Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.

#335 Should you get your mojo on?

May 11, 2023 00:25:37 24.83 MB Downloads: 0
Watch on YouTube

About the show

Sponsored by InfluxDB from Influxdata.

Connect with the hosts

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too.

Michael #1: Introducing 'Trusted Publishers’

  • PyPI package maintainers can adopt a new, more secure publishing method that does not require long-lived passwords or API tokens to be shared with external systems.
  • Our term for using the OpenID Connect (OIDC) standard to exchange short-lived identity tokens between a trusted third-party service and PyPI.
  • Instead, PyPI maintainers can configure PyPI to trust an identity provided by a given OpenID Connect Identity Provider (IdP).
  • These API tokens
    • never need to be stored or shared
    • rotate automatically by expiring quickly
    • provide a verifiable link between a published package and its source
  • Additional security hardening is available

Brian #2: Mojo : a new programming language for all AI developers.

  • Mojo may be the biggest programming language advance in decades - fast.ai blog
  • Suggested by many listeners
  • “Mojo combines the usability of Python with the performance of C, unlocking unparalleled programmability of AI hardware and extensibility of AI models.”
  • A programming language compatible with Python, with performance similar to C++/Rust.
  • “Mojo is designed to become a superset of Python over time by preserving Python’s dynamic features while adding new primitives for systems programming.” - emphasis from Brian
    • It’s not there yet, but still super cool
  • Built on a MLIR, not LLVM
  • How compatible is Mojo with Python really?
    • Mojo already supports many core features of Python including async/await, error handling, variadics, etc, but… it is still very early and missing many features - so today it isn’t very compatible. Mojo doesn’t even support classes yet!”

Michael #3: django-prose

Brian #4: pylyzer is a static code analyzer / language server for Python, written in Rust.

  • Shunsuke Shibayama
  • Suggested by Owen
  • Features
    • fast
    • detailed analysis
      • type checking
      • plus things like out-of-bounds accesses to lists, and non-existent key references to dicts
    • more readable reports
    • and a VS Code extension
  • pylyzer vs ruff
    • Ruff, like pylyzer, is a static code analysis tool for Python written in Rust, but Ruff is a linter and pylyzer is a type checker & language server. pylyzer does not perform linting, and Ruff does not perform type checking.”
  • Some limitations and incomplete “todo list”. See README for more details.

Joke: Escape Room