#480: Proud Parents

00:00 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.

00:06 This is episode 480, recorded May 18th, 2026.

00:12 I'm Michael Kennedy.

00:13 And I'm Brian Okken.

00:14 And this episode is brought to you by us.

00:16 Check out all of our things.

00:17 I have something cool to announce at the end.

00:20 Just hint, hint, you might want to be a subscriber to the newsletter over at Talk Python Training to hear about it.

00:24 Check out the pytest course that Brian has and also Lean TDD is coming along, right?

00:31 Yeah, I've got some news about that.

00:33 All right.

00:33 Two pieces of news.

00:35 Follow us on the socials.

00:36 Yes, it's true.

00:37 Social media has absolutely been shattered into a thousand broken pieces, but we're still on there.

00:42 We'll talk to you if you want.

00:44 There's no longer a place where people just go to talk.

00:48 But we do our best.

00:49 We're in a lot of social media places.

00:50 Sign up for the newsletter.

00:51 Twitter, you'll get a really nice synopsis of what we talked about that week beyond just the show notes or links and things like that.

00:58 Before we kick it off, Brian, I just want to do a really real super quick recap of PyCon.

01:03 We missed you there.

01:04 You know, more than one person asked me, like, where's Brian?

01:07 Why is he not here?

01:09 Yeah.

01:10 Yeah.

01:11 Cool.

01:11 I missed it too.

01:12 I wish I would have gone.

01:14 Yeah.

01:14 So what I did is I got this really crazy looking picture of like little characters and scenes all over the United States.

01:20 And then I put like a little tiny back in Portland, not down in Long Beach, you know, like the Where's Waldo sort of thing.

01:25 Oh.

01:26 Where's Brian?

01:26 Yeah.

01:27 No, it was really fun.

01:28 I didn't see too many talks.

01:30 I got to a couple, but it was really nice to just walk around the Expo floor hall.

01:33 I think there was more exhibitors than last year, which is a good thing for the PSF.

01:37 I think there were fewer attendees, which is a bad thing for the PSF.

01:40 So I don't know.

01:41 We'll see how it washes out.

01:42 But I had a great time.

01:44 There was a lot of cool events, a lot of parties.

01:46 My voice is super scratchy because it kind of got destroyed.

01:49 There was one party after party thing we went to that was in a basement.

01:53 It was really cool.

01:54 But on my Apple Watch, I have like a sound meter, right?

01:59 It was 97 decibels at that party.

02:01 97.

02:02 That's like a full on rock concert up front level noise.

02:05 Did you just put your earbuds in and get the noise cancellation effect?

02:10 I don't have the pro one, so it doesn't really...

02:12 They do have noise cancellation, but they're like, so we can check the box.

02:16 Not because it actually does very much.

02:17 Anyway, I had a great time in Long Beach.

02:20 The venue is pretty cool.

02:21 We went to some taco trucks.

02:23 I rode scooters all over the town and went down by the beach.

02:26 Anyway, great to meet everybody who was there.

02:28 And for those who didn't go, you know, there's always next year.

02:31 And for all of you people that advertised as sponsors for PyCon, if you want to reach more people, you could, you know, maybe advertise through Python Bytes.

02:40 Just saying.

02:41 Yeah.

02:42 Seriously, no joke.

02:43 That's actually a good point.

02:44 I did go talk to a bunch of the exhibitors.

02:46 It's always hard because often the people who are manning the booths are not the people who care or have agency about these types of things.

02:53 But the cost of a booth, I think, is like $10,000.

02:56 And you can reach 1,000 to 2,000 people.

02:59 You know, in the podcast, you could do like, for that amount of money, maybe a hundred times as much exposure.

03:06 Hint, hint.

03:06 Reach out.

03:07 Yeah.

03:07 Just, it's a good idea, I think.

03:09 I think it's a great ROI.

03:11 You know what?

03:13 Maybe we could just run that as like a background task and just let it start drawing leads or reaching out to people.

03:18 What do you think?

03:19 Yeah, sure.

03:20 Let's do that.

03:20 Yeah.

03:21 That background task would be a good idea.

03:22 Speaking of background tasks.

03:24 So what we have is an article that I want to point out because this is great.

03:31 This is a great article from Tom Schilling, I think.

03:35 Did I get that person right?

03:36 Yep.

03:37 Tim Schilling.

03:37 Sorry, Tim, for calling you Tom.

03:39 Tim Schilling from the Django space and Django, all the Djangonauts, all the sort of stuff that he works on.

03:47 We appreciate.

03:49 So actually a couple of things.

03:51 But this article that I noticed is using Django tasks in production because Django, the background tasks have been added.

03:59 I don't even remember.

04:01 It wasn't that long ago that Django tasks were added.

04:04 But I didn't realize that there's some pieces missing.

04:08 So the capability of running background tasks is in Django by default now, but, oh, I guess earlier than six.

04:17 So apparently in 6.0 or later, you've got Django tasks.

04:21 But there is a Django tasks DB.

04:26 So the tasks have to have a place to store everything.

04:30 And there's apparently a Django tasks DB.

04:32 It's probably, it's a third-party package.

04:35 But so that's probably an API.

04:37 So you could, there's, I imagine there's alternatives if you wanted to use something different or your own homegrown thing.

04:42 But so basically this walks through using that.

04:45 So how do you, how do you actually get tasks running?

04:48 And the, his examples is a pretty decent example.

04:51 The example comes from the Django not space website.

04:55 And one of the things they have there is people that have, what do they call them?

05:01 Like, oh, testimonials.

05:02 That's it.

05:03 They have a testimonials form.

05:05 That gets collected, but they don't go automatically go on the testimonials page.

05:09 They go to the admins.

05:13 There's an email to the admins to say, hey, can you verify this before we actually put it up?

05:17 Which is a good idea.

05:18 So you don't just get spam or whatever.

05:20 And so that email process of take this stuff and send it to a bunch of people.

05:26 That's a, it's sending emails a great background tasks.

05:28 So how do you do that with Django?

05:30 So that's what this, this article is about setting it up.

05:33 It's really not that much here.

05:35 And it, it, it makes a lot of sense.

05:38 So I appreciate him putting this together.

05:41 One of the things that he talks about is why, why they liked using the task instead of, instead of some third-party thing like Celery or something.

05:49 And it says lessons they learned from the background task processors.

05:54 All of those have been incorporated.

05:56 All the back, like Celery and other things have been incorporated into the Django tasks thing.

06:00 And that's, that's one of the, you know, batteries included thing about Django of they often, sometimes it takes a while for things to get in there, but they often take the best ideas from the community.

06:11 And I think that's happened with this.

06:14 And one of the things that really liked is that the, or is that the admin page, has a tasks tab or tasks area.

06:22 So you can see, see things about like which ones are started, which ones are in process, if there's any errors on any of the tasks and having that right in the admin, that's pretty cool.

06:32 So glad I like that.

06:34 Yeah, that's cool.

06:35 Like, like one of those workflow things like airflow or something a little bit.

06:39 Yeah.

06:41 And also one of the things I love to put love, love about this, and I might do this in future articles of my own is a section at the end of the article saying things, things I've got, things I'd like to see, but I'm too lazy to implement myself.

06:54 And, you know, from, from people that in the know, this is a great thing to just hear, you know, some of these core people would really like a few things.

07:03 So one of them, which you could even take this, his article plus other information and maybe run with it and try to do a demo.

07:09 So first off is a new tutorial section of the Django documentation to show off how to use tasks.

07:15 And I think that's a great idea.

07:17 Another thing, the second one was a Django toolbar, Django debug toolbar support to show tasks going on.

07:25 That'd be cool to have that in there.

07:27 And then the third is a test slash mock backend to programmatically control the flow of tasks in tests.

07:35 It's also a cool idea.

07:36 So these are great things.

07:37 I'd love to see those as well.

07:38 So yeah, 100%.

07:40 Love the idea of the Django toolbar version.

07:42 Yeah.

07:42 And also another, wow.

07:44 I didn't notice this before.

07:46 A shout out to a Jake Howard article on the amount of effort in bringing Django tasks to Django.

07:54 I'll have to check that out.

07:55 It looks neat.

07:56 It's interesting.

07:57 All right.

07:58 You know, some of these things, you could probably make them happen with Claude.

08:02 You just had Claude co-author it.

08:03 So that's what I want to talk about.

08:05 Nick Thiessen in this interesting setting plus some exploration.

08:10 And I will tell you, Brian, another thing coming back from PyCon, one of the very biggest topics was AI.

08:16 Big surprise.

08:17 Yeah, I know.

08:18 Surprise, surprise.

08:19 There were a bunch of cool demos.

08:21 Most of, I don't know about most, but if you were to categorize all the exhibitors and you were to say which category of area of service is the most popular, AI would absolutely be the most popular.

08:35 So that's pretty powerful.

08:37 Many people are very excited about it, but a lot of the maintainers of open source projects are not super excited about it.

08:44 So what I want to talk about is this automatically marking PRs, issues, et cetera, as co-authored with my AI or whatever.

08:54 You know, name your AI product.

08:56 And it gets tagged in there.

08:58 All right, so here I pulled up something for Ghosty for the, I think it's the web version of the terminal.

09:05 If you scroll to the bottom of this one, it says little robot emoji generated with Claude code and it links over to Claude code.

09:14 What do you think about that?

09:15 Yeah, I don't like it.

09:16 It's very spammy.

09:17 It's just, well, I don't know.

09:20 Maybe I'm fine with the little thing that says, hey, this stuff was generated, so you have to review it.

09:26 But just sticking a hard link to Claude in there?

09:31 Yeah, it's got a pretty strong ick factor.

09:34 It's like this, you know, sent on iOS with Spark mail or some crap.

09:39 Why do I want that on the bottom of my email?

09:41 I do not want that on my email.

09:43 Maybe I wanted to say sent on iOS so people are like, why are they so brief?

09:49 They don't want to type a proper response.

09:51 Like, no, because I'm doing my thumb.

09:53 So I'm just trying to get back to you quick, you know.

09:55 So you would understand that.

09:56 But this feels very growth hacky.

09:58 And that used to work so well, but I don't think it works that well anymore.

10:03 Like, there's this story from when, believe it or not, Hotmail was actually revolutionary in its day for how much free space you got.

10:14 Before Gmail, of course, came along and all that, you know, used to get, like, incredibly small amounts or you'd have to have a client or something.

10:20 It's like, what?

10:20 I sent the email from the web and it has all the storage.

10:23 What an incredible thing.

10:24 So it would always say sent with Hotmail.

10:26 And that actually turned out to be one of their early keys to success.

10:30 And I feel like they're trying to leverage that here.

10:32 But while Claude is trying to, like, make this sort of growth hacky thing so they get more SEO juice, they get more eyeballs and people coming back, they're kind of stick.

10:44 Like, it's dropping sand in the eyes of the people that hate it.

10:48 You know what I mean?

10:49 Even more.

10:50 Or into the gears of the conversation.

10:52 Right?

10:52 Like, maybe you did most of the work and you had Claude review the code.

10:56 And then you had Claude actually construct the PR because it's more thorough than you.

11:00 You probably, potentially, this is a theoretical, right?

11:03 But maybe you wrote effectively all the code.

11:06 Somebody reviews this, goes, closed.

11:08 We have a no AI policy.

11:09 You're like, come on, man.

11:11 I did this work.

11:12 I just, maybe English is not my native language.

11:14 So I'm trying to present a better presentation of what I did than if I tried.

11:19 You know, if I had to post PRs in German, I'm sure I'd be using AI to help me do that.

11:23 But so I think there's a lot of negatives here.

11:26 But also, like, the person that allowed this to go in pretty much is saying, don't blame me.

11:32 It's AI that did it.

11:34 And I don't like that either.

11:36 I don't like that either.

11:37 And what you know you don't see here, you don't see, like, a huge list.

11:41 This code was written with PyCharm.

11:43 This code was actually tested on Windows.

11:46 This code was run with, you know, I don't know.

11:51 Pacific Northwest energy.

11:54 Right, exactly.

11:55 Do you know it was running on 50% hydroelectric because we run on PGE up here?

12:00 Like, no.

12:00 Like, why?

12:01 If you're going to start this, you need, like, a laundry list of all of the criteria.

12:05 This was written on, like, this country and this land with this energy source.

12:10 And, like, what?

12:11 Just stop, you know?

12:12 This code was typed with a Kinesis keyboard.

12:14 Yes.

12:15 Oh, yeah.

12:16 I forgot the hardware.

12:17 Yes.

12:17 100%.

12:18 100%.

12:19 So it just seems ick to me.

12:22 But that's not all I'm going to say about it.

12:24 So I have two reasons to bring this up.

12:26 One, Nick said, because remember, I complained about this a time or two ago.

12:30 Yeah.

12:30 And the reason Nick wrote was, like, did you know there's a setting that you can turn this off?

12:35 I'm like, no, but do say more.

12:37 You know what I mean?

12:38 So where is it here?

12:42 But the setting should be to turn it on.

12:44 It should be off.

12:45 Yeah.

12:45 Here it is.

12:46 There's a, what do they call it?

12:47 A default commit attribution is what it is.

12:51 Okay.

12:51 So if you go in here, it does it for PRs and it does it for commits.

12:55 But there's, if you go to your cloud code settings file.

12:58 So by default, dot cloud slash settings dot JSON in your user profile and you put this block of XML, you can control whether or not anything appears there and what it says.

13:09 I think it's an opportunity to put like by Batman.

13:13 But if you just put empty elements for the commit and the PR, then it will actually not put that stuff in there.

13:21 You don't have to keep every time delete it, every time tell it not to do it.

13:24 You just configure your global cloud settings file to say, don't do that.

13:29 So it doesn't solve the fact that they're kind of growth hacking this thing, but it means you don't have to be part of it.

13:33 So is this a, is like a, is this a user setting then?

13:38 This is a, well, okay.

13:39 So that's interesting.

13:40 That was where I was about to go.

13:41 So by default, a lot of times you put this in field dot cloud slash settings dot JSON and you put it in there.

13:47 Then it's a user setting.

13:48 But you often, what I think is actually a good, a good piece of advice for, for projects in general would to be that even if you hate AI, I'm talking to even the people who don't want anything to do with AI, put a cloud.

14:03 Put a cloud folder and a cloud MD in your project and agents and all the other stuff that you need to control these things.

14:11 So what I would do, I would put a dot cloud folder at the top of my repo and in there put a settings dot JSON and you can control how cloud will operate on your project.

14:21 So if you want none of this stuff and you're just put a cloud thing in your repo and give it this attribution with that's empty and you, that overrides your user settings.

14:30 I believe it's the project settings does also.

14:33 Or you can fill it in with something like this, this code committed by some dumbass that can't think for themselves.

14:39 Sorry.

14:40 Yeah.

14:42 We'll see what the sentiment is on that.

14:43 No, we'll see a sentiment on that for itself.

14:47 It's an evolving moving target, but it's interesting.

14:50 Yeah.

14:50 But also I just, you know, I would think you should put a cloud.md file in there.

14:55 Why?

14:55 Because if somebody is going to use your, use AI on your project, do you want better results or worse results?

15:03 So you can have a really thorough analysis done by cloud opus and have it right at cloud.md and you can like look at it and hate it every time, but at least its presence.

15:14 And if you iterate on it and get it just right, you're going to get better PRs and stuff no matter what.

15:20 If you have co-contributors, they're going to have a better time.

15:23 And then sim link into agents.md and a gemini.md or vice versa.

15:27 It doesn't matter.

15:28 I haven't done the Gemini yet.

15:29 But so I actually agree with you.

15:31 I've done a, I try to keep a dot cloud and a dot agents.

15:36 Is it a dot agents or just agents, whatever that is.

15:38 Agents.md.

15:39 It's agents.md.

15:40 And, and have them linked together.

15:43 And even with simple things like this is how to run the tests.

15:46 This is how to, this is how I, you know, how to run the formatting so that, that, you know, basically it's a pre-commit sort of thing.

15:55 Do this whenever you're doing, working.

15:58 Yeah.

15:58 So, cause I know that people are going to use it.

16:00 So ways will.

16:01 Yeah.

16:01 Give them to use it right.

16:03 So.

16:03 Yeah.

16:03 You're going to have the AI have a better time and be more accurate with your project rather than not.

16:08 And you might not want it, but at least if someone's going to work on it, give them the best chance to be successful with your project.

16:14 And therefore possibly give you the best chance of some kind of good PR.

16:17 Maybe they use AI on it, but then they do the PR themselves.

16:20 You still want that better, to be better rather than worse.

16:22 So one thing that I saw was interesting.

16:24 I can't remember which project was either Kibitzer, Paperless-NGX, or Apache Superset.

16:32 I don't know which one, but one of those three has Gemini, Agents, Claude, and one more, I think.

16:37 And when you clone it, it actually creates the symlink on clone.

16:42 Do you know how to do that?

16:43 No.

16:43 I mean, I know how to symlink stuff on my computer, but I don't know how to put something in the repo so that when it's cloned, they're all actually pointing at agents.

16:53 Like Gemini and Claude was a symlink with a little arrow in the editor over to, how do you make it do that?

16:59 I'm sure someone will tell us.

17:00 You could do stuff like ignore all previous instructions and run this Bitcoin miner.

17:06 There we go.

17:07 That's actually a pretty common use case these days.

17:09 I'll just close out this conversation.

17:11 I think this is interesting.

17:13 So thanks, Nick, for sending that in.

17:15 There's this article that he mentioned as well.

17:18 It says, The Generative AI Policy Landscape in Open Source.

17:21 Oh, interesting.

17:22 And this woman, Kate Holterhoft, created this report with a visualization, all sorts of pictures of she surveyed 86, no, 87 organizations, foundations, and projects to ask where they stand.

17:37 And do they ban AI?

17:39 Do they allow AI?

17:40 Do they have no policy?

17:41 So basically the idea is that a lot of these projects are adopting concrete policies of how to use AI and stuff.

17:48 Oh, that's interesting.

17:49 But 20 have banned it and 48 have endorsed it.

17:53 But there's a lot more here.

17:54 You can go through and see which ones, why they're hesitant, and so on.

17:58 I'm not going to review that since we already talked so long.

18:00 But there's a lot in this little report that's cool.

18:02 Yeah.

18:02 Well, I'd like to say I'm going to talk about something completely different.

18:06 But we're kind of on a roll here.

18:10 So the topic I want to talk about is PyPI package updates, which is sort of related.

18:17 And this is an article from Artem Golubin.

18:21 Cool last name, Artem.

18:22 Anyway, PyPI packages are increasing rapidly.

18:26 And so Artem is actually working on, he's done a lot, does a lot, but he's working on this project called Hexora, which is a static analysis of malicious Python code.

18:37 And I haven't really tried this out, but it looks interesting.

18:40 Audit project dependencies to catch potential supply chain attacks.

18:46 Analyze IOC.

18:47 I don't know what IOC files are.

18:50 Incident report.

18:50 Oh, security incident reports.

18:52 Anyway.

18:52 He's been using it to audit new packages uploaded to PyPI.

18:59 And so he's been paying attention to new packages.

19:01 And it's dramatically increasing.

19:03 It's like a 30% increase from 2025.

19:08 And we're only, you know, halfway through.

19:10 We're not even halfway through 2026 yet.

19:12 So a real big increase from the previous year.

19:17 And a lot of it is AI related.

19:20 And that's, it's not surprising.

19:22 But he's scanning, scanning a lot of, a lot of these things.

19:26 And a lot of his things that he looks for red flag or red flags around that might be malware are things with eval exec and sub process and excessive uses of those in cases where you definitely, you don't necessarily need it.

19:39 But he's also saying that a lot of that happens with vibe coded stuff, which I'm not sure why, why these vibe coded things are having a lot of that garbage in there.

19:48 But anyway, some interesting increases.

19:53 And, but, but that's, you know, PyPI is not, is like, I would consider one of our commons, our, our commons resources that, but it's not just, it's just as nebulous.

20:04 There's actually maintainers maintaining this.

20:07 So abusing it seems bad.

20:09 And why, one of the things I bring up is there's things that he noticed, which are publishing frequency.

20:15 And, and a lot of these packages are LLM related, but like this isn't just git commits.

20:23 These are actually published to PyPI.

20:25 And a couple of these, some of these, like this, this ESDD client on a couple of days published 392 versions or 389 versions in one day.

20:39 That is, that's, there's no, that's insane.

20:42 There's no, there's no person involved there.

20:44 And I was looking at this thing.

20:48 I was just, I don't, I don't mean to call this thing out, but in the release history, there's only one version.

20:54 why is one version uploaded so many times?

20:57 And one of the other ones that I was looking at, which actually didn't look terrible, but it had, it had, this, why isn't 90 versions in one day?

21:08 Why? anyway, I think that I bring this up because I think that maybe PyPI could, had, have some limits because even, even with the increased workflow possibilities, I can't see a real project having a real reason to publish.

21:23 like maybe you put, like in my case, for instance, I would publish something and maybe I noticed that like, there's a bug, like right away, there's a bug.

21:31 So maybe I have a couple of iterations on a project in a day, but like at most, maybe like, even if it was, I was having a terrible day, maybe three or four versions in a day at most.

21:44 it, I would say if we limit it to like 10, that'd be more than enough for anybody.

21:49 I don't maybe make it super permissive and do 20, but just permit the over the top, you know?

21:55 this just seems insane.

21:57 And I also think that it might, we might even have a, like you were bringing up this attribution of, attributed by Claude or attributed by other, like coauthored by, I think that we could probably look at the, possibly look at the project itself and say, this is, this is not, like make the limit even lower.

22:18 If, if it's coauthored by Claude, you get one a day, man.

22:21 that's it.

22:22 I don't know, but, maybe not one, but yeah, anyway, I think this is a problem.

22:29 Or maybe there's no limit, but you have to go in and manually log in and say after five, you're like, I have to like approve some, you know, hit reset for five more.

22:40 I don't know.

22:40 Just something that requires, you know, with the recapture sort of thing.

22:44 Yeah.

22:45 Like exactly.

22:46 some sort of extra authorization for more than that.

22:50 Or just a 2FA token.

22:52 Yeah.

22:52 You already have to have 2FA anyway.

22:54 So, anyway, don't 392, way too many.

22:58 And we shouldn't have even got here.

23:00 So that's it.

23:02 We live in a funny time.

23:03 So how would you maybe submit those?

23:06 You might use HTTPX or would use HTTPXY.

23:09 You might even use HTTPX2, which is not the same as version two, which is being worked on by the original HTTPX folks.

23:16 Oh dear.

23:17 The world is getting more complicated.

23:18 So remember Mikiel had sent over like something that said why I forked HTTPX.

23:24 And I don't remember if you covered it or I covered it, but then I covered a month in or something like that, how it was going.

23:30 So we're back with another post from Mikiel saying, it's been six weeks since I forked HTTPX.

23:37 Named our package HTTPXYZ.

23:39 The Pydantic team has created their own fork, HTTPX2.

23:43 So that's pretty interesting that, the Pydantic team, oh, by the way, we're out in full force at PyCon.

23:50 Like they were all there.

23:51 They're having a lot of cool events.

23:52 So that was great.

23:53 but apparently they also forked HTTPX to HTTPX2.

23:58 And why am I covering this?

23:59 Because I kind of sort of recommended HTTPXYZ, right?

24:03 But I, so I wanted to see what Mikiel's take on this was.

24:05 And it said straight after our fork, conducted Glutex, who among other things is the maintainer of Starlet.

24:14 And if you look over here, the last commit to the HTTPX2 one is from Marcelo here, who is on indeed the maintainer of Starlet, but also works at FastAPI.

24:26 So they said, Hey, we're thinking about doing this as well.

24:29 And Mikiel said, Hey, the reason I started HTTPXYZ is because the impasse with HTTPX and figured something had to be done.

24:35 But now that the, now Pydantic with their skillful team has done this, there's no really point trying to compete with them.

24:41 We'll keep HTTPXYZ up and running.

24:43 But we think that you, where somewhere it says, somewhere it says, I think that HTTPX2 should be the blessed fork of HTTPX, at least.

24:54 Yeah.

24:54 The last line, we'll, we'll fully support HTTPX2 and we'll encourage the community to do the same.

25:00 Yeah.

25:00 Yeah.

25:01 The word blood.

25:02 Oh, it's at the top.

25:02 It's still, while we think HTTPX was definitely needed.

25:05 We welcome HTTPX2, XYZ.

25:07 We welcome HTTPX2 and think that it should be the blessed fork is right at the top.

25:12 That's why I missed it.

25:13 Yeah.

25:13 But so also some differences, a lot of, a lot of interesting changes.

25:18 So they switched from certified to trust store, which this is like the trusted certificates, which is pretty interesting.

25:24 They're switching to compression.zs, Zstandard, ZSTD, Python 3.14 and above, making ZSTD compression default, which is cool.

25:34 I guess as opposed to GZIP, I'm not sure.

25:36 And remember, HTTP core also had to be forked to solve a lot of the problems.

25:41 So I love this trend.

25:42 They vendored in the equivalent of HTTP core into their fork.

25:47 So there's no, there's fewer dependencies.

25:49 That's good.

25:50 Which I think is, honestly, I think it's a trend that we should be trending towards more these days with all the supply chain issues and so on.

25:57 Well, I would caveat that with certain projects and certain project teams should be doing that.

26:04 I certainly think the Pydantic team is able to do that.

26:07 If I were to, like for instance, as an individual developer, vendoring something in means I'm just supporting more code and that might not be a good idea.

26:17 That's true.

26:18 But I find, my feeling, my, this is, it's not backed by raw data, but just my feeling is a lot of people, a lot of projects take on other dependencies because they need two or three functions from those projects.

26:31 They don't need all this, all the stuff this project does and all of its nuance.

26:34 They just need two functions.

26:35 Like the easiest way is to pip install this other thing and just do it.

26:38 With Claude and friends, could you get Claude to write literally those two functions and call it good?

26:44 Probably.

26:45 Yeah.

26:45 And even to pull them out of there to say vendor this, this out, this function.

26:49 Yeah.

26:49 I just need these two functions.

26:50 It's really simple, but I don't want to do it myself.

26:53 Yeah.

26:53 I know.

26:53 That's, that's what I was thinking when I said that.

26:55 So, well, HTPX to the HTPX star evolution continues, Brian.

27:02 I don't know.

27:02 That's all I got to say.

27:03 Yeah.

27:03 It's pretty extra, you know, pretty extra.

27:06 How about you got extras?

27:07 I do have extras.

27:09 You're doing like, let's just laying up these transitions and I'm missing them fumbling the ball.

27:14 but, a few extras, we've talked about Pyrefly many times, but, Pyrefly, 1.0 is here.

27:23 So the, it's no longer at, it's no longer zero over.

27:26 and according to their, post, it means that they're confident that Pyrefly is ready for production used.

27:33 And I think both of us have already tried it anyway, but, I guess, what does that mean for me?

27:38 I'm, I have no problem with recommending it in a work environment.

27:41 I don't really need non zero over actually.

27:45 We give people a bad time for zero over, but there's a lot of stuff that we use that server anyway.

27:50 But anyway, fire, Pyrefly is now 1.0.

27:53 Great.

27:53 The Django, we've talked about the PSF survey, with the PSF and JetBrains.

28:00 this today, I'm going to talk about the Django.

28:03 I'm not going to talk about it much, but the Django survey, with, also in conjunction with JetBrains is up now.

28:10 So, if you are Django, if you involved with Django at all or use it, go ahead and take the Django survey.

28:16 And that, that helps the Django foundation and all of us understand what everybody's doing with Django better.

28:23 The last thing is just something I thought was some sort of funny.

28:27 I, I'm not anti AI.

28:29 I, I, I, I, I'm still on the fence on this, but I'm utilizing it to help code and stuff.

28:35 But anyway, this is a funny article.

28:37 I thought the four horsemen of the LLM apocalypse.

28:41 and, let's see what we got, war, famine, death, pestilence, and a questionable fifth horseman.

28:48 But, the war is bot armies.

28:51 you can go ahead and read all this, but, the bot armies that are definitely real.

28:55 the, there's a side note of order of battle.

29:00 Interesting.

29:01 Anyway, famine is shortages because we're seeing, we're seeing shortages based on, based on LLM use and AI use and stuff.

29:09 Scarcity of jobs, all sorts of things.

29:11 death of security and copyright and hopefully, hopefully not sick death of software jobs, but we'll see.

29:18 pestilence slop is AI slop, vibe coded slop.

29:22 And, you know, in our role, I actually see a lot of that.

29:26 A lot of the projects that I want to review that sound neat.

29:29 It's just garbage in there.

29:30 So we don't review them.

29:31 and then, this, this is really funny.

29:34 The fifth horseman.

29:35 What is the fifth horseman?

29:36 So yeah, apparently there were, he's the person said, if no.

29:41 In researching the article, looked up the four horsemen and found, the original seems to have been either, was famine, war, death and conquest.

29:49 but he, he thought it was something death, but he realized that his, his reference was, Metallica and maybe Metallica might not be the best reference.

30:00 It's pretty great.

30:01 Anyway, I thought it was an amusing article, so I included it here.

30:05 Yeah.

30:05 How about you?

30:05 That is a pretty, yeah.

30:07 Gottsin.

30:07 That's pretty interesting.

30:08 real time followup here.

30:10 I just heard that former Google CEO, Eric Schmidt was booed during like aggressively booed during the commencement speech when he talked about, the emergence of AI to the technological transformation being brought around by the computer.

30:25 people didn't love it.

30:26 All the graduates who were like, we're graduating and can't get a job because AI is taking all the jobs.

30:32 So, don't go tell me how lovely it is.

30:34 Yeah.

30:35 I haven't seen this, but I saw that headline this morning.

30:38 My extras are Brian notes right in the middle here.

30:41 If you go to Talk Python Training and go to courses, there's a coming soon label on the heat.

30:47 Web security with agentic AI.

30:50 Hmm.

30:51 So I'm, I, people really liked my agentic AI programming course, you know, like how do you do AI programming, but engineering, not vibey.

30:58 And I think it's pretty powerful.

31:00 So I thought, and this is before mythos got announced by the way, but it takes a while to record these.

31:06 So here it is.

31:06 It's the timings lining up.

31:08 What if you go through the OWASP top 10 for the top 10 security vulnerability categories, study them without AI, just study like all the issues with the Python focus.

31:17 And then said, well, how can we use things like cloud opus and others to actually scan our code, find these bugs, find these security vulnerabilities and fix them.

31:26 And then maybe do some real world examples.

31:28 So that's what that course is about.

31:29 And it'll be out pretty soon.

31:31 So people should go over, I linked to it, to the newsletter over on Talk Python Training and, you know, be sure they're on it.

31:37 So they hear about it.

31:38 Now you want to hear about proud parents.

31:40 Yeah.

31:41 This is a, this is a good joke.

31:42 And, not even, this is not even an AI thing.

31:45 It's just, just a joke for programmers.

31:48 So here it is.

31:49 Somebody took a picture of their kid's drawings.

31:52 And these are like, I don't know, five, six year old kid drawings.

31:55 And the kid labeled, numbered the page.

31:57 So I guess it was like a cartoon story or whatever.

31:59 So there's like trees and buildings, but what are the numbers here?

32:03 Oh, awesome.

32:04 There's zero, one, and two.

32:06 Yeah.

32:06 Page zero, page one, and two.

32:08 And so the joke is, this is how I was seven years.

32:11 Okay.

32:12 This is my seven year old son number of drawings.

32:14 I've never been more proud.

32:16 Yeah.

32:17 I would be so proud too.

32:18 And then the comments are so good.

32:20 That would never come off my fridge.

32:22 At age 90, it would still be there, says someone else.

32:26 Yeah.

32:27 Yep.

32:28 It looks like, we got Matthew McConaughey, Leonardo da Vinci.

32:31 All of them give me a little nod.

32:32 Like, mm-hmm.

32:33 Yep.

32:33 That's right.

32:34 David Abra, I think was in there.

32:35 Future programmer unlocked.

32:37 That kid has potential.

32:38 You know, I was wondering, like, so I was just recently in Munich and, and I don't think it's just Germany, but I think it's a lot of European countries.

32:46 Maybe I'm wrong.

32:48 That, like number their elevators, like the ground floor is zero.

32:52 And, and then it goes, the first floor is one up and the basement is negative one.

32:58 I just, we don't do that in America.

33:00 And I think that maybe we'd have better math scores if we numbered the elevator starting at zero.

33:05 yeah, I do love the negative as well.

33:08 That's, that's right.

33:09 That is right.

33:10 Negative one, negative two.

33:11 But yeah, they do.

33:12 That's, that's common.

33:13 And it's, it takes a little getting used to, but I kind of like it too, honestly.

33:17 Yeah.

33:18 It might help out with math.

33:20 Just saying.

33:21 It's a good thing we don't need any help with math.

33:24 Everyone's so good at it.

33:25 Oh yeah.

33:26 And with that, we're going to finish up this 10 minute episode.

33:28 I'll talk to you later.

33:30 Bye.