WEBVTT

00:00:00.000 --> 00:00:14.960
Hey, everybody. Welcome, all of you YouTube fans and everybody. So anyway, it's good to be back. I know we were here last week, but it was also spring break for us. So let's

00:00:14.960 --> 00:00:27.840
do this. Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds. This is episode 475, recorded March 30th, 2026. And I'm Brian

00:00:27.840 --> 00:00:40.860
Akin. And I'm Michael Kennedy. And this episode, as is regular lately, is brought to you by us. All of the stuff, the books, courses, head on over to Python Bytes. Wait, yeah, Python

00:00:40.860 --> 00:00:46.480
Bytes.fm. We have links to everything, but there's also talkpython.com. That's right.

00:00:47.480 --> 00:00:50.620
Talk.com will get you there. It'll just redirect to .fm. It's all good.

00:00:51.580 --> 00:01:03.220
Okay. Talkpython.fm. Right. Okay. And Talk Python training, of course. I've I've watched and done so many courses on there. It's a great resource. And if you'd

00:01:03.220 --> 00:01:13.720
like to learn pytest, there's a course there, but there's also pythontest.com. And thank you to our Patreon supporters, as usual. And also, thanks to everybody to subscribe to the

00:01:13.720 --> 00:01:27.840
newsletter, because it's fun to put together. And we got a lot of background information, so we'd like to send out all of the links to everything we talk about on there. And you can reach us to send us topics that you'd like us to talk about, or topics you'd like

00:01:27.840 --> 00:01:37.400
us to stop talking about. Whatever. The contact stuff is on pythonbytes.fm, but we're on Mastodon

00:01:37.400 --> 00:01:49.740
and Bluesky. And yeah. And there's also a contact form there that you can get. And if you're listening to this, thank you. And also, if you'd like to watch the show live, or at least watch

00:01:49.740 --> 00:02:02.240
it the recording later, you can go on to pythonbytes.fm/live and either be part of the audience or watch it later. Like a ghost.

00:02:02.240 --> 00:02:16.040
Like a ghost. Let's lock the ghost. How about that? So there's this interesting article at CERT.AT. I'm guessing that is the way. And this one is super relevant to us. This is a security

00:02:16.040 --> 00:02:30.600
place, security website. Lock the ghost. In the software world, remove is not always equal to gone. Completely gone. This is crystal clear. There's always a good reason for that. But even

00:02:30.600 --> 00:02:41.220
the best reasons do not, does not have to be intuitive or expected by the users. Let's take a short trip through how Python package index handles removals and how we can lock the ghost

00:02:41.220 --> 00:02:49.660
in a uv lock file forever. Forever. So this is a security thing. And it's specifically, uniquely

00:02:49.660 --> 00:02:59.260
an issue for uv and the uv lock file in particular. So if you're using uv, like I do with like UV

00:02:59.260 --> 00:03:07.600
pip compile, uv, and then requirements.txt, that kind of thing, doesn't apply. uv.lock file.

00:03:08.520 --> 00:03:14.520
We're both huge fans of uv. And one of the reasons we are fans is because of the performance.

00:03:14.520 --> 00:03:28.200
Right? It's so fast and it bundles so many tools together. Some of these are making really interesting trade-offs. Often, those trade-offs are certainly fine. You know, like a short

00:03:28.200 --> 00:03:43.000
caching period. So if you ask it to install something and it did it 10 seconds ago, it's not going to go and ask the APIs for it again and that sort of thing. Or uv Python install, which is awesome.

00:03:43.000 --> 00:03:52.540
It gets you Python in a couple of seconds instead of forever with a bunch of buttons. You know, next, next, next, confirm, agree, confirm, next, next, yes. You know, like that installer experience.

00:03:53.360 --> 00:04:06.460
So those are all good. But I guess this is a bit of a negative consequence of having some of these optimizations. So I pulled out some, I'm going to read my notes here. So the essence is in the UV

00:04:06.460 --> 00:04:18.060
lock file. It points directly to the final file on the CDN, I'm guessing, or even the storage. But, you know, even if you remove something from the storage, it doesn't necessarily remove it from

00:04:18.060 --> 00:04:24.420
the CDN fastly and so on. Right? So however it is, it points to the very final file.

00:04:24.420 --> 00:04:33.640
Hmm. In when something is yanked or removed from PyPI, it goes out of the listing. You can't find it.

00:04:33.720 --> 00:04:45.740
You ask pip to install it. It's not there. But the underlying file is still hanging around. So if you have a direct URL to the result file, instead of following the redirects or whatever, that file

00:04:45.740 --> 00:04:59.460
doesn't necessarily get removed. That's what that opening was about. Right? So that's basically the problem. If the file is still there, the file is still there, even if it gets yanked. Right? So

00:04:59.460 --> 00:05:11.500
there's a couple of interesting knock on effects. So uv lock uniquely preserves this, these ghost packages, they call them in this file. So instead of removing them, they just link directly to them

00:05:11.500 --> 00:05:20.860
as an optimization, I presume. However, no other thing like hatch or PDM or whatever links to them.

00:05:20.860 --> 00:05:34.020
Right? So they don't do that. Right? This is specifically about uv. So it creates an interesting supply chain problem. I mean, that's just like the security problem du jour or the year, right?

00:05:34.200 --> 00:05:34.640
Whatever. Yeah.

00:05:34.640 --> 00:05:43.500
Year and fridges. The problem, all these things are getting some level of takeover. And then,

00:05:43.500 --> 00:05:57.980
you know, that's flowing into packages and other libraries that are built into code. And then, obviously, that amplifies them massively. So in this case, an attacker could upload a malicious

00:05:57.980 --> 00:06:06.100
package and then immediately remove it, but still have the uv lock file point at it. Okay? Yeah.

00:06:06.100 --> 00:06:14.080
So if you immediately remove it, you might outrun the scanners. The automated scanners to go,

00:06:14.160 --> 00:06:22.080
let me scan the new inbound PyPI packages. Because that package doesn't exist anymore. We don't need

00:06:22.080 --> 00:06:35.360
to scan it. But you could craft a specific uv lock file that still points to the ghosted remnant. You know what I mean? Yeah. But aren't the lock files on the client side? So it'd be just people that

00:06:35.360 --> 00:06:41.540
created the client lock files during the... Yes, that seems possible. But imagine this. I create

00:06:41.540 --> 00:06:50.600
molting claw or whatever, like the world's third most popular GitHub project out there.

00:06:50.600 --> 00:07:00.600
Put it up. Get it working normally. And then after it gets really popular, I update a lock file, not even

00:07:00.600 --> 00:07:07.960
the input, not the pyproject.tom or nothing. I just link, I just update the lock file itself to point at

00:07:07.960 --> 00:07:18.040
this ghosted malicious file. So anybody who installs it, well, they uv sync. That installs everything in the

00:07:18.040 --> 00:07:26.120
lock file. And off it goes. So it's not that you, you ran and installed the thing. It's that somebody

00:07:26.120 --> 00:07:33.960
could craft a lock file such that if you sync that project, then it's installed onto your machine and

00:07:34.920 --> 00:07:48.680
off to its regular badness, you know, with it set up.py or whatever. So beware, folks. Beware. I'm not sure exactly what the solution here is, but it's something that could happen. And maybe the

00:07:49.720 --> 00:07:54.360
the astral team, I'm sure the astral team has already heard about this. This was from last week.

00:07:54.360 --> 00:07:59.240
Okay. Interesting. Well, we'll wait to hear back.

00:07:59.240 --> 00:08:03.960
Yeah. I haven't heard anything. I mean, I guess if I go to the end, there's not like an update.

00:08:03.960 --> 00:08:15.320
How should I live? This is how should I live to someone up? I presented that removed packages

00:08:15.320 --> 00:08:26.280
could still be done. But I don't know. Yeah. Well, I mean, there's a lot. It's a security is a big thing.

00:08:26.280 --> 00:08:36.840
Anyway, supply chain security is extra bad because it's not even necessarily the things that you're using. It could be the things that you're using, what they're using, you know, right. And something

00:08:36.840 --> 00:08:48.120
could change there. Like I'm not checking on, I don't know, care debt, for example, just pick something out of thin air because I'm not using it directly. I'm not tracking its releases. I happen

00:08:48.120 --> 00:08:57.080
to maybe be using something that uses care debt that then, you know, if something happened to that package, I'm not saying it has, right. Just like thinking of like really popular third party,

00:08:57.080 --> 00:09:11.000
third level dependencies. Yeah. And yeah, there's, there's, anyway, we'll get into there's, we've got more security topics coming up. So that's, we're not gonna, we're not gonna run out,

00:09:11.000 --> 00:09:19.960
are we? No. So the next step, I want to talk about a little bit more security, but this is how to,

00:09:19.960 --> 00:09:27.880
how to rein in your AI a little bit. So this really, what am I going to talk about? This is

00:09:27.880 --> 00:09:36.800
suggested by Martin Hecker. I think it's Hecker. It's German name. H-A-E-C-K-E-R. Anyway, thanks, Martin.

00:09:38.280 --> 00:09:46.280
Anyway, for context in this, this seems so long ago, June of 2025, it was less than a year ago.

00:09:46.280 --> 00:09:59.800
Simon Wilson wrote a blog post about the trifecta of, of AI agents of lethal, the lethal trifecta, which is giving them access to private data, exposure to untrusted content and ability

00:09:59.800 --> 00:10:13.240
to externally communicate. That's pretty much what coding agents are like now, especially if you run it in YOLO mode or dangerous mode, because, and it seems like people wouldn't do that, right? But

00:10:13.240 --> 00:10:24.600
it's so much faster. so you, to, if you don't, if you have, your agents on like ask mode, it just like, Hey, can I run this command? Yes. How can I run this other command? Yes. Um,

00:10:24.600 --> 00:10:32.040
and so you can say, just stop asking right now. I trust you, but he should you, I don't know.

00:10:32.040 --> 00:10:45.180
So if you've got private data on your, on your device, so there's, there's something to be concerned about. So the, one of these solutions is sandboxing and, you can, or one of the

00:10:45.180 --> 00:10:58.060
solutions is create a VM and just don't put the stuff on the VM that only you only want the AI to use. That's a lot, that's a little, that's a extra, that's a little extra. And it's, for people

00:10:58.060 --> 00:11:13.000
that are normally using, VMs might be fine or, or, either virtual machines or, those other things, containers, right? If they're normally using containers, great. But if you're,

00:11:13.100 --> 00:11:26.200
if that's not your normal workflow, it's a little, it's a, it's a tough ask. So cloud code has sandboxing. I haven't tried it out to see how clear it is. It's a little, it apparently works

00:11:26.200 --> 00:11:36.360
great on macOS Linux and WSL two uses bubble wrap. So if you're using WSL two for, for cloud cursor or

00:11:36.360 --> 00:11:50.500
that might, or cloud code, that might be okay. But what, what about other agents and stuff? So, what we got a suggestion was, that cloud code has this built in. we're not, I'm not sure

00:11:50.500 --> 00:12:02.000
how well, if it's a, if it's really restricted or if it's suggestions, anyway, I haven't tried it out. So I'd love to hear what other people think about the sandboxing stuff. Anyway,

00:12:02.000 --> 00:12:14.080
the same kind of idea that cloud code uses is pulled out as a, as something else you can use with different, AI agents if you want. So this is a project called fence. it's lightweight

00:12:14.080 --> 00:12:19.780
sandboxes for terminal agents, and it uses this similar sort of stuff that cloud code does.

00:12:20.080 --> 00:12:31.420
And, this is pretty, pretty, pretty exciting to be able to like restrict what it has access to like, file permissions. You can restrict how much, what, how much your file

00:12:31.420 --> 00:12:39.860
system it has access to. You can, restrict the network access, which, which, which websites

00:12:39.860 --> 00:12:48.060
and stuff it can, it can access and, even get repos, restrict which repos. That's all cool.

00:12:48.060 --> 00:13:01.320
And it's also really cool that this is open source. So this is go code, but it's, it's a fence project that people can contribute to. And it's very active right now. So, I, I'd be

00:13:01.320 --> 00:13:13.360
excited to hear what other people think of fencing. If it's, if you think it's safe enough, anyway, I'm, I'm definitely going to try it out because I would, I was actually considering

00:13:13.360 --> 00:13:24.260
buying an extra computer so that I could run, run it isolated. I mean, I know that the, container is way cheaper than an extra computer, but also an extra computer is not that much either.

00:13:24.420 --> 00:13:27.860
So yeah, what do y'all think about this? What do you think, Michael?

00:13:27.860 --> 00:13:39.700
Yeah. It's interesting. I mean, a Mac mini is very cheap, right? If you 400 bucks or something like that, it's, that's a pretty cheap computer. If you want to have a separate machine, but also

00:13:39.700 --> 00:13:44.760
a VM potentially would work if you wanted to have some isolation. I think this is a neat idea.

00:13:44.920 --> 00:13:59.240
I like that it's open source. The one thing I don't like, and I don't know that there's necessarily a great fix for that. It just given the way that it works is it seems like you can have it work on any,

00:14:01.240 --> 00:14:11.240
any terminal command, right? So like Claude code or codex CLI or Gemini CLI, whatever, but say VS Code,

00:14:11.240 --> 00:14:25.240
um, cursor, PyCharm, if you want to run one of those, but have the agents that run in those more proper editors limited, that, that seems harder. You know, it doesn't seem like it supports that.

00:14:26.760 --> 00:14:41.160
Yeah. So that's the way I like to, I honestly, I, this might be a minority opinion, but I think Claude code and friends, the way that they work are an anti pattern for how

00:14:41.960 --> 00:14:53.480
real software developers should be coding. And what I mean by that is Claude code and other CLI ones encourage you to just have the code just like rip by, like do this and it's just like,

00:14:53.480 --> 00:15:03.560
you see the code screaming by and it's like, okay, I'm done. And then your job is like, accept that or whatever, or you wait 10 minutes for it to do a thing. I was doing a project,

00:15:04.520 --> 00:15:12.840
two days ago, Claude code spun up five agents that all ran for 15 minutes in parallel.

00:15:12.840 --> 00:15:27.400
And then it gave me that result. So that's a lot of code changes. And, that's a lot of my credits in addition to just time to wait 15 minutes and see how it came out. So what I much prefer is to have

00:15:27.400 --> 00:15:38.600
some kind of editor VS Code, Python, whatever, where the work is happening. And as it's making changes, I can roll up. Okay. it made this change. Let me look, actually, it's going down

00:15:38.600 --> 00:15:51.160
the wrong path. Hey, stop, stop, stop. No, don't look. You did this wrong. Go that way. You know, you're not following the patterns of this. So with the, just like streaming by like a social media feed,

00:15:51.160 --> 00:16:00.760
it encourages you not to review it while it's working. And I think that that is not right. I know the trend is to like not review code at all, but there's the trend is also to get a bunch of like

00:16:01.400 --> 00:16:07.240
unstable software. So take your pick. Anyway, I don't like the CLI ones because of that.

00:16:07.240 --> 00:16:20.840
Therefore I probably won't be using this, but I would like to, that's my take. Yeah. It's interesting because like, this is similar to, you know, hiring, hiring somebody to do work for you or, or having

00:16:20.840 --> 00:16:34.600
a, an intern or a new hire or something, that you don't quite trust yet. of, of saying, Hey, I want you to do this, this job, but I'd like you to, like, you know, work for like four

00:16:34.600 --> 00:16:43.480
hours at most and then check in, right, right. Like work on it this morning and then check in with me after lunch, something like that. Yeah. Yeah. So with, you wouldn't want like four hours of,

00:16:43.480 --> 00:16:56.840
of, cursor or cloud code to, to run, but you might go, you know, use this many tokens or something and, and then check in to make sure that you're in the right track, or something.

00:16:56.840 --> 00:17:08.120
Yeah. Also testing helps. Testing absolutely helps. It does. It does. But the problem is sometimes the agents are like, that test doesn't seem relevant. It was also hard to make it fixed.

00:17:08.120 --> 00:17:20.840
So we took it out, you know, that's happened to me. And if you got enough, enough tests, it's like, Oh, there's some thousand, 100 something number of tests. You don't notice that the one that

00:17:20.840 --> 00:17:33.880
you really needed is gone, you know? Yeah. Yeah. We're getting out of tangent, but I was listening to a podcast this morning or interview with somebody that had, used, like claws,

00:17:33.880 --> 00:17:45.880
which I haven't, I haven't done any claws yet or anything, but, having a thing that controls lots of agents to do things like control his house, with his pool temperature and lights and

00:17:45.880 --> 00:17:51.480
everything. And I'm like, if I want my lights on in my room, I turn the light switch on.

00:17:53.080 --> 00:18:03.240
I haven't coded anything. In theory, I want a smart home and practice. I'm like, boy, that's not really that helpful. But these are really easy though. okay. well,

00:18:03.240 --> 00:18:08.200
let's go on to the next thing. What do you, what do you got? Indeed. Let's go on to the next thing.

00:18:08.200 --> 00:18:17.000
And this one is, this one is, is called malicious and it, it has to do with

00:18:19.080 --> 00:18:28.040
it's also an AI one. So I know some people are overwhelmed or uninterested in the AI stuff, but I don't think this is the AI in the sense that you're thinking about. This is, this is crazy.

00:18:29.560 --> 00:18:42.920
So this is a, an open source copyright concept and it doesn't necessarily have to do with AI. It just happens to be that AI is the workhorse of it. So check this out. I, and I don't know if this is a,

00:18:42.920 --> 00:18:49.400
a real project that people are making real money. You can, there's like real pricing here.

00:18:51.320 --> 00:19:00.600
So what is the idea? The idea is, so I don't know if this is a real project because it could be put out here to cause such a backlash that it causes a lawsuit. That's what, that's what I'm saying.

00:19:00.600 --> 00:19:14.120
But there is real pricing. So here's the thing. Remember how we had that, there was like this big debate just, I think last week about Chardet, right? Yeah. Chardet, Chardet, that the current

00:19:14.120 --> 00:19:28.840
maintainer who is not the original copyright holder had AI recreate one, create the library based like one generate the description and the specifications. And then another one that has never seen any of the

00:19:28.840 --> 00:19:41.800
code, take that and then turn that into the new project seven Oh, and then change the license because this new bit of code is no longer the same thing, right? Basically this is that as a service.

00:19:43.000 --> 00:19:55.080
Interesting. Yeah. So it calls a clean room as a service. Finally, liberation from open source obligations. It's pretty shady. You guys, this is, this is bad news. Our proprietary AI robots

00:19:55.080 --> 00:20:06.760
independently recreate open source projects from scratch. The receipt, the result, legally distinct code with corporate friendly licensing, no attribution, no copy left, no problem.

00:20:08.440 --> 00:20:16.120
And there's pricing for this. I know it's really crazy. So the pricing is transparent paper kilobyte pricing.

00:20:17.320 --> 00:20:24.920
So it's focused on JavaScript at the moment. Every package is priced by its unpacked size on npm. How about that?

00:20:25.080 --> 00:20:33.640
So for example, left pad, left pad, if you wanted a copyright, not copy left, left pad,

00:20:34.680 --> 00:20:46.520
it would cost 50 cents. If you want to express the node JS powered web framework, 73 cents. You want

00:20:47.320 --> 00:20:52.440
um, moment. I don't know what moment is. Apparently it's pretty big. It costs $42.

00:20:52.440 --> 00:20:56.360
What do you think about this Brian? This is nuts, huh?

00:20:57.880 --> 00:21:02.360
Is this, it's this real? I mean, like it could be.

00:21:03.960 --> 00:21:11.000
That's like, like I said, I don't know if this is real or not, but I think it is, it is a real copyright conversation and it is a real.

00:21:11.000 --> 00:21:12.200
It's called Malice.

00:21:12.200 --> 00:21:18.760
I know. I don't know. Yeah. I think we need, we need to create a competing one. That's called spite.

00:21:22.440 --> 00:21:23.400
Spite and Malice.

00:21:23.400 --> 00:21:29.000
Anyway, amazing. Liberate open sources to H2. Like how, how not so is this?

00:21:30.200 --> 00:21:43.480
Like I said, I think it could be something that's just trying to get attention to this problem and like cause some kind of final legal decision to come down about it. Or it could be something people are just paying money. Well, yeah, we'll take it. Yeah. I honestly don't know.

00:21:44.520 --> 00:21:55.400
You know what, what, what's creepy is like a decent, like an evil, but decent business model might be to do something like this and just keep track of all the companies that have paid you to

00:21:55.400 --> 00:22:05.480
steal from open source. and then, you know, and then like, you know, sue them or, or like,

00:22:05.480 --> 00:22:13.800
you know, anyway. Yeah. Well, I leave this here for people to riminate about, but I do think

00:22:13.800 --> 00:22:21.480
it's pretty wild. I think it's pretty wild. I also, I guess it's good to talk about it because people are

00:22:21.480 --> 00:22:29.080
going to do this anyway, right? People are going to try to do clean room solutions and yeah, around

00:22:29.080 --> 00:22:38.520
stuff. Clean room solutions have worked. I mean, there was, Miguel de Caza. I don't know how

00:22:38.520 --> 00:22:52.360
that, I'm not sure how to spell it. The guy created mono, the, which was the open, open source version of .net when .net was, or yeah, of .net and C# when it was still

00:22:52.920 --> 00:23:04.280
completely commercial and just made sure that whoever they hired to work on it had never looked at the source code or work, you know, and they rebuilt it. And ultimately the outcome was that

00:23:04.280 --> 00:23:15.160
Microsoft bought them because they thought that open source was better later instead of, instead of a virus or whatever they called it. So, I mean, that's a, that's a historical precedent for this clean

00:23:15.160 --> 00:23:27.720
room concept. But if you just, the difference is that took multiple people six months to a year, whereas this is like an afternoon. You know what I mean? If you turn Claude code loose on it.

00:23:27.720 --> 00:23:40.280
It's just the world right now. Yeah. Yeah. This is the world right now. But anyway, I honestly don't know how I feel about this. I mean, it seems like a really crappy thing to do at the same time. It seems

00:23:40.280 --> 00:23:54.280
like you should be able to look, you know, in the Google, Google versus I think Oracle case. So the case about Java and I think it was Java and Android, the Supreme court, whatever the highest court it went

00:23:54.280 --> 00:24:07.560
to ruled that APIs, the signature of the APIs are not copyrightable. Right? So that's, that's part of the precedence, but this is, this is the internals. But if you take something and scrape out,

00:24:07.560 --> 00:24:21.720
these are all the APIs and here's a description of what it does, you know, and you feed that to an AI, that's pretty close to doing what Google did, but they had a team of hundreds of people or something. You know what I mean? Like, I don't know. I, like I said, I don't know how to feel

00:24:21.720 --> 00:24:32.360
about this. I'm just going to put this out there for people's awareness and move on to your next topic, Brian. Well, I want to talk about, just change it up a little bit and talk about security.

00:24:32.360 --> 00:24:43.080
So, so this one comes from us, from Matthias, showroom, I think anyway,

00:24:43.080 --> 00:24:56.440
uh, thanks Matthias. I sent us, sent it in through email, which yeah, we've very easy to find email. So the article, this is kind of fun because in the email he said,

00:24:56.440 --> 00:25:08.760
you know what, I've been, I wanted to suggest this, but also, this topic, but also I'm trying to get better about writing blog posts and, and I appreciate that because we, we like blog posts.

00:25:09.320 --> 00:25:22.760
I like to read blogs. So there's a, he's got an article called harden your GitHub action workflows with Zizmor dependency pinning and dependency cooldown. So there's three topics to, so you've got,

00:25:22.760 --> 00:25:28.600
um, and actually this came up because he was looking at an article like, please let me get this.

00:25:28.600 --> 00:25:35.720
Okay. Like, from step security saying an AI powered bot actively exploited GitHub actions,

00:25:35.720 --> 00:25:49.000
uh, micro involving Microsoft data dog CNF projections, lots of things. So this sort of, you have to, basically making sure you get have actions are secure. Also not just your,

00:25:49.000 --> 00:26:03.160
whatever thing you're building, but your, your actions might have a problem. So, we had actually covered Zizmor, but I went, I went and looked and see, to see when it was. So it was,

00:26:03.160 --> 00:26:17.960
um, episode 408, November, 2024. We covered Zizmor and, and then look at the, look at the repo. So Zizmor repo, it's Zizmor is a static analysis tool for GitHub actions.

00:26:17.960 --> 00:26:29.960
I thought it was pretty cool. So we covered it and it's got a bunch of sponsors now and look at the star count. Hmm. We covered it in, in November, 2024. And right after that, it kind of took off.

00:26:29.960 --> 00:26:32.600
Wow. That thing totally hockey sticked. How about that?

00:26:32.600 --> 00:26:38.760
Well, maybe it's because of us, who knows? Probably not. But anyway, so that's pretty cool.

00:26:38.760 --> 00:26:40.680
I'm sure at least one of those stars is from us.

00:26:40.680 --> 00:26:55.560
At least one of the stars. Yeah. Like the one I put on there maybe. anyway, so the, so what, what can you do? So there's a supply chain issues, doing static analysis of

00:26:55.560 --> 00:27:08.040
your GitHub actions, definitely, something to do. And this is not, what I'd like to put out is this is not just, it is business critical stuff. It's really anything that you're putting out on,

00:27:08.040 --> 00:27:19.080
on, on GitHub and especially things that you're releasing, through PI PI, because even your little like left pad thing might get exploited, whatever you might not think about it, but

00:27:19.080 --> 00:27:31.160
somebody else could take advantage of it. So it's just to lock stuff down. So we've got, so we've got the static analysis. The other, the other thing he brought up is dependency pinning.

00:27:31.160 --> 00:27:45.000
So, and this is related to the light LLM, exploit, from last week, which I don't think we covered, but hopefully everybody heard about this. so there's one of the, and this, this one is

00:27:45.000 --> 00:27:53.000
creepy because apparently the, the, even if you pinned the dependency in it with version numbers,

00:27:53.000 --> 00:28:00.440
that wasn't enough because a malicious, a malicious package got over, overrode the, the,

00:28:01.320 --> 00:28:09.880
um, the binary with the same version number. So you, you really should be checking the SHA key.

00:28:09.880 --> 00:28:22.600
Is that Shah or SHA? I don't know how to pronounce it. I think typically said Shah, but if you call, you talk about the, hashing algorithm, I think people say SHA, SHA. So it could go either way,

00:28:22.600 --> 00:28:35.160
right? So, but some of those, some of those are a little bit, a little bit hard to, I mean, it's hard to do deal with. It's not really hard, but it's, it's less of a, it's more of a pain than

00:28:35.160 --> 00:28:48.840
just typing out the version. So there's a, there's a tool apparently called renovate that helps, for, helps for that, that part of it. and you know, uv pins, you, like I was

00:28:48.840 --> 00:29:00.760
going to say uv locks, but now we have a problem with the uv locks on, so, Jack Kerr- Whack-a-mole. It's like whack-a-mole. It's definitely whack-a-mole. So, so using things

00:29:00.760 --> 00:29:13.160
to, to check, to tech, check those shahs also, and then dependency cooldowns. I think you brought this up either last week or recently. Yeah. to be able to say, hey, I'm going to update

00:29:13.160 --> 00:29:24.440
everything, but don't update if, if, if anything's like newer than seven days or something like that. Yeah. I would like to point out that I do not do this. I do not. When I say it, I say one

00:29:24.440 --> 00:29:37.960
week. Oh, you do, you just, that's an improper fraction right there is what that is. No, I'm just kidding. I literally have mine says one week that says seven days, but whatever. Same idea. It's, I think it's a very, it solves the problem that I talked about and it solves the problem.

00:29:38.680 --> 00:29:47.400
because after seven days, that thing's not going to exist on the package manifest, right. And it solves the problem here. It's a, it's a super simple thing and it's not perfect,

00:29:47.400 --> 00:29:58.520
but it's a layer of defense. Yeah. So I do, this is a, I don't think this is too much. So I think that I'm going to, I'm going to, I've got a project that I'm a little, yeah, I'm going to try this out.

00:29:58.520 --> 00:30:08.760
I'm going to try these things. And it's, my guess is it's going to take me longer to figure out what to do than to actually implement everything. So yeah, that's how a lot of stuff is like. I changed,

00:30:08.760 --> 00:30:23.720
I had to change one line, but it took me two days of research to figure out what the right choice to that one line was. I mean, and let's, let's get real. I'm just going to point an agent at this article and say, could you do all this stuff for my friend? This seems like a problem. Read it,

00:30:23.720 --> 00:30:35.800
fix it, research it, fix it. Yep. Exactly. Maybe get a, you can get a non GPL version if you put, pay a few, few cents and send it to malicious. All right. So a real time follow up. I just want to,

00:30:35.800 --> 00:30:40.680
I forgot to credit Paul Bauer who sent in the thing about malicious. So thanks for that.

00:30:40.680 --> 00:30:51.880
And you mentioned left pad. I was curious, is there a Python left pad? Yes. In fact, there is a Python left pad. Really? Yes. Inspired by the famous left pad package on npm that broke

00:30:51.880 --> 00:31:04.600
the internet. It's a joke. I mean, but it works. You can pip install it. It's called it a port of the infamous left pad npm package. Interesting. Okay. Yeah.

00:31:06.600 --> 00:31:20.280
okay. I think we're on to extras. I just said, I have one. Do you have, do you have some extras? Yeah, I'll go ahead and go first. Since I have my, screen. Yeah. All

00:31:20.280 --> 00:31:29.400
right. So I want to talk about a new SAS that I released Brian, that people have seen me, see me using, but they don't know that that's what I had anything to do with me called interview queue.

00:31:30.040 --> 00:31:40.760
So this is a Python built platform for doing podcasts. So if people are out there, there are content creators that are podcasters that are, they do interviews, whatever,

00:31:41.640 --> 00:31:53.880
give this thing a look. The whole idea is from starting out with like bracelet about an idea all the way until you push something out as a final bit of audio file or video or whatever. It, it's there

00:31:53.880 --> 00:32:08.680
to like make every step a little bit easier and guide that. So I knew I was going to talk about that this week. So last week I pressed a stopwatch, start, stop when I, from the time I had downloaded the audio files from our interview last week until I had shipped it with chapters, with

00:32:09.400 --> 00:32:21.800
album art, all that kind of stuff, edited final, like raw video down, right. Audio downloaded to final audio and the podcast feed, 18 seconds, 51, 18 minutes, 51 seconds. Oh, wow.

00:32:21.800 --> 00:32:35.960
Wow. So super excited about this. Mostly I built it for myself, but I thought, you know, I'll put in some extra effort, keep fine. I actually, I had to rewrite it three times because I'm like, yeah, this is the right UI metaphor for how this works. And I tried it on a few podcast

00:32:35.960 --> 00:32:40.680
episodes. I'm like, Nope, no, it's not. This is horrible. I can't be, it's just so disorienting.

00:32:40.680 --> 00:32:52.920
Do it again. I think it's really nailed now. So people are doing podcasts or interviews. I know that's not most people listening, but it's a really cool Python app. It's, it's a mega app. It's like 75,000 lines of Python or something. It does a bunch of stuff. Okay. Nice.

00:32:52.920 --> 00:33:06.280
Yeah. Thanks. Good dog fooding. Yes. Dog fooding. And I built for myself. One of the things that I learned as part of that is so that gives people 250 megs of free storage unlimited. It does free

00:33:06.280 --> 00:33:20.360
transcripts. It does all that kind of stuff. One of the things that makes that work is you need to be able to store stuff. That's not too expensive. So if you store something on S3 or something like that,

00:33:21.080 --> 00:33:34.040
Azure blob storage, probably the same price. They all seem to copy each other, except for digitalization, which is a little bit cheaper at seven. I know it's, it's at one cent per gigabyte

00:33:34.040 --> 00:33:46.840
per month for a regular S3 storage. But they just came out with a thing called spaces, which is their S3 cold storage. So you can put something up and say, I'm not going to access

00:33:46.840 --> 00:33:59.720
it very much. And if I do access it, it costs a little tiny bit more. Like instead of it costs a cent per gigabyte when you access it. So, which is, you know, more than their, their default pricing or

00:33:59.720 --> 00:34:14.040
whatever. But if you don't access it, it's 0.007 cents per gigabyte per month. Think how cheap that is. That is awesome. And you don't have to have like, oh, we have Glacier, which is its own

00:34:14.040 --> 00:34:29.000
storage system. And then if we want to, we can move it back into S3 and out of us, like it's literally the same API as S3. You just use Bodo to talk to it. But if you, your access pattern is very infrequently, which, you know, it is, you record a podcast, maybe you touch it once or twice.

00:34:30.520 --> 00:34:43.880
There's like a little cool trick with disk cache. So most of the time, when it's sort of in an active mode, it doesn't even go to the internet and just works with like a local volume at Hetzner. And then if it needs to go back, it's, it's still pretty cheap. Isn't that cool?

00:34:45.880 --> 00:34:49.960
What, so what would you put in the cloud that you don't access very often?

00:34:49.960 --> 00:35:00.360
Backup files, like, so for example, let's say you want to store the, for, let's go back to interview queue as something concrete, right? Just so it's concrete. One of the things that we'll do

00:35:00.360 --> 00:35:13.880
is that we'll generate transcripts for you. So it could take that, that VTT or SRT file or whatever, like a text file, put it into this cold storage, also put like a 30 day local cache where it works

00:35:13.880 --> 00:35:27.400
with it. But after that, it just, you know, it runs out of space, it throws it away. So maybe it's in this little local cache for like the two days that you're editing the podcast. But how often do you go back to a podcast you did last year and then pull up the transcript segment and want to look at

00:35:27.400 --> 00:35:37.240
it? Most people who would use a service like this would just go like, well, once I've produced it and downloaded the final transcript, like they don't go back and mess with it again. Right. So it's that kind

00:35:37.240 --> 00:35:51.880
of thing. It's like when you're creating something or you're actively editing it, then you want those files there, you want that access, but then pretty soon it's going to fall into like, I just want it historically kept for me. I think there's a lot of access patterns for that. All right.

00:35:52.440 --> 00:36:03.480
Back to fire and forget. So I talked about this last week, this fire and forget pattern and how this was pretty sketch that I thought I still believe that to be true. I have two things on it.

00:36:03.480 --> 00:36:14.120
One, I'm sorry, I don't remember who sent me this message. I can't, I'm sorry, I can't remember who sent me this, but thank you for sending me. They said, actually, I said, starting in Python 312,

00:36:14.120 --> 00:36:26.680
this has been a problem. What they said is starting in Python 312, what happened is the documentation pointed out that this was a problem. Whereas previously it was a silent sort of unknown issue.

00:36:26.680 --> 00:36:37.320
So they think that it has been there since three, four, three, whenever, whenever create tasks got defined and asyncio got defined, you know, the year before async and await, which I think that's three,

00:36:37.320 --> 00:36:47.800
five. Anyway, for a long, long time that it has been there, but in 312, the documents were, documentation was updated. Say, Hey, this is a problem. Be aware of it. So it could be that this

00:36:47.800 --> 00:36:58.680
has always been a problem. And it's just that, you know, the, the, for people who don't know, if you just go and say, Hey, I want to fire something off in the background to let it run on

00:36:58.680 --> 00:37:03.480
the event loop, asyncio dot create task. And you give it the async function.

00:37:03.480 --> 00:37:15.480
That's not enough. That is not enough to keep it from getting garbage collected potentially because the loop itself doesn't hang onto it. Okay. So that's the, that's the issue, right?

00:37:15.480 --> 00:37:22.760
They think that that's been the case forever and they just document it in 312. So thanks for pointing that out. I don't know that should be true. I looked into it and didn't find a great answer.

00:37:23.560 --> 00:37:36.680
The next thing though, is, another person pointed out, Richard pointed out that Will McGugan wrote an article called the Heisen bug lurking in your async code. What does it talk about?

00:37:36.680 --> 00:37:47.320
Well, if you do create task, guess what? It could be garbage collected. It may disappear without warning during garbage collection. And so that's all well and good. Thanks Will for writing that. So I did

00:37:47.320 --> 00:38:00.680
another post that sort of talked about that. But what's interesting is luckily, Will added numbers and concrete search values. So if I go here, there are wait for it, 586,000 separate code files that

00:38:00.680 --> 00:38:11.320
have this pattern because people would tell me it's not a problem, Michael. You, this is some weird edge case that only you care about me and the 586,000 other people. All right. Look at this. The very first

00:38:11.320 --> 00:38:20.840
hit is like, boom, they're not putting it into like, so not every one of these 586,000 actually, like,

00:38:20.840 --> 00:38:31.720
this is actually a documentation line here. This one, they are holding the task. But even on the first page, which is like a very small amount of those half a million, there's five instances where they're

00:38:31.720 --> 00:38:46.280
doing the thing that you said you're not supposed to do. So, all right. That's it for my extras. But I thought that would be a fun follow up on two accounts. Yeah. I just have one extra. And that is,

00:38:46.280 --> 00:38:59.000
is that GitHub is, well, I went to GitHub this morning and noticed that on April 24th, they're going to, GitHub Copilot is going to start recording interaction data for their AI model

00:38:59.000 --> 00:39:04.520
training unless you opt out. So a company is actually asking before they spy on you. So that's nice.

00:39:04.520 --> 00:39:11.720
But they're going to spy on you. Yeah. Well, you can opt, apparently you can opt out.

00:39:11.720 --> 00:39:25.320
Yes. I've already opted out. Have you? Yeah. I was gonna, and I'm like, do I really care how, how they, my GitHub interactions or? And honestly, it's kind of a no op for me or,

00:39:25.320 --> 00:39:29.560
you know, tree falls in the forest. No one dares to hear it. Like actually the tree does still fall.

00:39:29.560 --> 00:39:42.760
That's a pretty human centric perspective of the world, but this is GitHub Copilot interaction, not your repository data, right? That's what it says on April 24th. We'll start using GitHub

00:39:42.760 --> 00:39:48.280
Copilot interaction data for AI model training, unless you say no, I don't use GitHub Copilot.

00:39:49.400 --> 00:39:53.080
So maybe they can have all my interactions or none of them. They'll be the same.

00:39:54.920 --> 00:40:03.320
When I first saw that, I thought, oh, they're going to start there. They're asking for permission to use my code in my repository and my issues and stuff for training. But that doesn't sound like

00:40:03.320 --> 00:40:10.280
what it is. What are they? Okay. The GitHub Copilot interactions with. Yeah.

00:40:12.440 --> 00:40:17.720
So the one, probably the ones I'm responsible for, like when am I using GitHub Copilot? Okay.

00:40:17.720 --> 00:40:30.120
Yeah. And like, if you go to the GitHub homepage, there's a ask Copilot sort of thing. And there's other, you know, there's other areas where if you do a search, I think some Copilot stuff in the PR,

00:40:30.120 --> 00:40:35.400
you might be, especially if you're a paid user of Copilot, that's a very, that's a much bigger thing.

00:40:35.400 --> 00:40:46.360
Yeah. One of the interesting things is you can ask, where'd it go? Yeah. I think you can ask, you can ask an agent to like, oh yeah, here, here we go. If I'm looking at an issue,

00:40:46.920 --> 00:40:50.760
you can assign it to an agent to have them fix it. Yeah.

00:40:50.760 --> 00:41:03.880
I haven't tried this. I might try this on this one. I've, I've already been having mine do that, but not through Copilot. In Claude code, I just say, hey Claude, issue 199 of this repository. I

00:41:03.880 --> 00:41:08.440
would like to work on that. Can you get, can you plan that out with me and have a conversation?

00:41:09.480 --> 00:41:15.080
It just goes, logs into GitHub, using the GH CLI, pulls it down, understands it, and then,

00:41:15.080 --> 00:41:24.520
then keeps working with it. So it's not exclusive to, to GitHub and Copilot if you have the GH CLI

00:41:24.520 --> 00:41:38.680
installed, which is very cool. Okay. Yeah. That looks more scary to me before. And now I'm like, actually, I don't care. I don't care. So, should we talk about something funny?

00:41:39.400 --> 00:41:43.560
We shall make a joke. So I, for an interview queue, my press mark is asked. There we go.

00:41:44.280 --> 00:41:58.920
So I can't tell for sure if we did this before, but if so, it's been long enough that I think it'll be fun. Okay. All right. So Will Smith and iRobot, I think that's a good sort of future, but looking back

00:41:58.920 --> 00:42:08.040
to like now type of thing, right? So Will Smith talking to one of these robots, can LL, can an LLM write

00:42:08.040 --> 00:42:14.680
maintainable code? The LLM, the robot stares back with its like mechanical eyes. Can you?

00:42:17.480 --> 00:42:19.480
Oh snap. Oh snap.

00:42:24.040 --> 00:42:24.360
Yeah.

00:42:26.280 --> 00:42:34.440
I mean, it's a funny joke. I think it's a funny joke just because of the time and so on. And there's a lot of variations that you could have on it. I haven't read the comments. We have to read the comments, but

00:42:34.440 --> 00:42:45.160
there are certainly coworkers I've had in the past who I would take cloud code over that coworker for working on my code together.

00:42:47.640 --> 00:42:48.680
Yeah, definitely.

00:42:49.320 --> 00:42:49.880
Yeah. Yeah.

00:42:49.880 --> 00:42:59.960
Not saying the clock code is perfect. I just want to let it run loose, but I've had some people are like pretty bad, especially people taking some of my training classes and like, how did you get into this?

00:42:59.960 --> 00:43:13.640
I mean, this company? I had some, I'll tell you, I don't want people to feel like I'm making fun of people over like being too picky or elitist. This is a person who worked at a, either a bank,

00:43:14.520 --> 00:43:21.480
let's say a bank, like something like a bank, like a big enterprise company. And this was when I was

00:43:21.480 --> 00:43:30.440
teaching C# way back in the day and we would do like an hour's worth of presentation and demos.

00:43:30.440 --> 00:43:40.120
And then it was okay. Now you guys for the next hour, work on this thing. That's like a derivative version of what we've been talking about. Right. And this person who has been employed at this company

00:43:40.120 --> 00:43:50.600
for six months as a software developer, professionally at a bank, read the instructions, said, Michael, I need help. I said, Oh, no problem. What's going on here? Like, well, I can't get this to work.

00:43:50.600 --> 00:44:02.680
And they had variable name equals some sentence, no quotes around it. I said, Oh, you got a couple problems here. That's a string. So you need to put quotes around the string. What are you talking about?

00:44:04.280 --> 00:44:13.240
I don't know what to tell you. Like you need to put the quote character, the beginning and end. So like the compiler knows that this is actually a string bit, not just other keywords and stuff.

00:44:13.240 --> 00:44:23.880
Like, see the thing left of the enter shift, press that and put it at the beginning. It was like a challenge to get those quotes in there. And then it still wouldn't work. I'm like, Oh, you could,

00:44:23.880 --> 00:44:36.440
you have to declare the variable as a string. Like, so you have to say string space, email equals whatever, or whatever it was. Right. What do you mean? Six months as a professional developer in this language,

00:44:36.440 --> 00:44:47.080
this is not like where they're starting this language. I'm like, okay, I will take clock code all day. I will take this robot thing all day over that as a coworker. Seriously. So I don't think

00:44:47.080 --> 00:44:59.800
I'm being harsh to say that that's, that's out of bounds of like, you shouldn't be, you should have gotten past that step after six months, eight hours a day. So lesson out there. If you know what

00:44:59.800 --> 00:45:07.720
quotes are, you might be able to get a job. You know how to make a string in a programming language.

00:45:07.720 --> 00:45:13.880
Okay. While we're on the tangent, I'll just get one more tangent. So I had an interview once,

00:45:13.880 --> 00:45:23.160
somebody came in and it was, it was a contract position, but, but still I usually start

00:45:23.160 --> 00:45:36.440
with a real low ball question just to, just to make sure. So, and I usually say something like, okay, I just want to write a function that in Python, write a function in Python that takes,

00:45:37.640 --> 00:45:52.440
takes a user input string or takes a string and, or actually, what is it? Write a function that takes two numbers and adds them and returns the answer. This was a long, it took a while to get to the point

00:45:52.440 --> 00:46:03.400
where I could say, let's actually, let's stop. And I, and I don't want to try to be cold. So I usually like ask about their background and whatever, and, and fill out the hour. But it was clear that this

00:46:03.400 --> 00:46:09.240
wasn't going to work because they, this first, they started out with like print statements to the

00:46:09.240 --> 00:46:18.440
standard out and, and using the input command to get user data. And I'm like, no, it's a function.

00:46:18.440 --> 00:46:27.800
It just has parameters. That's it. Oops. So yeah. Anyway, lots, lots of different backgrounds that get

00:46:27.800 --> 00:46:35.240
into software. So yeah, yeah, yeah, definitely some that I would, I would take an agent over. So, but

00:46:35.960 --> 00:46:44.040
that's funny. Let's look at the comments real quick. Okay. John says, man, this is going to slay on LinkedIn.

00:46:44.040 --> 00:46:51.000
Oh my gosh. Yeah.

00:46:53.560 --> 00:46:56.120
Right. Everyone acting like they're Linus Torvalds.

00:47:00.760 --> 00:47:12.440
Yeah. So would you, LinkedIn's weird. I, I, every time I peek my head into LinkedIn, I like try to back out because I think it's all just full of bots. I don't think there's any people there left. So.

00:47:12.440 --> 00:47:16.760
Yeah. Well, you haven't embraced your a hundred day ones attitude.

00:47:17.720 --> 00:47:27.800
Guess not. Anyway, a good episode. Fun talking with you. Thanks to everybody that, that showed up to listen and we'll see you all next week. Bye everyone.

00:47:27.800 --> 00:47:28.800
Bye.