Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
#335 Should you get your mojo on?
May 11, 2023
00:25:37
24.83 MB
Downloads: 0
Watch on YouTube
About the show
Sponsored by InfluxDB from Influxdata.
Connect with the hosts
- Michael: @mkennedy@fosstodon.org
- Brian: @brianokken@fosstodon.org
- Show: @pythonbytes@fosstodon.org
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too.
Michael #1: Introducing 'Trusted Publishers’
- PyPI package maintainers can adopt a new, more secure publishing method that does not require long-lived passwords or API tokens to be shared with external systems.
- Our term for using the OpenID Connect (OIDC) standard to exchange short-lived identity tokens between a trusted third-party service and PyPI.
- Instead, PyPI maintainers can configure PyPI to trust an identity provided by a given OpenID Connect Identity Provider (IdP).
- These API tokens
- never need to be stored or shared
- rotate automatically by expiring quickly
- provide a verifiable link between a published package and its source
- Additional security hardening is available
Brian #2: Mojo : a new programming language for all AI developers.
- Mojo may be the biggest programming language advance in decades - fast.ai blog
- Suggested by many listeners
- “Mojo combines the usability of Python with the performance of C, unlocking unparalleled programmability of AI hardware and extensibility of AI models.”
- A programming language compatible with Python, with performance similar to C++/Rust.
- “Mojo is designed to become a superset of Python over time by preserving Python’s dynamic features while adding new primitives for systems programming.” - emphasis from Brian
- It’s not there yet, but still super cool
- Built on a MLIR, not LLVM
- “How compatible is Mojo with Python really?
- Mojo already supports many core features of Python including async/await, error handling, variadics, etc, but… it is still very early and missing many features - so today it isn’t very compatible. Mojo doesn’t even support classes yet!”
Michael #3: django-prose
- Wonderful rich-text editing for your Django project.
- Rendering rich-text in templates
- Small rich-text content (as model fields)
- Django Prose is using Bleach to only allow certain tags and attributes
- See the website for a screenshot of it in action
Brian #4: pylyzer is a static code analyzer / language server for Python, written in Rust.
- Shunsuke Shibayama
- Suggested by Owen
- Features
- fast
- detailed analysis
- type checking
- plus things like out-of-bounds accesses to lists, and non-existent key references to dicts
- more readable reports
- and a VS Code extension
- pylyzer vs ruff
- “Ruff, like pylyzer, is a static code analysis tool for Python written in Rust, but Ruff is a linter and pylyzer is a type checker & language server. pylyzer does not perform linting, and Ruff does not perform type checking.”
- Some limitations and incomplete “todo list”. See README for more details.
Joke: Escape Room