Python Bytes Developer headlines delivered directly to your earbuds Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space. Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space. https://pythonbytes.fm/ en-us Copyright 2016-2026 Mon, 16 Mar 2026 00:00:00 -0800 Mon, 16 Mar 2026 00:00:00 -0800 https://pythonbytes.fm [email protected] (Michael Kennedy) 60 Michael Kennedy and Brian Okken Michael Kennedy [email protected] false episodic yes c39e616f-74f1-52c5-90fb-ac094bffd068 #473 A clean room rewrite? https://pythonbytes.fm/episodes/show/473/a-clean-room-rewrite 3a6ec578-0edb-450c-be03-8bb366c9c20d Mon, 16 Mar 2026 00:00:00 -0800 Michael Kennedy and Brian Okken #473: A clean room rewrite? 473 false 00:46:10 python, pycharm, python3,software, programming, web, web development, developer, ide, podcast, open source, news, headlines, education, software developer, data science, science, cloud computing Topics covered in this episode:
Watch on YouTube

About the show

Sponsored by us! Support our work through:

Michael #1: chardet ,AI, and licensing

  • Thanks Ian Lessing
  • Wow, where to start?
  • A bit of legal precedence research.
  • Chardet dispute shows how AI will kill software licensing, argues Bruce Perens on the Register
  • Also see this GitHub issue.
  • Dan Blanchard, maintainer of a Python character encoding detection library called chardet, released a new version of the library under a new software license. (LGPL → MIT)
  • Dan is allowed to make this change because v7 is a complete “clean room” rewrite using AI
  • BTW, v7 is WAY better:
    • The result is a 48x increase in detection speed for a project that lives in the hot loops of many projects. That will lead to noticeable performance increases for literally millions of users (the package gets ~130M downloads per month).
    • It paves a path towards inclusion in the standard library (assuming they don’t institute policies against using AI tools).
    • Thread-safe detect() and detect_all() with no measurable overhead; scales on free-threaded Python 3.13t+
  • An individual claiming to be Mark Pilgrim, the original creator of the library, opened an issue in the project's GitHub repo arguing that Blanchard had no right to change the software license, citing the LPGL requirement that the license remain unchanged.
  • A 'complete rewrite' is irrelevant, since they had ample exposure to the originally licensed code (i.e. this is not a 'clean room' implementation).
  • Blanchard disagreed, citing how version 7.0.0 and 6.0.0 compare when subjected to JPlag, a library for detecting plagiarism.
  • Blanchard told The Register he had wanted to get chardet added to the Python standard library for more than a decade since it’s a core dependency to most Python projects.

Brian #2: refined-github

  • Suggested by Matthias Schöttle
  • A browser plugin that improves the GitHub experience
  • A sampling
    • Adds a build/CI status icon next to the repo’s name.
    • Adds a link back to the PR that ran the workflow.
    • Enables tab and shift tab for indentation in comment fields.
    • Auto-resizes comment fields to fit their content and no longer show scroll bars.
    • Highlights the most useful comment in issues.
    • Changes the default sort order of issues/PRs to Recently updated.
  • But really, it’s a huge list of improvements

Michael #3: pgdog: PostgreSQL connection pooler, load balancer and database sharder

  • PgDog is a proxy for scaling PostgreSQL.
  • It supports connection pooling, load balancing queries and sharding entire databases.
  • Written in Rust, PgDog is fast, secure and can manage thousands of connections on commodity hardware.
  • Features
    • PgDog is an application layer load balancer for PostgreSQL
    • Health Checks: PgDog maintains a real-time list of healthy hosts. When a database fails a health check, it's removed from the active rotation and queries are re-routed to other replicas
    • Single Endpoint: PgDog can detect writes (e.g. INSERT, UPDATE, CREATE TABLE, etc.) and send them to the primary, leaving the replicas to serve reads
    • Failover: PgDog monitors Postgres replication state and can automatically redirect writes to a different database if a replica is promoted
    • Sharding: PgDog is able to manage databases with multiple shards

Brian #4: Agentic Engineering Patterns

Extras

Brian:

Michael:

Joke: Ergonomic keyboard

Also pretty good and related:

Links

]]> #472 Monorepos https://pythonbytes.fm/episodes/show/472/monorepos a5787e78-90f4-4773-835e-8ff3318f3022 Mon, 09 Mar 2026 00:00:00 -0800 Michael Kennedy and Brian Okken #472: Monorepos 472 false 00:28:52 python, pycharm, python3,software, programming, web, web development, developer, ide, podcast, open source, news, headlines, education, software developer, data science, science, cloud computing Topics covered in this episode:
Watch on YouTube

About the show

Sponsored by us! Support our work through:

Brian #1: Setting up a Python monorepo with uv workspaces

  • Dennis Traub
  • The 3 things
    • Give the Root a Distinct Name
    • Use workspace = true for Inter-Package Deps
    • Use importlib Mode for pytest

Michael #2: cattrs: Flexible Object Serialization and Validation

  • cattrs is a Swiss Army knife for (un)structuring and validating data in Python.
  • A natural alternative/follow on from DataClass Wizard
  • Converts to ←→ from dictionaries
  • cattrs also focuses on functional composition and not coupling your data model to its serialization and validation rules.
  • When you’re handed unstructured data (by your network, file system, database, …), cattrs helps to convert this data into trustworthy structured data.
  • Batteries Included: cattrs comes with pre-configured converters for a number of serialization libraries, including JSON (standard library, orjson, UltraJSON), msgpack, cbor2, bson, PyYAML, tomlkit and msgspec (supports only JSON at this time).

Brian #3: Learning to program in the AI age

  • Jose Blanca
  • “I teach a couple of introductory Python courses and I've been thinking about which advice to give to my students, that are studying how to program for the first time. I have collected my ideas in these blog posts”
    • Why learning to program is as useful as ever, even with powerful AI tools available.
    • How to use AI as a tutor rather than a shortcut, and why practice remains the key to real understanding.
    • What the real learning objectives are: mental models, managing complexity, and thinking like a software developer.

Michael #4: VS Code extension for FastAPI and friends

  • Enhances the FastAPI development experience in Visual Studio Code
  • Path Operation Explorer: Provides a hierarchical tree view of all FastAPI routes in your application.
  • Search for routes: Use the Command Palette and quickly search for routes by path, method, or name.
  • CodeLens links appear above HTTP client calls like client.get('/items'), letting you jump directly to the matching route definition.
  • Deploy your application directly to FastAPI Cloud from the status bar with zero config.
  • View real-time logs from your FastAPI Cloud deployed applications directly within VS Code.
  • Install from Marketplace.

Extras

Brian:

Joke: Saas is dead

]]> #471 The ORM pattern of 2026? https://pythonbytes.fm/episodes/show/471/the-orm-pattern-of-2026 d4444cd8-0ed5-4c82-8a59-4fa40653074d Mon, 02 Mar 2026 00:00:00 -0800 Michael Kennedy and Brian Okken #471: The ORM pattern of 2026? 471 false 00:39:23 python, pycharm, python3,software, programming, web, web development, developer, ide, podcast, open source, news, headlines, education, software developer, data science, science, cloud computing Topics covered in this episode:
Watch on YouTube

About the show

Sponsored by us! Support our work through:

Michael #1: Raw+DC: The ORM pattern of 2026?

  • ORMs/ODMs provide great support and abstractions for developers
  • They are not the native language of agentic AI
  • Raw queries are trained 100x+ more than standard ORMs
  • Using raw queries at the data access optimizes for AI coding
  • Returning some sort of object mapped to the data optimizes for type safety and devs

Brian #2: pytest-check releases

  • 3 merged pull requests
  • 8 closed issues
  • at one point got to 0 PR’s and 1 enhancement request
  • Now back to 2 issues and 1 PR, but activity means it’s still alive and being used. so cool
  • Check out changelog for all mods
  • A lot of changes around supporting mypy
    • I’ve decided to NOT have the examples be fully --strict as I find it reduces readability
      • See tox.ini for explanation
    • But src is --strict clean now, so user tests can be --strict clean.

Michael #3: Dataclass Wizard

  • Simple, elegant wizarding tools for Python’s dataclasses.
  • Features
    • 🚀 Fast — code-generated loaders and dumpers
    • 🪶 Lightweight — pure Python, minimal dependencies
    • 🧠 Typed — powered by Python type hints
    • 🧙 Flexible — JSON, YAML, TOML, and environment variables
    • 🧪 Reliable — battle-tested with extensive test coverage
  • No Inheritance Needed

Brian #4: SQLiteo - “native macOS SQLite browser built for normal people”

  • Adam Hill
  • This is a fun tool, built by someone I trust.
  • That trust part is something I’m thinking about a lot in these days of dev+agent built tools
  • Some notes on my thoughts when evaluating
    • I know mac rules around installing .dmg files not from the apple store are picky.
      • And I like that
    • But I’m ok with the override when something comes from a dev I trust
    • The contributors are all Adam
      • I’m still not sure how I feel about letting agents do commits in repos
    • There’s “AGENTS” folder and markdown files in the project for agents, so Ad

Extras

Michael:

Joke: House is read-only!

]]> #470 A Jolting Episode https://pythonbytes.fm/episodes/show/470/a-jolting-episode b3101d3a-55a9-4d16-8e1d-93e4df817b22 Mon, 23 Feb 2026 00:00:00 -0800 Michael Kennedy and Brian Okken #470: A Jolting Episode 470 false 00:25:29 python, pycharm, python3,software, programming, web, web development, developer, ide, podcast, open source, news, headlines, education, software developer, data science, science, cloud computing Topics covered in this episode:
Watch on YouTube

About the show

Sponsored by us! Support our work through:

Brian #1: Better Python tests with inline-snapshot

  • Alex Hall, on Pydantic blog
  • Great for testing complex data structures

  • Allows you to write a test like this:

    from inline_snapshot import snapshot
def test_user_creation():
    user = create_user(id=123, name="test_user")
    assert user.dict() == snapshot({})

  • Then run pytest --inline-snapshot=fix

  • And the library updates the test source code to look like this:

    def test_user_creation():
    user = create_user(id=123, name="test_user")
    assert user.dict() == snapshot({
        "id": 123,
        "name": "test_user",
        "status": "active"
    })

  • Now, when you run the code without “fix” the collected data is used for comparison

  • Awesome to be able to visually inspect the test data right there in the test code.
  • Projects mentioned

Michael #2: jolt Battery intelligence for your laptop

  • Support for both macOS and Linux
  • Battery Status — Charge percentage, time remaining, health, and cycle count
  • Power Monitoring — System power draw with CPU/GPU breakdown
  • Process Tracking — Processes sorted by energy impact with color-coded severity
  • Historical Graphs — Track battery and power trends over time
  • Themes — 10+ built-in themes with dark/light auto-detection
  • Background Daemon — Collect historical data even when the TUI isn't running
  • Process Management — Kill energy-hungry processes directly

Brian #3: Markdown code formatting with ruff

  • Suggested by Matthias Schoettle
  • ruff can now format code within markdown files
  • Will format valid Python code in code blocks marked with python, py, python3 or py3.
  • Also recognizes pyi as Python type stub files.
  • Includes the ability to turn off formatting with comment [HTML_REMOVED] , [HTML_REMOVED] blocks.
  • Requires preview mode 
    [tool.ruff.lint]
preview = true

Michael #4: act - run your GitHub actions locally

  • Run your GitHub Actions locally! Why would you want to do this? Two reasons:
    • Fast Feedback - Rather than having to commit/push every time you want to test out the changes you are making to your .github/workflows/ files (or for any changes to embedded GitHub actions), you can use act to run the actions locally. The environment variables and filesystem are all configured to match what GitHub provides.
    • Local Task Runner - I love make. However, I also hate repeating myself. With act, you can use the GitHub Actions defined in your .github/workflows/ to replace your Makefile!
  • When you run act it reads in your GitHub Actions from .github/workflows/ and determines the set of actions that need to be run.
    • Uses the Docker API to either pull or build the necessary images, as defined in your workflow files and finally determines the execution path based on the dependencies that were defined.
    • Once it has the execution path, it then uses the Docker API to run containers for each action based on the images prepared earlier.
    • The environment variables and filesystem are all configured to match what GitHub provides.

Extras

Michael:

Joke: Plug ‘n Paste

]]> #469 Commands, out of the terminal https://pythonbytes.fm/episodes/show/469/commands-out-of-the-terminal f062499b-6358-48de-86d0-35b724f0930d Mon, 09 Feb 2026 00:00:00 -0800 Michael Kennedy and Brian Okken #469: Commands, out of the terminal 469 false 00:33:56 python, pycharm, python3,software, programming, web, web development, developer, ide, podcast, open source, news, headlines, education, software developer, data science, science, cloud computing Topics covered in this episode:
Watch on YouTube

About the show

Sponsored by us! Support our work through:

Michael #1: Command Book App

  • New app from Michael
  • Command Book App is a native macOS app for developers, data scientists, AI enthusiasts and more.
  • This is a tool I've been using lately to help build Talk Python, Python Bytes, Talk Python Training, and many more applications.
  • It's a bit like advanced terminal commands or complex shell aliases, but hosted outside of your terminal. This leaves the terminal there for interactive commands, exploration, short actions.
  • Command Book manages commands like "tail this log while I'm developing the app", "Run the dev web server with true auto-reload", and even "Run MongoDB in Docker with exactly the settings I need"
  • I'd love it if you gave it a look, shared it with your team, and send me feedback.
  • Has a free version and paid version.
  • Build with Swift and Swift UI
  • Check it out at https://commandbookapp.com

Brian #2: uvx.sh: Install Python tools without uv or Python

  • Tim Hopper

Michael #3: Ending 15 years of subprocess polling

  • by Giampaolo Rodola
  • The standard library's subprocess module has relied on a busy-loop polling approach since the timeout parameter was added to Popen.wait() in Python 3.3, around 15 years ago
  • The problem with busy-polling
    • CPU wake-ups: even with exponential backoff (starting at 0.1ms, capping at 40ms), the system constantly wakes up to check process status, wasting CPU cycles and draining batteries.
    • Latency: there's always a gap between when a process actually terminates and when you detect it.
    • Scalability: monitoring many processes simultaneously magnifies all of the above.
    • + L1/L2 CPU cache invalidations
  • It’s interesting to note that waiting via poll() (or kqueue()) puts the process into the exact same sleeping state as a plain time.sleep() call. From the kernel's perspective, both are interruptible sleeps.
  • Here is the merged PR for this change.

Brian #4: monty: A minimal, secure Python interpreter written in Rust for use by AI

  • Samuel Colvin and others at Pydantic
  • Still experimental
  • “Monty avoids the cost, latency, complexity and general faff of using a full container based sandbox for running LLM generated code. “
  • “Instead, it lets you safely run Python code written by an LLM embedded in your agent, with startup times measured in single digit microseconds not hundreds of milliseconds.”

Extras

Brian:

Michael:

Joke: Silence, current side project!

]]> #468 A bolt of Django https://pythonbytes.fm/episodes/show/468/a-bolt-of-django 0b8a8835-2691-47e5-93c3-eb81a23de5c9 Tue, 03 Feb 2026 00:00:00 -0800 Michael Kennedy and Brian Okken #468: A bolt of Django 468 false 00:31:00 python, pycharm, python3,software, programming, web, web development, developer, ide, podcast, open source, news, headlines, education, software developer, data science, science, cloud computing Topics covered in this episode:
Watch on YouTube

About the show

Sponsored by us! Support our work through:

Connect with the hosts

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Brian #1: django-bolt : Faster than FastAPI, but with Django ORM, Django Admin, and Django packages

Michael #2: pyleak

  • Detect leaked asyncio tasks, threads, and event loop blocking with stack trace in Python. Inspired by goleak.
  • Has patterns for
    • Context managers
    • decorators
  • Checks for
    • Unawaited asyncio tasks
    • Threads
    • Blocking of an asyncio loop
    • Includes a pytest plugin so you can do @pytest.mark.no_leaks

Brian #3: More Django (three articles)

Michael #4: Datastar

Extras

Brian:

Michael:

Joke: Pushed to prod

]]> #467 Toads in my AI https://pythonbytes.fm/episodes/show/467/toads-in-my-ai 1f52591d-c732-4147-a3b5-ca217223b6fc Mon, 26 Jan 2026 00:00:00 -0800 Michael Kennedy and Brian Okken #467: Toads in my AI 467 false 00:31:52 python, pycharm, python3,software, programming, web, web development, developer, ide, podcast, open source, news, headlines, education, software developer, data science, science, cloud computing Topics covered in this episode:
Watch on YouTube

About the show

Sponsored by us! Support our work through:

Connect with the hosts

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Michael #1: GreyNoise IP Check

  • GreyNoise watches the internet's background radiation—the constant storm of scanners, bots, and probes hitting every IP address on Earth.
  • Is your computer sending out bot or other bad-actor traffic? What about the myriad of devices and IoT things on your local IP?
  • Heads up: If your IP has recently changed, it might not be you (false positive).

Brian #2: tprof: a targeting profiler

Michael #3: TOAD is out

  • Toad is a unified experience for AI in the terminal
  • Front-end for AI tools such as OpenHands, Claude Code, Gemini CLI, and many more.
  • Better TUI experience (e.g. @ for file context uses fuzzy search and dropdowns)
  • Better prompt input (mouse, keyboard, even colored code and markdown blocks)
  • Terminal within terminals (for TUI support)

Brian #4: FastAPI adds Contribution Guidelines around AI usage

Extras

Brian:

Michael:

Joke: A date

  • via From Pat Decker
]]> #466 PSF Lands $1.5 million https://pythonbytes.fm/episodes/show/466/psf-lands-1.5-million c3778c03-a7ff-4907-8e77-677a5b99514a Mon, 19 Jan 2026 00:00:00 -0800 Michael Kennedy and Brian Okken #466: PSF Lands $1.5 million 466 false 00:41:19 python, pycharm, python3,software, programming, web, web development, developer, ide, podcast, open source, news, headlines, education, software developer, data science, science, cloud computing Topics covered in this episode:
Watch on YouTube

About the show

Sponsored by us! Support our work through:

Connect with the hosts

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Brian #1: Better Django management commands with django-click and django-typer

Michael #2: PSF Lands a $1.5 million sponsorship from Anthropic

  • Anthropic is partnering with the Python Software Foundation in a landmark funding commitment to support both security initiatives and the PSF's core work.
  • The funds will enable new automated tools for proactively reviewing all packages uploaded to PyPI, moving beyond the current reactive-only review process.
  • The PSF plans to build a new dataset of known malware for capability analysis
  • The investment will sustain programs like the Developer in Residence initiative, community grants, and infrastructure like PyPI.

Brian #3: How uv got so fast

  • Andrew Nesbitt
  • It’s not just be cause “it’s written in Rust”.
  • Recent-ish standards, PEPs 518 (2016), 517 (2017), 621 (2020), and 658 (2022) made many uv design decisions possible
  • And uv drops many backwards compatible decisions kept by pip.
  • Dropping functionality speeds things up.
    • “Speed comes from elimination. Every code path you don’t have is a code path you don’t wait for.”
  • Some of what uv does could be implemented in pip. Some cannot.
  • Andrew discusses different speedups, why they could be done in Python also, or why they cannot.
  • I read this article out of interest. But it gives me lots of ideas for tools that could be written faster just with Python by making design and support decisions that eliminate whole workflows.

Michael #4: PyView Web Framework

Extras

Brian:

  • Upgrade Django, has a great discussion of how to upgrade version by version and why you might want to do that instead of just jumping ahead to the latest version. And also who might want to save time by leapfrogging
    • Also has all the versions and dates of release and end of support.
  • The Lean TDD book 1st draft is done.
    • Now available through both pythontest and LeanPub
      • I set it as 80% done because of future drafts planned.
    • I’m working through a few submitted suggestions. Not much feedback, so the 2nd pass might be fast and mostly my own modifications. It’s possible.
    • I’m re-reading it myself and already am disappointed with page 1 of the introduction. I gotta make it pop more. I’ll work on that.
    • Trying to decide how many suggestions around using AI I should include.
      • It’s not mentioned in the book yet, but I think I need to incorporate some discussion around it.

Michael:

Joke: Reverse Superman

]]> #465 Stack Overflow is Cooked https://pythonbytes.fm/episodes/show/465/stack-overflow-is-cooked 98b70916-830a-4832-94e6-8e6122d2af46 Mon, 12 Jan 2026 00:00:00 -0800 Michael Kennedy and Brian Okken #465: Stack Overflow is Cooked 465 false 00:35:34 python, pycharm, python3,software, programming, web, web development, developer, ide, podcast, open source, news, headlines, education, software developer, data science, science, cloud computing Topics covered in this episode:
Watch on YouTube

About the show

Sponsored by us! Support our work through:

Connect with the hosts

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Michael #1: port-killer

  • A powerful cross-platform port management tool for developers.
  • Monitor ports, manage Kubernetes port forwards, integrate Cloudflare Tunnels, and kill processes with one click.
  • Features:
    • 🔍 Auto-discovers all listening TCP ports
    • ⚡ One-click process termination (graceful + force kill)
    • 🔄 Auto-refresh with configurable interval
    • 🔎 Search and filter by port number or process name
    • ⭐ Favorites for quick access to important ports
    • 👁️ Watched ports with notifications
    • 📂 Smart categorization (Web Server, Database, Development, System)

Brian #2: How we made Python's packaging library 3x faster

  • Henry Schreiner
  • Some very cool graphs demonstrating some benchmark data.
  • And then details about how various speedups
    • each being 2-37% faster
    • the total adding up to about 3x speedup, or shaving 2/3 of the time.
  • These also include nice write-ups about why the speedups were chosen.
  • If you are trying to speed up part of your system, this would be good article to check out.

Michael #3: AI’s Impact on dev companies

  • On TailwindCSS: via Simon
    • Tailwind is growing faster than ever and is bigger than it has ever been
    • Its revenue is down close to 80%.
    • 75% of the people on our engineering team lost their jobs here yesterday because of the brutal impact AI has had on our business.
    • “We had 6 months left”
    • Listen to the founder: “A Morning Walk
    • Super insightful video: Tailwind is in DEEP trouble
  • On Stack Overflow: See video.
    • SO was founded around 2009, first month had 3,749 questions
    • December, SO had 3,862 questions asked
    • Most of its live it had 200,000 questions per month
    • That is a 53x drop!

Brian #4: CodSpeed

  • “CodSpeed integrates into dev and CI workflows to measure performance, detect regressions, and enable actionable optimizations.”
  • Noticed it while looking through the GitHub workflows for FastAPI
  • Free for small teams and open-source projects
  • Easy to integrate with Python by marking tests with @pytest.mark.benchmark
  • They’ve releases a GitHub action to incorporate benchmarking in CI workflows

Extras

Brian:

  • Part 2 of Lean TDD released this morning, “Lean TDD Practices”, which has 9 mini chapters.

Michael:

Joke: Check out my app!

]]> #464 Malicious Package? No Build For You! https://pythonbytes.fm/episodes/show/464/malicious-package-no-build-for-you 0a81cde8-9c15-4111-b916-289018cbbc25 Mon, 05 Jan 2026 00:00:00 -0800 Michael Kennedy and Brian Okken #464: Malicious Package? No Build For You! 464 false 00:30:18 python, pycharm, python3,software, programming, web, web development, developer, ide, podcast, open source, news, headlines, education, software developer, data science, science, cloud computing Topics covered in this episode:
Watch on YouTube

About the show

Connect with the hosts

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Brian #1: ty: An extremely fast Python type checker and LSP

  • Charlie Marsh announced the Beta release of ty on Dec 16
  • “designed as an alternative to tools like mypy, Pyright, and Pylance.”
  • Extremely fast even from first run
  • Successive runs are incremental, only rerunning necessary computations as a user edits a file or function. This allows live updates.
  • Includes nice visual diagnostics much like color enhanced tracebacks
  • Extensive configuration control
    • Nice for if you want to gradually fix warnings from ty for a project
  • Also released a nice VSCode (or Cursor) extension
    • Check the docs. There are lots of features.
    • Also a note about disabling the default language server (or disabling ty’s language server) so you don’t have 2 running

Michael #2: Python Supply Chain Security Made Easy

  • We know about supply chain security issues, but what can you do?
    • Typosquatting (not great)
    • Github/PyPI account take-overs (very bad)
  • Enter pip-audit.
  • Run it in two ways:
    1. Against your installed dependencies in current venv
    2. As a proper unit test (so when running pytest or CI/CD).
    3. Let others find out first, wait a week on all dependency updates: uv pip compile requirements.piptools --upgrade --output-file requirements.txt --exclude-newer "1 week"
  • Follow up article: DevOps Python Supply Chain Security
    1. Create a dedicated Docker image for testing dependencies with pip-audit in isolation before installing them into your venv.
      1. Run pip-compile / uv lock --upgrade to generate the new lock file
      2. Test in a ephemeral pip-audit optimized Docker container
      3. Only then if things pass, uv pip install / uv sync
    2. Add a dedicated Docker image build step that fails the docker build step if a vulnerable package is found.

Brian #3: typing_extensions

  • Kind of a followup on the deprecation warning topic we were talking about in December.
  • prioinv on Mastodon notified us that the project typing-extensions includes it as part of the backport set.
  • The warnings.deprecated decorator is new to Python 3.13, but with typing-extensions, you can use it in previous versions.
  • But typing_extesions is way cooler than just that.
  • The module serves 2 purposes:
    • Enable use of new type system features on older Python versions.
    • Enable experimentation with type system features proposed in new PEPs before they are accepted and added to the <code>typing</code> module.
  • So cool.
  • There’s a lot of features here. I’m hoping it allows someone to use the latest typing syntax across multiple Python versions.
  • I’m “tentatively” excited. But I’m bracing for someone to tell me why it’s not a silver bullet.

Michael #4: MI6 chief: We'll be as fluent in Python as we are in Russian

  • "Advances in artificial intelligence, biotechnology and quantum computing are not only revolutionizing economies but rewriting the reality of conflict, as they 'converge' to create science fiction-like tools,” said new MI6 chief Blaise Metreweli.
  • She focused mainly on threats from Russia, the country is "testing us in the grey zone with tactics that are just below the threshold of war.”
  • This demands what she called "mastery of technology" across the service, with officers required to become "as comfortable with lines of code as we are with human sources, as fluent in Python as we are in multiple other languages."
  • Recruitment will target linguists, data scientists, engineers, and technologists alike.

Extras

Brian:

  • Next chapter of Lean TDD being released today, Finding Waste in TDD
    • Still going to attempt a Jan 31 deadline for first draft of book.
    • That really doesn’t seem like enough time, but I’m optimistic.
  • SteamDeck is not helping me find time to write
    • But I very much appreciate the gift from my fam
    • Send me game suggestions on Mastodon or Bluesky. I’d love to hear what you all are playing.

Michael:

Joke: Error Handling in the age of AI

]]>