Python Bytes Podcast Por Michael Kennedy and Calvin Hendryx-Parker capa

Python Bytes

Python Bytes

De: Michael Kennedy and Calvin Hendryx-Parker
Ouça grátis

OFERTA POR TEMPO LIMITADO

R$ 0,99/mês nos primeiros 3 meses. Confira termos e condições
Python Bytes is a weekly podcast hosted by Michael Kennedy and Calvin Hendryx-Parker. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.Copyright 2016-2026 Política e Governo
Episódios
  • #488 tau - it's 2pi and it writes code
    Jul 14 2026
    Topics covered in this episode: The trusted-publishing debate: how to do it right vs. why you shouldn't trust itJupyterLab 4.6 and Notebook 7.6 are out!Tau – new small, readable terminal coding agentDjango Tasks and Django 6.1ExtrasJokeWatch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk PythonConsulting from Six Feet Up Connect with the hosts Michael: Mastodon / BlueSky / X / LinkedInCalvin: Mastodon / BlueSky / X / LinkedInShow: Mastodon / BlueSky / X Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesday at 7am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Calvin #1: The trusted-publishing debate: how to do it right vs. why you shouldn't trust it https://snarky.ca/how-to-publish-to-pypi-using-github-actions-securely/ (Brett Cannon) and https://blog.yossarian.net/2026/07/07/You-shouldnt-trust-trusted-publishing (William Woodruff) Trusted Publishing (PyPI's OIDC-based auth scheme, also now used by npm, RubyGems, crates.io, NuGet) replaces long-lived API tokens with short-lived, auto-scoped credentials tied to CI/CD machine identity.Yossarian's post: it's purely an authentication mechanism between a machine identity and a package — it says nothing about package safety or quality. PyPI deliberately avoids any "verified/trusted" badge for it, unlike its verified-URL checkmarks.Same logic applies to PyPI attestations: anyone can sign with any machine identity they control, so an attestation's presence isn't itself a trust signal.Bottom line from that post: don't confuse "trusted" (machine-to-machine) with "trustworthy" (human judgment about the package).Snarky.ca's companion piece is more practical: given GitHub Actions compromises in the news, the real fix is 3 concrete steps — run zizmor to lock down workflow permissions/checkout credentials and pin actions to commit hashes, adopt Trusted Publishing to eliminate stored PyPI tokens, and require manual approval via a GitHub environment before any publish job runs.Takeaway for listeners: Trusted Publishing is good hygiene for how you authenticate to PyPI, but it's not a substitute for securing your CI pipeline itself — or for actually vetting the packages you install. Michael #2: JupyterLab 4.6 and Notebook 7.6 are out! Michał Krassowski's rundown - a chunky minor release: 68 features, 97 bug fixes, 95 contributors, one of the biggest ever. Scratchpad console (Notebook 7.6 headliner) - a console next to your notebook sharing its kernel, for throwaway experiments. Ctrl+B.Jump to last-edited cell - new commands hop through recently edited cells.File browser glow-up - Date Created column, editable breadcrumbs with Tab-completion, and Open in Terminal.Debugger - sources open in the main area, floating step/continue overlay, live kernel-sources filter.Custom layouts (Lab) - activity bar top/bottom, draggable panels, four-way tab splits, per-panel Ctrl+scroll zoom.~5x faster extension builds - webpack → Rspack, and jupyter-builder means no full Lab install needed to build extensions.Keyboard/a11y - add shortcuts from the UI (no JSON), Find & Replace in Edit menu (Ctrl+H). Calvin #3: Tau – new small, readable terminal coding agent Tau – new small, readable terminal coding agent (Python 3.12+), built as both a working tool and a teaching project for how coding agents work under the hoodInstall via uv tool install tau-ai, pipx, or pip; ships a tau CLIThree-layer architecture: tau_ai (provider-neutral model layer) → tau_agent (reusable "brain": messages, tools, events, loop) → tau_coding (CLI/TUI, file & shell tools, sessions)Supports OpenAI, Anthropic, OpenAI Codex, OpenRouter, Hugging Face, and custom/local OpenAI-compatible endpointsBuilt-in tools (read/write/edit/bash), durable JSONL sessions with resume/branching, project instructions via AGENTS.md, and context compactionCore harness is UI-agnostic — same brain can power the TUI, print mode, or a custom frontend — usable as a standalone library too Michael #4: Django Tasks and Django 6.1 Django 6.0 finally ships first-party background tasks (django.tasks) - out of Jake Howard's DEP 14, accepted May 2024, after two decades of everyone bolting on Celery/RQ/Huey.It's an API, not a worker. Django handles task definition, validation, queuing, and result storage - it does not execute them. You bring the backend.The default backend traps people. ImmediateBackend runs tasks inline on the request thread and blocks until done - so out of the box .enqueue() backgrounds nothing (a 5-second task means a 5-second response). The other built-in, DummyBackend, runs nothing at all. Both are dev/test only.Nice API otherwise: slap @task on a function, call .enqueue(), get back a TaskResult you look up later by id - with async twins like aenqueue(). Gotcha: ...
    Exibir mais Exibir menos
    32 minutos
  • #487 Minimum requirements
    Jul 7 2026
    Topics covered in this episode: dust - a better duHermes Agent: The AI agent that grows with youllm-coding-agent 0.1a0ExtrasJokeWatch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk PythonConsulting from Six Feet Up Connect with the hosts Michael: Mastodon / BlueSky / X / LinkedInCalvin: Mastodon / BlueSky / X / LinkedInShow: Mastodon / BlueSky / X Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesday at 7am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: dust - a better du du + Rust = dust - a fast, visual, intuitive disk-usage CLIRun dust and immediately see the biggest directories and files without piping through sort, head, or awkSmart recursive output focuses on what matters instead of dumping every folderColored bars show relative size and parent/child hierarchy, making “where did the space go?” obviousPerfect for Python projects bloated by .venv, caches, Docker volumes, downloaded datasets, and local AI modelsInstall via brew, cargo install du-dust, conda-forge, Scoop, Snap, deb-get, or GitHub releases Calvin #2: A Way better ARchive format for Python packaging war - new archive format spec from Astral (same team as uv/ruff), v0.0.2, still no binary encoding defined yetHeader-Index-Store layout: header IDs the file, index maps names to store offsets, store holds compressed dataIndex uses a finite-state transducer (FST) to dedupe common path prefixes across entry namesSupports three entry types (file, directory, link) and three compression modes (store/DEFLATE/zstd), plus an "executable" metadata flagUnpacking is atomic - writes to a temp dir, then renames into place, so a failed extract never leaves a half-unpacked directoryStrict name-segment rules (no NUL/control chars, no leading/trailing whitespace, blocks Windows-reserved names like CON/PRN) to avoid path traversal and cross-platform footguns Michael #3: Hermes Agent: The AI agent that grows with you Hermes Agent is an open-source, Python-built AI agent framework from Nous Research - think ChatGPT-style assistant, but connected to your tools, files, shell, browser, calendar, memory, and messaging appsI’m using it in Discord as a long-running agent conversation, not just a one-off chatbot sessionHermes can connect through a gateway to platforms like Discord, Telegram, Slack, WhatsApp, email, webhooks, and more - so the same assistant can follow you across surfacesIn my setup, I can send Hermes voice/text from Discord, keep project context across turns as threads, and ask it to actually do things: read GitHub repos, run commands, edit files, schedule calendar events, generate drafts, and verify resultsA fun workflow: I can trigger one-shot actions from an Apple Watch shortcut - dictate a request, send it to Hermes, and have the agent execute it asynchronouslyHermes has persistent memory, so it can remember durable preferences and facts - for example, how I like my research formattedIt also has “skills,” which are reusable procedures the agent can load later, so Hermes can self-improve over time instead of rediscovering the same workflow repeatedlyIt supports scheduled jobs / cron-style automations, so it can proactively watch for releases, send summaries, run checks, or remind you about thingsIt’s provider-agnostic: OpenRouter, Anthropic, Google, xAI, local models, Nous Portal, and othersThe big idea: Hermes turns an LLM from “a chat box I visit” into “an agent I can reach from anywhere that knows my workflows and can take real actions and learns over time.” Calvin #4: llm-coding-agent 0.1a0 Simon Willison built a Claude/Codex-style coding agent on top of his llm library, using an alpha of the llm package plus his python-lib-template-repoBuilt almost entirely via prompted TDD - asked an agent to write a spec.md, then commit + implement with red/green tests, occasionally hitting a real OpenAI key to sanity-checkShipped to PyPI as an alpha: uvx --prerelease=allow --with llm-coding-agent llm codeTool set mirrors familiar coding-agent primitives: read_file, edit_file (exact string replace + diff), write_file, list_files, search_files, execute_commandAlso exposes a Python API - CodingAgent(model="gpt-5.5", root=..., approve=True).run(...) - which Simon didn't ask for but got anywayDemo: llm code --yolo told GPT-5.5 to build a SwiftUI CLI clock; model correctly noted SwiftUI isn't really CLI-friendly and still produced an ASCII-art time display Extras Calvin: Slides, but for developers https://sli.dev/Wanna reduce your token usage…. only issue is that its lossy https://github.com/teamchong/pxpipePEP 772 - Python Packaging Council inaugural election dates set, nominations open July 28, voting September 1-15 Michael: What the pls? revisited! Joke: Min requirements for ...
    Exibir mais Exibir menos
    28 minutos
  • #486 underscore-underscore-ghost-emoji
    Jun 30 2026
    Topics covered in this episode: Free-threaded Python: past, present, and futuredjango-admin-site-searchQwen 3.6 27B is the sweet spot for local developmentA large batch of PEPs are finalizedExtrasJokeWatch on YouTube Show Intro Sponsored by us! Support our work through: Our courses at Talk PythonConsulting from Six Feet Up Connect with the hosts Michael: Mastodon / BlueSky / X / LinkedInCalvin: Mastodon / BlueSky / X / LinkedInShow: Mastodon / BlueSky / X Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesday at 7am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Calvin #1: Free-threaded Python: past, present, and future The GIL has prevented true multi-threaded parallelism in CPython since the beginning — multiple past attempts to remove it failed on performance groundsSam Gross at Meta finally solved it; his work became PEP 703 and ships as free-threaded CPython todayPython 3.13 was experimental with 20–40% single-threaded slowdown; 3.14 brought that to 0–10%Python 3.15 (October 2026) delivers a unified ABI — one extension binary works on both GIL and free-threaded buildsAlready >50% of the top PyPI binary wheels support free threadingWouters predicts free-threaded becomes the default between 3.16–3.20 (2027–2031), with the GIL eventually disappearing next decade Michael #2: django-admin-site-search via Adam ParkinA global/site search modal for the Django admin, by Ahmed Aljawahiry. Hit cmd+k anywhere in the admin and you get a command-palette-style search window, kind of like the one in VS Code.It doesn't just search one model's list page. It searches your entire site in one box: App labelsModel labels and field attributesActual model instances (your data)Two ways to search the instances: model_char_fields (the default): runs an __icontains across every CharField (and subclasses) on the model. Zero config, works out of the box.admin_search_fields: defers to each ModelAdmin's existing get_search_results(), so it respects the search_fields you've already set up.The part I like: it's permission-aware out of the box. Users only see results for the apps and models they actually have view permission on, so you're not leaking anything through search.Results appear as you type, with throttling/debouncing so you're not hammering the server on every keystroke, and it's full keyboard nav: cmd+k to open, up/down to move, enter to go.It's responsive, does dark and light mode, and it pulls Django's built-in admin CSS variables so it just matches whatever admin theme you're running.Under the hood it's Alpine.js, but bundled into static so there's no external CDN dependency.Setup is about what you'd expect: pip install django-admin-site-search, add it to INSTALLED_APPS, mix the AdminSiteSearchView into your AdminSite, and drop a few template includes into base_site.html.Supports Python 3.8 through 3.14 and Django 3.2 through 6.0, MIT licensed, and everything is overridable if you want to skip certain models, add TextField matching, etc. Calvin #3: Qwen 3.6 27B is the sweet spot for local development Qwen 3.6 27B is being called the first local model that genuinely competes as a general-purpose intelligence — benchmarks put it at roughly mid-2025 frontier level (comparable to GPT-5 / Claude Sonnet 4.5)Runs locally via llama.cpp; on an M5 MacBook Max with 8-bit quantization + multi-token prediction, it hits ~32 tokens/sec using ~42GB RAM4-bit quantization gets it under 18GB, runnable on 32GB devices; Nvidia RTX cards run it even fasterThe dense 27B is recommended over the faster MoE 35B A3B — author prefers higher quality output over raw speedPrivacy and reliability are the pitch: fine-tunable, can't be taken down, suitable for sensitive/proprietary dataAuthor sees this as a stepping stone — frontier open-weight models like GLM 5.2 are now locally runnable with company-grade hardware, and smarter-still local models are coming Michael #4: A large batch of PEPs are finalized A bunch of PEPs went from accepted to final. 668, 687, 691, 699, 701, 703, 728, 770, 773, 829But this wasn’t them making their way into CPython. It’s an admin sorta thing. (Thanks PyCoders)See the commit. Extras Calvin: More fun bling for your terminal this time - https://charm.land/ Michael: Follow up from pls, What the pls? Thanks Pito. Joke: BEMoji A production-grade utility and component framework built entirely on emoji class namesvia Jeff Triplett
    Exibir mais Exibir menos
    30 minutos
adbl_web_anon_alc_button_suppression_t1
Ainda não há avaliações