#483: Thanks Brian

00:00 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly

00:05 to your earbuds. This is episode 483, recorded June 9th, 2026. I'm Michael Kennedy.

00:11 I'm Calvin Hendryx-Parker.

00:13 And this episode is brought to you by us, All of Our Things. We'll talk a little bit about that in

00:17 the introduction bit here in just a second. If you want to follow us on social media,

00:21 we're on all the socials. We'll have those in the show notes for you. Sign up for the newsletter

00:26 at pythonbytes.fm/newsletter or just domain click on newsletter.

00:30 You always get a bunch of interesting things as well as some extra announcements

00:33 for fun stuff that we have going on.

00:35 And with that, I actually, Calvin, have a pretty big announcement.

00:40 So I want to say thank you to Brian Okken.

00:43 The big news is that Brian has stepped back from the show.

00:46 He's been working on it for almost 10 years, just a few months short of 10 years.

00:52 That's incredible.

00:52 That's a great run.

00:54 That's an incredible run.

00:55 That is an incredible run.

00:56 Obviously, the world has changed a lot over the last 10 years,

01:00 and Brian just needs more time to focus on some of his other projects.

01:04 Not stepping away from programming.

01:05 He's not going to go become like an organic farmer in Eastern Oregon.

01:09 Forest ranger.

01:10 Exactly.

01:11 You know what?

01:11 I'm retiring from tech.

01:13 That's it.

01:14 No, but he's moved on from the show, and I just want to take a moment and say,

01:18 Brian, thank you very much.

01:20 You've made the show what it is over the years, and it's been great to work with you,

01:24 And it's been really, really awesome.

01:26 And I know a lot of people in the audience are going to miss you.

01:28 Yeah, I agree.

01:29 I've gotten to know Brian over the years as well.

01:31 And I really appreciate him being on the show and just being a part of the Python community.

01:36 So I've enjoyed having Brian around as well.

01:39 Not that he's going to go away, but he's just not here right now.

01:42 Yeah, maybe we'll have him back as a guest sometime.

01:44 Yes, absolutely.

01:45 So Brian, thank you very much.

01:48 And Calvin, welcome to the show.

01:50 I'm glad to be here.

01:51 I'm excited.

01:51 This is a new, the next generation of Python Bytes.

01:55 Let's do it.

01:56 Yeah, absolutely.

01:57 The next generation.

01:58 So I know you have your pulse on the industry in so many ways, and you have a ton to contribute.

02:05 And so we're going to work together on Python Bytes for a while.

02:07 And yeah, it's awesome.

02:09 So thanks for coming on the show.

02:10 It's really great to have you.

02:12 Thank you, Brian, for being here.

02:13 Calvin, welcome.

02:14 Normally, we just kick off the show.

02:16 Hey, I'm Brian, I'm Michael, or whatever.

02:19 But this time, at least you've been on the show on this show before, as well as Talk Python.

02:24 But just give people a real quick introduction since you're kind of new to a lot of people.

02:28 Sure, sure.

02:29 So I'm Calvin Hendryx-Parker.

02:30 I'm co-founder and CTO of Six Feet Up.

02:33 We are a Python agency that loves specializing in solving hard problems and helping impactful

02:38 leaders build a better world out there and do things to benefit humankind in some way.

02:43 I also am a co-founder of the IndiePy meetup here in Indianapolis.

02:47 So very involved in the community.

02:49 I love going to PyCon and being around all the folks.

02:52 So this definitely fits well with like kind of my mission,

02:55 which is to bring more to the Python community if I can.

02:59 And you're also an AWS hero, is that right?

03:01 Oh yeah, I am.

03:03 AWS hero since 2018 or 2019, I think.

03:06 Yeah.

03:07 So basically means AWS thinks I'm kind of a, I guess a big deal.

03:09 I don't know.

03:10 He's a big deal.

03:12 Yeah, right.

03:13 Yeah, there's only a few of them around the globe.

03:14 And it's kind of cool because you can't be an Amazon employee or employed by a competitor.

03:19 And so it allows me to maintain my independence and a little bit of cloud agnosticness.

03:24 Yeah. Awesome. All right. Well, with that, how about you kick off our first topic?

03:29 Oh, sure. I'd love to. So we've got just yesterday, the fine folks at Astral have released some new features that are still in beta for checking for vulnerabilities and also some malware checks.

03:41 So for example, they've added the new audit subcommand.

03:45 So as you, this is not an unheard of thing in the community.

03:48 There's existing tools like it, for example, safety and pip audit.

03:52 What is different about uv offering this?

03:54 They have basically said, we have an opinion like they've done in other ways.

03:58 Astral has basically said, we have opinions about how things should be done.

04:01 And we're trying to optimize the developer experience workflow

04:04 to make this not suffer from some of the problems

04:08 you get with like, for example, npm.

04:10 When you do an npm install, you get this just overload of warnings for deprecations.

04:14 And so you just kind of start ignoring it and not paying attention to it.

04:17 The idea is to be explicit and call it when you want to have these kind of scans run.

04:23 So you could put it into a pre-commit hook, for example,

04:25 you can obviously run it in your CI pipeline, but it's meant for the developers to run locally as well.

04:30 And the add command and sync commands have been updated.

04:34 Well, optionally right now, they're not enabled,

04:36 but if you enable the uv malware check, the add and sync commands will proactively tell you

04:40 if you're adding a potential malware package to your project right now.

04:46 I actually tried it out today.

04:47 I actually love that.

04:48 Yeah, that's really cool.

04:49 I literally did it today because I was like, oh, I should go check out my last FastAPI project

04:53 to make sure I'm up to date on things.

04:55 And I ran the uv audit, again, super fast, as you would expect most of the tools from Astral to be.

05:00 And I had my Pi coding agent go and fix all the problems.

05:04 And I released a new prod release just this morning

05:06 because of the uv audit tool.

05:08 It seems really, really nice.

05:09 I'm really excited about it.

05:10 Awesome.

05:11 I have been, I talked about it maybe six months ago or so,

05:14 a couple of security things you can do for the supply chain vulnerability.

05:19 And it's just super scary, right?

05:22 Because you're just working normally on your projects.

05:25 And if you time it wrong, well, bad things happen.

05:28 And they have happened to people, right?

05:30 Not in great numbers in the Python world, but still enough, you know,

05:34 some of the LLM tools I can think of were pretty, that was a pretty bad one.

05:38 Well, we're paying attention now.

05:39 I think folks are hopefully paying more attention

05:41 and tools like this make it easier to pay attention

05:44 and less friction to be safe.

05:46 I think it's got options, for example, not to install the latest version of a package.

05:50 Maybe you want to like a cool off period to say,

05:52 I think that was already built in to uv, which does have a cool off period.

05:56 That's a smart thing to do.

05:57 You don't want the package that was released today

05:59 because it might have a vulnerability from a supply chain attack in there.

06:02 And you want to make sure, usually in a few days, those are shook out.

06:05 And so grabbing a seven day old version of it, probably the safe thing to do, for example.

06:10 Yeah, and that's what motivated me to start down that whole path of talking about those things.

06:14 I'm like, oh, they just shipped no earlier than whatever it was.

06:18 And so that was really excellent.

06:20 And then I started using pip Audit as well and even like share how you bring that into like a Docker world.

06:25 And that's great.

06:26 I'm feeling like that needs to be, for me, updated to use uv Audit instead of pip Audit,

06:31 which just because like one of the things I see on the screen

06:33 is four to 10 times faster.

06:34 Everything else I'm doing with uv, but I just couldn't because it didn't support this, right?

06:38 There's an asterisk there.

06:40 PIP audit with a fully primed cache is probably about as fast.

06:43 But if you're going from a CI pipeline, you're going to get the 4 to 10x speed up.

06:47 So those are the, again, creature comforts that I believe the astral folks have brought to the game.

06:52 They've just said, we're going to be opinionated.

06:54 This is how we're going to do it.

06:55 And we're going to make it better for everybody, hopefully.

06:57 So if you like those opinions, it's good for you.

06:58 If you had other opinions, well, this is probably better.

07:01 Yeah.

07:03 Yes, exactly.

07:04 So out in the audience, Mike.

07:05 Hey, Mike.

07:06 points out that this weekend's Miasma Hades attack is timely.

07:11 I don't know about it, but okay.

07:13 I have to research it.

07:15 If you had a CI pipeline running on the weekend

07:17 and got that version over the weekend, and these things always happen on a Friday late on a weekend

07:21 because no one's looking, that's exactly the timing that these kind of things happen.

07:25 So make sure you've got that cool off period in there.

07:27 Yeah, exactly.

07:28 So I made the mistake of actually going on vacation for the weekend,

07:32 and so I wasn't paying enough attention.

07:34 So I got to research this.

07:35 Wait, you actually took a couple days off?

07:37 Yeah.

07:37 I sat by the ocean.

07:40 It wasn't terrible.

07:41 Nice.

07:43 All right.

07:43 Let's talk about, I think this relates a little bit back to the supply chain, but not necessarily

07:49 in a vulnerability way.

07:50 You also mentioned your Pi coding agent.

07:53 We need to speak about this a little bit.

07:54 Yeah, we should.

07:55 Yeah, absolutely.

07:57 This is going to have to be one of your whole topics sometime.

07:58 But it seems to me like a lot of the projects that people depend upon have these very shallow dependencies.

08:06 And by that, I mean, like, yeah, I'm sure I'm using this library that lets me give, I don't know, a zip code and it gives me the state back or something like that.

08:15 Right. But I only call the one function.

08:17 You know what I mean?

08:19 would it be possible to just have some kind of coding agent

08:23 or even you just write that into your project instead of adding maybe that dependency

08:28 and three other dependencies it has, then you're worried about like cool down periods

08:32 and supply chain and just like, oh, this one only works on 3.14.

08:36 This one only works or lower and this other one only works in 3.15 and above.

08:40 Like, what do I do?

08:41 You know, those kinds of issues.

08:42 So I want to highlight this article called HTTP GET requests with Python standard library.

08:48 by Alex Chan. And so Alex basically says, there's been all this stuff going on with HTTPX. I'm going

08:56 to talk about that at the end of the show a little bit more. But we've also got requests, we've got

09:01 URLib, we've got NyQuest, which is a little bit like a modernized request compatible API. But,

09:11 you know, built into the library, we've got URLib requests, could we just put the three or four

09:16 functions that we want to write but turn that and just instead of having actually htpx or requests

09:23 just have it use the built-ins right so build a little facade adapter layer on top of stuff that's

09:28 already there what do you think of that idea i think that's smart kind of a little bit of shift

09:32 left or first principles like if you don't need to bring along those whole packages you don't bring

09:36 along a lot of complexity frameworks are nice when they solve you know they usually do like an 80

09:41 kind of problem if you get a 10 kind of problem i wouldn't bring those kind of dependencies

09:46 into your project because now you're on the treadmill.

09:48 You've got to keep up with the release cycles and security vulnerabilities, et cetera,

09:53 versus if you're controlling your own fate here

09:55 for just a couple little things you need, it's probably cleaner and more explicit than implicit.

10:02 You're just not subject to have to deal with all the stuff that goes with it, right?

10:06 And put security aside, just the, they released a new version or they decided

10:11 they were going to do a breaking change and that's probably worthwhile,

10:14 but then you've got to deal with the breaking change.

10:16 You know, like if the thing you're doing is not going to change really,

10:20 and it's pretty straightforward, you could just ask Claude or Pyre or whatever,

10:24 hey, see this thing, could you just give me the two functions I'm using?

10:28 If there's enough foundational stuff in the standard library, right?

10:31 So I think this is a pretty interesting thing for people to think through.

10:34 I was going down this path.

10:36 I'm like, this is pretty cool.

10:37 What if I could just make, I think I use three functions from HTTPX.

10:42 What if I could do this for HTTPX instead of the thing that they were basing theirs on?

10:47 How hard would that be with a little bit of Claude help, right?

10:49 And it turns out that the standard library's HTTP call stuff does not have any async support whatsoever.

10:59 I was going to ask if that was a thing.

11:01 No, it's not.

11:02 I'm like, wait, what are the use cases for asyncio?

11:06 Database, HTTP, API.

11:10 Hitting a network.

11:11 Hitting a network.

11:11 Wait, it's had that since 3.4, I believe, is when async was in.

11:18 And then async and await came in at 3.5.

11:21 Michael, you need to submit a PEP now.

11:23 You know what?

11:23 Very insightful thought.

11:25 I actually wrote Brett Cannon a message about this.

11:28 Said, hey, what would the steps to be actually submitting a PEP for this?

11:32 And he sent me back some stuff.

11:33 And Brett, I haven't had it just because I sent that message

11:35 and went straight on vacation.

11:37 I haven't had a chance to respond, but it looks like there's some work to be done.

11:41 and research to be done.

11:42 But I do think that that's a totally reasonable thing.

11:46 And DBAPI itself also surely does not support async, but should, you know?

11:50 Like, I think there's a few really clear places.

11:52 Yeah, there's still some hard problems left in the Python core.

11:55 Yeah, we thought it was all done.

11:56 It's not.

11:56 Yeah, yeah.

11:57 Although it is nice when you've got like HTTPX2

11:59 and you can just drop in and replace.

12:01 Yep, exactly.

12:02 Yeah.

12:02 Nice.

12:03 Yeah, we talked about that from the Pydantic folks and we're going to talk about that some more.

12:07 Yep, yep, sounds good.

12:08 All right, over to you, Calvin, for the next one.

12:10 So this one's a little bit of a double-edged mixed bag.

12:16 The bad host vulnerability is a critical vulnerability in Starlet, which is an ASCII framework,

12:21 underlies a lot of very popular projects right now that are, if you're doing MCP or if you're

12:26 doing FastAPI, it basically is kind of a core layer for the asynchronous HTTP traffic for

12:33 building an API server.

12:34 So this vulnerability was reported.

12:37 The community responded.

12:39 there was a little bit of a back and forth but I think that the exploit is trivial for example

12:45 injecting a single character into an HTTP host header can bypass path-based authentication now

12:52 there's this is where this gets a little more interesting is that maybe that's not a great

12:56 pattern for you to do which is path-based authentication that was kind of the pushback

13:00 from the Starlette maintainers which is this is not really a intended use case for Starlet

13:06 it is a vulnerability. It has been patched, has been fixed, but I believe they got a little bit of

13:12 a bum deal from the journalists who are covering it. So actually, in addition to this post here,

13:19 there's also the maintainer's perspective, which I thought was a very interesting view into both

13:24 sides of the situation. Not often do you get to see when there's a vulnerability or a CVE announced

13:29 that the maintainers get to kind of post their response. And I think they post the response

13:33 and it's well written, well thought out, explaining why this is probably not something that's common.

13:38 Many people probably weren't as vulnerable as they thought they might be,

13:41 but it would affect some really major projects.

13:43 And if major projects were doing a pattern that was not originally intended

13:46 by the maintainers of Starlet, then you end up in this bad spot.

13:49 And it could end up in remote code execution as a worst case scenario or data exfiltration

13:56 that you weren't expecting because of this, but it probably wasn't the way

13:58 you should be architecting your application.

14:01 They also got a little bit of a complaint against the Ars Technica reporter.

14:06 Basically, they asked really demanding questions and wanted an immediate response.

14:11 That's back here down at the bottom, which was kind of rude.

14:14 They were very demanding, and they only gave them, I don't know, hours, maybe an hour or

14:20 two notice that they were going to publish this article on the website.

14:23 And the website went on, the Ars Technica website went on to say that they had contacted

14:27 the maintainers but hadn't heard back.

14:28 There was no comment from the maintainers, which people can read into that how they want.

14:32 So I'm glad.

14:33 Yeah, it sounds really bad.

14:34 Like Marcello is just going to go, ah, forget you.

14:38 I have no comment, right?

14:40 Because these are open source maintainers who are doing this for the community.

14:42 They don't have a security team under the covers waiting to respond to journalists and security researchers.

14:51 I mean, they did work with the security researchers.

14:52 They did negotiate a shared disclosure or a mutual disclosure timeframe.

14:58 This ended up for the best for everyone involved, except how he got portrayed.

15:03 Now, luckily, I think folks in the comments stood up for Marcelo and the team.

15:06 So I think people in the community understand.

15:09 But someone who's just coming to that article on Ars Technica may think differently of that project.

15:15 And I think they should read this article as a response to that.

15:18 Very interesting.

15:19 I generally enjoy reading Dan Gooden's work, and I like Ars Technica.

15:22 Yeah, I was surprised.

15:24 I was surprised.

15:24 You can just see the incentives at play here.

15:27 Like, hey, you got to do an article this week, or we got to be the first to publish on this.

15:32 Well, and I think because MCP servers were the prime target.

15:35 If you're running an MCP server, you were probably using a Starlet-based framework under the covers.

15:41 And so a lot of credentials are stored in there.

15:44 And if they were slop-coded, vibe-coded versions of those servers out there,

15:48 they could have used a path-based protection like this.

15:51 Sure.

15:51 And probably, I don't know how it links back to FastMCP,

15:54 but I think that's probably based on Starlet.

15:57 That's what I was thinking too.

15:58 I didn't go double check that though.

15:59 Yeah, I will leave that as a exercise to the audience.

16:03 But I think it is.

16:04 These open source maintainers are getting near daily security reports,

16:07 especially when you're seeing projects like Mythos being released.

16:11 I think this volume is only going to increase.

16:13 So a lot of it's AI generated noise and they have to be able to deal with it.

16:17 So you're seeing a lot of pushback from the open source communities

16:19 against AI pull requests and security posts.

16:23 Absolutely.

16:24 Yep.

16:24 We could go down that a lot, but let's instead.

16:26 Yeah, yeah, yeah, I know.

16:27 Let's talk about merges.

16:29 Merges.

16:30 Let's talk about merging.

16:31 So are you an Alembic sort of person?

16:33 Do you Alembic?

16:34 Do you, SQLAlchemy is really the question.

16:36 I do, actually.

16:37 On that FastAPI project that I was mentioning from this morning,

16:40 I have Alembic in there.

16:42 Okay, very interesting.

16:43 Yeah, I think FastAPI, sorry.

16:44 I think SQLAlchemy is pretty neat.

16:47 And this project, you know, Julian Fianjo also does this quite a bit.

16:53 So he is one of the founders of Mergeify, which is all about making sure that merges,

17:00 PRs emerge faster.

17:02 That's good advice right there.

17:03 Stop breaking main.

17:04 Exactly.

17:04 Stop breaking main.

17:06 It's a platform that allows you to handle merges better, right?

17:09 So, but one of the problems, let me see, there we go.

17:12 One of the problems they ran into is the way Alembic,

17:15 so what is Alembic?

17:16 Alembic is a system that allows different developers in production or Q&A or whatever

17:22 to have an older version of the database, change the classes that map over to the ORM to the database,

17:30 and then apply this automation to restructure or migrate the database

17:35 such that it's now consistent with this new world, right?

17:38 And the way it works is every change you make, you check in an up and a down set of changes,

17:45 like add this column, delete this column, right?

17:47 And so on, you know, like the up would be add a column

17:49 and then the down would be delete the column.

17:51 And there's this set of revisions that pile up for these projects.

17:55 The problem is each revision says the one that came before me was some hash or something

18:01 or another, right?

18:02 And if two people create a PR off of the same base and that PR needs a migration in it,

18:09 they both point back to the same one, but they really need to be done one and then the other,

18:14 right?

18:14 Like you need a linear chain of migrations, not some kind of complex hierarchy of migrations.

18:20 And so that is a problem, right?

18:23 And they saw that, Julian and all of them saw that a lot with their merging tools, right?

18:28 So this project here called Alembic Git Revisions.

18:33 So instead of using a, when you run an Alembic migrate or whatever, instead of having to just capture the back version, what it uses is Git history to figure out the orders of when those actual migrations landed in the migration series.

18:47 And say, well, they look like they pointed the same one, but this one came in this time.

18:51 And then the next one came in after that.

18:53 So is the blockchain craze officially over that they didn't use blockchain to solve this?

18:58 Exactly.

18:58 I think we should use BitTorrent and blockchain and all these things.

19:03 So yeah, I think this is a pretty neat one.

19:04 So I just want to give it a shout out.

19:05 So if you use...

19:06 That's smart.

19:07 That's totally smart.

19:08 Why would we not do this?

19:10 I know.

19:10 This is quite new.

19:11 You can see it's been updated seven hours ago.

19:14 It's about a month old.

19:15 I know four months old when the repo was created.

19:18 I think probably it was released just very, very recently, right?

19:22 So check it out.

19:22 If this sounds like it's a problem that you have, here's a really nice fix for it.

19:27 Yeah.

19:27 I mean, just putting in place these good guardrails makes sense across our project.

19:31 So this almost should become the default behavior.

19:34 Yeah.

19:35 I mean, think of when, how old is SQLAlchemy?

19:37 It's pretty old.

19:38 It's pretty old.

19:39 And I don't mean that in a pejorative way.

19:40 I'm just thinking.

19:41 No, no, no.

19:42 It's mature.

19:43 It's very mature.

19:44 It's like saying, well, Jago's old.

19:45 Like, Jacob's been around for a long time and is doing awesome stuff.

19:49 But the reason I bring that up is it's just Alembic was created in a time before all these crazy PRs.

19:55 And think of all the AI PRs going on now as well.

19:57 It's got to be worse, you know?

19:58 Yeah.

19:59 Time for that stuff.

20:00 All right.

20:00 So if you Alembic, check out Alembic Get Revisions from Julian and the team.

20:04 Smart.

20:05 Very smart.

20:06 Yeah, yeah.

20:06 So I think that's it for all of our topics, right?

20:09 Yeah, yeah.

20:10 I did want to add in a little bit of extra here.

20:12 If you've not checked it out, Library Skills is by Sebastian from the FastAPI project.

20:18 FastAPI has a great skill included with the library.

20:24 So if you're using agentic tools to build on top of FastAPI, your tools will now know

20:29 more about the preferred best practices in that framework because those skills exist in

20:35 the agents folder.

20:36 This Library Skills project is a standard and allows you to build out skills for any

20:40 library you may be using.

20:42 if you've been using agentic AI Claude Code or others to build your software projects,

20:47 sometimes they grab old dependencies because that was the popular thing at the time.

20:50 They go based on what was kind of popular on the internet versus what's the best practice now.

20:55 And so this helps guide your agents to those best practices.

20:58 So it's a cool project.

20:59 It's very, very new and also has a lot.

21:02 He's already almost a 600 stars.

21:04 So maybe after this episode, he'll get to pass 600 stars on the library skills repository.

21:09 Wow.

21:09 That's pretty cool.

21:10 This is super cool.

21:11 Well done, FastAPI team.

21:14 Yeah, I mean, they don't stop.

21:16 It's pretty cool.

21:17 So there you go.

21:18 Yeah, it's really cool.

21:19 And I think this is a brilliant idea.

21:21 I actually been working on doing that just for myself

21:27 because this is absolutely a problem.

21:28 So I'm like, all right, I work on Court and Flask and I'm working on Pyramid and I use DiscCache.

21:34 And some of these are popular, like FastAPI, but others, not very popular at all.

21:38 So I've actually been, every project that I adopt that I think is going to be important for something like Claude is I'll go through and I'll generate this kind of document that says, here's all the stuff you need.

21:50 And the way that I get it is I will git cloned the documentation, the latest documentation from the project and the source code until you generate this from the documentation.

21:59 Everything you see in the documentation, you need to verify with the active source code of the project, right?

22:04 But that's just Michael randomly working on it.

22:06 It is on GitHub.

22:06 You can check it out.

22:07 But it's cool that they've set up this more standard way, right?

22:12 That it's just not just everybody trying to solve it for themselves.

22:15 Yeah.

22:15 And it makes sense.

22:17 You want to have good, authoritative information on the versions of the things you're currently working on in your project.

22:22 Because you may have a version behind, and the AI may tell you a new thing that doesn't exist in your version, and you can't upgrade yet.

22:28 So again, it helps line up all the pieces and give you the best chance of building great software with these AI agents.

22:35 I'm going to avoid a rant.

22:37 But I definitely think that people who are not having great AI experiences need to think

22:42 of bringing some of these ideas in there and all of a sudden hallucinations just go away.

22:47 Go away.

22:47 Yeah, it's incredible.

22:49 It's been told.

22:50 Yeah.

22:50 Yeah.

22:51 Mike asks, how does Django handle migration and serialization conflicts?

22:55 I don't know.

22:55 Do you have any idea?

22:56 I don't know either off the top of my head.

22:58 I have not run into it much.

23:00 I'd have to ask someone on my team if they had.

23:02 Yeah.

23:02 Yeah.

23:03 It's probably pretty similar.

23:04 My guess is, yeah.

23:05 So is that all?

23:06 It's pretty mature.

23:07 I have one more extra.

23:08 Yeah, yeah, let's do it.

23:09 So this one's a bit old school.

23:11 If you are a developer and you've ever used the GNU make command,

23:17 did you know that it has pattern matching on the targets?

23:21 So you can say train-percent colon and then have a command that runs

23:27 and it will place into your command like whatever you put in that percent word.

23:31 So if you said train new model and then the command,

23:33 it would be like train.py.

23:35 And then you put a placeholder and it would put new model right there into it for you.

23:39 That has been there since 1994.

23:41 Now, there are fancy new tools like Just and Task out there.

23:45 They don't do this.

23:46 This is actually, I think, a power move that I only heard about this week.

23:51 So check it out.

23:52 Make still very powerful and still very relevant in this day and age for doing task running.

23:57 We do use Just and Task, but those projects should add this pattern matching to the target.

24:02 That's really cool.

24:03 Yeah, how interesting.

24:04 There's just a never-ending source of learning in all these things, right?

24:09 You're like, oh, yeah, I'll figure this out.

24:10 No, maybe not.

24:12 And one more thing I want to mention, because we didn't get to mention at the very beginning,

24:15 or something I want to pitch for everyone to come out and hang out with me.

24:18 I am going to be doing a LinkedIn Live with Whit Morris from the 6.15,

24:22 June 17th at 3.30 on, oh, right, it's not a code review.

24:26 I say, oh, you're right, it's not a code review.

24:28 What AI proves what it checked.

24:31 So basically calling the AI out.

24:33 We'll be doing that on the 17th.

24:35 So come hang out with me that day.

24:36 I mean, wit.

24:37 You're absolutely right.

24:38 That is not what it was supposed to do.

24:40 Exactly.

24:40 Let me try again.

24:41 Yeah, that's exactly it.

24:43 All right.

24:43 I got a couple of extras for us to jump on.

24:45 So I had recently, I had both Michael Chow and Rich Ione on Talk Python to talk about great docs.

24:55 Are you familiar with this?

24:56 I'm not familiar with great docs.

24:57 It's a document generator plus static site generator.

25:01 That's super mature because it's based on Quarto, which itself is pretty mature, right?

25:06 So I did my first project documentation on top of this, and I think it is really neat.

25:13 So this is just, I'm showing you the great docs documentation, but I haven't published mine yet.

25:19 I've got Nginx settings to set first, and then they'll be up.

25:23 But this is really cool because the reason I wanted to highlight this is you're talking about the library stuff

25:30 and how libraries can basically set up skills that AIs can use to work with that library, right?

25:37 Yeah.

25:38 Well, one of the things that's really cool about Great Docs

25:39 is it automatically generates skills for your library.

25:43 Very relevant.

25:44 And you can even write extra ones.

25:46 And then you can just say install through like NPX skills from wherever

25:51 or run their CLI to install it for like Clot or Codex or whatever,

25:56 which is already neat.

25:57 It also generates an LLMs and an LLMs.txt, but also a full one that has all the API documentation in there.

26:05 And when you go to one of your references or whatever, you pull it up, you can go and view every bit of documentation as a markdown file that you can get.

26:16 And so I'm thinking that this is going to become a pretty popular way to document projects because it's without doing anything at all.

26:23 It's very sort of AI coding complete, I think you would say.

26:27 What do you think of that?

26:27 I love it.

26:28 I mean, the more context we can provide to these agents and tooling, the better off we are.

26:34 And actually, the nicer it is for humans, too.

26:36 I love Markdown, like reading Markdown so much.

26:38 I find it to be very easy, and I can then format it how I want.

26:42 So it's kind of a twofer there.

26:44 Yeah, 100%.

26:45 Yeah.

26:45 All right.

26:46 So you mentioned HTTPX2.

26:48 We talked about it previously on the show as well.

26:50 And I looked at the Talk Python Courses site.

26:55 And I thought, man, could I switch to HTTPX2?

26:57 Like technically, yes, but what is the value of it?

27:00 So I looked at my requirements file and I saw, well, there's five projects using HTTPX.

27:05 So if I just switch mine to HTTPX2, like still I'm primarily using just HTTPX.

27:09 So like if the libraries themselves don't swap over, no matter how much you don't, you want to use a different library, you're still using that one, right?

27:16 Because you want to use those libraries.

27:17 So I went through as well, let's walk the walk.

27:19 So I went through my ListMonk one, my Umami one, a memberful one, and they all now are using HPX2.

27:26 So if anybody uses those and they want to use HPX2.

27:29 You'll now get HPX2.

27:31 Absolutely.

27:31 Absolutely.

27:32 Very nice.

27:33 Well, how about we close this episode out with a joke?

27:36 All right.

27:36 What do you got for me, Michael?

27:37 So I've named this one accurate.

27:40 Tell me what you think about these different classifications of types of like problem solving.

27:44 You know, maybe this is a CS sort of conversation.

27:46 You know, we've got algorithms.

27:47 This is when programmers don't want to explain what they did.

27:51 You'll get me every time with these kind of jokes.

27:54 We have a heuristic, which is very interesting.

27:57 Less common and less provable, but often very interesting.

28:01 The heuristic is when programmers can't explain what they did.

28:04 And then machine learning, when programmers don't know what they did.

28:08 Very black box.

28:10 Exactly.

28:10 And it won't do it again, but maybe it'll do something else also interesting.

28:15 I appreciate that.

28:16 Yeah, absolutely.

28:17 And I just also, Marco out of the audience just says,

28:20 much appreciation for Posit's open source contributions.

28:22 Yeah, so great docs is from the folks from Posit, the Shining, or Studio,

28:27 but they're also doing like Shiny for Python, lots of Python stuff these days.

28:31 Yeah.

28:31 Very nice.

28:32 All right, well, that is a wrap, Calvin.

28:35 That was fun.

28:36 Thank you for being here.

28:36 Awesome show with you.

28:37 We'll do it again.

28:38 We will.

28:39 Thanks, Michael.

28:39 Yep, bye, everyone.