Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
#377 A Dramatic Episode
April 02, 2024
00:32:55
23.83 MB
Downloads: 0
Topics covered in this episode:
Watch on YouTube
Watch on YouTube
About the show
Sponsored by ScoutAPM: pythonbytes.fm/scout
Connect with the hosts
- Michael: @mkennedy@fosstodon.org
- Brian: @brianokken@fosstodon.org
- Show: @pythonbytes@fosstodon.org
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too.
Finally, if you want an artisanal, hand-crafted digest of every week of
the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
Michael #1: justpath
- Inspect and refine PATH environment variable on both Windows and Linux.
- Raw, count, duplicates, invalids, corrections, excellent stuff.
- Check out the video
Brian #2: xz back door
- In case you kinda heard about this, but not really.
- Very short version:
- A Microsoft engineer noticed a performance problem with ssh and tracked it to a particular version update of xz.
- Further investigations found a multi-year installation of a fairly complex back door into the xz by a new-ish contributor. But still contributing over several years. First commit in early 2022.
- The problem is caught. But if it had succeeded, it would have been bad.
- Part of the issue of how this happened is due to having one primary maintainer on a very widely used tool included in tons-o-Linux distributions.
- Some useful articles
- Everything I Know About the XZ Backdoor - Evan Boehs - recommended read
- Don’t think your affected? Think again if you use homebrew, for example:
- Notes
- Open source maintenance burnout is real
- Lots of open source projects are maintained by unpaid individuals for long periods of time.
- Multi-year sneakiness and social bullying is pretty hard to defend against.
- Handing off projects to another primary maintainer has to be doable.
- But now I think we need better tools to vet contributors.
- Maybe? Or would that just suppress contributions?
- One option to help with burnout:
- JGMM, Just Give Maintainers Money: Software Needs To Be More Expensive - Glyph
Michael #3: LPython
- LPython aggressively optimizes type-annotated Python code. It has several backends, including LLVM, C, C++, and WASM.
- LPython’s primary tenet is speed.
- Play with the wasm version here: dev.lpython.org
- Still in alpha, so keep that in mind.
Brian #4: dramatic
- Trey Hunner
- More drama in the software world. This time in the Python.
- Actually, this is just a fun utility to make your Python output more dramatic.
- More fun output with terminaltexteffects
- suggested by Allan
Extras
Brian:
Michael:
- My keynote talk is out: The State of Python in 2024
- Have you browsed your github feed lately?
- 3.10, 3.9, 3.8 security updates
Joke: Definition of terms