Episodes

  • #381 Python Packages in the Oven

    #381 Python Packages in the Oven
    Apr 30 2024
    Topics covered in this episode: Announcing py2wasm: A Python to Wasm compilerExploring Python packages with Oven and PyPI BrowserPyCharm Local LLMGoogle shedding Python devs (at least in the US).ExtrasJokeWatch on YouTube About the show Sponsored by ScoutAPM: pythonbytes.fm/scout Connect with the hosts Michael: @mkennedy@fosstodon.orgBrian: @brianokken@fosstodon.orgShow: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Announcing py2wasm: A Python to Wasm compiler py2wasm converts your Python programs to WebAssembly, running them at 3x faster speedsthanks to Nuitka Brian #2: Exploring Python packages with Oven and PyPI Browser pypi.org is great, but there are some handy alternativesOven Shows how to install stuff with pip, pdm, rye, and poetrySimilar meta and description as PyPIIncludes README.md view (no tables yet, though)Nice listing of versionsAbility to look at what files are in wheels and tarballs (very cool) Can deploy yourself. Node/Remix app.Really slick.PyPI Browser View versionsView wheel and tarball contents.Metadata and contents.No README viewIs a Starlette app that you can deploy on your on with a private registry. So that’s cool. Michael #3: PyCharm Local LLM Pretty awesome full line completer based on a local LLM for PyCharmRequires PyCharm ProfessionalAn example, given this partial function in Flask: @blueprint.get('/listing') def listing(): videos = video_service.all_videos() Typing ret → That is, typing ret autocompletes to: return flask.render_template('home/listing.html', videos=videos) Which is pretty miraculous, and correct. Brian #4: Google shedding Python devs (at least in the US). Google lays off staff from Flutter, Dart and Python teams weeks before its developer conference - techcrunchPython, Flutter teams latest on the Google chopping block - The Register “Despite Alphabet last week reporting a 57 percent year-on-year jump in net profit to $23.66 billion for calendar Q1, more roles are being expunged as the mega-corp cracks down on costs.”“As for the Python team, the current positions have reportedly been "reduced" in favor of a new team based in Munich.”MK: Related and timely: How one power-hungry leader destroyed Google search Extras Brian: Python Gotcha: strip, lstrip, rstrip can remove more than expected Reminder: You probably want .removesuffix() and .removeprefix() Michael: Using Llama3 in LMStudio Joke: Broken System
    Show more Show less
    29 mins
  • #380 Debugging with your eyes

    #380 Debugging with your eyes
    Apr 23 2024
    Topics covered in this episode: NumFOCUS concernsleaping pytest debugger llmExtra, Extra, Extra,PyPI has completed its first security auditExtrasJokeWatch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python TrainingThe Complete pytest CoursePatreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.orgBrian: @brianokken@fosstodon.orgShow: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: NumFOCUS concerns Suggested by Pamphile RoyWrite up of the current challenges faced by NumFOCUS, by Paul Ivanov (one of the OG of Scientific Python: Jupyter, Matplotlib, etc.) Struggling to meet the needs of sponsored and affiliated projects.In February, NumFOCUS announced it is moving in a new direction.NumFOCUS initiated an effort to run an election for open board seats and proposed changing its governance structure.Some projects are considering and actively pursuing alternative venues for fiscal sponsorship.Quite a bit more detail and discussion in the article.NumFOCUS covers a lot of projects NumPy, Matplotlib, pandas, Jupyter, SciPy, Astropy, Bokeh, Dask, Conda, and so many more. Michael #2: leaping pytest debugger llm You can ask Leaping questions like: Why am I not hitting function x?Why was variable y set to this value?What was the value of variable x at this point?What changes can I make to this code to make this test pass? Brian #3: Extra, Extra, Extra, 2024 Developer Summit Also suggested by Pamphile, related to Scientific PythonThe Second Scientific Python Developer Summit , June 3-5, Seattle, WALots of great work came out of the First Summit in 2023pytest-regex - Use regexs to specify tests to run Came out of the ’23 summitI’m not sure if I’m super happy about this or a little afraid that I probably could use this.Still, cool that it’s here.Cool short example of using __init__ and __call__ to hand-roll a decorator.ruff got faster Michael #4: PyPI has completed its first security audit Trail of Bits spent a total of 10 engineer-weeks of effort identifying issues, presenting those findings to the PyPI team, and assisting us as we remediated the findings.Scope: The audit was focused on "Warehouse", the open-source codebase that powers pypi.orgAs a result of the audit, Trail of Bits detailed 29 different advisories discovered across both codebases. When evaluating severity level of each advisory, 14 were categorized as "informational", 6 as "low", 8 as "medium" and zero as "high". Extras Brian: pytest course community to try out Podia Communities.Anyone have a podia community running strong now? If so, let me know through Mastodon: @brianokken@fosstodon.orgWant to join the community when it’s up and running? Same. Or join our our friends of the show list, and read our newsletter. I’ll be sure to drop a note in there when it’s ready. Michael: VS Code AMA @ Talk Python [video]Gunicorn CVETalk submissions are now open for both remote and in-person talks at the 2024 PyConZA? The conference will be held on 3 and 4 October 2024 in Cape Town, South Africa. Details are on za.pycon.org.FlaskCon 2024 will be happening Friday, May 17 inside PyCon US 2024. Call for proposals are now live! Joke: Debugging with your eyes
    Show more Show less
    24 mins
  • #379 Constable on the debugging case

    #379 Constable on the debugging case
    Apr 16 2024
    Topics covered in this episode:
    • How to Set Up Pre-Commit Hooks A step-by-step guide to installing and configuring pre-commit hooks on your project.
    • difftastic
    • Quarto
    • constable
    • Extras
    • Joke
    Watch on YouTube

    About the show

    Sponsored by us! Support our work through:

    • Our courses at Talk Python Training
    • The Complete pytest Course
    • Patreon Supporters

    Connect with the hosts

    • Michael: @mkennedy@fosstodon.org
    • Brian: @brianokken@fosstodon.org
    • Show: @pythonbytes@fosstodon.org

    Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too.

    Finally, if you want an artisanal, hand-crafted digest of every week of

    the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

    Michael #1: How to Set Up Pre-Commit Hooks A step-by-step guide to installing and configuring pre-commit hooks on your project.

    • by Stefanie Molin
    • Pre-commit hooks are code checks that run as part of the “pre-commit” stage of the git commit process.
    • If any of these checks fail, git aborts the commit
    • Sometimes, we need to bypass the hooks temporarily. For these instances, we can pass the --no-verify option when we run git commit

    Brian #2: difftastic

    • Found this a couple years ago, but really using it a lot now.
    • Excellent structurally diff tool that compares code based on syntax, not line by line.

    Michael #3: Quarto

    • via Mathias Johansson
    • An open-source scientific and technical publishing system
    • Transforming a notebook into a pdf / HTML / MS Word / ePub with minimal effort, or even all formats at once.
    • Author using Jupyter notebooks or with plain text markdown in your favorite editor.
    • Write using Pandoc markdown, including equations, citations, crossrefs, figure panels, callouts, advanced layout, and more.

    Brian #4: constable

    • “inserts print statements directly into the AST at runtime “
    • “If you find yourself aimlessly adding print statements while debugging your code, this is for you. !”
    • Add decorators like @constable.trace('a', 'b') to functions and you’ll get nice output showing when and how a and b changed.
    • see also icecream for another fun debugging with print project.

    Extras

    Brian:

    • pointers being added to the standard library
      • A couple weeks old, but still worth covering
      • Guido’s take on adding this, "Why the hell not?"

    Michael:

    • Python 3.12.3 is out

    Joke: Hugo SciFi Award
    Show more Show less
    20 mins
  • #378 Python is on the edge

    #378 Python is on the edge
    Apr 9 2024
    Topics covered in this episode: pacemaker - For controlling time per iteration loop in Python.PyPI suspends new user registration to block malware campaignPython Project-Local Virtualenv Management ReduxPython Edge Workers at CloudflareExtrasJokeWatch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python TrainingThe Complete pytest CoursePatreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.orgBrian: @brianokken@fosstodon.orgShow: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: pacemaker - For controlling time per iteration loop in Python. Brandon RohrerGood example of a small bit of code made into a small package.With speedups to dependencies, like with uv, for example, I think we’ll see more small projects.Cool stuff Great README, including quirks that need to be understood by users. “If the pacemaker experiences a delay, it will allow faster iterations to try to catch up. Heads up: because of this, any individual iteration might end up being much shorter than suggested by the pacemaker's target rate.”Nice use of time.monotonic() deltas are guaranteed to never go back in time regardless of what adjustments are made to the system clock.Watch out for pip install pacemaker-lite NOT pacemakerpacemaker is taken by a package named PaceMaker with a repo named pace-maker, that hasn’t been updated in 3 years. Not sure if it’s alive. No tests (yet). I’m sure they’re coming. ;) Seriously though, Brandon says this is “a glorified snippet”. And I love the use of packaging to encapsulate shared code. Realistically, small snippet like packages have functionality that’s probably going to be tested by end user code.And even if there are tests, users should test the functionality they are depending on. Michael #2: PyPI suspends new user registration to block malware campaign Incident Report for Python InfrastructurePyPi Is Under Attack: Project Creation and User Registration Suspended — Here’s the details I hate medium, but it’s the best details I’ve found so far Brian #3: Python Project-Local Virtualenv Management Redux HynekConcise writeup of how Hynek uses various tools for dealing with environmentsCovers (paren notes are from Brian) In project .venv directoriesdirenv for handling .envrc files per project (time for me to try this again)uv for pip and pip-compile functionalityInstalling Python via python.orgUsing a .python-version-default file (I’ll need to play with this a bit) Works with GH Action setup-python. (ok. that’s cool)Some fish shell scriptingBonus tip on using requires-python in .pyproject.toml and extracting it in GH actions to be able to get the python exe name, and then be able to pass it to Docker and reference it in a Dockerfile. (very cool) Michael #4: Python Edge Workers at Cloudflare What are edge workers?Based on workers using Pyodide and WebAssemblyThis new support for Python is different from how Workers have historically supported languages beyond JavaScript — in this case, we have directly integrated a Python implementation into workerd, the open-source Workers runtime.Python Workers can import a subset of popular Python packages including FastAPI, Langchain, numpyCheck out the examples repo. Extras Michael: LPython follow up from Brian SkinnFeatured on Python Bytes badgeA little downtime, thanks for the understanding We were rocking a 99.98% uptime until then. :) Joke: C++ is not safe for people under 18Baseball joke
    Show more Show less
    31 mins
  • #377 A Dramatic Episode

    #377 A Dramatic Episode
    Apr 2 2024
    Topics covered in this episode: justpathxz back doorLPythondramaticExtrasJokeWatch on YouTube About the show Sponsored by ScoutAPM: pythonbytes.fm/scout Connect with the hosts Michael: @mkennedy@fosstodon.orgBrian: @brianokken@fosstodon.orgShow: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: justpath Inspect and refine PATH environment variable on both Windows and Linux.Raw, count, duplicates, invalids, corrections, excellent stuff.Check out the video Brian #2: xz back door In case you kinda heard about this, but not really.Very short version: A Microsoft engineer noticed a performance problem with ssh and tracked it to a particular version update of xz.Further investigations found a multi-year installation of a fairly complex back door into the xz by a new-ish contributor. But still contributing over several years. First commit in early 2022.The problem is caught. But if it had succeeded, it would have been bad.Part of the issue of how this happened is due to having one primary maintainer on a very widely used tool included in tons-o-Linux distributions.Some useful articles Everything I Know About the XZ Backdoor - Evan Boehs - recommended readDon’t think your affected? Think again if you use homebrew, for example: Update and upgrade Homebrew and xz versionsNotes Open source maintenance burnout is realLots of open source projects are maintained by unpaid individuals for long periods of time.Multi-year sneakiness and social bullying is pretty hard to defend against.Handing off projects to another primary maintainer has to be doable. But now I think we need better tools to vet contributors. Maybe? Or would that just suppress contributions?One option to help with burnout: JGMM, Just Give Maintainers Money: Software Needs To Be More Expensive - Glyph Michael #3: LPython LPython aggressively optimizes type-annotated Python code. It has several backends, including LLVM, C, C++, and WASM. LPython’s primary tenet is speed.Play with the wasm version here: dev.lpython.orgStill in alpha, so keep that in mind. Brian #4: dramatic Trey HunnerMore drama in the software world. This time in the Python. Actually, this is just a fun utility to make your Python output more dramatic.More fun output with terminaltexteffects suggested by Allan Extras Brian: Textual how has a new inline feature in the new release. Michael: My keynote talk is out: The State of Python in 2024Have you browsed your github feed lately?3.10, 3.9, 3.8 security updates Joke: Definition of terms
    Show more Show less
    33 mins
  • #376 Every dunder method in a Python Lockbox

    #376 Every dunder method in a Python Lockbox
    Mar 26 2024
    Topics covered in this episode: 🤖 On Robots.txtniquestsEvery dunder method in PythonLockboxExtrasJokeWatch on YouTube About the show Sponsored by ScoutAPM: pythonbytes.fm/scout Connect with the hosts Michael: @mkennedy@fosstodon.orgBrian: @brianokken@fosstodon.orgShow: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Brian #1: 🤖 On Robots.txt Jeff Triplett“In theory, this file helps control what search engines and AI scrapers are allowed to visit, but I need more confidence in its effectiveness in the post-AI apocalyptic world.”Resources to get started Block the Bots that Feed “AI” Models by Scraping Your WebsiteGo ahead and block AI web crawlersDark VisitorsDjango Add robots.txt to a Django websiteHow to add a robots.txt to your Django siteHugo Hugo robots.txtPodcast questions: Should content creators block AI from our work?Should’t we set up a standard way to do this?I still haven’t found a way to block GitHub repositories. Is there a way?Licensing is one thing (not easy), but I don’t think any bots respect any protocol for repos. Michael #2: niquests Requests but with HTTP/3, HTTP/2, Multiplexed Connections, System CAs, Certificate Revocation, DNS over HTTPS / TLS / QUIC or UDP, Async, DNSSEC, and (much) pain removed!Niquests is a simple, yet elegant, HTTP library. It is a drop-in replacement for Requests, which is under feature freeze.See why you should switch: Read about 10 reasons why Brian #3: Every dunder method in Python Trey HunnerSure, there’s __repr__(), __str__(), and __init__(), but how about dunder methods for: Equality and hashabilityOrderabilityType conversions and formattingContext managersContainers and collectionsCallabilityArithmetic operators… and so much more … even a cheat sheet. Michael #4: Lockbox Lockbox is a forward proxy for making third party API calls.Why? Automation or workflow platforms like Zapier and IFTTT allow "webhook" actions for interacting with third party APIs.They require you to provide your third party API keys so they can act on your behalf. You are trusting them to keep your API keys safe, and that they do not misuse them.How Lockbox helps: When a workflow platform needs to make a third party API call on your behalf, it makes a Lockbox API call instead. Lockbox makes the call to the third party API, and returns the result to the workflow platform. Extras Brian: Django: Join the community on Mastodon - Adam JohnsonNo maintenance intended - Sent in from Kim van Wyk Michael: US sues Apple Good video on pluses and minusesThe hot water just the day before [and this one]https://9to5mac.com/2024/03/25/app-store-proposals-rejected/ PyPI Support Specialist jobVS Code AMA, please submit your question here PyData Eindhoven 2024 has a date and open CFP Joke: Windows Certified
    Show more Show less
    32 mins
  • #375 Pointing at Countries

    #375 Pointing at Countries
    Mar 19 2024
    Topics covered in this episode: pycountryDoes Python have pointers?ingestrMake your terminal niceExtrasJokeWatch on YouTube About the show Sponsored by ScoutAPM: pythonbytes.fm/scout Connect with the hosts Michael: @mkennedy@fosstodon.orgBrian: @brianokken@fosstodon.orgShow: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Michael #1: pycountry A Python library to access ISO country, subdivision, language, currency and script definitions and their translations.pycountry provides the ISO databases for the standards: 639-3 Languages3166 Codes for representation of names of countries and their subdivisions3166-1 Countries3166-3 Deleted countries3166-2 Subdivisions of countries4217 Currencies15924 Scripts Brian #2: Does Python have pointers? Ned BatchelderTurns out, this is really the description of “what’s a variable in Python?” that helps to make sense of the “variables as names” model in Python, especially for people coming from languages that use pointers a lot.You can use id() to find out what a variable points toYou just can’t do the reverse of access it given an id.There’s no “dereference” operator.See also Python Names and Values, also by Ned Should be required reading/viewing for all Python curriculum. Michael #3: ingestr ingestr is a command-line application that allows ingesting or copying data from any source into any destination database.Works on both MongoDB and Postgres and many more. incremental loading: append, merge or delete+insert Brian #4: Make your terminal nice David LordDavid’s switched to Fish and StarshipI tried switching to Fish several times, and I guess I’m good with zsh. Although I admire the brave comic sans motto: “Finally, a command line shell for the 90s”But I’m finally ready for Starship, and it takes almost no time to set upPlus it’s fast. (Has it always been Rust?) Extras Brian: Doing some groundwork for a SaaS project, using SaaS Pegasus I just talked with Cory from Pegasus for an upcoming PythonTest episodeI haven’t decided whether to save up SaaS episodes for one big series, or spread them out.But mostly I’m excited to get my project started. Michael: Excellent video about “cloud exit”uv - The Next Evolution in Python Packages?Python 3.13 a5Target’s Open Source Fund via Pat Decker Joke: Anti-social engineer
    Show more Show less
    25 mins
  • #374 Climbing the Python Web Mountain

    #374 Climbing the Python Web Mountain
    Mar 11 2024
    Topics covered in this episode: 6 ways to improve the architecture of your Python project (using import-linter)MountaineerWhy Python's Integer Division FloorsHatchetExtrasJokeWatch on YouTube About the show Sponsored by ScoutAPM: pythonbytes.fm/scout Connect with the hosts Michael: @mkennedy@fosstodon.orgBrian: @brianokken@fosstodon.orgShow: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Brian #1: 6 ways to improve the architecture of your Python project (using import-linter) PigleiUsing import-linter to define architectural layerscheck to make sure imports don’t violate (import from upper layers)can also check for more contracts, such as forbidden - disallow a specific from/to import independence - list of modules that shouldn’t import from each otherFixing violations a process introduced to set exceptions for each violation in a config filethen fix violations 1 at a time (nice approach)use the whole team if you canCommon methods for fixing dependency issues Merging and splitting modulesDependency Injection, including using protocols to keep type hints without the need to import just for typesUse simpler dependency typesDelaying function implementations module global methods set by caller, or adding a simple plugin/callback systemConfiguration driven Setting import statements in a config file and using import_string() at runtimeReplace function calls with event-driven approaches Michael #2: Mountaineer Mountaineer is a batteries-included web framework for Python and React.Mountaineer focuses on developer productivity above all else, with production speed a close second. 📝 Typehints up and down the stack: frontend, backend, and database🎙️ Trivially easy client[HTML_REMOVED]server communication, data binding, and function calling🌎 Optimized server rendering for better accessibility and SEO🏹 Static analysis of web pages for strong validation: link validity, data access, etc.🤩 Skip the API or Node.js server just to serve frontend clients Brian #3: Why Python's Integer Division Floors Guido van RossumInteger division always floors (toward negative infinity) instead of truncating. (C truncates)5//2 → 2-5//2 → -35//-2 → -3Reason, For nice mathematical relationships with // and % (modulo).a//b = quotient (q), a%b = remainder (r)such that b*q + r = a, and 0 <= r < b This works for both positive and negative a valuesFor negative b, the second rule has to change to 0 >= r > b If you truncate (like C does), you have to use abs(r) for the first rule to work.Theory of why C doesn’t do it this way: Probably a hardware limitation at the time when C was designed, due to “sign + magnitude” integers instead of modern two’s compliment integers. Michael #4: Hatchet Hatchet is a distributed, fault-tolerant task queue which replaces traditional message brokers and pub/sub systems. It’s built to solve problems like concurrency, fairness, and durabilityConcurrency, Fairness, and Rate limiting: Enable FIFO, LIFO, Round Robin, and Priority Queues with built-in strategies to avoid common pitfalls.Architected for Resiliency: Customizable retry policies and built-in error handling to recover from transient failures. Extras Brian: Charlie Marsh on uv in PythonTest episode 216 Michael: Build An Audio AI App Course [free!]Rock Solid Python with Python Typing CourseCoolio Joke: Breaking Prod
    Show more Show less
    33 mins