Planet Python

Over the past year or two, I've been heavily using FastAPI in my day job. I've been around the Python web framework block, and I gotta say, FastAPI really succeeds in its mission of building on the strengths of its predecessors (particularly Django and Flask), while feeling more modern and adhering to certain opinionated principles. In my opinion, it's pretty much exactly what the best-in-breed of the next logical generation of web frameworks should look like.

¡Ándale, ándale, arriba!
Image source: The Guardian

Let me start by lauding FastAPI's excellent documentation. Having a track record of rock-solid documentation, was (and still is!) – in my opinion – Django's most impressive achievement, and I'm pleased to see that it's also becoming Django's most enduring legacy. FastAPI, like Django, includes docs changes together with code changes in a single (these days called) pull request; it clearly documents that certain features are deprecated; and its docs often go beyond what is strictly required, by including end-to-end instructions for integrating with various third-party tools and services.

FastAPI's docs raise the bar further still, with more than a dash of humour in many sections, and with a frequent sprinkling of emojis as standard fare. That latter convention I have some reservations about – call me old-fashioned, but you could say that emoji-filled docs is unprofessional and is a distraction. However, they seem to enhance rather than detract from overall quality; and, you know what, they put a non-emoji real-life smile on my face. So, they get my tick of approval.

FastAPI more-or-less sits in the Flask camp of being a "microframework", in that it doesn't include an ORM, a template engine, or various other things that Django has always advertised as being part of its "batteries included" philosophy. But, on the other hand, it's more in the Django camp of being highly opinionated, and of consciously including things with which it wants a hassle-free experience. Most notably, it includes Swagger UI and Redoc out-of-the-box. I personally had quite a painful experience generating Swagger docs in Flask, back in the day; and I've been tremendously pleased with how API doc generation Just Works™ in FastAPI.

Much like with Flask, being a microframework means that FastAPI very much stands on the shoulders of giants. Just as Flask is a thin wrapper on top of Werkzeug, with the latter providing all things WSGI; so too is FastAPI a thin wrapper on top of Starlette, with the latter providing all things ASGI. FastAPI also heavily depends on Pydantic for data schemas / validation, for strongly-typed superpowers, for settings handling, and for all things JSON. I think it's fair to say that Pydantic is FastAPI's secret sauce.

My use of FastAPI so far has been rather unusual, in that I've been building apps that primarily talk to an Oracle database (and, indeed, this is unusual for Python dev more generally). I started out by depending on the (now-deprecated) cx_Oracle library, and I've recently switched to its successor python-oracledb. I was pleased to see that the fine folks at Oracle recently released full async support for python-oracledb, which I'm now taking full advantage of in the context of FastAPI. I wrote a little library called fastapi-oracle which I'm using as a bit of glue code, and I hope it's of use to anyone else out there who needs to marry those two particular bits of tech together.

There has been a not-insignificant amount of chit-chat on the interwebz lately, voicing concern that FastAPI is a one-man show (with its BDFL @tiangolo showing no intention of that changing anytime soon), and that the FastAPI issue and pull request queues receive insufficient TLC. Based on my experience so far, I'm not too concerned about this. It is, generally speaking, not ideal if a project has a bus factor of 1, and if support requests and bug fixes are left to rot.

However, in my opinion, the code and the documentation of FastAPI are both high-quality and highly-consistent, and I appreciate that this is largely thanks to @tiangolo continuing to personally oversee every small change, and that loosening the reins would mean a high risk of that deteriorating. And, speaking of quality, I personally have yet to uncover any bugs either in FastAPI or its core dependencies (which I'm pleasantly surprised by, considering how heavily I've been using it) – it would appear that the items languishing in the queue are lower priority, and it would appear that @tiangolo is on top of critical bugs as they arise.

In summary, I'm enjoying coding with FastAPI, I feel like it's a great fit for building Python web apps in 2024, and it will continue to be my Python framework of choice for the foreseeable future.

10 years and 10 days ago I flew home from my very first Python conference.

I left a few days into the PyCon US 2014 sprints and I remember feeling a bit like summer camp was ending. I’d played board games, contributed to an open source project, seen tons of talks, and met a ton of people.

My first Python conference: PyCon US 2014

PyCon 2014 was the first Python conference I attended.

At the start of the conference I only knew a handful of San Diegans. I left having met many more folks. Some of the folks I met I knew from online forums, GitHub repos, or videos I met Kenneth Love, Baptiste Mispelon, Carl Meyer, Eric Holscher in-person, among many others. Most folks I met I had never encountered online, but I was glad to have met in person.

For the most part, I had no idea who anyone was, what they did with Python, or what they might be interested in talking about. I also had no idea what most of the various non-talk activities were. I found out about the Education Summit and hadn’t realized that it required pre-registration. The open spaces are one of my favorite parts of PyCon and I didn’t even they existed until PyCon 2015.

I did stay for a couple days of the sprints and I was grateful for that. Most of the memorable human connections I had were during the sprints. I helped PyVideo upgrade their code base from Python 2 to Python 3 (this was before Will and Sheila stepped down as maintainers). Will guided me through the code base and seemed grateful for the help.

I also got the idea to write front-end JavaScript tests for Django during the sprints and eventually started that process after PyCon thanks to Carl Meyer’s guidance.

Attending regional conferences and DjangoCon

In fall 2014, I attended Django BarCamp at the Eventbrite office. That was my first exposure to the idea of an “unconference”… which I kept in mind when I spotted the open spaces board at PyCon 2015.

Before coming back to Montreal for PyCon 2015, I emailed Harry Percival to ask if he could use a teaching assistant during his tutorial on writing tests. His reply was much more enthusiastic than I expected: “YES YES OH GOD YES THANK YOU THANK YOU THANK YOU TREY”. I was very honored to be able to help Harry, as my testing workflow was heavily inspired by many blog posts he’d written about testing best practices in Django.

I coached at my first Django Girls event in 2015 in Ensenada and then my second at DjangoCon 2015 in Austin. I gave my first lightning talk at DjangoCon 2015, comparing modern JavaScript to Python. It was a lightning talk I had given at the San Diego JavaScript and San Diego Python meetups.

In 2016, I attended PyTennessee in Nashville. I remember attending a dinner of of about a dozen folks who spoke at the conference. I was grateful to get to chat with so many folks whose talks I’d attended.

Presenting talks and tutorials

I presented my first conference tutorial at PyCon 2016 in Portland and my first talk at DjangoCon US 2016 in Philadelphia. I had been presenting lightning talks every few months at my local Python and JavaScript meetups for a few years by then and I had hosted free workshops at my local meetup and paid workshops for training clients.

Having presented locally helped, but presenting on a big stage is always scary.

Volunteering

I volunteered at some of my first few conferences and found that I really enjoyed it. I especially enjoyed running the registration desk, as you’re often the first helpful face that people see coming into the conference.

During PyCon 2016, 2017, and 2018, I co-chaired the open spaces thanks to Anna Ossowski inviting me to help. I had first attended open spaces during PyCon 2015 and I loved them. Talks are great, but so are discussions!

I also ran for the PSF board of directors in 2016 and ended up serving on the board for a few years before stepping down. After my board terms, I volunteered for the PSF Code of Conduct working group for about 6 years. I didn’t even know what the PSF was until PyCon 2015!

A lot of travel… maybe too much

After DjangoCon 2016, I went a bit conference-wild. I attended PyTennessee 2017, PyCaribbean 2017 in Puerto Rico, PyCon US 2017 in Portland, PyCon Australia 2017 in Melbourne, DjangoCon 2017 in Spokane, PyGotham 2017 in NYC, and North Bay Python 2017 in Petaluma.

In 2018 I sponsored PyTennessee and PyOhio and spoke at both. I passed out chocolate chip cookies at PyTennessee as a way to announce the launch of Python Morsels. I also attended PyCon 2018 in Cleveland, DjangoCon 2018 in San Diego, PyGotham 2018, and North Bay Python 2018.

I slowed down a bit in 2019, with just PyCascades (Seattle), PyCon US (Cleveland), PyCon Australia (Sydney), and DjangoCon US (San Diego, which is home for me).

Since the pandemic

Since the start of the pandemic, I’ve attended PyCon US 2022, DjangoCon 2022 in San Diego (in my city for the third time!) and PyCon US 2023. Traveling is more challenging for me than it used to be, but I hope to attend more regional conferences again soon.

Between client work, I’ve been focusing less on conferences and more on blog posts (over here), screencasts, my weekly Python tips emails, and (of course) on Python Morsels.

My journey started locally

I became part of the Python community before I knew I was part of it.

I started using Python professionally in December 2009 and I attended my first San Diego Python meetup in March 2012. I met the organizers, gave some lightning talks, attended Saturday study group sessions (thanks Carol Willing, Alain Domissy, and others for running these), and volunteered to help organize meetups, study groups, and workshops.

By 2014, I had learned from folks online and in-person and I had helped out at my local Python meetup. I had even made a few contributions to some small Django packages I relied on heavily.

I was encouraged to attend PyCon 2014 by others who were attending (thanks Carol, Micah, and Paul among others). The conference was well-worth the occasional feeling of overwhelm.

We’re all just people

The biggest thing I’ve repeatedly learned over the past decade of Python conferences is that we’re all just people.

Carol Willing keynoted PyCon US 2023. But I met Carol as a kind Python user in San Diego who started the first Python study group meetings in Pangea Bakery on Convoy Street.

Jay Miller will be keynoting PyCon US 2024. But I met Jay as an attendee of the Python study group, who was enthusiastic about both learning and teaching others.

My partner, Melanie Arbor, keynoted DjangoCon 2022 along with Jay Miller. When I met Melanie, she was new to Python and was very eager to both learn and help others.

David Lord has made a huge impact on the maintenance of Flask and other Pallets projects. I met David as a Python study group attendee who was an enthusiastic StackOverflow contributor.

I learned a ton from Brandon Rhodes, Ned Batchelder, Russell Keith-Magee, and many others from online videos, forums, and open source projects before I ever met them. But each of them are also just Python-loving people like the rest of us. Russell gives good hugs, Ned is an organizer of his local Python meetup, and Brandon wears the same brand of shoes as me.

We all have people we’ve learned from, we suffer from feelings of inadequacy, we get grumpy sometimes, and we care about the Python language and community in big and small ways.

What’s next for you?

Will you attend a local meetup? Or will you attend an online social event?

If so, consider asking the organize if you can present a 5 minute lightning talk at a future event. As I noted in a DjangoCon 2016 lightning talk, lightning talks are a great way to connect with folks.

Will you attend a Python conference one day? See having a great first PyCon when/if you do.

Remember that we’re all just people though. Some may have a bit more experience (whether at speaking, contributing to open source, or something else), but we’re just people.

We all know that tools like ChatGPT have really empowered developers to tackle bigger problems. Are you using TailwindCSS and need a login page? Try asking Chat "What is the HTML for a login page with the login username, password, and button in its own section in the center of the page?" It will literally give you a first pass version of it. But how far can you push this? Fred Tubiermont may have taken it farther than most. He built a functioning SaaS product with paying customers by only using ChatGPT and Python. It's fascinating to hear his story.<br/> <br/> <strong>Episode sponsors</strong><br/> <br/> <a href='https://talkpython.fm/mailtrap'>Mailtrap</a><br> <a href='https://talkpython.fm/training'>Talk Python Courses</a><br/> <br/> <strong>Links from the show</strong><br/> <br/> <div><b>Frederick Tubiermont</b>: <a href="https://www.linkedin.com/in/fredericktubiermont/" target="_blank" rel="noopener">linkedin.com</a><br/> <b>The #1 AI Jingle Generator</b>: <a href="https://www.aijinglemaker.com" target="_blank" rel="noopener">aijinglemaker.com</a><br/> <b>Fred's YouTube Channel</b>: <a href="https://www.youtube.com/@callmefred" target="_blank" rel="noopener">youtube.com</a><br/> <b>AI Coding Club</b>: <a href="https://aicodingclub.com" target="_blank" rel="noopener">aicodingclub.com</a><br/> <b>No Code</b>: <a href="https://www.saashub.com/best-no-code-software" target="_blank" rel="noopener">saashub.com</a><br/> <b>Prompt Engineering 101 - Crash Course & Tips</b>: <a href="https://www.youtube.com/watch?v=aOm75o2Z5-o" target="_blank" rel="noopener">youtube.com</a><br/> <b>gpt-engineer</b>: <a href="https://github.com/gpt-engineer-org/gpt-engineer" target="_blank" rel="noopener">github.com</a><br/> <b>Instant Deployments, Effortless Scale</b>: <a href="https://railway.app" target="_blank" rel="noopener">railway.app</a><br/> <b>Self-hosting with superpowers.</b>: <a href="https://coolify.io" target="_blank" rel="noopener">coolify.io</a><br/> <b>The newsletter platform built for growth.</b>: <a href="https://www.beehiiv.com" target="_blank" rel="noopener">beehiiv.com</a><br/> <b>Watch this episode on YouTube</b>: <a href="https://www.youtube.com/watch?v=lbX3B04sS1s" target="_blank" rel="noopener">youtube.com</a><br/> <b>Episode transcripts</b>: <a href="https://talkpython.fm/episodes/transcript/459/i-built-a-python-saas-with-ai" target="_blank" rel="noopener">talkpython.fm</a><br/> <br/> <b>--- Stay in touch with us ---</b><br/> <b>Subscribe to us on YouTube</b>: <a href="https://talkpython.fm/youtube" target="_blank" rel="noopener">youtube.com</a><br/> <b>Follow Talk Python on Mastodon</b>: <a href="https://fosstodon.org/web/@talkpython" target="_blank" rel="noopener"><i class="fa-brands fa-mastodon"></i>talkpython</a><br/> <b>Follow Michael on Mastodon</b>: <a href="https://fosstodon.org/web/@mkennedy" target="_blank" rel="noopener"><i class="fa-brands fa-mastodon"></i>mkennedy</a><br/></div>

As your Python project grows, you typically organize your code in modules and packages for easier maintenance and reusability. When you do that, you’ll likely notice the sudden emergence of a __pycache__ folder alongside your original files, popping up in various locations unexpectedly.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

How do you verify and validate the data coming into your Python web application? What tools and security best practices should you consider as a developer? Christopher Trudeau is back on the show this week, bringing another batch of PyCoder's Weekly articles and projects.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

Let&aposs pretend you&aposre working on a supervised Machine Learning problem using Python&aposs scikit-learn library. Your training data is in a pandas DataFrame, and you discover missing values in a column that you were planning to use as a feature.

After considering your options, you decide to impute the missing values, which means that you&aposre going to fill in the missing values with reasonable values.

How should you perform the imputation?

• Option 1 is to fill in the missing values in pandas, and then pass the transformed data to scikit-learn.
• Option 2 is to pass the original data to scikit-learn, and then perform all data transformations (including missing value imputation) within scikit-learn.

Option 1 will cause data leakage, whereas option 2 will prevent data leakage.

Here are questions you might be asking:

• What is data leakage?
• Why is data leakage problematic?
• Why would data leakage result from missing value imputation in pandas?
• How can I prevent data leakage when using pandas and scikit-learn?

Answers below! &#x1F447;

What is data leakage?

Data leakage occurs when you inadvertently include knowledge from testing data when training a Machine Learning model.

Why is data leakage problematic?

Data leakage is problematic because it will cause your model evaluation scores to be less reliable. This may lead you to make bad decisions when tuning hyperparameters, and it will lead you to overestimate how well your model will perform on new data.

It&aposs hard to know whether data leakage will skew your evaluation scores by a negligible amount or a huge amount, so it&aposs best to just avoid data leakage entirely.

Why would data leakage result from missing value imputation in pandas?

Your model evaluation procedure (such as cross-validation) is supposed to simulate the future, so that you can accurately estimate right now how well your model will perform on new data.

But if you impute missing values on your whole dataset in pandas and then pass your dataset to scikit-learn, your model evaluation procedure will no longer be an accurate simulation of reality. That&aposs because the imputation values will be based on your entire dataset (meaning both the training portion and the testing portion), whereas the imputation values should just be based on the training portion.

In other words, imputation based on the entire dataset is like peeking into the future and then using what you learned from the future during model training, which is definitely not allowed.

How can we avoid this in pandas?

You might think that one way around this problem would be to split your dataset into training and testing sets and then impute missing values using pandas. (Specifically, you would need to learn the imputation value from the training set and then use it to fill in both the training and testing sets.)

That would work if you&aposre only ever planning to use train/test split for model evaluation, but it would not work if you&aposre planning to use cross-validation. That&aposs because during 5-fold cross-validation (for example), the rows contained in the training set will change 5 times, and thus it&aposs quite impractical to avoid data leakage if you use pandas for imputation while using cross-validation!

How else can data leakage arise?

So far, I&aposve only mentioned data leakage in the context of missing value imputation. But there are other transformations that if done in pandas on the full dataset will also cause data leakage.

For example, feature scaling in pandas would lead to data leakage, and even one-hot encoding (or "dummy encoding") in pandas would lead to data leakage unless there&aposs a known, fixed set of categories.

More generally, any transformation which incorporates information about other rows when transforming a row will lead to data leakage if done in pandas.

How does scikit-learn prevent data leakage?

Now that you&aposve learned how data transformations in pandas can cause data leakage, I&aposll briefly mention three ways in which scikit-learn prevents data leakage:

• First, scikit-learn transformers have separate fit and transform steps, which allow you to base your data transformations on the training set only, and then apply those transformations to both the training set and the testing set.
• Second, the fit and predict methods of a Pipeline encapsulate all calls to fit_transform and transform so that they&aposre called at the appropriate times.
• Third, cross_val_score splits the data prior to performing data transformations, which ensures that the transformers only learn from the temporary training sets that are created during cross-validation.

Conclusion

When working on a Machine Learning problem in Python, I recommend performing all of your data transformations in scikit-learn, rather than performing some of them in pandas and then passing the transformed data to scikit-learn.

Besides helping you to prevent data leakage, this enables you to tune the transformer and model hyperparameters simultaneously, which can lead to a better performing model!

One final note...

This post is an excerpt from my upcoming video course, Master Machine Learning with scikit-learn.

Join the waitlist below to get free lessons from the course and a special launch discount &#x1F447;

Today at 3pm UTC – Discover the latest trends in the Django ecosystem, based on insights from 4,000 developers who participated in the Django Developers Survey. Join the livestream with Sarah Abdermane, a Django Software Foundation Board member, and Sarah Boyce, a Django Fellow, to reflect on insights from the Django community.

Register to join

Model UX Research & Design Docs for Command-Line Open Source

Being lazy is not always a bad thing. Every line of code you write has at least one expression that Python needs to evaluate. Python lazy evaluation is when Python takes the lazy option and delays working out the value returned by an expression until that value is needed.

An expression in Python is a unit of code that evaluates to a value. Examples of expressions include object names, function calls, expressions with arithmetic operators, literals that create built-in object types such as lists, and more. However, not all statements are expressions. For example, if statements and for loop statements don’t return a value.

Python needs to evaluate every expression it encounters to use its value. In this tutorial, you’ll learn about the different ways Python evaluates these expressions. You’ll understand why some expressions are evaluated immediately, while others are evaluated later in the program’s execution. So, what’s lazy evaluation in Python?

Get Your Code: Click here to download the free sample code that shows you how to use lazy evaluation in Python.

Take the Quiz: Test your knowledge with our interactive “What's Lazy Evaluation in Python?” quiz. You’ll receive a score upon completion to help you track your learning progress:

Interactive Quiz

What's Lazy Evaluation in Python?

In this quiz, you'll test your understanding of the differences between lazy and eager evaluation in Python. By working through this quiz, you'll revisit how Python optimizes memory use and computational overhead by deciding when to compute values.

In Short: Python Lazy Evaluation Generates Objects Only When Needed

An expression evaluates to a value. However, you can separate the type of evaluation of expressions into two types:

1. Eager evaluation
2. Lazy evaluation

Eager evaluation refers to those cases when Python evaluates an expression as soon as it encounters it. Here are some examples of expressions that are evaluated eagerly:

Python 1>>> 5 + 10 215 3 4>>> import random 5>>> random.randint(1, 10) 64 7 8>>> [2, 4, 6, 8, 10] 9[2, 4, 6, 8, 10] 10>>> numbers = [2, 4, 6, 8, 10] 11>>> numbers 12[2, 4, 6, 8, 10] Copied!

Interactive environments, such as the standard Python REPL used in this example, display the value of an expression when the line only contains the expression. This code section shows a few examples of statements and expressions:

• Lines 1 and 2: The first example includes the addition operator +, which Python evaluates as soon as it encounters it. The REPL shows the value 15.
• Lines 4 to 6: The second example includes two lines:
  • The import statement includes the keyword import followed by the name of a module. The module name random is evaluated eagerly.
  • The function call random.randint() is evaluated eagerly, and its value is returned immediately. All standard functions are evaluated eagerly. You’ll learn about generator functions later, which behave differently.
• Lines 8 to 12: The final example has three lines of code:
  • The literal to create a list is an expression that’s evaluated eagerly. This expression contains several integer literals, which are themselves expressions evaluated immediately.
  • The assignment statement assigns the object created by the list literal to the name numbers. This statement is not an expression and doesn’t return a value. However, it includes the list literal on the right-hand side, which is an expression that’s evaluated eagerly.
  • The final line contains the name numbers, which is eagerly evaluated to return the list object.

The list you create in the final example is created in full when you define it. Python needs to allocate memory for the list and all its elements. This memory won’t be freed as long as this list exists in your program. The memory allocation in this example is small and won’t impact the program. However, larger objects require more memory, which can cause performance issues.

Lazy evaluation refers to cases when Python doesn’t work out the values of an expression immediately. Instead, the values are returned at the point when they’re required in the program. Lazy evaluation can also be referred to as call-by-need.

This delay of when the program evaluates an expression delays the use of resources to create the value, which can improve the performance of a program by spreading the time-consuming process across a longer time period. It also prevents values that will not be used in the program from being generated. This can occur when the program terminates or moves to another part of its execution before all the generated values are used.

When large datasets are created using lazily-evaluated expressions, the program doesn’t need to use memory to store the data structure’s contents. The values are only generated when they’re needed.

An example of lazy evaluation occurs within the for loop when you iterate using range():

Python for index in range(1, 1_000_001): print(f"This is iteration {index}") Copied!

The built-in range() is the constructor for Python’s range object. The range object does not store all of the one million integers it represents. Instead, the for loop creates a range_iterator from the range object, which generates the next number in the sequence when it’s needed. Therefore, the program never needs to have all the values stored in memory at the same time.

Lazy evaluation also allows you to create infinite data structures, such as a live stream of audio or video data that continuously updates with new information, since the program doesn’t need to store all the values in memory at the same time. Infinite data structures are not possible with eager evaluation since they can’t be stored in memory.

There are disadvantages to deferred evaluation. Any errors raised by an expression are also deferred to a later point in the program. This delay can make debugging harder.

The lazy evaluation of the integers represented by range() in a for loop is one example of lazy evaluation. You’ll learn about more examples in the following section of this tutorial.

What Are Examples of Lazy Evaluation in Python?

In the previous section, you learned about using range() in a for loop, which leads to lazy evaluation of the integers represented by the range object. There are other expressions in Python that lead to lazy evaluation. In this section, you’ll explore the main ones.

Other Built-In Data Types Read the full article at https://realpython.com/python-lazy-evaluation/ »

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

In this tutorial, you will learn to write your first Python program.

What is the state of serverless computing and Python in 2024? What are some of the new tools and best practices? We are lucky to have Tony Sherman who has a lot of practical experience with serverless programming on the show.<br/> <br/> <strong>Episode sponsors</strong><br/> <br/> <a href='https://talkpython.fm/sentry'>Sentry Error Monitoring, Code TALKPYTHON</a><br> <a href='https://talkpython.fm/mailtrap'>Mailtrap</a><br> <a href='https://talkpython.fm/training'>Talk Python Courses</a><br/> <br/> <strong>Links from the show</strong><br/> <br/> <div><b>Tony Sherman on Twitter</b>: <a href="https://twitter.com/tsh3rman" target="_blank" rel="noopener">twitter.com</a><br/> <b>Tony Sherman</b>: <a href="https://www.linkedin.com/in/tony--sherman/" target="_blank" rel="noopener">linkedin.com</a><br/> <b>PyCon serverless talk</b>: <a href="https://www.youtube.com/watch/2SZ6Wks5iK4" target="_blank" rel="noopener">youtube.com</a><br/> <b>AWS re:Invent talk</b>: <a href="https://www.youtube.com/watch?v=52W3Qyg242Y" target="_blank" rel="noopener">youtube.com</a><br/> <b>Powertools for AWS Lambda</b>: <a href="https://docs.powertools.aws.dev/lambda/python/latest/" target="_blank" rel="noopener">docs.powertools.aws.dev</a><br/> <b>Pantsbuild: The ergonomic build system</b>: <a href="https://www.pantsbuild.org/" target="_blank" rel="noopener">pantsbuild.org</a><br/> <b>aws-lambda-power-tuning</b>: <a href="https://github.com/alexcasalboni/aws-lambda-power-tuning" target="_blank" rel="noopener">github.com</a><br/> <b>import-profiler</b>: <a href="https://github.com/cournape/import-profiler" target="_blank" rel="noopener">github.com</a><br/> <b>AWS Fargate</b>: <a href="https://aws.amazon.com/fargate/" target="_blank" rel="noopener">aws.amazon.com</a><br/> <b>Run functions on demand. Scale automatically.</b>: <a href="https://www.digitalocean.com/products/functions" target="_blank" rel="noopener">digitalocean.com</a><br/> <b>Vercel</b>: <a href="https://vercel.com/docs/functions/serverless-functions/runtimes/python" target="_blank" rel="noopener">vercel.com</a><br/> <b>Deft</b>: <a href="https://deft.com" target="_blank" rel="noopener">deft.com</a><br/> <b>37 Signals We stand to save $7m over five years from our cloud exit</b>: <a href="https://world.hey.com/dhh/we-stand-to-save-7m-over-five-years-from-our-cloud-exit-53996caa" target="_blank" rel="noopener">world.hey.com</a><br/> <b>The Global Content Delivery Platform That Truly Hops</b>: <a href="https://bunny.net" target="_blank" rel="noopener">bunny.net</a><br/> <b>Watch this episode on YouTube</b>: <a href="https://www.youtube.com/watch?v=A5bbUq-ZJh0" target="_blank" rel="noopener">youtube.com</a><br/> <br/> <b>--- Stay in touch with us ---</b><br/> <b>Subscribe to us on YouTube</b>: <a href="https://talkpython.fm/youtube" target="_blank" rel="noopener">youtube.com</a><br/> <b>Follow Talk Python on Mastodon</b>: <a href="https://fosstodon.org/web/@talkpython" target="_blank" rel="noopener"><i class="fa-brands fa-mastodon"></i>talkpython</a><br/> <b>Follow Michael on Mastodon</b>: <a href="https://fosstodon.org/web/@mkennedy" target="_blank" rel="noopener"><i class="fa-brands fa-mastodon"></i>mkennedy</a><br/></div>

I'm starting a SaaS project using Django, and there are tons of decisions right out of the gate.
To help me navigate these decisions, I've brought on Cory Zue.   
Cory is the creator of SaaS Pegasus, and has tons of experience with Django.

Some of the topics discussed:

• Building Django applications
• SaaS Pegasus
• placecard.me
• What boilerplate projects are
• Django cookiecutter
• Cookiecutter
• Which database to use, probably PostgreSQL
• Authentication choises, probably Allauth
• Docker, Docker for development, Docker for deployment
• Deployment targets / hosting services. Render, Heroku, Fly.io, for PaaS options.
• Front end frameworks. Bootstrap, Tailwind, DaisyUI, TailwindUI
• HTMX vs React vs straight Django templates
• Rockets
• Font Awesome
• and of course, SaaS Pegasus

Sponsored by Mailtrap.io

• An Email Delivery Platform that developers love. 
• An email-sending solution with industry-best analytics, SMTP, and email API, SDKs for major programming languages, and 24/7 human support. 
• Try for Free at MAILTRAP.IO

Sponsored by PyCharm Pro

• Use code PYTEST for 20% off PyCharm Professional at jetbrains.com/pycharm
• Now with Full Line Code Completion
• See how easy it is to run pytest from PyCharm at pythontest.com/pycharm

The Complete pytest Course

• For the fastest way to learn pytest, go to courses.pythontest.com
• Whether your new to testing or pytest, or just want to maximize your efficiency and effectiveness when testing.

<p>I'm starting a SaaS project using Django, and there are tons of decisions right out of the gate. <br>To help me navigate these decisions, I've brought on Cory Zue.   <br>Cory is the creator of <a href="https://www.saaspegasus.com/?via=brian">SaaS Pegasus</a>, and has tons of experience with Django.</p><p>Some of the topics discussed:</p><ul><li>Building Django applications</li><li><a href="https://www.saaspegasus.com/?via=brian">SaaS Pegasus</a></li><li>placecard.me</li><li>What boilerplate projects are</li><li>Django cookiecutter</li><li>Cookiecutter</li><li>Which database to use, probably PostgreSQL</li><li>Authentication choises, probably Allauth</li><li>Docker, Docker for development, Docker for deployment</li><li>Deployment targets / hosting services. Render, Heroku, Fly.io, for PaaS options.</li><li>Front end frameworks. Bootstrap, Tailwind, DaisyUI, TailwindUI</li><li>HTMX vs React vs straight Django templates</li><li>Rockets</li><li>Font Awesome</li><li>and of course, <a href="https://www.saaspegasus.com/?via=brian">SaaS Pegasus</a></li></ul> <br><p><strong>Sponsored by Mailtrap.io</strong></p><ul><li>An Email Delivery Platform that developers love. </li><li>An email-sending solution with industry-best analytics, SMTP, and email API, SDKs for major programming languages, and 24/7 human support. </li><li>Try for Free at <a href="https://l.rw.rw/pythontest">MAILTRAP.IO</a></li></ul><p><strong>Sponsored by PyCharm Pro</strong></p><ul><li>Use code PYTEST for 20% off PyCharm Professional at <a href="https://www.jetbrains.com/pycharm/">jetbrains.com/pycharm</a></li><li>Now with Full Line Code Completion</li><li>See how easy it is to run pytest from PyCharm at <a href="https://pythontest.com/pycharm/">pythontest.com/pycharm</a></li></ul><p><strong>The Complete pytest Course</strong></p><ul><li>For the fastest way to learn pytest, go to <a href="https://courses.pythontest.com/p/complete-pytest-course">courses.pythontest.com</a></li><li>Whether your new to testing or pytest, or just want to maximize your efficiency and effectiveness when testing.</li></ul>

Open Source Summit North America 2024 About • Blog • Newsletter • Links Open Source Summit North America 2024

Published 2024-04-24 by Seth Larson
Reading time: minutes

This critical role would not be possible without funding from the Alpha-Omega project. Massive thank-you to Alpha-Omega for investing in the security of the Python ecosystem!

Last week I attended SOSS Community Day and OSS Summit. It was great to catch up with friends and to meet new people for the first time at a cross-ecosystem open source event.

I gave a talk "Embrace the Differences: Securing software ecosystems where they are" which funnily enough had a complementary talk about the ways software repositories can collaborate for security.

My talk focused on how security standards and tools typically want to operate across software ecosystems and differences in standards, tools, maintainers, and user expectations between ecosystems can make that difficult.

You can download my slides and the recording will be available eventually on YouTube.

OpenSSF Tabletop Session

I also participated in the first OpenSSF Tabletop Session organized and hosted by Dana Wang. I played the role of "open source maintainer" and represented how an exploited zero-day vulnerability would appear from the perspective of an open source project.

I emphasized the realities of vulnerability disclosure to open source projects like under-resourcing, most maintainers being volunteers, and stress caused during times of crisis.

Cast of the tabletop session! So many people! I also met up with many folks doing open source security, maintenance, and funding:

• Met with many folks from the Alpha-Omega cohort. I'm looking forward to having more cross-functional discussions about new approaches to securing open source.
• Met with Michael Winser from Alpha-Omega to work on our PyCon US 2024 talk State of Supply Chain Security for Python.
• Met with my friend William Woodruff from Trail of Bits and discussed the system TLS proposal and build provenance for Homebrew (and what could be learned for Python).
• Met with Samuel Giddins and Martin Emde from the Ruby ecosystem to discuss shared challenges for introducing security into an ecosystem.
• Met Lauren Hanford from Tidelift to discuss supporting and funding maintainers.
• Met Mirko from Sovereign Tech Fund and discuss their program for hiring open source maintainers.
• Attended the talk by Kara Sowles from GitHub on the state of open source funding and learned about "downturn-resilient" funding.
• Many folks who asked me about security initiatives happening in the Python ecosystem.

Other items

• Participating in the pre-PEP discussion for reviving PEP 543 (system TLS).
• Created a proposal for allowing any release manager to create a CPython release.
• Created a pull request for uploading Windows SBOMs to python.org/downloads.
• Merging and backporting the upgrade to libexpat 2.6.2
• Chose which proposal(s) I would be willing to mentor for Google Summer of Code 2024 (thanks to the folks who submitted!)
• Triaged reports and fixes for the PSRT.
• I wasn't involved, but PyPI has added Trusted Publisher support for ActiveState, GitLab, and Google Cloud Build.

Note that I've been summoned for jury duty starting next week, so expect fewer updates over the next two weeks depending on how that goes.

That's all for this week! 👋 If you're interested in more you can read last week's report.

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0

#626 – APRIL 23, 2024
View in Browser »

Asyncio Handle Control-C (SIGINT)

When the user presses CTRL-C on the keyboard, the OS raises an interrupt signal to your program. When writing concurrent code this can get complicated as the signal goes to the process. This article shows you how to handle capturing CTRL-C elegantly when using asyncio.
JASON BROWNLEE

Using raise for Effective Exceptions

In this video course, you’ll learn how to raise exceptions in Python, which will improve your ability to efficiently handle errors and exceptional situations in your code. This way, you’ll write more reliable, robust, and maintainable code.
REAL PYTHON course

Securing Python and Open Source Ecosystems

Join this fireside chat featuring Dustin Ingram, Fellow at the Python Software Foundation (PSF), as we discuss trust and security for PyPI and other repositories in light of recent attacks, and initiatives such as Trusted Publishing - Tune in this Thursday! →
ACTIVESTATE sponsor

Ruff Gets a Big Speed-Up

Ruff has changed from a generated parser to a hand-written recursive descent parser in the latest release. This has resulted in >2x speedup in its linting performance. This article covers what has changed and why they did it.
DHRUV MANILAWALA

Quiz: Managing Multiple Python Versions With pyenv

REAL PYTHON

Articles & Tutorials OpenStreetMaps, Overpass API and Python

OpenStreetMaps (OSM) is an an open source mapping project that allows people to browse the world map and to plan routes. Not only does it have the expected web interface, but it also has an API known as Overpass. This article shows you two ways to use Python to query Overpass.
JUDITH VOCKENROTH

Python Gotcha: strip Can Remove More Than Expected

The Python strip, lstrip, and rstrip functions can have unexpected behavior: they strip a list of characters, not strings. Even though this is documented, it can lead to unexpected results. This post explains what happens and shows you two functions to use instead.
ANDREW WEGNER

Decoupling Systems to Get Closer to the Data

What are the benefits of using a decoupled data processing system? How do you write reusable queries for a variety of backend data platforms? This week on the show, Phillip Cloud, the lead maintainer of Ibis, will discuss this portable Python dataframe library.
REAL PYTHON podcast

Announcing py2wasm: A Python to Wasm Compiler

Wasmer, a company that builds Wasm tools, has announced py2wasm which converts your Python programs to WebAssembly, running at 3x faster speeds than direct Wasm. This post introduces you to the tool and shows how they took advantage of the Nuitka library.
SYRUS AKBARY

How to Format Floats Within F-Strings in Python

In this tutorial, you’ll learn how to use Python format specifiers within an f-string to allow you to neatly format a float to your required precision. You’ll also learn how to extract digits from existing strings and format them as well.
REAL PYTHON

Memory Management in mpmetrics

The mpmetrics library contains tools for determining runtime metrics on your code. To do this it requires some esoteric memory management techniques normally not undergone in Python. This post describe what they’ve done and why.
TRENDS BLOG

The Time Complexities Python Data Structures in Python

Big O notation describes the relationship between an algorithm, how much data it is using, and the time it takes to run. This article covers the time complexities of a variety of Python data structures.
TREY HUNNER

Django Project on NGINX Unit

Unit is a web server developed by the NGINX folks with pluggable support for Python using WSGI and ASGI. Aidas tried it out and this post talks about how he got some Django code working on this server.
AIDAS BENDORAITIS

I Asked 100 Devs Why They Aren’t Shipping Faster?

Daksh asked 100 developers why they aren’t shipping faster and this blog post shares what he learned. Problems include dependency bugs, overly complicated code bases, waiting on requirements, and more.
DAKSH GUPTA

Shape Typing in Python

This quick blog post shows you how to use Python type checking to ensure the dimensions of matrices being multiplied together. Typing is no longer just “is it an integer”.
JAMES FISHER

Software Needs to Be More Expensive

Open source is free, and although that is a good thing, it also means companies get to take without giving back. This opinion piece talks about how that should change.
GLYPH LEFKOWITZ

Projects & Code Master Python With Spaced Repetition

PYTHON CARDS

automathon: Simulate and Visualize Finite Automata

GITHUB.COM/ROHAQUINLOP

stamina: Production-Grade Retries for Python

GITHUB.COM/HYNEK

tenacity: Retrying Library for Python

GITHUB.COM/JD

auto_venv: Say Goodbye to Manual Setup or Install

GITHUB.COM/AMAL-KHAILTASH

escaping: Suppress Exceptions With Callbacks and Logs

GITHUB.COM/POMPONCHIK • Shared by Evgeniy Blinov

Events Weekly Real Python Office Hours Q&A (Virtual)

April 24, 2024
REALPYTHON.COM

SPb Python Drinkup

April 25, 2024
MEETUP.COM

Django Girls Ekpoma Workshop

April 26 to April 28, 2024
DJANGOGIRLS.ORG

Open Source With Python

April 27, 2024
MEETUP.COM

PythOnRio Meetup

April 27, 2024
PYTHON.ORG.BR

Launching Python Niger

April 28 to April 29, 2024
FB.ME

Happy Pythoning!
This was PyCoder’s Weekly Issue #626.
View in Browser »

[ Subscribe to 🐍 PyCoder’s Weekly 💌 – Get the best Python news, articles, and tutorials delivered to your inbox once a week >> Click here to learn more ]

On your Python journey, you’ve worked with functions and loops. To fully understand functions and loops in Python, you need to be familiar with the issue of scope.

In this Python Basics Exercises video course, you’ll practice:

• Identifying the scope of objects
• Working with the global keyword
• Exploring the LEGB rule for scope resolution
• Using the return statement in a function

Scope can be one of the more difficult programming concepts to understand, so in this video course, you’ll get additional practice working with it.

This video course is part of the Python Basics series, which accompanies Python Basics: A Practical Introduction to Python 3. You can also check out the other Python Basics courses.

Note that you’ll be using IDLE to interact with Python throughout this course. If you’re just getting started, then you might want to check out Python Basics: Setting Up Python before diving into this course.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

Hey Django enthusiasts!

Have you submitted your talk or tutorial for DjangoCon US 2024, in beautiful Durham, North Carolina, USA?

Time flies, and we're fast approaching the deadline (April 24, 2024 at 12 PM EDT) for DjangoCon US 2024 Call for Proposals (CFP). If you've been pondering sharing your Django journey, showcasing your innovative projects, or imparting your expertise to fellow developers, now is the perfect moment to seize the opportunity!

Here's why you should take action and submit your proposals before the clock runs out:

• Share Your Knowledge: DjangoCon US isn't just a conference; it's a platform for sharing insights, discoveries, and lessons learned. Your unique experiences could be just what someone else needs to overcome a hurdle or spark a new idea.
• Join the Community: DjangoCon US isn't just about talks; it's about building connections. By presenting at the conference, you become an integral part of the vibrant Django community, exchanging ideas, and forging new friendships with like-minded developers.
• Boost Your Profile: Whether you're a seasoned speaker or a first-time presenter, DjangoCon US offers a valuable opportunity to elevate your profile in the tech industry. Showcase your expertise, gain visibility, and enhance your professional credibility among peers and potential employers.
• Contribute to Diversity: DjangoCon US values diversity and inclusion. Your perspective matters, and by sharing your voice, you contribute to creating a more inclusive and representative tech community.

Submitting a proposal is easy! Just head over to the DjangoCon US website, fill out the submission form, and share your compelling idea with us. Whether it's a deep dive into a technical topic, a case study of your latest project, or a discussion on the future of Django, we want to hear from you.

Remember, the deadline for CFP submissions is fast approaching, so don't wait until the last minute. Take this opportunity to inspire, educate, and connect with your fellow Django enthusiasts at DjangoCon US 2024!

See you at the conference!

If you have questions feel free to contact us.

PyPy v7.3.16: release of python 2.7, 3.9, and 3.10

The PyPy team is proud to release version 7.3.16 of PyPy.

This release includes security fixes from upstream CPython, and bugfixes to the garbage collector, described in a gc bug-hunt blog post.

The release includes three different interpreters:

• PyPy2.7, which is an interpreter supporting the syntax and the features of Python 2.7 including the stdlib for CPython 2.7.18+ (the + is for backported security updates)

• PyPy3.9, which is an interpreter supporting the syntax and the features of Python 3.9, including the stdlib for CPython 3.9.19.

• PyPy3.10, which is an interpreter supporting the syntax and the features of Python 3.10, including the stdlib for CPython 3.10.14.

The interpreters are based on much the same codebase, thus the multiple release. This is a micro release, all APIs are compatible with the other 7.3 releases. It follows after 7.3.15 release on Jan 15, 2024

We recommend updating. You can find links to download the v7.3.16 releases here:

https://pypy.org/download.html

We would like to thank our donors for the continued support of the PyPy project. If PyPy is not quite good enough for your needs, we are available for direct consulting work. If PyPy is helping you out, we would love to hear about it and encourage submissions to our blog via a pull request to https://github.com/pypy/pypy.org

We would also like to thank our contributors and encourage new people to join the project. PyPy has many layers and we need help with all of them: bug fixes, PyPy and RPython documentation improvements, or general help with making RPython's JIT even better.

If you are a python library maintainer and use C-extensions, please consider making a HPy / CFFI / cppyy version of your library that would be performant on PyPy. In any case, both cibuildwheel and the multibuild system support building wheels for PyPy.

What is PyPy?

PyPy is a Python interpreter, a drop-in replacement for CPython It's fast (PyPy and CPython 3.7.4 performance comparison) due to its integrated tracing JIT compiler.

We also welcome developers of other dynamic languages to see what RPython can do for them.

We provide binary builds for:

• x86 machines on most common operating systems (Linux 32/64 bits, Mac OS 64 bits, Windows 64 bits)

• 64-bit ARM machines running Linux (aarch64).

• Apple M1 arm64 machines (macos_arm64).

• s390x running Linux

PyPy support Windows 32-bit, Linux PPC64 big- and little-endian, and Linux ARM 32 bit, but does not release binaries. Please reach out to us if you wish to sponsor binary releases for those platforms. Downstream packagers provide binary builds for debian, Fedora, conda, OpenBSD, FreeBSD, Gentoo, and more.

What else is new?

For more information about the 7.3.16 release, see the full changelog.

Please update, and continue to help us make pypy better.

Cheers, The PyPy Team

In this quiz, you’ll test your understanding of Python sequences.

By working through this quiz, you’ll revisit the basic characteristics of a sequence, operations common to most sequences, special methods associated with sequences, and how to create user-defined mutable and immutable sequences.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

In this tutorial, you will learn to write your first Python program.

<strong>Topics covered in this episode:</strong><br> <ul> <li><a href="https://pirsquared.org/blog/numfocus-concerns.html"><strong>NumFOCUS concerns</strong></a></li> <li><a href="https://github.com/leapingio/leaping">leaping pytest debugger llm</a></li> <li><strong>Extra, Extra, Extra,</strong></li> <li><a href="https://blog.pypi.org/posts/2023-11-14-1-pypi-completes-first-security-audit/">PyPI has completed its first security audit</a></li> <li><strong>Extras</strong></li> <li><strong>Joke</strong></li> </ul><a href='https://www.youtube.com/watch?v=axdty2K79v8' style='font-weight: bold;'data-umami-event="Livestream-Past" data-umami-event-episode="380">Watch on YouTube</a><br> <p><strong>About the show</strong></p> <p>Sponsored by us! Support our work through:</p> <ul> <li>Our <a href="https://training.talkpython.fm/"><strong>courses at Talk Python Training</strong></a></li> <li><a href="https://courses.pythontest.com/p/the-complete-pytest-course"><strong>The Complete pytest Course</strong></a></li> <li><a href="https://www.patreon.com/pythonbytes"><strong>Patreon Supporters</strong></a></li> </ul> <p><strong>Connect with the hosts</strong></p> <ul> <li>Michael: <a href="https://fosstodon.org/@mkennedy"><strong>@mkennedy@fosstodon.org</strong></a></li> <li>Brian: <a href="https://fosstodon.org/@brianokken"><strong>@brianokken@fosstodon.org</strong></a></li> <li>Show: <a href="https://fosstodon.org/@pythonbytes"><strong>@pythonbytes@fosstodon.org</strong></a></li> </ul> <p>Join us on YouTube at <a href="https://pythonbytes.fm/stream/live"><strong>pythonbytes.fm/live</strong></a> to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too.</p> <p>Finally, if you want an artisanal, hand-crafted digest of every week of </p> <p>the show notes in email form? Add your name and email to <a href="https://pythonbytes.fm/friends-of-the-show">our friends of the show list</a>, we'll never share it.</p> <p><strong>Brian #1:</strong> <a href="https://pirsquared.org/blog/numfocus-concerns.html"><strong>NumFOCUS concerns</strong></a></p> <ul> <li>Suggested by Pamphile Roy</li> <li>Write up of the current challenges faced by NumFOCUS, by Paul Ivanov (one of the OG of Scientific Python: Jupyter, Matplotlib, etc.) <ul> <li>Struggling to meet the needs of sponsored and affiliated projects.</li> <li>In February, NumFOCUS announced it is moving in a new direction.</li> <li>NumFOCUS initiated an effort to run an election for open board seats and proposed changing its governance structure.</li> <li>Some projects are considering and actively pursuing alternative venues for fiscal sponsorship.</li> <li>Quite a bit more detail and discussion in the article.</li> </ul></li> <li><a href="https://numfocus.org/sponsored-projects">NumFOCUS covers a lot of projects</a> <ul> <li>NumPy, Matplotlib, pandas, Jupyter, SciPy, Astropy, Bokeh, Dask, Conda, and so many more.</li> </ul></li> </ul> <p><strong>Michael #2:</strong> <a href="https://github.com/leapingio/leaping">leaping pytest debugger llm</a></p> <ul> <li>You can ask Leaping questions like: <ul> <li>Why am I not hitting function x?</li> <li>Why was variable y set to this value?</li> <li>What was the value of variable x at this point?</li> <li>What changes can I make to this code to make this test pass?</li> </ul></li> </ul> <p><strong>Brian #3:</strong> <strong>Extra, Extra, Extra,</strong></p> <ul> <li><a href="https://scientific-python.org/summits/developer/2024/">2024 Developer Summit</a> <ul> <li>Also suggested by Pamphile, related to Scientific Python</li> <li><em>The Second Scientific Python Developer Summit , June 3-5, Seattle, WA</em></li> <li>Lots of great work came out of the <a href="https://blog.scientific-python.org/scientific-python/dev-summit-1/">First Summit in 2023</a></li> </ul></li> <li><a href="https://github.com/tylerjereddy/pytest-regex">pytest-regex</a> - Use regexs to specify tests to run <ul> <li>Came out of the ’23 summit</li> <li>I’m not sure if I’m super happy about this or a little afraid that I probably could use this.</li> <li>Still, cool that it’s here.</li> </ul></li> <li><a href="https://jcarlosroldan.com/post/329/my-latest-tils-about-python">Cool short example of using </a><a href="https://jcarlosroldan.com/post/329/my-latest-tils-about-python">__init__</a><a href="https://jcarlosroldan.com/post/329/my-latest-tils-about-python"> and </a><a href="https://jcarlosroldan.com/post/329/my-latest-tils-about-python">__call__</a><a href="https://jcarlosroldan.com/post/329/my-latest-tils-about-python"> to hand-roll a decorator.</a></li> <li><a href="https://astral.sh/blog/ruff-v0.4.0">ruff got faster</a></li> </ul> <p><strong>Michael #4:</strong> <a href="https://blog.pypi.org/posts/2023-11-14-1-pypi-completes-first-security-audit/">PyPI has completed its first security audit</a></p> <ul> <li>Trail of Bits spent a total of 10 engineer-weeks of effort identifying issues, presenting those findings to the PyPI team, and assisting us as we remediated the findings.</li> <li>Scope: The audit was focused on "Warehouse", the open-source codebase that powers <a href="https://pypi.org">pypi.org</a></li> <li>As a result of the audit, Trail of Bits detailed 29 different advisories discovered across both codebases. When evaluating severity level of each advisory, 14 were categorized as "informational", 6 as "low", 8 as "medium" and zero as "high".</li> </ul> <p><strong>Extras</strong> </p> <p>Brian:</p> <ul> <li>pytest course community to try out Podia Communities.</li> <li>Anyone have a podia community running strong now? <ul> <li>If so, let me know through Mastodon: <a href="https://fosstodon.org/@brianokken">@brianokken@fosstodon.org</a></li> </ul></li> <li>Want to join the community when it’s up and running? <ul> <li>Same. Or join our <a href="https://pythonbytes.fm/friends-of-the-show">our friends of the show list</a>, and read our newsletter. I’ll be sure to drop a note in there when it’s ready.</li> </ul></li> </ul> <p>Michael:</p> <ul> <li><a href="https://www.youtube.com/watch?v=Jh24NVM2FDY">VS Code AMA @ Talk Python</a><a href="https://www.youtube.com/watch?v=Jh24NVM2FDY"> </a>[<a href="https://www.youtube.com/watch?v=Jh24NVM2FDY">video]</a></li> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-1135">Gunicorn CVE</a></li> <li>Talk submissions are now open for both remote and in-person talks at the 2024 PyConZA? The conference will be held on 3 and 4 October 2024 in Cape Town, South Africa. Details are on <a href="http://za.pycon.org">za.pycon.org</a>.</li> <li><a href="https://flaskcon.com/2024/">FlaskCon 2024</a> will be happening Friday, May 17 inside PyCon US 2024. Call for proposals are now live!</li> </ul> <p><strong>Joke:</strong> <a href="https://devhumor.com/media/debugging-with-your-eyes">Debugging with your eyes</a></p>