Python Bytes Podcast Por Michael Kennedy and Brian Okken capa

Python Bytes

Python Bytes

De: Michael Kennedy and Brian Okken
Ouça grátis

Sobre este título

 Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.Copyright 2016-2026 Política e Governo
Episódios
  • #477 Lazy, Frozen, and 31% Lighter

    #477 Lazy, Frozen, and 31% Lighter
    Apr 20 2026
    Topics covered in this episode: Django Modern RestAlready playing with Python 3.15Cutting Python Web App Memory Over 31%tryke - A Rust-based Ptyhon test runner with a Jest-style APIExtrasJokeWatch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python TrainingThe Complete pytest CoursePatreon Supporters Connect with the hostsMichael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)Brian: @brianokken@fosstodon.org / @brianokken.bsky.socialShow: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Django Modern Rest Modern REST framework for Django with types and async supportSupports Pydantic, Attrs, and msgspecHas ai coding support with llms.txtSee an example at the “showcase” section Brian #2: Already playing with Python 3.15 3.15.0a8, 2.14.4 and 3.13.13 are out Hugo von Kemenadebeta comes in May, CRs in Sept, and Final planned for OctoberBut still, there’s awesome stuff here already, here’s what I’m looking forward to: PEP 810: Explicit lazy importsPEP 814: frozendict built-in typePEP 798: Unpacking in comprehensions with * and **PEP 686: Python now uses UTF-8 as the default encoding Michael #3: Cutting Python Web App Memory Over 31% I cut 3.2 GB of memory usage from our Python web apps using five techniques: async workersimport isolationthe Raw+DC database patternlocal imports for heavy librariesdisk-based cachingSee the full article for details. Brian #4: tryke - A Rust-based Ptyhon test runner with a Jest-style API Justin ChapmanWatch mode, Native async support, Fast test discovery, In-source testing, Support for doctests, Client/server mode for fast editor integrations, Pretty, per-assertion diagnostics, Filtering and marks, Changed mode (like pytest-picked), Concurrent tests, Soft assertions,JSON, JUnit, Dot, and LLM reportersHonestly haven’t tried it yet, but you know, I’m kinda a fan of thinking outside the box with testing strategies so I welcome new ideas. Extras Brian: Why are’t we uv yet? Interesting take on the “agents prefer pip”Problem with analysis. Many projects are libraries and don’t publish uv.lock fileEven with uv, it still often seen as a developer preference for non-libarries. You can sitll use uv with requirements.txtPyCon US 2026 talks schedule is up Interesting that there’s an AI track now. I won’t be attending, but I might have a bot watch the videos and summarize for me. :)What has technology done to us? Justin JacksonLean TDD new cover Also, 0.6.1 is so ready for me to start f-ing reading the audio book and get on with this shipping the actual f-ing book and yes I realize I seem like I’m old because I use “f-ing” while typing. Michael:Python 3.14.4 is outBeanie 2.1 release Joke: HumanDB - Blazingly slow. Emotionally consistent.
    Exibir mais Exibir menos
    46 minutos
  • #476 Common themes

    #476 Common themes
    Apr 6 2026
    Topics covered in this episode: Migrating from mypy to ty: Lessons from FastAPIOxyde ORMTypeshedded CPython docsRaw+DC Database Pattern: A RetrospectiveExtrasJokeWatch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python TrainingThe Complete pytest CoursePatreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)Brian: @brianokken@fosstodon.org / @brianokken.bsky.socialShow: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Migrating from mypy to ty: Lessons from FastAPI Tim HopperI saw this post by Sebastián Ramírez about all of his projects switching to ty FastAPI, Typer, SQLModel, Asyncer, FastAPI CLISqlModel is already ty only - mypy removedThis signals that ty is ready to useTim lists some steps to apply ty to your own projects Add ty alongside mypySet error-on-warning = trueAccept the double-ignore commentsPick a smaller project to cut over firstDrop mypy when the noise exceeds the signalAdd ty alongside mypyRelated anecdote: I had tried out ty with pytest-check in the past with difficultyTried it again this morning, only a few areas where mypy was happy but ty reported issuesAt least one ty warning was a potential problem for people running pre-releases of pytest,Not really related: packaging.version.parse is awesome Michael #2: Oxyde ORM Oxyde ORM is a type-safe, Pydantic-centric asynchronous ORM with a high-performance Rust core.Note: Oxyde is a young project under active development. The API may evolve between minor versions.No sync wrappers or thread pools. Oxyde is async from the ground upIncludes oxyde-adminFeatures Django-style API - Familiar Model.objects.filter() syntaxPydantic v2 models - Full validation, type hints, serializationAsync-first - Built for modern async Python with asyncioRust performance - SQL generation and execution in native RustMulti-database - PostgreSQL, SQLite, MySQL supportTransactions - transaction.atomic() context manager with savepointsMigrations - Django-style makemigrations and migrate CLI Brian #3: Typeshedded CPython docs Thanks emmatyping for the suggestionDocumentation for Python with typeshed typesSource: typeshedding_cpython_docs Michael #4: Raw+DC Database Pattern: A Retrospective A new design pattern I’m seeing gain traction in the software space: Raw+DC: The ORM pattern of 2026I’ve had a chance to migrate three of my most important web app.Thrilled to report that yes, the web app is much faster using Raw+DCPlus, this was part of the journey to move from 1.3 GB memory usage to 0.45 GB (more on this next week) Extras Brian: Lean TDD 0.5 update Significant rewrite and focus Michael: pytest-just (for just command file testing), by Michael BoothSomething going on with Encode httpx: Anyone know what's up with HTTPX? And forkedstarlette and uvicorn: Transfer of Uvicorn & Starlettemkdocs: The Slow Collapse of MkDocsdjango-rest-framework: Move to django commons?Certificates at Talk Python Training Joke: Neue Rich
    Exibir mais Exibir menos
    32 minutos
  • #475 Haunted warehouses

    #475 Haunted warehouses
    Mar 30 2026
    Topics covered in this episode: Lock the GhostFence for SandboxingMALUS: Liberate Open SourceHarden your GitHub Actions Workflows with zizmor, dependency pinning, and dependency cooldownsExtrasJokeWatch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python TrainingThe Complete pytest Course**Patreon SupportersConnect with the hosts**Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)Brian: @brianokken@fosstodon.org / @brianokken.bsky.socialShow: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Lock the Ghost The five core takeaways: PyPI "removal" doesn't delete distribution files. When a package is removed from PyPI, it disappears from the index and project page, but the actual distribution files remain accessible if you have a direct URL to them.uv.lock uniquely preserves access to ghost packages. Because uv.lock stores direct URLs to distribution files rather than relying on the index API at install time, uv sync can successfully install packages that have already been removed, even with cache disabled. No other Python lock file implementation tested behaved this way.This creates a supply chain attack vector. An attacker could upload a malicious package, immediately remove it to dodge automated security scanning, and still have it installable via a uv.lock file, or combine this with the xz-style strategy of hiding malicious additions in large, auto-generated lock files that nobody reviews.Removed package names can be hijacked with version collisions. When an owner removes a package, the name can be reclaimed by someone else who can upload different distribution types under the same version number, as happened with "umap." Lock files help until you regenerate them, then you're exposed.Your dependency scanning needs to cover lock files, not just manifest files. Scanning only pyproject.toml or requirements.txt misses threats embedded in lock files, which is where the actual resolved URLs and hashes live. Brian #2: Fence for Sandboxing Suggested by Martin Häcker“Some coding platforms have since integrated built-in sandboxing (e.g., Claude Code) to restrict write access to directories and/or network connectivity. However, these safeguards are typically optional and not enabled by default.”“JY Tan (on cc) has extracted the sandboxing logic from Claude Code and repackaged it into a standalone Go binary.”Source code on GitHub: https://github.com/Use-Tusk/fenceRelated: Simon Willison lethal trifecta for AI agents article from June 2025Claude Code Sandboxing Michael #3: MALUS: Liberate Open Source via Paul BauerThe service will generate the specs of a library with one AI and build the newly licensed library using the specs with another AI circumventing the licensing and copyright rules.AI that has not been trained on open source reads the docs and API signature, creates a spec. Another AI processes that spec into working software.Is it a real site? Are they accepting real money, or are they just trying to cause a stir around copyright? Brian #4: Harden your GitHub Actions Workflows with zizmor, dependency pinning, and dependency cooldowns Matthias SchoettleAvoid things like this: hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far Extras Brian: GitHub is asking to spy on us, that’s nice Michael: Michael’s new SaaS for podcasters: InterviewCueDigitalOcean’s Spaces cold storage for infrequently accessed dataMinor issue about my fire and forget post, was a latent bug?Fire and Forget at Textual follow up article Joke: Can you?
    Exibir mais Exibir menos
    41 minutos
Ainda não há avaliações