Brought to you by Michael and Brian - take a Talk Python course or get Brian's pytest book


Transcript #396: uv-ing your way to Python

Return to episode page view on github
Recorded on Tuesday, Aug 13, 2024.

00:00 Hello and welcome to Python Bytes.

00:01 We deliver Python news and headlines directly to your earbuds.

00:05 This is episode 396, recorded August 13, 2024.

00:11 I'm Michael Kennedy.

00:12 And I'm Brian Okken.

00:13 And this episode is brought to you by Scout APM.

00:17 Thank you to Scout for their continued support of the show.

00:21 Check out their link in the show notes.

00:23 We'll tell you more about them later.

00:25 If you want to follow us on the socials, you can find us all over on Mastodon.

00:28 Links at the top of the show notes.

00:31 And we are on X, although less active than we are on Mastodon, I would say.

00:36 We're going to catch the live show.

00:37 You can do that at pythonbytes.fm/live.

00:41 And it takes you either to the old ones or lets you know about the new one if it's running right there.

00:46 So we appreciate when people are there, but audio always, always works as well.

00:50 Brian, how are you doing?

00:52 I'm good.

00:53 Yeah?

00:54 I didn't know we were still on X.

00:56 But...

00:57 Well...

00:58 You're on X.

00:59 Here's the thing.

01:00 You're not on X anymore, okay?

01:02 Did you actually delete your account?

01:04 I have an account, but I check it like every other month or something like that.

01:08 So...

01:08 I still get notifications if people will @ mention me.

01:11 Oh, okay.

01:12 I'll see it, but it's kind of the same thing.

01:14 I don't like drop in and cruise through there as much.

01:16 I'd be happy on Mastodon, but there's just, I would say 75% of the people that follow us,

01:23 interact with us, at least through the show account, probably didn't make the transition.

01:28 So...

01:28 Okay.

01:29 I should pay attention more.

01:30 So, apologies.

01:31 Still there for them.

01:32 Yeah.

01:32 We're still there for them.

01:34 Okay, good.

01:34 That's all I meant by it.

01:37 Okay.

01:37 All right.

01:38 Well, let's kick it off with your first item.

01:39 Okay.

01:40 I want to talk, I think I already, I covered UV, a UV article yesterday, or last week.

01:45 Yeah.

01:46 Well, it's the summertime and you got to be real careful about your UV index and put on your...

01:50 Oh, wait, no, not that.

01:51 I love UV.

01:52 Oh my God, we could put together a UV index.

01:53 It'd be like the...

01:54 That would be awesome.

01:58 Anyway, so I saw this article, Python packaging is great now, UV is all you need.

02:05 And I'm like, I don't know.

02:08 It seems like a little silver bullet dish for me.

02:10 But I took a look at it anyway.

02:13 This is from Juan Luis Cano Rodriguez, awesome name and cool profile picture.

02:20 Anyway, so UV, what is, we like to bash on packaging, but it's just continually getting better.

02:28 And especially with people like Brett Cannon trying to continue to make it better, it's going

02:34 to, and people at UV, at Astral, making UV better.

02:39 But so what is this about?

02:41 This article, I didn't really want to completely cover the article, but there's some pretty cool

02:46 stuff here.

02:47 So bootstrapping, getting a project started is difficult sometimes, or knowing what to do.

02:54 And I've been using UV for making virtual environments, and it's really fast at that.

03:00 But I took another look at it.

03:03 There's been some updates that I didn't know it did some cool stuff.

03:07 So one of the highlights here is UV Python, it manages Python versions.

03:13 And I'm like, what?

03:14 It does what?

03:15 So I went and checked it out.

03:17 And you can, so you don't even have to.

03:21 So you can go down and say UV Python install, and it installs Python versions for you.

03:27 And it's really fast, but you don't have to.

03:30 And I'll tell you why in just a sec.

03:32 You can install it like that, but you can also say UV Python list, and it lists all the Python

03:39 versions that it can find on your system.

03:41 But if you say UV, V-E-N-V, so creating a virtual environment, you can give it a Python

03:48 flag with a number so you can do list ahead of time.

03:52 And it tells you not only what versions are there, but also what versions it has available.

03:57 So you can say, like, if you don't have 3.11 on your system, you can say 3.11 anyway, and

04:04 it'll install it.

04:05 I'm like, does that really work?

04:07 So I checked it out.

04:08 I tried it.

04:09 I personally, it said that it would just do it automatically if it wasn't there.

04:16 But I had to add the Python.

04:18 There's a flag called Python preference managed, and it's listed here somewhere.

04:23 Anyway, Python preference managed.

04:26 >> --Python preference.

04:28 And then you can say UV managed, only managed, or managed system, or only system.

04:33 Gotcha.

04:34 Awesome.

04:35 >> Yeah.

04:35 Yeah, Python preference.

04:37 But if you say managed, which is supposedly the default, but I had to pass it in anyway,

04:42 it just does it.

04:43 So I'm like, this is cool.

04:45 And I installed, like, six versions of Python on my Mac yesterday in seconds.

04:50 And just to have fun, to create virtual environments.

04:54 And it's just neat.

04:56 So I only really need a Python with -- I usually use Python within virtual environments.

05:02 So being able to just install one into a virtual environment is cool.

05:06 So what else can we do?

05:09 So there's other things that UV can do that, like, it can initialize PyProject.toml for you.

05:17 And it sets up -- if you do a net, it sets up PyProject.toml and a readme and a source layout.

05:22 It doesn't do a lot, but it gets you started.

05:24 The thing that I thought was neat is add.

05:29 So you can add dependencies to your PyProject.toml with UV add.

05:34 And so you don't have to look up the syntax for it.

05:36 The other cool thing about it is you can give it the dev flag.

05:40 You can say UV add --dev.

05:43 Like, you can say --dev pytest, and it'll add pytest to your development dependencies,

05:48 which is neat.

05:50 So I guess I was going to say packaging is not solved with UV, but maybe it is.

05:57 There's some pretty cool stuff.

05:58 >> This is awesome, yeah.

06:00 If you look up -- if you say UV help, there's a whole bunch of experimental items through here.

06:08 So there's run, init, add.

06:10 A lot of these are experimental features.

06:12 Tree is cool.

06:13 You can do a project dependency tree using UV.

06:17 So there's a lot of stuff that I used to use other tools for that UV's doing.

06:22 So kind of cool.

06:23 Locking, creating lock files.

06:24 >> I like the self.

06:25 I like it.

06:26 >> What does self do?

06:27 >> Manage the UV executable itself.

06:29 >> Oh, yeah.

06:30 Okay.

06:31 >> So there was a lot of drama, honestly, not on our show, but on the mailing lists

06:36 when this was announced.

06:37 >> With UV Python?

06:40 >> No, with UV pip.

06:41 >> UV pip, yeah.

06:43 >> Yeah, yeah, yeah.

06:44 And so the reason that Charlie and team chose UV pip as part of the CLI interface as a subcommand

06:53 was so that they had space to do all these other things.

06:55 If you just said UV install, well, is that install the Python thing?

07:00 Is that install a package?

07:01 >> Oh, yeah.

07:02 >> Right?

07:03 And so they put that in there as almost like a namespace for all their commands and stuff.

07:08 And how much new stuff is under these experimental sections, starting to feel like, okay, this

07:14 is what I had in mind, right?

07:15 >> Yeah.

07:16 Yeah.

07:17 So the experimental part makes me nervous to put it into my normal everyday workflow a

07:23 little bit.

07:24 But for personal workflow stuff, why not play with it?

07:26 >> Yeah.

07:27 >> So.

07:27 >> You know, as you're going through this and seeing this title, Python packaging is

07:32 great.

07:32 UV is all you need.

07:33 I think it's all I use these days.

07:34 I don't think I use anything else.

07:35 >> There are some systems that the whole, especially with certain firewalls that I know

07:41 you can get around it with UV, but there are some systems that I work on where I have trouble

07:45 working with UV, but pip works fine.

07:48 So.

07:48 >> Oh, interesting.

07:50 Okay.

07:50 Yeah.

07:51 I have basically three or four, maybe four or five aliases that are just like two or

07:56 three letters that will do all the combining, you know, like the full commands with this

08:01 and that.

08:01 So those used to be pip commands.

08:04 Now they're UV pip with like the different parameters and stuff.

08:06 >> Yeah.

08:07 And I tried, so when UV pip started, came, I tried to alias pip to UV pip and same with

08:14 virtual environment.

08:15 But I realized that I kind of like control.

08:18 I like to be able to use both.

08:20 So I just sort of taught myself these UV commands.

08:23 >> Yeah.

08:23 Yeah.

08:24 Sounds good.

08:25 Not too hard, is it?

08:27 All right.

08:27 Well, I have a set of bookends around Python versions to start and end the show here.

08:35 So let's start with Python 3.12.5 was out just last week, came out right after the show

08:42 was released, I think.

08:43 So we didn't cover it, but yeah, here we have a brand new version of the most recent version

08:50 Python.

08:50 And I just checked by the way.

08:51 >> What?

08:52 >> Yeah.

08:53 And I just checked with the UV Python list and I think 3.12.4 is the latest there, just

09:01 to give you a sense that like one week into it, apparently we don't have the latest.

09:05 I was kind of hoping like that thing would be super cutting edge on top of it.

09:09 So, but I wonder if I, you know what, it's possible that my UV is over a week out of

09:16 date and it doesn't know, right?

09:17 Something like that.

09:17 I don't know.

09:18 Anyway, 3.12.5 is out.

09:20 And if you scroll through, I'm linking to the release notes.

09:24 Sometimes it's hard to find like what is actually changed in say 3.12.4 to 3.12.5, because if

09:32 you go to the, if you go to python.org and click on downloads, a lot of times it'll just

09:36 show like, well, here's what's new for 3.12.

09:38 Be like, great.

09:39 And from the last one that I had, the last one was that.

09:42 But if you go, you can find the release notes at which I'm linking to.

09:46 And so there are a lot of releases and changes in just this minor point release.

09:52 So we've got a bunch of tests that are fixed.

09:55 How about that, Brian?

09:56 That's great.

09:57 Yeah.

09:57 Two different security improvements, patches, I guess.

10:01 You know, they're not, don't think they have CVEs.

10:03 So there must not be too bad.

10:06 Like audit, like missing audit events around certain behaviors.

10:09 Like, okay, so you couldn't audit it properly, but it's not, it's not a, you know, all your

10:13 bases are belong to us sort of thing.

10:16 Bunch of stuff in the library.

10:17 So for example, a new version of pip.

10:19 So for just a moment, just briefly, when you create a virtual environment, I won't say

10:24 your pip is out of date.

10:25 But this, things like this, fix crash when importing SSL after the main interpreter starts.

10:31 Hmm, might want to have that not happen.

10:33 Handle value errors raised by os.stat.

10:36 Fix some error messages in pickle.

10:38 Here's one that's worth paying attention to.

10:40 Fixed a seg fault in asyncio.task.getCoroutine.

10:45 Okay.

10:45 You know, a lot of times you think of, at least I think one of the really huge advantages

10:50 of Python is when stuff goes wrong, your program doesn't just go poof and go away.

10:55 It, it reports the error.

10:56 It gives you a chance to catch it, right?

10:57 You like this, Python itself doesn't die.

11:00 It knows it's something's gone terribly wrong and it shuts down.

11:03 Right.

11:04 But Python, CPython seg faults, then it just goes poof and goes away.

11:07 So there's a ton of stuff like this.

11:09 So I just wanted to call, call people's attention to all the changes here.

11:12 And there's even some that look like performance.

11:15 For example, what was it?

11:18 f-strings.

11:19 If you have an F string that has just one entry into it, it, I think it used to create

11:24 an abstract syntax tree to try to build it up.

11:27 And they're like, ah, not really needed all that stuff for a single F string.

11:31 Our F string was single entry in it.

11:34 So, yeah, that's, that's going to be a nice performance improvement as well.

11:39 Instead of dash, how do they F string it?

11:41 Yeah.

11:41 So anyway, these are all good things.

11:43 Yeah, definitely.

11:44 f-strings are getting, getting more secure, more fast, more faster, better.

11:49 Faster, better, stronger.

11:50 We have the technology, we can rebuild it.

11:52 Okay.

11:52 Can you even imagine going back to the time before f-strings?

11:55 It was a dark time.

11:57 It was a dark time.

11:59 My percent, my percent key still has no, no characters on it.

12:04 No, just kidding.

12:04 Yeah.

12:06 Yeah, indeed.

12:07 Okay.

12:07 And before we go on to the next one, you were probably going to give us some really

12:11 awesome segue there, but let's talk about, ScoutAPM before we move on.

12:17 Okay.

12:18 Let me tell you real quick about ScoutAPM.

12:21 They're big supporters of Python Bytes.

12:23 So we appreciate that very much.

12:25 So if you are tired of spending hours trying to find the root cause of issues impacting

12:30 your performance, then you owe it to yourself to check out ScoutAPM.

12:34 They're a leading Python application performance monitoring tool, APM, that

12:39 helps you identify and solve performance abnormalities faster and easier.

12:43 ScoutAPM ties bottlenecks such as memory leaks, slow database queries, background

12:48 jobs, and the dreaded N plus one queries that you can end up if you do lazy loading

12:53 in your ORM, then you say, Oh no, why is it so slow?

12:56 Why are you doing 200 database queries for what should be one?

12:59 So you can find out things like that.

13:00 And it links it back directly to the source code.

13:02 So you can spend less time in the debugger and healing logs and just finding the

13:06 problems and moving on.

13:07 And you'll love it because it's built for developers by developers.

13:10 It makes it easy to get set up.

13:12 Seriously, you can do it in less than four minutes.

13:15 So that's awesome.

13:15 And the best part is the pricing is straightforward.

13:19 You only pay for the data that used with no hidden overage fees or per seat pricing.

13:24 And I just learned this, Brian.

13:26 They also have, they provide the pro version for free to all open source projects.

13:32 So if you're an open source maintainer and you want to have ScoutAPM for that project,

13:36 just shoot them a message or something on their pricing page about that.

13:39 So you can start your free trial and get instant insights today.

13:43 Visit pythonbytes.fm/scout.

13:46 The link is in your podcast player show notes as well.

13:48 And please use that link.

13:49 Don't just search for them because otherwise they don't think you came from us.

13:53 And then they'd stop supporting the show.

13:55 So please use our link pythonbytes.fm/scout.

13:57 Check them out.

13:58 It really supports the show.

14:00 Over to you, Brian.

14:01 Alrighty.

14:02 I want to talk about talks a little bit.

14:04 We haven't talked, actually brought up talks for a while, I don't think.

14:08 But there's an article on Victor Remark, Victor Remark's blog, about compile and use dependencies for multiple Python versions with talks.

14:19 And it's kind of a neat idea.

14:22 I use talks for incorporating it with GitHub actions a lot to be able to,

14:29 well, and just locally to be able to test multiple Python versions and multiple versions of different libraries, how they work together.

14:36 Talks is great for things like that.

14:37 But one of the things that I didn't think about was doing pinning, like compiling pinned list or lock lists for dependencies for multiple Python versions.

14:50 And so this article walks you through kind of why you would want to do that,

14:53 but then also how to.

14:54 And the little trick here, which I think is cool, is that talks uses an environment name called the env name.

15:03 And so there is a way to be able to specify, use that to look at different, the talks environment that it created,

15:13 because it creates a little virtual environments when it's running.

15:16 But the neat thing about that is you can use it other places.

15:20 And the idea around this was to go ahead and use, this article uses pip tools, but really I think you could use anything,

15:29 but to target a compile like a pip tools compile and send it to, it's using pip compile and using pyproject.toml as the base file,

15:40 and then outputting to a requirements env name, which is, or a env.text or a, like a env-dev.text.

15:52 So you could do like a requirements with a requirements file, essentially with your environment specified in it.

16:01 You could, in this example, it's using a directory, pumping them all into a requirements folder with a directory,

16:08 but you could also do a directory.

16:10 And then also, I also like to have a requirements-whatever.

16:15 So even if I had them all filed into a directory, I usually put something like requirements-312.text

16:22 or something like that.

16:23 But having that, be able to specify it from the project, allows the little trick to be able to say,

16:31 oh, here's an example of with the requirements-, I like that a little bit better.

16:35 But to have a requirements target within talks, so that you can use that to compile your project,

16:45 compile those and while they're running, instead of like in CI or something could grab those.

16:52 And instead of generating a, just whatever it can find, it's a pinned or a locked set of dependencies.

17:02 It might be a little bit more consistent.

17:04 So, so that locally, the, and the idea would be then, locally, you, when you're testing yourself,

17:10 you can say, hey, I'm ready to update my dependencies.

17:13 And then it regenerate the, all of the, all of the dev files and then, or all the lock files.

17:19 And then later, when you're, when CI is running, it doesn't look up dependencies.

17:25 It just like knows the fixed links or the fixed versions.

17:29 So kind of a neat idea.

17:30 I wanted to highlight that.

17:32 I also wanted to highlight this because I wanna, I like this idea, but I wanna do it with UV.

17:38 And I wanna, I'd like to be, I think I'll play with this, but if anybody else has time to play with this

17:44 and see if they can get it working with UV, I'd love to see the outcome.

17:48 So, yeah, that's awesome.

17:49 I imagine you can, because if it was using pip-tools, you know, it's got the pip compile behaviors.

17:56 It shouldn't be that hard.

17:57 Yeah, yeah, it's awesome.

17:58 Yeah, this looks great.

17:59 I love it.

18:00 What do you got for us?

18:01 You, let's, let's close it out with, I think dark.

18:05 I did tell you it was the 13th, didn't I?

18:07 Yeah.

18:09 So I present to you a, this is not exactly a Python thing, but I feel like this is anyone who builds web apps

18:16 or other types of apps and interacts with, you know, users sort of thing.

18:20 So super set, if you will.

18:22 I present to you a catalog of dark patterns for software.

18:26 Says, discover a variety of dark pattern examples sorted by category to help you better understand

18:35 deceptive design practices.

18:37 So there's some that you probably would know like bait and switch.

18:41 And each one of these has at least one concrete, like case study of evil, badness of darkness, let's say.

18:49 So the bait and switch one, which says this tactic lures users with an enticing offer only to change the terms unexpectedly.

18:57 So they've got a lift 60% off.

19:00 Wouldn't you like 60% off of your next ride?

19:02 Just click here and sign up, right?

19:04 And then once, actually your next two ride that says right here.

19:07 Yeah.

19:08 But then actually, as you try to apply it, it turns out it only counts towards 60%

19:13 off the first $10.

19:14 So if you like went to the airport, it was 50 bucks.

19:17 It's like, well, you know, it's still 44.

19:20 Yeah, perfect.

19:20 So that's not ideal.

19:23 To me, the classic bait and switch is the cable companies for internet or anything.

19:29 Like, don't you want to add like a home phone, like digital phone?

19:33 And then you can add like the sports package and it's only $5 more for the first, you know,

19:39 for the first six months.

19:41 And then it's like $150 more.

19:43 So I had one just like yesterday.

19:45 I had an email from my cell phone provider that said, since you've been here, like so many numbers of years,

19:52 we're going to give you 10% off.

19:54 I'm like, that's cool.

19:55 And I clicked on it and it was 10% off any of your case purchases.

20:00 (laughing)

20:02 So shady.

20:03 So shady.

20:05 So that, I mean, people probably know that one, but there's other ones that are interesting.

20:09 Like one that I really like is the Roach Motel.

20:13 Okay.

20:14 So what is that?

20:15 Oh, it's this dark pattern usually used for subscriptions, making it easy to sign up, but nearly impossible to cancel.

20:23 So there's, you know, you can't, there's not like a just unsubscribe us button.

20:27 You've got to call somebody and they try to talk you out of it.

20:30 Like I'm a hat tip the cable companies again on this.

20:34 Right.

20:35 But yeah.

20:36 One click subscribe.

20:38 But if you want to, if you want to cancel, please come down to our office during hours of four and three.

20:43 Exactly.

20:45 Exactly.

20:46 And if you don't get through the line of people backed up, trying to get out of it, then you'll, you'll do bad.

20:51 Try again the next week.

20:52 So there's a bunch of these.

20:53 I'll do one more.

20:54 Just the people can go play with them.

20:56 Disguised ads.

20:58 Oh, I thought it was disgusting ads.

21:00 Disguised ads.

21:01 Okay.

21:01 Disguised ads, which are themselves disgusting, but the pattern is disguised.

21:07 So Microsoft edge, for example, and I feel like Google, this is towards Google Chrome,

21:13 like a thing towards, I feel like it's also kind of reverse a lot of like,

21:18 Google does that as well.

21:19 Like, wouldn't you rather use this instead when you search for something?

21:23 Anyway, I'll give you the example that's on the page.

21:25 So you may encounter not one, but two dark padding patterns when attempting to get Google Chrome onto your computer.

21:33 When you have Microsoft edge, this happens when you have a empty install of windows,

21:37 you have edge installed, but not Chrome.

21:39 And, or, I mean, I feel like installing Chrome itself as a dark pattern that you should just avoid.

21:44 Use of all the brave Firefox, something else.

21:47 But anyway, that's not the point.

21:49 There's two here.

21:51 And the first one is disguised ads.

21:53 The second one is confirm shaming.

21:55 And so this is like a good case here.

21:57 So if you go over to google.com/chrome in edge and you go to the, you go to the,

22:05 like the, where you get to download it, it literally has a built into the browser pop-up

22:10 that comes out of the menu bar.

22:12 You know, that dress bar rather says, I hate saving money, said no one ever.

22:17 Microsoft edge is the best browser for online shopping.

22:20 (laughing)

22:23 Just by literally visiting the Chrome page, you get this pop-up that's like integrated,

22:28 not into the HTML, but into the UI of the browser.

22:32 - That's so funny.

22:33 - Yeah, so that's, that's shady.

22:35 That's one.

22:36 - I kind of love the boldness of that though, actually.

22:38 (laughing)

22:40 - I know.

22:41 And then if you go to, go to Bing, I believe this, which is the default search engine,

22:46 and you just search for Chrome, you get some results.

22:49 But then there's like this other part.

22:51 Oh no, this is actually in the start, the start menu.

22:55 This is in the start menu.

22:57 So if you type Chrome, you're like trying to run Chrome.

22:59 (laughing)

23:01 Half of the whole start menu says, try Bing wallpaper.

23:04 Switch to the browser recommended by Microsoft.

23:07 Default edge.

23:08 - Dude, that's rough.

23:10 Yeah, so what's cool is that it says, look, here like it kind of highlights the various patterns

23:16 that are here and then like other companies that do similar patterns.

23:21 Anyway, I think this is interesting reading.

23:23 I think figuring out, like just being aware of this stuff.

23:25 So if you're involved in building these things, you're like, hey guys, people are gonna not like us.

23:30 Could we do this a little bit differently?

23:32 You know, sometimes marketing will win.

23:34 Sometimes developers will win.

23:35 - So are these dark patterns or maybe growth hacking?

23:41 - Yes, is this our yacht or is this a dark pattern?

23:46 Could it be both?

23:47 - What could I incorporate these into?

23:50 No.

23:50 - Yeah, it's like, #EUWin if you can get like all dark patterns.

23:56 - Oh, that'd be fun to try to.

23:57 - It'd be a good growth hack 'cause then you could appear under every category.

24:01 It'd be like some like link.

24:02 - Pre-advertising.

24:03 - Exactly, yeah.

24:04 Anyway, this is what I got for you.

24:07 Kind of interesting.

24:08 - Nice.

24:08 - Extras, you got any extras you wanna share?

24:10 - The extra I wanted to shout out was just, I think I have my recording done for Hellopytest.

24:21 The only thing left to record is the summary at the end.

24:24 There's a few things I wanna, like one extra video I wanna record, but I wanna edit everything first.

24:31 So I'm in the process of editing and keeping track of everything so that at the end I can go,

24:36 "Hey, we went through all these things." So I wanna make sure.

24:40 Actually, the thing that I have left is I want to review all of the command line flags

24:45 that I use in the course, but I don't remember all the ones I've used.

24:49 So I'm writing down as I'm editing.

24:51 - Nice, that's awesome.

24:52 - But I'm on track for August 19th.

24:54 A few people have ordered already.

24:56 Thank you so much, everyone that's ordered so far.

24:59 So love you.

25:01 My wife loves you.

25:02 We went out to get coffee off of money we got from this.

25:06 - Beautiful.

25:07 Yeah, available for pre-order now.

25:08 - Yeah.

25:09 What you got?

25:10 - I have just a couple things.

25:14 Django 5.1 released.

25:17 So big deal here is easier guardrails for authentication 'cause having people access stuff

25:24 that was supposed to be authenticated, but isn't is bad.

25:27 They didn't say that, that's my words.

25:28 The new and shiny login required middleware is available which enforces authentication for all views.

25:35 Better screen reader support, better HTML semantics.

25:40 The second oldest ticket is now fixed with a long awaited query string template tag.

25:47 So these things are all good.

25:48 And let's see, what's there?

25:51 Yeah, I thought there might've been a CVE or something in here, but I don't think so.

25:56 I saw Django CVE not too long ago, security deal, but it doesn't seem like it's addressed with this one.

26:02 So it must've been fixed previously.

26:03 All right, so that, and then here's the bookend.

26:05 We started with 3.12.5 being available.

26:09 Well, how about Python 3.13 looking forward with release candidate one is out.

26:15 So this happened a little bit ago, but if you're out there and they say,

26:21 "Please test, you have a package, especially a popular one, please test it with Python 3.13 ahead of time

26:28 so we can do stuff about it." And you're like, "Oh, it's betas.

26:32 I'm not gonna take the trouble.

26:33 I'm not gonna worry about it." Well, it's now officially stable in terms of features, right?

26:38 They're not gonna add or remove things ideally unless they absolutely have to.

26:42 So you should be able to properly start putting energy into testing and playing with this one.

26:47 And this one is a big deal because this is the first free threaded Python,

26:51 which is gonna have significant effects on runtime behavior, not just the API still work, right?

26:58 So it's gonna be worth testing with this one.

27:00 - All those other versions of Python you have to pay for threading.

27:03 This one's free threading.

27:04 - Yeah, it's awesome.

27:05 Finally, it's free.

27:08 You just have, yeah, you have to pay by buying other machines and running copies on them to get parallels.

27:14 - No, so I was hoping that UV Python would have 3.13 there, but it doesn't yet.

27:20 So we'll just- - Yeah, that would, all right, UV team out there listening.

27:24 - Just Astro, come on Astro, what are you doing?

27:25 - Exactly, let's turn UV Python into like, this is how I get the freshest Python,

27:31 which is actually one of the things that's a little tricky.

27:34 Like homebrew, it takes a week for that stuff to show up and other stuff, yeah.

27:38 - A week?

27:38 Yeah, who wants week old coffee?

27:40 - No, no, your threads are totally stale by now.

27:43 (both laughing)

27:45 - It's a goofy episode, man.

27:47 - It is, all right.

27:48 I know you got the joke for us this week, so take us out.

27:52 - Well, actually, before we get onto this, I was just thinking, because you,

27:55 when you were talking about Django, I thought of a new, of a dorky joke.

28:02 So what do you call a 17 year old insect?

28:05 A minor bug?

28:06 - Oh, that's pretty good.

28:09 - Okay, so I saw this Ars Technica, is it Ars or A-R-S?

28:15 I don't know, Ars Technica?

28:16 - I say Ars, but I know now you say that, I'm not sure I've ever heard anyone pronounce it.

28:22 So go with Ars, 'cause it's lowercase.

28:24 - Ars Technica, had an article, "Parody site Clownstrike refuses to bow down

28:29 "to Cloudstrike's bogus DMCA takedown." So there's an article here, I wanted to check it out myself.

28:37 So if you go to clownstrike.lol, and we'll refresh it.

28:44 See if it, it starts out looking like Crowdstrike, but it has a little goofy hat on it.

28:51 And then if you, I'm not gonna play the music now, but if you play music, it's got like some goofy little music

28:56 that goes along with it, and there's a clown.

28:58 That's it, it's just funny.

29:00 But now if you click on the left, it tells you about all this, well, it tells you the Ars Technica article,

29:09 but it also talks about this story about how they had these takedown, Crowdstrike tried to take them down,

29:16 and it's just silly.

29:18 There's some other stuff here too that I think is just hilarious.

29:21 Like the, what, scam advisor lists clownstrike.lol as a highly trusted, might be safe.

29:30 It's like nothing there, except for just this goofy little picture.

29:34 But there are some other stuff in it.

29:39 You can read the whole story and all the letters about, or all the emails back and forth about the takedowns.

29:44 And actually, I was surprised to find out that they had to, like Cloudflare was hosting this,

29:55 but it like accepted the takedown at first, and eventually backed down, but even after, but after it got moved.

30:03 But I'm surprised that it got taken down so fast because obviously this is a parody site,

30:10 and parody is protected.

30:12 There's no way, like even a cursory look at this, anybody would think this is a realistic violation.

30:17 Yeah, it's not trying to impersonate it or anything like that, for sure.

30:21 No, just making fun of the situation.

30:23 And I think that they just probably, I mean, they really should have just ignored it

30:27 because now clownstrike is known, and we're talking about it, and Ars Technic is talking about it, anyway.

30:32 Exactly.

30:33 It's the Barbra Streisand effect, right?

30:36 Yeah.

30:36 So.

30:38 Oh boy.

30:39 Anyway.

30:39 Yeah, I'm somewhat sympathetic to CrowdStrike, but this is a bad look.

30:44 You know, if you've got to write native code that runs in the kernel, I think the smallest mistake,

30:49 and it has to be like updated within hours of you learning new information,

30:54 I don't know.

30:54 It's tough.

30:55 Apparently it's one of the best antivirus systems out there that actually works and isn't just,

31:01 you know, you want to talk dark patterns, like a lot of this antivirus, clean your computer stuff is really shady.

31:07 But boy, did they cause a problem, and I would not want to be in their shoes.

31:11 No.

31:12 Well, I don't know.

31:13 I mean, a couple of weeks of shame over you get billions of dollars to pay for that shame.

31:19 So.

31:19 Yeah, I think they're going to get a lot of lawsuits from a lot of angry Fortune 500 companies.

31:24 And even if they win, defending them is going to hurt them bad.

31:27 If it doesn't kill them, it's going to hurt them bad.

31:29 So.

31:30 Okay.

31:30 So.

31:31 Yeah.

31:31 Sympathies out there for somebody?

31:33 Some.

31:34 A little bit.

31:36 A little bit.

31:38 A little bit.

31:38 But I feel like they've certainly earned this website.

31:41 And wow, I didn't know LOL was the top level domain.

31:43 Yeah.

31:45 It's funny.

31:45 It makes me laugh.

31:46 Yeah, it makes me laugh.

31:47 I wonder what that stands, what it is.

31:49 Is it like a country or something?

31:51 Is it literally LOL?

31:53 Like laugh out loud?

31:54 Or is it because they're like .pizza is the top level domain as well, which just seems wrong.

31:58 Oh, that does seem wrong.

32:00 Really?

32:02 I think so.

32:03 I'll have to check that out.

32:04 Like pepperoni.pizza and like, you know, Hawaiian.

32:07 Honestly.

32:08 Yeah.

32:08 Pineapple.

32:09 Maybe we need to get some domains.

32:11 Yeah.

32:11 Anyway.

32:12 Okay.

32:13 Awesome.

32:13 Thanks for sharing.

32:14 This is great.

32:15 All right.

32:15 Thanks for being here.

32:16 Like always.

32:17 Thank you.

32:17 Bye.

Back to show page