective Marcelo Trylesinskisuggested by Lee LuocksShort version: users of Starlette: upgrade to Starlette 1.0.1security professionals: we can’t treat open source projects like corporationsThis top link is a Starlette security advisory with the title Missing Host header validation poisons request.url.path, bypassing path-based security checksThe CVE apparently caused some negative press targeting starlette.However, “the vulnerability came from the application pattern and the deployment, never from something Starlette intended.”A quote from an OSTIF article: “This bug is a classic “responsibility gap” where if this maintainer didn’t patch, thousands of exposed projects would have to individually secure their projects. In doing this work, they’ve voluntarily taken on the responsibility to protect the ecosystem from long-term systemic harm. As with all open source projects, they owed us nothing and could have left this to be everyone else’s problem and took the extraordinary steps of helping the ecosystem.”Both X40 D-Sec and Ars Technica expected immediate fixes and responses from Starlette.That’s not good. We can do better. Michael #2: daily-stars-explorer Explore the full history of any GitHub repository.📈 Full Star History - Complete daily star counts for any repo⏰ Hourly Stars - Hour-by-hour activity with timezone support🔀 Compare Repos - Side-by-side comparison of any two repositories📊 Activity Timelines - Commits, PRs, Issues, Forks, Contributors over time📌 Pin Favorites - Bookmark repos for quick access without retyping📰 Feed Mentions - See when repos were mentioned on HN, Reddit, YouTube, GitHub💾 Export Data - Download as CSV or JSON🌙 Dark Mode - Easy on the eyesTry/use it online at emanuelef.github.io/daily-stars-explorer or install it for yourself. Brian #3: Markdown to pdf with pandoc and typst typst suggestion from Matt HarrisonMarkdown is awesomePandoc is great for converting markdown to tons of stuff but for pdf, it goes through LaTeX, which is … yuk (my opinion)Pandoc also can convert to typstAnd typst creates beautiful pdfs and is way easier (my opinion) to deal with than LaTeX.New tools brew upgrade pandocbrew install typstNow convert pandoc something.md --to typst -o something.typtypst compile something.typ something.pdf Michael #4: postman2pytest via MikhailBased on postman appConvert Postman Collection v2.1 JSON into executable pytest test suitesPostman collections document your API. postman2pytest turns that documentation into executable regression tests that run in CI. No manual rewriting, no drift. Extras: New blog, who dis? - testandcode.org is now on .org and a blog and soon to be a “publisher”. Joke: Centering a div
    Voir plus Voir moins
    24 min
adbl_web_anon_alc_button_suppression_t1
Pas encore de commentaire