Transcript #396: uv-ing your way to Python
Return to episode page view on github00:00 Hello and welcome to Python Bytes.
00:01 We deliver Python news and headlines directly to your earbuds.
00:05 This is episode 396, recorded August 13, 2024.
00:11 I'm Michael Kennedy.
00:12 And I'm Brian Okken.
00:13 And this episode is brought to you by Scout APM.
00:17 Thank you to Scout for their continued support of the show.
00:21 Check out their link in the show notes.
00:23 We'll tell you more about them later.
00:25 If you want to follow us on the socials, you can find us all over on Mastodon.
00:28 Links at the top of the show notes.
00:31 And we are on X, although less active than we are on Mastodon, I would say.
00:36 We're going to catch the live show.
00:37 You can do that at pythonbytes.fm/live.
00:41 And it takes you either to the old ones or lets you know about the new one if it's running right there.
00:46 So we appreciate when people are there, but audio always, always works as well.
00:50 Brian, how are you doing?
00:52 I'm good.
00:53 Yeah?
00:54 I didn't know we were still on X.
00:56 But...
00:57 Well...
00:58 You're on X.
00:59 Here's the thing.
01:00 You're not on X anymore, okay?
01:02 Did you actually delete your account?
01:04 I have an account, but I check it like every other month or something like that.
01:08 So...
01:08 I still get notifications if people will @ mention me.
01:11 Oh, okay.
01:12 I'll see it, but it's kind of the same thing.
01:14 I don't like drop in and cruise through there as much.
01:16 I'd be happy on Mastodon, but there's just, I would say 75% of the people that follow us,
01:23 interact with us, at least through the show account, probably didn't make the transition.
01:28 So...
01:28 Okay.
01:29 I should pay attention more.
01:30 So, apologies.
01:31 Still there for them.
01:32 Yeah.
01:32 We're still there for them.
01:34 Okay, good.
01:34 That's all I meant by it.
01:37 Okay.
01:37 All right.
01:38 Well, let's kick it off with your first item.
01:39 Okay.
01:40 I want to talk, I think I already, I covered UV, a UV article yesterday, or last week.
01:45 Yeah.
01:46 Well, it's the summertime and you got to be real careful about your UV index and put on your...
01:50 Oh, wait, no, not that.
01:51 I love UV.
01:52 Oh my God, we could put together a UV index.
01:53 It'd be like the...
01:54 That would be awesome.
01:58 Anyway, so I saw this article, Python packaging is great now, UV is all you need.
02:05 And I'm like, I don't know.
02:08 It seems like a little silver bullet dish for me.
02:10 But I took a look at it anyway.
02:13 This is from Juan Luis Cano Rodriguez, awesome name and cool profile picture.
02:20 Anyway, so UV, what is, we like to bash on packaging, but it's just continually getting better.
02:28 And especially with people like Brett Cannon trying to continue to make it better, it's going
02:34 to, and people at UV, at Astral, making UV better.
02:39 But so what is this about?
02:41 This article, I didn't really want to completely cover the article, but there's some pretty cool
02:46 stuff here.
02:47 So bootstrapping, getting a project started is difficult sometimes, or knowing what to do.
02:54 And I've been using UV for making virtual environments, and it's really fast at that.
03:00 But I took another look at it.
03:03 There's been some updates that I didn't know it did some cool stuff.
03:07 So one of the highlights here is UV Python, it manages Python versions.
03:13 And I'm like, what?
03:14 It does what?
03:15 So I went and checked it out.
03:17 And you can, so you don't even have to.
03:21 So you can go down and say UV Python install, and it installs Python versions for you.
03:27 And it's really fast, but you don't have to.
03:30 And I'll tell you why in just a sec.
03:32 You can install it like that, but you can also say UV Python list, and it lists all the Python
03:39 versions that it can find on your system.
03:41 But if you say UV, V-E-N-V, so creating a virtual environment, you can give it a Python
03:48 flag with a number so you can do list ahead of time.
03:52 And it tells you not only what versions are there, but also what versions it has available.
03:57 So you can say, like, if you don't have 3.11 on your system, you can say 3.11 anyway, and
04:04 it'll install it.
04:05 I'm like, does that really work?
04:07 So I checked it out.
04:08 I tried it.
04:09 I personally, it said that it would just do it automatically if it wasn't there.
04:16 But I had to add the Python.
04:18 There's a flag called Python preference managed, and it's listed here somewhere.
04:23 Anyway, Python preference managed.
04:26 >> --Python preference.
04:28 And then you can say UV managed, only managed, or managed system, or only system.
04:33 Gotcha.
04:34 Awesome.
04:35 >> Yeah.
04:35 Yeah, Python preference.
04:37 But if you say managed, which is supposedly the default, but I had to pass it in anyway,
04:42 it just does it.
04:43 So I'm like, this is cool.
04:45 And I installed, like, six versions of Python on my Mac yesterday in seconds.
04:50 And just to have fun, to create virtual environments.
04:54 And it's just neat.
04:56 So I only really need a Python with -- I usually use Python within virtual environments.
05:02 So being able to just install one into a virtual environment is cool.
05:06 So what else can we do?
05:09 So there's other things that UV can do that, like, it can initialize PyProject.toml for you.
05:17 And it sets up -- if you do a net, it sets up PyProject.toml and a readme and a source layout.
05:22 It doesn't do a lot, but it gets you started.
05:24 The thing that I thought was neat is add.
05:29 So you can add dependencies to your PyProject.toml with UV add.
05:34 And so you don't have to look up the syntax for it.
05:36 The other cool thing about it is you can give it the dev flag.
05:40 You can say UV add --dev.
05:43 Like, you can say --dev pytest, and it'll add pytest to your development dependencies,
05:48 which is neat.
05:50 So I guess I was going to say packaging is not solved with UV, but maybe it is.
05:57 There's some pretty cool stuff.
05:58 >> This is awesome, yeah.
06:00 If you look up -- if you say UV help, there's a whole bunch of experimental items through here.
06:08 So there's run, init, add.
06:10 A lot of these are experimental features.
06:12 Tree is cool.
06:13 You can do a project dependency tree using UV.
06:17 So there's a lot of stuff that I used to use other tools for that UV's doing.
06:22 So kind of cool.
06:23 Locking, creating lock files.
06:24 >> I like the self.
06:25 I like it.
06:26 >> What does self do?
06:27 >> Manage the UV executable itself.
06:29 >> Oh, yeah.
06:30 Okay.
06:31 >> So there was a lot of drama, honestly, not on our show, but on the mailing lists
06:36 when this was announced.
06:37 >> With UV Python?
06:40 >> No, with UV pip.
06:41 >> UV pip, yeah.
06:43 >> Yeah, yeah, yeah.
06:44 And so the reason that Charlie and team chose UV pip as part of the CLI interface as a subcommand
06:53 was so that they had space to do all these other things.
06:55 If you just said UV install, well, is that install the Python thing?
07:00 Is that install a package?
07:01 >> Oh, yeah.
07:02 >> Right?
07:03 And so they put that in there as almost like a namespace for all their commands and stuff.
07:08 And how much new stuff is under these experimental sections, starting to feel like, okay, this
07:14 is what I had in mind, right?
07:15 >> Yeah.
07:16 Yeah.
07:17 So the experimental part makes me nervous to put it into my normal everyday workflow a
07:23 little bit.
07:24 But for personal workflow stuff, why not play with it?
07:26 >> Yeah.
07:27 >> So.
07:27 >> You know, as you're going through this and seeing this title, Python packaging is
07:32 great.
07:32 UV is all you need.
07:33 I think it's all I use these days.
07:34 I don't think I use anything else.
07:35 >> There are some systems that the whole, especially with certain firewalls that I know
07:41 you can get around it with UV, but there are some systems that I work on where I have trouble
07:45 working with UV, but pip works fine.
07:48 So.
07:48 >> Oh, interesting.
07:50 Okay.
07:50 Yeah.
07:51 I have basically three or four, maybe four or five aliases that are just like two or
07:56 three letters that will do all the combining, you know, like the full commands with this
08:01 and that.
08:01 So those used to be pip commands.
08:04 Now they're UV pip with like the different parameters and stuff.
08:06 >> Yeah.
08:07 And I tried, so when UV pip started, came, I tried to alias pip to UV pip and same with
08:14 virtual environment.
08:15 But I realized that I kind of like control.
08:18 I like to be able to use both.
08:20 So I just sort of taught myself these UV commands.
08:23 >> Yeah.
08:23 Yeah.
08:24 Sounds good.
08:25 Not too hard, is it?
08:27 All right.
08:27 Well, I have a set of bookends around Python versions to start and end the show here.
08:35 So let's start with Python 3.12.5 was out just last week, came out right after the show
08:42 was released, I think.
08:43 So we didn't cover it, but yeah, here we have a brand new version of the most recent version
08:50 Python.
08:50 And I just checked by the way.
08:51 >> What?
08:52 >> Yeah.
08:53 And I just checked with the UV Python list and I think 3.12.4 is the latest there, just
09:01 to give you a sense that like one week into it, apparently we don't have the latest.
09:05 I was kind of hoping like that thing would be super cutting edge on top of it.
09:09 So, but I wonder if I, you know what, it's possible that my UV is over a week out of
09:16 date and it doesn't know, right?
09:17 Something like that.
09:17 I don't know.
09:18 Anyway, 3.12.5 is out.
09:20 And if you scroll through, I'm linking to the release notes.
09:24 Sometimes it's hard to find like what is actually changed in say 3.12.4 to 3.12.5, because if
09:32 you go to the, if you go to python.org and click on downloads, a lot of times it'll just
09:36 show like, well, here's what's new for 3.12.
09:38 Be like, great.
09:39 And from the last one that I had, the last one was that.
09:42 But if you go, you can find the release notes at which I'm linking to.
09:46 And so there are a lot of releases and changes in just this minor point release.
09:52 So we've got a bunch of tests that are fixed.
09:55 How about that, Brian?
09:56 That's great.
09:57 Yeah.
09:57 Two different security improvements, patches, I guess.
10:01 You know, they're not, don't think they have CVEs.
10:03 So there must not be too bad.
10:06 Like audit, like missing audit events around certain behaviors.
10:09 Like, okay, so you couldn't audit it properly, but it's not, it's not a, you know, all your
10:13 bases are belong to us sort of thing.
10:16 Bunch of stuff in the library.
10:17 So for example, a new version of pip.
10:19 So for just a moment, just briefly, when you create a virtual environment, I won't say
10:24 your pip is out of date.
10:25 But this, things like this, fix crash when importing SSL after the main interpreter starts.
10:31 Hmm, might want to have that not happen.
10:33 Handle value errors raised by os.stat.
10:36 Fix some error messages in pickle.
10:38 Here's one that's worth paying attention to.
10:40 Fixed a seg fault in asyncio.task.getCoroutine.
10:45 Okay.
10:45 You know, a lot of times you think of, at least I think one of the really huge advantages
10:50 of Python is when stuff goes wrong, your program doesn't just go poof and go away.
10:55 It, it reports the error.
10:56 It gives you a chance to catch it, right?
10:57 You like this, Python itself doesn't die.
11:00 It knows it's something's gone terribly wrong and it shuts down.
11:03 Right.
11:04 But Python, CPython seg faults, then it just goes poof and goes away.
11:07 So there's a ton of stuff like this.
11:09 So I just wanted to call, call people's attention to all the changes here.
11:12 And there's even some that look like performance.
11:15 For example, what was it?
11:18 f-strings.
11:19 If you have an F string that has just one entry into it, it, I think it used to create
11:24 an abstract syntax tree to try to build it up.
11:27 And they're like, ah, not really needed all that stuff for a single F string.
11:31 Our F string was single entry in it.
11:34 So, yeah, that's, that's going to be a nice performance improvement as well.
11:39 Instead of dash, how do they F string it?
11:41 Yeah.
11:41 So anyway, these are all good things.
11:43 Yeah, definitely.
11:44 f-strings are getting, getting more secure, more fast, more faster, better.
11:49 Faster, better, stronger.
11:50 We have the technology, we can rebuild it.
11:52 Okay.
11:52 Can you even imagine going back to the time before f-strings?
11:55 It was a dark time.
11:57 It was a dark time.
11:59 My percent, my percent key still has no, no characters on it.
12:04 No, just kidding.
12:04 Yeah.
12:06 Yeah, indeed.
12:07 Okay.
12:07 And before we go on to the next one, you were probably going to give us some really
12:11 awesome segue there, but let's talk about, ScoutAPM before we move on.
12:17 Okay.
12:18 Let me tell you real quick about ScoutAPM.
12:21 They're big supporters of Python Bytes.
12:23 So we appreciate that very much.
12:25 So if you are tired of spending hours trying to find the root cause of issues impacting
12:30 your performance, then you owe it to yourself to check out ScoutAPM.
12:34 They're a leading Python application performance monitoring tool, APM, that
12:39 helps you identify and solve performance abnormalities faster and easier.
12:43 ScoutAPM ties bottlenecks such as memory leaks, slow database queries, background
12:48 jobs, and the dreaded N plus one queries that you can end up if you do lazy loading
12:53 in your ORM, then you say, Oh no, why is it so slow?
12:56 Why are you doing 200 database queries for what should be one?
12:59 So you can find out things like that.
13:00 And it links it back directly to the source code.
13:02 So you can spend less time in the debugger and healing logs and just finding the
13:06 problems and moving on.
13:07 And you'll love it because it's built for developers by developers.
13:10 It makes it easy to get set up.
13:12 Seriously, you can do it in less than four minutes.
13:15 So that's awesome.
13:15 And the best part is the pricing is straightforward.
13:19 You only pay for the data that used with no hidden overage fees or per seat pricing.
13:24 And I just learned this, Brian.
13:26 They also have, they provide the pro version for free to all open source projects.
13:32 So if you're an open source maintainer and you want to have ScoutAPM for that project,
13:36 just shoot them a message or something on their pricing page about that.
13:39 So you can start your free trial and get instant insights today.
13:43 Visit pythonbytes.fm/scout.
13:46 The link is in your podcast player show notes as well.
13:48 And please use that link.
13:49 Don't just search for them because otherwise they don't think you came from us.
13:53 And then they'd stop supporting the show.
13:55 So please use our link pythonbytes.fm/scout.
13:57 Check them out.
13:58 It really supports the show.
14:00 Over to you, Brian.
14:01 Alrighty.
14:02 I want to talk about talks a little bit.
14:04 We haven't talked, actually brought up talks for a while, I don't think.
14:08 But there's an article on Victor Remark, Victor Remark's blog, about compile and use dependencies for multiple Python versions with talks.
14:19 And it's kind of a neat idea.
14:22 I use talks for incorporating it with GitHub actions a lot to be able to,
14:29 well, and just locally to be able to test multiple Python versions and multiple versions of different libraries, how they work together.
14:36 Talks is great for things like that.
14:37 But one of the things that I didn't think about was doing pinning, like compiling pinned list or lock lists for dependencies for multiple Python versions.
14:50 And so this article walks you through kind of why you would want to do that,
14:53 but then also how to.
14:54 And the little trick here, which I think is cool, is that talks uses an environment name called the env name.
15:03 And so there is a way to be able to specify, use that to look at different, the talks environment that it created,
15:13 because it creates a little virtual environments when it's running.
15:16 But the neat thing about that is you can use it other places.
15:20 And the idea around this was to go ahead and use, this article uses pip tools, but really I think you could use anything,
15:29 but to target a compile like a pip tools compile and send it to, it's using pip compile and using pyproject.toml as the base file,
15:40 and then outputting to a requirements env name, which is, or a env.text or a, like a env-dev.text.
15:52 So you could do like a requirements with a requirements file, essentially with your environment specified in it.
16:01 You could, in this example, it's using a directory, pumping them all into a requirements folder with a directory,
16:08 but you could also do a directory.
16:10 And then also, I also like to have a requirements-whatever.
16:15 So even if I had them all filed into a directory, I usually put something like requirements-312.text
16:22 or something like that.
16:23 But having that, be able to specify it from the project, allows the little trick to be able to say,
16:31 oh, here's an example of with the requirements-, I like that a little bit better.
16:35 But to have a requirements target within talks, so that you can use that to compile your project,
16:45 compile those and while they're running, instead of like in CI or something could grab those.
16:52 And instead of generating a, just whatever it can find, it's a pinned or a locked set of dependencies.
17:02 It might be a little bit more consistent.
17:04 So, so that locally, the, and the idea would be then, locally, you, when you're testing yourself,
17:10 you can say, hey, I'm ready to update my dependencies.
17:13 And then it regenerate the, all of the, all of the dev files and then, or all the lock files.
17:19 And then later, when you're, when CI is running, it doesn't look up dependencies.
17:25 It just like knows the fixed links or the fixed versions.
17:29 So kind of a neat idea.
17:30 I wanted to highlight that.
17:32 I also wanted to highlight this because I wanna, I like this idea, but I wanna do it with UV.
17:38 And I wanna, I'd like to be, I think I'll play with this, but if anybody else has time to play with this
17:44 and see if they can get it working with UV, I'd love to see the outcome.
17:48 So, yeah, that's awesome.
17:49 I imagine you can, because if it was using pip-tools, you know, it's got the pip compile behaviors.
17:56 It shouldn't be that hard.
17:57 Yeah, yeah, it's awesome.
17:58 Yeah, this looks great.
17:59 I love it.
18:00 What do you got for us?
18:01 You, let's, let's close it out with, I think dark.
18:05 I did tell you it was the 13th, didn't I?
18:07 Yeah.
18:09 So I present to you a, this is not exactly a Python thing, but I feel like this is anyone who builds web apps
18:16 or other types of apps and interacts with, you know, users sort of thing.
18:20 So super set, if you will.
18:22 I present to you a catalog of dark patterns for software.
18:26 Says, discover a variety of dark pattern examples sorted by category to help you better understand
18:35 deceptive design practices.
18:37 So there's some that you probably would know like bait and switch.
18:41 And each one of these has at least one concrete, like case study of evil, badness of darkness, let's say.
18:49 So the bait and switch one, which says this tactic lures users with an enticing offer only to change the terms unexpectedly.
18:57 So they've got a lift 60% off.
19:00 Wouldn't you like 60% off of your next ride?
19:02 Just click here and sign up, right?
19:04 And then once, actually your next two ride that says right here.
19:07 Yeah.
19:08 But then actually, as you try to apply it, it turns out it only counts towards 60%
19:13 off the first $10.
19:14 So if you like went to the airport, it was 50 bucks.
19:17 It's like, well, you know, it's still 44.
19:20 Yeah, perfect.
19:20 So that's not ideal.
19:23 To me, the classic bait and switch is the cable companies for internet or anything.
19:29 Like, don't you want to add like a home phone, like digital phone?
19:33 And then you can add like the sports package and it's only $5 more for the first, you know,
19:39 for the first six months.
19:41 And then it's like $150 more.
19:43 So I had one just like yesterday.
19:45 I had an email from my cell phone provider that said, since you've been here, like so many numbers of years,
19:52 we're going to give you 10% off.
19:54 I'm like, that's cool.
19:55 And I clicked on it and it was 10% off any of your case purchases.
20:00 (laughing)
20:02 So shady.
20:03 So shady.
20:05 So that, I mean, people probably know that one, but there's other ones that are interesting.
20:09 Like one that I really like is the Roach Motel.
20:13 Okay.
20:14 So what is that?
20:15 Oh, it's this dark pattern usually used for subscriptions, making it easy to sign up, but nearly impossible to cancel.
20:23 So there's, you know, you can't, there's not like a just unsubscribe us button.
20:27 You've got to call somebody and they try to talk you out of it.
20:30 Like I'm a hat tip the cable companies again on this.
20:34 Right.
20:35 But yeah.
20:36 One click subscribe.
20:38 But if you want to, if you want to cancel, please come down to our office during hours of four and three.
20:43 Exactly.
20:45 Exactly.
20:46 And if you don't get through the line of people backed up, trying to get out of it, then you'll, you'll do bad.
20:51 Try again the next week.
20:52 So there's a bunch of these.
20:53 I'll do one more.
20:54 Just the people can go play with them.
20:56 Disguised ads.
20:58 Oh, I thought it was disgusting ads.
21:00 Disguised ads.
21:01 Okay.
21:01 Disguised ads, which are themselves disgusting, but the pattern is disguised.
21:07 So Microsoft edge, for example, and I feel like Google, this is towards Google Chrome,
21:13 like a thing towards, I feel like it's also kind of reverse a lot of like,
21:18 Google does that as well.
21:19 Like, wouldn't you rather use this instead when you search for something?
21:23 Anyway, I'll give you the example that's on the page.
21:25 So you may encounter not one, but two dark padding patterns when attempting to get Google Chrome onto your computer.
21:33 When you have Microsoft edge, this happens when you have a empty install of windows,
21:37 you have edge installed, but not Chrome.
21:39 And, or, I mean, I feel like installing Chrome itself as a dark pattern that you should just avoid.
21:44 Use of all the brave Firefox, something else.
21:47 But anyway, that's not the point.
21:49 There's two here.
21:51 And the first one is disguised ads.
21:53 The second one is confirm shaming.
21:55 And so this is like a good case here.
21:57 So if you go over to google.com/chrome in edge and you go to the, you go to the,
22:05 like the, where you get to download it, it literally has a built into the browser pop-up
22:10 that comes out of the menu bar.
22:12 You know, that dress bar rather says, I hate saving money, said no one ever.
22:17 Microsoft edge is the best browser for online shopping.
22:20 (laughing)
22:23 Just by literally visiting the Chrome page, you get this pop-up that's like integrated,
22:28 not into the HTML, but into the UI of the browser.
22:32 - That's so funny.
22:33 - Yeah, so that's, that's shady.
22:35 That's one.
22:36 - I kind of love the boldness of that though, actually.
22:38 (laughing)
22:40 - I know.
22:41 And then if you go to, go to Bing, I believe this, which is the default search engine,
22:46 and you just search for Chrome, you get some results.
22:49 But then there's like this other part.
22:51 Oh no, this is actually in the start, the start menu.
22:55 This is in the start menu.
22:57 So if you type Chrome, you're like trying to run Chrome.
22:59 (laughing)
23:01 Half of the whole start menu says, try Bing wallpaper.
23:04 Switch to the browser recommended by Microsoft.
23:07 Default edge.
23:08 - Dude, that's rough.
23:10 Yeah, so what's cool is that it says, look, here like it kind of highlights the various patterns
23:16 that are here and then like other companies that do similar patterns.
23:21 Anyway, I think this is interesting reading.
23:23 I think figuring out, like just being aware of this stuff.
23:25 So if you're involved in building these things, you're like, hey guys, people are gonna not like us.
23:30 Could we do this a little bit differently?
23:32 You know, sometimes marketing will win.
23:34 Sometimes developers will win.
23:35 - So are these dark patterns or maybe growth hacking?
23:41 - Yes, is this our yacht or is this a dark pattern?
23:46 Could it be both?
23:47 - What could I incorporate these into?
23:50 No.
23:50 - Yeah, it's like, #EUWin if you can get like all dark patterns.
23:56 - Oh, that'd be fun to try to.
23:57 - It'd be a good growth hack 'cause then you could appear under every category.
24:01 It'd be like some like link.
24:02 - Pre-advertising.
24:03 - Exactly, yeah.
24:04 Anyway, this is what I got for you.
24:07 Kind of interesting.
24:08 - Nice.
24:08 - Extras, you got any extras you wanna share?
24:10 - The extra I wanted to shout out was just, I think I have my recording done for Hellopytest.
24:21 The only thing left to record is the summary at the end.
24:24 There's a few things I wanna, like one extra video I wanna record, but I wanna edit everything first.
24:31 So I'm in the process of editing and keeping track of everything so that at the end I can go,
24:36 "Hey, we went through all these things." So I wanna make sure.
24:40 Actually, the thing that I have left is I want to review all of the command line flags
24:45 that I use in the course, but I don't remember all the ones I've used.
24:49 So I'm writing down as I'm editing.
24:51 - Nice, that's awesome.
24:52 - But I'm on track for August 19th.
24:54 A few people have ordered already.
24:56 Thank you so much, everyone that's ordered so far.
24:59 So love you.
25:01 My wife loves you.
25:02 We went out to get coffee off of money we got from this.
25:06 - Beautiful.
25:07 Yeah, available for pre-order now.
25:08 - Yeah.
25:09 What you got?
25:10 - I have just a couple things.
25:14 Django 5.1 released.
25:17 So big deal here is easier guardrails for authentication 'cause having people access stuff
25:24 that was supposed to be authenticated, but isn't is bad.
25:27 They didn't say that, that's my words.
25:28 The new and shiny login required middleware is available which enforces authentication for all views.
25:35 Better screen reader support, better HTML semantics.
25:40 The second oldest ticket is now fixed with a long awaited query string template tag.
25:47 So these things are all good.
25:48 And let's see, what's there?
25:51 Yeah, I thought there might've been a CVE or something in here, but I don't think so.
25:56 I saw Django CVE not too long ago, security deal, but it doesn't seem like it's addressed with this one.
26:02 So it must've been fixed previously.
26:03 All right, so that, and then here's the bookend.
26:05 We started with 3.12.5 being available.
26:09 Well, how about Python 3.13 looking forward with release candidate one is out.
26:15 So this happened a little bit ago, but if you're out there and they say,
26:21 "Please test, you have a package, especially a popular one, please test it with Python 3.13 ahead of time
26:28 so we can do stuff about it." And you're like, "Oh, it's betas.
26:32 I'm not gonna take the trouble.
26:33 I'm not gonna worry about it." Well, it's now officially stable in terms of features, right?
26:38 They're not gonna add or remove things ideally unless they absolutely have to.
26:42 So you should be able to properly start putting energy into testing and playing with this one.
26:47 And this one is a big deal because this is the first free threaded Python,
26:51 which is gonna have significant effects on runtime behavior, not just the API still work, right?
26:58 So it's gonna be worth testing with this one.
27:00 - All those other versions of Python you have to pay for threading.
27:03 This one's free threading.
27:04 - Yeah, it's awesome.
27:05 Finally, it's free.
27:08 You just have, yeah, you have to pay by buying other machines and running copies on them to get parallels.
27:14 - No, so I was hoping that UV Python would have 3.13 there, but it doesn't yet.
27:20 So we'll just- - Yeah, that would, all right, UV team out there listening.
27:24 - Just Astro, come on Astro, what are you doing?
27:25 - Exactly, let's turn UV Python into like, this is how I get the freshest Python,
27:31 which is actually one of the things that's a little tricky.
27:34 Like homebrew, it takes a week for that stuff to show up and other stuff, yeah.
27:38 - A week?
27:38 Yeah, who wants week old coffee?
27:40 - No, no, your threads are totally stale by now.
27:43 (both laughing)
27:45 - It's a goofy episode, man.
27:47 - It is, all right.
27:48 I know you got the joke for us this week, so take us out.
27:52 - Well, actually, before we get onto this, I was just thinking, because you,
27:55 when you were talking about Django, I thought of a new, of a dorky joke.
28:02 So what do you call a 17 year old insect?
28:05 A minor bug?
28:06 - Oh, that's pretty good.
28:09 - Okay, so I saw this Ars Technica, is it Ars or A-R-S?
28:15 I don't know, Ars Technica?
28:16 - I say Ars, but I know now you say that, I'm not sure I've ever heard anyone pronounce it.
28:22 So go with Ars, 'cause it's lowercase.
28:24 - Ars Technica, had an article, "Parody site Clownstrike refuses to bow down
28:29 "to Cloudstrike's bogus DMCA takedown." So there's an article here, I wanted to check it out myself.
28:37 So if you go to clownstrike.lol, and we'll refresh it.
28:44 See if it, it starts out looking like Crowdstrike, but it has a little goofy hat on it.
28:51 And then if you, I'm not gonna play the music now, but if you play music, it's got like some goofy little music
28:56 that goes along with it, and there's a clown.
28:58 That's it, it's just funny.
29:00 But now if you click on the left, it tells you about all this, well, it tells you the Ars Technica article,
29:09 but it also talks about this story about how they had these takedown, Crowdstrike tried to take them down,
29:16 and it's just silly.
29:18 There's some other stuff here too that I think is just hilarious.
29:21 Like the, what, scam advisor lists clownstrike.lol as a highly trusted, might be safe.
29:30 It's like nothing there, except for just this goofy little picture.
29:34 But there are some other stuff in it.
29:39 You can read the whole story and all the letters about, or all the emails back and forth about the takedowns.
29:44 And actually, I was surprised to find out that they had to, like Cloudflare was hosting this,
29:55 but it like accepted the takedown at first, and eventually backed down, but even after, but after it got moved.
30:03 But I'm surprised that it got taken down so fast because obviously this is a parody site,
30:10 and parody is protected.
30:12 There's no way, like even a cursory look at this, anybody would think this is a realistic violation.
30:17 Yeah, it's not trying to impersonate it or anything like that, for sure.
30:21 No, just making fun of the situation.
30:23 And I think that they just probably, I mean, they really should have just ignored it
30:27 because now clownstrike is known, and we're talking about it, and Ars Technic is talking about it, anyway.
30:32 Exactly.
30:33 It's the Barbra Streisand effect, right?
30:36 Yeah.
30:36 So.
30:38 Oh boy.
30:39 Anyway.
30:39 Yeah, I'm somewhat sympathetic to CrowdStrike, but this is a bad look.
30:44 You know, if you've got to write native code that runs in the kernel, I think the smallest mistake,
30:49 and it has to be like updated within hours of you learning new information,
30:54 I don't know.
30:54 It's tough.
30:55 Apparently it's one of the best antivirus systems out there that actually works and isn't just,
31:01 you know, you want to talk dark patterns, like a lot of this antivirus, clean your computer stuff is really shady.
31:07 But boy, did they cause a problem, and I would not want to be in their shoes.
31:11 No.
31:12 Well, I don't know.
31:13 I mean, a couple of weeks of shame over you get billions of dollars to pay for that shame.
31:19 So.
31:19 Yeah, I think they're going to get a lot of lawsuits from a lot of angry Fortune 500 companies.
31:24 And even if they win, defending them is going to hurt them bad.
31:27 If it doesn't kill them, it's going to hurt them bad.
31:29 So.
31:30 Okay.
31:30 So.
31:31 Yeah.
31:31 Sympathies out there for somebody?
31:33 Some.
31:34 A little bit.
31:36 A little bit.
31:38 A little bit.
31:38 But I feel like they've certainly earned this website.
31:41 And wow, I didn't know LOL was the top level domain.
31:43 Yeah.
31:45 It's funny.
31:45 It makes me laugh.
31:46 Yeah, it makes me laugh.
31:47 I wonder what that stands, what it is.
31:49 Is it like a country or something?
31:51 Is it literally LOL?
31:53 Like laugh out loud?
31:54 Or is it because they're like .pizza is the top level domain as well, which just seems wrong.
31:58 Oh, that does seem wrong.
32:00 Really?
32:02 I think so.
32:03 I'll have to check that out.
32:04 Like pepperoni.pizza and like, you know, Hawaiian.
32:07 Honestly.
32:08 Yeah.
32:08 Pineapple.
32:09 Maybe we need to get some domains.
32:11 Yeah.
32:11 Anyway.
32:12 Okay.
32:13 Awesome.
32:13 Thanks for sharing.
32:14 This is great.
32:15 All right.
32:15 Thanks for being here.
32:16 Like always.
32:17 Thank you.
32:17 Bye.