Transcript #396: uv-ing your way to Python
Return to episode page view on github00:00 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
00:05 This is episode 396, recorded August 13, 2024.
00:11 I'm Michael Kennedy.
00:12 And I'm Brian Okken.
00:13 And this episode is brought to you by Scout APM.
00:17 Thank you to Scout for their continued support of the show.
00:21 Check out their link in the show notes.
00:23 We'll tell you more about them later.
00:24 If you want to follow us on the socials, you can find us all over on Mastodon.
00:28 Links at the top of the show notes.
00:31 And we are on X, although less active than we are on Mastodon, I would say.
00:36 When we catch the live show, you can do that at pythonbytes.fm/live.
00:41 And it takes you either to the old ones or lets you know about the new one if it's running right there.
00:46 So we appreciate when people are there, but audio always, always works as well.
00:50 Brian, how are you doing?
00:52 I'm good.
00:53 Yeah?
00:54 I didn't know we were still on X.
00:56 Well.
00:57 You're on X.
00:59 Here's the thing.
01:00 Oh, see, you're not on X anymore, okay?
01:02 Did you actually delete your account?
01:04 I have an account, but I check it like every other month or something like that.
01:08 So.
01:08 I still get notifications if people will at mention me.
01:11 Oh, okay.
01:12 I'll see it.
01:13 I don't like drop in and cruise through there as much.
01:17 I'd be happy on Mastodon, but there's just, I would say 75% of the people that follow us,
01:23 interact with us, at least through the show account, probably didn't make the transition.
01:28 Okay.
01:29 I should pay attention more.
01:30 So apologies.
01:31 Still there for them.
01:32 Yeah.
01:33 We're still there for them.
01:34 Okay.
01:34 Good.
01:35 That's all I meant by it.
01:37 Okay.
01:37 All right.
01:38 Well, let's kick it off with your first item.
01:39 Okay.
01:40 I want to talk, I think I already, I covered UV, a UV article yesterday, a lot yesterday.
01:45 Yeah.
01:46 Last week.
01:46 Well, it's the summertime.
01:47 You got to be real careful about your UV index and put it on your, oh, wait, no, not that.
01:51 I love UV.
01:52 Oh my God.
01:52 We could put together a UV index.
01:54 It'd be like the, that would be awesome.
01:58 Anyway.
01:59 So I saw this article, Python packaging is great now.
02:03 UV is all you need.
02:05 And I'm like, I don't know.
02:08 It seems like a little silver bullet dish for me.
02:11 But I took a look at it anyway.
02:13 This is from Juan Luis Cano Rodriguez.
02:17 Awesome name and cool profile picture.
02:20 Anyway.
02:20 So UV, what is, we like to bash on packaging, but it's just continually getting better.
02:28 And especially with people like Brett Cannon trying to continue to make it better.
02:34 It's going to, and people at UV at Astral making UV better.
02:39 But what, so what is this about?
02:41 This article, I didn't really want to completely cover the article, but there's some pretty cool
02:46 stuff here.
02:47 So bootstrapping, getting a project started is difficult sometimes or knowing what to do.
02:54 And, and I've been using a UV for making virtual environments, but, and it's really fast at that.
03:00 But I took another look at it.
03:03 There's been some updates that I didn't know it did some, some cool stuff.
03:07 So one of the highlights here is UV Python.
03:11 It manages Python versions.
03:13 And I'm like, what it does what?
03:15 So I went and checked it out.
03:18 And you can, so you don't even have to, so you can go down and say UV Python install and
03:25 it installs Python versions for you.
03:27 And it's really fast, but you don't have to.
03:30 And I'll tell you why in just a sec.
03:32 You can, you can install it like that, but you can also say UV Python list and it lists
03:38 all the Python versions that it can find on your system.
03:41 But if you say UV, V, E, and V, so creating a virtual environment, you can give it a Python
03:48 flag with a, with a number.
03:50 So you can do list to edit time.
03:52 And it tells you not only what versions are there, but also what versions it has available.
03:57 So you can, you can say like, if you don't have 3.11 on your system, you can,
04:02 you can say 3.11 anyway, and it'll install it.
04:05 I'm like, does that really work?
04:07 So I checked it out.
04:08 I tried it.
04:09 I personally, it, it said that it would just do it automatically if it wasn't there.
04:15 But I had to add the Python.
04:18 There's a flag called Python preference managed, and it's listed here somewhere.
04:23 Anyway, Python preference managed.
04:26 Dash to ask Python preference.
04:28 And then you can say UV managed.
04:30 Yeah.
04:31 Only managed or managed system or only system.
04:33 Gotcha.
04:34 Awesome.
04:34 Yeah.
04:35 Yeah.
04:35 Python preference.
04:37 But if you say managed, which is supposedly the default, but I had to pass it in anyway,
04:42 it just does it.
04:43 So I'm like, this is cool.
04:45 And I installed like six versions of Python on my Mac yesterday in seconds.
04:50 And just, just to have fun to create virtual environments.
04:54 And, and it's just neat.
04:56 So I only really need a Python with, I usually use Python within virtual environments.
05:02 So being able to just install one into a virtual environment is cool.
05:07 So what else can we do?
05:09 So the, there's other things that UV can do that, like it can initialize a pyproject.toml
05:16 for you.
05:17 And it sets up, if you do a knit, it sets up pyproject.toml and a readme and a source layout.
05:23 It doesn't do a lot, but it gets you started.
05:25 The, the thing that I thought was neat is add.
05:29 So you can add dependencies to your pyproject.toml with UV add.
05:34 And so you don't have to look up the syntax for it.
05:36 The other cool thing about it is you can give it the dev flag.
05:40 You can say UV add --dev.
05:43 Like you can say --dev py test.
05:45 And it'll add py test to your development dependencies, which is neat.
05:50 So I guess I was going to say packaging is not solved with UV.
05:55 But maybe, maybe it is.
05:57 There's some pretty cool stuff.
05:58 This is awesome.
06:00 Yeah.
06:00 If you look up, if you say UV help, there's a whole bunch of experimental, experimental items
06:07 through here.
06:08 So there's run, a knit add.
06:10 A lot of these are experimental features.
06:12 Tree is cool.
06:13 You can do a project dependency tree using UV.
06:17 So there's a lot of stuff that I used to use other tools for that UV is doing.
06:22 So kind of cool.
06:23 Locking, creating lockout.
06:25 Self.
06:25 I like it.
06:26 What does Self do?
06:27 Manage the UV executable itself.
06:29 Oh, yeah.
06:30 Okay.
06:31 So there was a lot of drama, honestly.
06:34 Not on our show, but on the mailing lists when this was announced.
06:38 With UV Python?
06:39 Or UV?
06:40 No.
06:40 With UV pip.
06:42 UV pip.
06:42 Yeah.
06:43 Yeah.
06:44 Yeah.
06:44 Yeah.
06:44 Yeah.
06:44 Yeah.
06:44 Yeah.
06:44 Yeah.
06:44 And so the reason that Charlie and team chose UV pip as part of the CLI interface as a sub-command
06:53 was so that they had space to do all these other things.
06:56 So if you just said UV install, well, is that install the Python thing?
07:00 Is that install a package?
07:01 Oh, yeah.
07:02 Yeah.
07:02 Right.
07:03 Right.
07:03 And so they put that in there as almost like a namespace for all their commands and stuff.
07:08 And how much new stuff is under these experimental sections?
07:12 Starting to feel like, okay, this is what they had in mind, right?
07:16 Yeah.
07:16 Yeah.
07:17 So the experimental part makes me nervous to put it into my normal everyday workflow a
07:23 little bit.
07:24 But for personal workflow stuff, why not play with it?
07:26 Yeah.
07:27 As you're going through this and seeing this title, Python Packaging is great.
07:32 UV is all you need.
07:33 I think it's all I use these days.
07:34 I don't think I use anything else.
07:36 There are some systems that the whole, especially with certain firewalls, that I know you can get
07:42 around it with UV, but there are some systems that I work on where I have trouble working
07:46 with UV, but pip works fine.
07:48 Oh, interesting.
07:50 Okay.
07:50 Yeah.
07:51 I have basically three or four, maybe four or five aliases that are just like two or three
07:57 letters that will do all the combination, like the full commands with this and that.
08:01 So those used to be pip commands.
08:04 Now they're UV pip with the different parameters and stuff.
08:06 Yeah.
08:07 So when UV pip started, came, I tried to alias pip to UV pip and same with virtual environment,
08:15 but I realized that I kind of like control.
08:18 I like to be able to use both.
08:20 So I just sort of taught myself these UV commands.
08:23 Yeah.
08:24 Yeah.
08:24 Sounds good.
08:25 Not too hard, is it?
08:27 All right.
08:27 Well, I have a set of bookends around Python versions to start and end the show here.
08:35 So let's start with Python 312.5 was out just last week.
08:41 Came out right after the show was released, I think.
08:44 So we didn't cover it, but yeah, here we have a brand new version of the most recent version,
08:50 Python.
08:50 And I just checked, by the way.
08:52 What?
08:52 Yeah.
08:53 And I just checked with the UV Python list.
08:57 And I think 312.4 is the latest there, just to give you a sense that like one week into
09:03 it, apparently we don't have the latest.
09:05 I was kind of hoping like that thing would be super cutting edge on top of it.
09:09 So, but I wonder if I, you know what?
09:12 It's possible that my UV is over a week out of date and it doesn't know, right?
09:17 Something like that.
09:17 I don't know.
09:18 Anyway, 312.5 is out.
09:20 And if you scroll through, I'm linking to the release notes.
09:24 Sometimes it's hard to find like what is actually changed in say 312.4 to 312.5.
09:31 Because if you go to the, if you go to python.org and click on downloads, a lot of times it'll
09:36 just show like, well, here's what's new for 312.
09:38 You're like, great.
09:39 And from the last one that I had to this, what was that?
09:42 But if you go and you can find the release notes, which I'm linking to.
09:46 And so there are a lot of releases and changes in just this minor point release.
09:52 So we've got a bunch of tests that are fixed.
09:55 How about that, Brian?
09:56 That's great.
09:57 Yeah.
09:57 Two different security improvements, patches, I guess.
10:01 You know, they're not, don't think they have CVEs.
10:04 So there must not be too bad.
10:05 Like audit, like missing audit events around certain behaviors.
10:09 Like, okay, so you couldn't audit it properly, but it's not, it's not a, you know, all your
10:13 bases are belong to us sort of thing.
10:15 A bunch of stuff in the library.
10:17 So for example, a new version of pip.
10:19 So for just a moment, just briefly, when you create a virtual environment, I won't say your
10:24 pip is out of date.
10:25 But this, things like this, fix crash when importing SSL after the main interpreter starts.
10:31 Hmm.
10:31 Might want to have that not happen.
10:33 Handle value errors raised by os.stat.
10:36 Fix some error messages in pickle.
10:38 Here's one that's worth paying attention to.
10:40 Fix a seg fault in async io.taskit coroutine.
10:44 Okay.
10:45 You know, a lot of times you think of, at least I think one of the really huge advantages of
10:50 Python is when stuff goes wrong, your program doesn't just go poof and go away.
10:54 It, it reports the error.
10:56 It gives you a chance to catch it.
10:57 Right.
10:58 You like this Python itself doesn't die.
11:00 It knows it's something's gone terribly wrong and it shuts down.
11:04 Right.
11:04 But the Python, cpython seg faults, then it just goes poof and goes away.
11:07 So there's a ton of stuff like this.
11:09 So I just wanted to call, call people's attention to all the changes here.
11:12 And there's even some that look like performance.
11:15 For example, what was it?
11:18 f-strings.
11:18 If you have an F string that has just one entry into it, it, I think it used to create an abstract
11:25 syntax tree to try to build it up.
11:27 And they're like, not really needed all that stuff for a single F string.
11:31 Our F string was single, entry in it.
11:34 So, yeah, that's, that's going to be a nice performance improvement as well.
11:39 Is it a dash?
11:40 How do they F string it?
11:41 Yeah.
11:41 So anyway, these are all good things.
11:43 Yeah, definitely.
11:44 Yeah.
11:45 f-strings are getting, getting, getting more secure, more fast, more faster, better.
11:49 Faster, better, stronger.
11:50 We have the technology.
11:51 We can rebuild it.
11:52 Okay.
11:52 Can you even imagine going back to the time before f-strings?
11:55 It was a dark time.
11:57 It was a dark time.
11:59 My percent, my percent key still has no, no, characters on it.
12:04 No, just kidding.
12:04 Yeah.
12:06 Yeah.
12:06 Indeed.
12:07 Okay.
12:07 And before we go on to the next one, you were probably going to give us some really awesome
12:12 segue there, but let's talk about, Scott APM before we move on.
12:17 Okay.
12:17 Let me tell you real quick about doubt APM.
12:21 They're big supporters of Python bytes.
12:23 So we appreciate that very much.
12:25 So if you are tired of spending hours trying to find the root cause of issues impacting your
12:31 performance, then you owe it to yourself to check out scout APM.
12:34 They're a leading Python application performance monitoring tool, APM, that helps you identify
12:40 and solve performance abnormalities faster and easier.
12:43 Scout APM ties bottlenecks such as memory leaks, slow database queries, background jobs,
12:49 and the dreaded N plus one queries that you can end up.
12:51 If you do lazy loading in your ORM, then you say, Oh no, why is it so slow?
12:56 Why are you doing 200 database queries for what should be one?
12:59 So you can find out things like that.
13:00 And it links it back directly to source code.
13:02 So you can spend less time in the debugger and healing logs and just finding the problems
13:07 and moving on.
13:07 And you'll love it because it's built for developers by developers.
13:10 It makes it easy to get set up.
13:12 Seriously, you can do it in less than four minutes.
13:15 So that's awesome.
13:15 And the best part is the pricing is straightforward.
13:19 You only pay for the data that you use with no hidden overage fees or per seat pricing.
13:24 And I just learned this, Brian.
13:27 They also have, they provide the pro version for free to all open source projects.
13:32 So if you're an open source maintainer and you want to have Scout APM for that project,
13:36 just shoot them a message or something on their pricing page about that.
13:39 So you can start your free trial and get instant insights today.
13:43 Visit pythonbytes.fm/scout.
13:46 The link is in your podcast player show notes as well.
13:48 And please use that link.
13:49 Don't just search for them because otherwise they don't think you came from us.
13:53 And then they'd stop supporting the show.
13:55 So please use our link pythonbytes.fm/scout.
13:57 Check them out.
13:58 It really supports the show.
14:00 Over to you, Brian.
14:01 All righty.
14:02 I want to talk about Tox a little bit.
14:04 We haven't talked, actually brought up Tox for a while, I don't think.
14:08 But there's an article on Victor Reimark's blog about compile and use dependencies for multiple
14:17 Python versions with Tox.
14:19 And it's kind of a neat idea.
14:22 I use Tox for incorporating it with GitHub Actions a lot to be able to, well, and just locally to be able to test multiple Python versions and multiple versions of different libraries, how they work together.
14:36 Tox is great for things like that.
14:38 But one of the things that I didn't think about was doing pinning, like compiling pinned list or lock lists for dependencies for multiple Python versions.
14:49 And so this article walks you through kind of why you would want to do that, but then also how to.
14:55 And the little trick here, which I think is cool, is that Tox uses an environment name called the env name.
15:03 And so there is a way to be able to specify, use that to look at different, the Tox environment that it created, because it creates a little virtual environments when it's running.
15:17 But the neat thing about that is you can use it other places.
15:20 And the idea around this was to go ahead and use this article uses pip-tools, but really, I think you could use anything.
15:29 But to target a compile, like a pip-tools compile and, and send it to using pip compile and using pyproject.tomla as the base file, and then outputting to a requirements in env name, which is, or a env.text or a, like a env-dev.text.
15:52 So you could do like a requirements with a requirements file, essentially with, with your environment specified in it.
16:00 You could, in this example, it's using a directory, pumping them all into a requirements folder with a directory, but you could also do, you could also do a directory.
16:10 And then also, I also like to have a requirements dash whatever.
16:15 So even if I had them all filed into a directory, I usually put something like requirements dash 312.txt or something like that.
16:23 But having that be able to specify it from the project allows you, allows the little trick to be able to say, oh, here's an example of with the requirements dash.
16:34 I like that a little bit better.
16:36 But to, to have a requirements target within Tox, so that you can use that to compile your project, compile those.
16:47 And while they're running, you're, instead of like in CI or something, can grab those.
16:52 And instead of generating a, just whatever it can find, it's a pinned or a locked set of, set of dependencies.
17:01 It might be a little bit more consistent.
17:04 So, so that locally, the, and the idea would be then locally you, when you're testing yourself, you can say, hey, I'm ready to update my dependencies.
17:12 And then it regenerate the, all of the, all of the dev files and then, or all the lock files.
17:19 And then later when you're, when CI is running, it doesn't look up dependencies.
17:25 It just like knows the fixed links or the fixed versions.
17:29 So kind of a neat idea.
17:30 I wanted to highlight that.
17:32 I also wanted to highlight this because I want to, I like this idea, but I want to do it with UV.
17:38 And I want to, I'd like to be, I think I'll play with this.
17:42 But if anybody else has time to play with this and see if they can get it working with UV, I'd love to see the outcome.
17:48 So.
17:48 Yeah, that's awesome.
17:49 I imagine you can, because if it was using pip-tools, you know, it's got the pip compile behaviors.
17:56 It shouldn't be that hard.
17:58 Yeah.
17:58 Yeah.
17:58 It's awesome.
17:58 Yeah.
17:59 This looks great.
17:59 I love it.
18:00 What do you got for us?
18:01 You let's, let's close it out with dark.
18:05 I did tell you it was the 13th, didn't I?
18:07 Yeah.
18:09 So I present to you a, this is not exactly a Python thing, but I feel like this is a, anyone who builds web apps or other types of apps and interacts with, you know, users sort of thing.
18:20 So superset, if you will, I present to you a catalog of dark patterns for software.
18:26 Dun, dun, dun.
18:27 Dun, dun, dun.
18:28 It says discover a variety of dark pattern examples sorted by category to help you better understand deceptive design practices.
18:37 So there's some that you probably would know like bait and switch.
18:41 And each one of these has at least one concrete, like case study of evil, badness of darkness, let's say.
18:49 So the bait and switch one, which says this tactic lures users with an enticing offer only to change the terms unexpectedly.
18:57 So they've got a lift 60% off.
19:00 Wouldn't you like 60% off of your next ride?
19:02 Just click here and sign up, right?
19:04 And then once actually your next two rides, it says right here.
19:07 Yeah.
19:08 But then actually, as you try to apply it, it turns out it only counts towards 60% off the first $10.
19:14 So if you like went to the airport, it was 50 bucks.
19:17 It's like, well, you know, it's still 44.
19:19 Yeah.
19:20 Perfect.
19:21 so that's not ideal.
19:24 No.
19:24 To me, the classic bait switch is the cable companies for internet or, or anything like,
19:29 don't you want to add like a home phone, like digital phone?
19:33 And then you can add like the sports package and it's only $5 more for the first, you know,
19:39 for the first, six months.
19:41 And then it's like $150 more.
19:43 So I had one just like yesterday.
19:45 I had an email from my cell phone provider that said, since you've been here, like so many numbers
19:52 of years, we're going to give you 10% off.
19:54 I'm like, that's cool.
19:55 And I clicked on it and it was 10% off any of your case pair purchases.
20:00 Like, so shady.
20:03 So shady.
20:05 So that, I mean, people probably know that one, but there's other ones that are, interesting.
20:09 Like one that I really like is the roach motel.
20:13 Okay.
20:14 So, you know, what is that?
20:16 Oh, it's this dark pattern usually used for subscriptions, making it easy to sign up, but
20:21 nearly impossible to cancel.
20:23 So there's, you know, you can't, there's not like a just unsubscribe us button.
20:27 You've got to call somebody and they try to talk you out of it.
20:30 Like I'm a hat, hat tip.
20:32 The cable companies again on this.
20:34 Yeah.
20:35 Right.
20:35 But yeah.
20:36 There's one, there's one click subscribe.
20:38 All right.
20:40 Canceled.
20:40 So please come down to our office during hours of four and three.
20:43 Exactly.
20:44 Exactly.
20:45 Exactly.
20:46 And if you don't get through the line of people backed up trying to get out of it, then,
20:49 you'll, you'll, do bad.
20:51 Try again the next week.
20:52 So there's a bunch of these.
20:53 I'll do one more just that people go play with them.
20:56 Disguised ads.
20:58 Oh, I thought it was disgusting ads.
21:00 Disguised ads.
21:01 Okay.
21:01 Disguised ads, which are themselves disgusting, but the pattern is disguised.
21:07 So Microsoft edge, for example, and I feel like Google, this is towards Google Chrome, like
21:14 a thing towards, I feel like it's also kind of reverse a lot of like Google does that as
21:19 well.
21:19 Like, wouldn't you rather use this instead when you search for something?
21:23 Anyway, I'll give you the example that's on the page.
21:25 So you may encounter not one, but two dark pattern patterns when attempting to get Google
21:32 Chrome onto your computer.
21:33 When you have Microsoft edge, this happens when you have a empty install of windows.
21:37 Because you have edge installed, but not Chrome.
21:39 And, or, I mean, I feel like installing Chrome itself is a dark pattern that you should just
21:44 avoid use of all the brave Firefox, something else.
21:48 But anyway, that's not the point.
21:50 There's, there's two here.
21:51 And the first one is disguised ads.
21:53 The second one is confirm shaming.
21:55 And so this is like a good case here.
21:57 So if you go over to google.com/chrome in edge and you go to the down, you go to the,
22:05 like the, where you get to download it.
22:07 It literally has a built into the browser popup that comes out of the menu bar.
22:12 No, that dress bar rather says, I hate saving money.
22:16 Said no one ever.
22:17 Microsoft edge is the best browser for online shopping.
22:24 Just by literally visiting the Chrome page, you get this popup.
22:28 It's like integrated, not into the HTML, but into the UI of the browser.
22:32 That's so funny.
22:33 Yeah.
22:34 So that's, that's shady.
22:35 That's one.
22:36 I kind of love the boldness of that though, actually.
22:38 But I know.
22:40 And then if you go to, go to Bing, I believe this, which is the default search engine and
22:46 you just search for Chrome, you get some results.
22:50 And then there's like this other part.
22:51 Oh no, this is actually in the start, the start menu.
22:55 This is in the start menu.
22:57 So if you type Chrome, you like try to run Chrome.
23:00 Oh dear.
23:01 Half of the whole start menu says, try Bing wallpaper.
23:04 Switch to the browser recommended by Microsoft.
23:07 Download edge.
23:08 Yeah.
23:09 Oh my God.
23:10 Yeah.
23:11 So what's cool is it says, look here, like it kind of highlights the various patterns
23:16 that are here.
23:17 And then like other companies that do similar patterns.
23:20 Anyway, I think this is interesting reading.
23:22 I think figuring out, like just being aware of this stuff.
23:25 So if you're involved in building these things, you're like, Hey guys, people are going to not
23:29 like us.
23:30 Could we do this a little bit differently?
23:32 You know, sometimes marketing will win.
23:33 Sometimes developers will win, but.
23:35 So are these dark patterns or, or maybe growth hacking?
23:41 Yes.
23:42 Is this our yacht or is this a dark pattern?
23:46 Could it be both?
23:47 Hmm.
23:48 What could I incorporate these into?
23:50 No.
23:51 Yeah.
23:52 Hashtag you win if you can get like all dark patterns.
23:55 Oh, that'd be fun to try to.
23:57 It'd be good growth act.
23:58 Cause then you could appear under every category.
24:00 That'd be like some like link.
24:02 Pre-advertising.
24:03 Exactly.
24:04 Yeah.
24:05 Anyway.
24:06 Yeah.
24:07 This is what I got for you.
24:08 Kind of interesting.
24:09 Nice.
24:10 Extras.
24:11 You got any extras you want to share?
24:12 The extra I wanted to shout out was, was just, I've been, I've been, I think I have my
24:18 recording done for, for HelloPiTest.
24:20 The only thing left to record is the summary at the end.
24:23 The, I want, well I have the, there's a few things I want to like one extra video and
24:28 record, but I want to edit everything first.
24:30 I'm in the process of editing and keeping track of everything so that at the end I can go, Hey,
24:35 we went through all these things.
24:36 So I want to make sure.
24:39 Actually the thing that I have left is I want to review all of the command line flags that
24:44 I use in the course.
24:46 I don't remember all the ones I've used.
24:47 So I'm writing down as I'm editing.
24:50 So nice.
24:51 That's awesome.
24:52 But I'm on track for August 19th.
24:54 A few people have ordered already.
24:55 Thank you so much.
24:57 Everyone that's ordered so far.
24:59 So love you.
25:00 My wife loves you.
25:01 We went out to got coffee or off of money we got from this.
25:05 So beautiful.
25:06 Yeah.
25:07 Available for pre-order now.
25:08 Yeah.
25:09 what you got?
25:10 I have just a couple of things.
25:13 Django 5.1 released though.
25:17 Big deal here is easier guardrails for authentication.
25:20 Cause having people access stuff that was supposed to be authenticated, but isn't as bad.
25:26 They didn't say that that's my words.
25:28 The new and shiny login required middleware is available, which enforces authentication for
25:33 all views.
25:34 Yeah.
25:35 better screen reader support, better HTML semantics.
25:40 The second oldest ticket is now fixed with a long awaited query string template tag.
25:46 So these things are all good.
25:48 And let's see.
25:50 What's there now?
25:51 I thought there might've been a CVE or something in here, but I don't think so.
25:55 I saw Django CVE not too long ago, security deal, but it doesn't seem like it's addressed
26:01 with this one.
26:02 So it must've been fixed previously.
26:03 All right.
26:04 So that, and then here's the bookend.
26:05 We started with a 312.5 being available.
26:08 Well, how about Python 313 looking forward with release candidate one is out.
26:14 So this happened a little bit ago, but if you're out there and they say, please test,
26:21 you have a package, especially a popular one, please test it with Python 313 ahead of time.
26:28 So we can do stuff about it.
26:29 And you're like, oh, it's betas.
26:31 I'm not going to take the trouble.
26:32 I'm not going to worry about it.
26:33 Well, it's now officially stable in terms of features, right?
26:37 They're not going to add or remove things ideally unless they absolutely have to.
26:41 So you should be able to properly start putting energy into testing and playing with this one.
26:46 And this one is a big deal because this is the first free threaded Python, which is going
26:51 to have significant effects on runtime behavior.
26:55 not just the API still work, right?
26:57 So it's going to be worth testing with this one.
26:59 All those other versions of Python, you have to pay for threading.
27:02 This one's free threading.
27:03 Yeah, it's awesome.
27:05 Finally, finally, it's free.
27:07 You just have, yeah, you have to pay by buying other machines and running copies on them to get parallels.
27:13 No, I, so I was hoping that UV Python would have 313 there, but it doesn't yet.
27:19 So yeah, that would, all right.
27:21 UV team out there listening.
27:23 Astral, come on Astral.
27:24 What are you doing?
27:25 Exactly.
27:26 Let's, let's get, let's turn UV Python into like, this is how I get the freshest Python, which is actually one of the things that's a little tricky.
27:33 Like homebrew, it takes a week for that stuff to show up and other stuff.
27:36 Yeah.
27:37 A week.
27:38 Yeah.
27:39 Who wants week old coffee?
27:40 No, no.
27:41 Your threads are totally stale, but.
27:44 It's a, it's a goofy episode, man.
27:47 It is.
27:48 All right.
27:49 I know you got the joke for us this week.
27:50 So.
27:51 Okay.
27:52 Well, actually, before we get onto this, I was just thinking because you, you wanted, when
27:56 you were talking about Django, I thought of a new, of a, a dorky joke.
28:02 So what do you call a 17 year old insect?
28:05 A minor, a minor bug.
28:06 Oh, that's pretty good.
28:09 okay.
28:10 So, I saw this artist technical, a, is it ours or ARS?
28:14 I don't know.
28:15 ARS technica.
28:16 I say ours, but I know now you say that I'm not sure I've ever heard anyone pronounce it.
28:21 So.
28:22 Okay.
28:22 We're going with ours.
28:23 Cause it's lowercase.
28:24 Ars technica, had an article parody site.
28:27 Clown strike refuses to bow down to cloud strikes, bogus DMCA takedown.
28:32 so there's an article here.
28:34 I wanted to check it out myself.
28:36 so if you go to, clown strike dot LOL.
28:41 and we'll refresh it.
28:43 see if it, it starts out looking like crowd strike, but it has a little goofy hat on
28:49 it.
28:50 and then if you put, I'm not going to play the music now, but, if you play music,
28:55 it's got like some, some goofy little music that goes along with it.
28:57 And there's a clown.
28:58 That's it.
28:59 That's just, it's just funny.
29:00 but, now if you click on the left, it tells you about all this.
29:06 Well, it tells you the, the ARS technica article, but it also talks about this story about how
29:11 they had these takedown, crowd strike tried to take them down and it's just silly.
29:17 there's some other stuff here too, that I think it's just hilarious.
29:20 Like, the what scam advisor lists clown strike, LOL as a highly trusted might be safe.
29:29 It's like nothing there except for just this goofy little picture.
29:34 And, but, but there are some, some, some other stuff in it.
29:38 You can read the whole story and all the letters about, or all the emails, the back and forth
29:42 about the takedowns.
29:43 And actually, there, I was surprised to find out that they had to like cloud for cloud
29:49 flare was, was, was hosting this, but it, it like accepted the takedown at first.
29:57 and eventually back down, but even after, but after it got moved, but I'm surprised that,
30:03 I'm surprised that it got taken down so fast because obviously this is a parody site.
30:09 and parody is protected.
30:11 There's no way like even a cursory look at this.
30:13 Anybody would think this is a realistic, yeah.
30:17 It's not trying to impersonate it or anything like that.
30:20 Yeah.
30:21 Just making fun of the situation.
30:22 And, and I think that they just probably, I mean, they really should have just ignored
30:26 it.
30:27 And now clown strike is known and we're talking about it.
30:30 And ours technique is talking about it.
30:31 Anyway.
30:32 exactly.
30:33 So it's the barber strain stand effect.
30:34 Right?
30:35 Yeah.
30:36 So, oh boy.
30:37 So, oh boy.
30:38 Anyway.
30:39 Yeah.
30:39 I mean, I'm somewhat sympathetic to crowd strike, but this is, this is a bad look.
30:43 You know, if you've got a right native code that runs in the kernel, the smallest mistake.
30:49 And it has to be like updated within hours of you learning new information.
30:53 I don't know.
30:54 It's, it's tough.
30:55 It's apparently it's one of the, the best antivirus systems out there that actually works.
31:00 And isn't just, you know, you wouldn't talk dark patterns.
31:02 Like a lot of this antivirus clean your computer stuff is really shit shady, but boy, did they
31:08 cause a problem that I would not want to be in their shoes.
31:11 No.
31:12 Well, I don't know.
31:13 I mean, a couple of weeks of shame over you get billions of dollars to pay for that shame.
31:18 So, yeah, I think they're going to get a lot of lawsuits from a lot of angry fortune 500
31:23 companies.
31:24 And even if they win defending them, it's going to, going to hurt them bad.
31:27 If it doesn't kill them, it's going to hurt them bad.
31:29 So.
31:30 Okay.
31:31 So yeah.
31:31 Sympathies out there for somebody.
31:33 Some, a little bit, a little bit, a little bit, but I feel like they've certainly earned
31:40 this website and wow.
31:41 I didn't know.
31:42 LOL was a top level domain.
31:43 Yeah.
31:44 It's funny.
31:45 It makes me laugh.
31:46 Yeah.
31:47 What's that stand?
31:48 What is it?
31:49 What is it?
31:50 Is it like a country?
31:51 Is it literally lol?
31:52 Like laugh out loud?
31:53 Or is it because they're like dot pizza is a top level domain as well, which just seems
31:58 wrong.
31:59 Oh, that does seem wrong.
32:01 Really?
32:02 I think so.
32:03 I'll have to check that out.
32:04 Like pepperoni dot pizza and like, you know, Hawaiian.
32:06 Honestly.
32:07 Yeah.
32:08 Pineapple.
32:09 Maybe we need to get some domains.
32:10 Yeah.
32:11 Anyway.
32:12 Okay.
32:13 Awesome.
32:14 Great.
32:15 All right.
32:15 Thanks for being here like always.
32:16 Thank you.