-
サマリー
あらすじ・解説
Topics covered in this episode: “We must replace uwsgi by something else”Let’s build and optimize a Rust extension for PythonFake recruiter coding tests target devs with malicious Python packagesMonthly PSF Board Office HoursExtrasJokeWatch on YouTube About the show Sponsored by ScoutAPM: pythonbytes.fm/scout Connect with the hosts Michael: @mkennedy@fosstodon.orgBrian: @brianokken@fosstodon.orgShow: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: “We must replace uwsgi by something else” uWSGI is now in maintenance mode: https://uwsgi-docs.readthedocs.io/en/latest/ The project is in maintenance mode (only bugfixes and updates for new languages apis). Do not expect quick answers on github issues and/or pull requests (sorry for that) A big thanks to all of the users and contributors since 2009.Reasonable options look like: granianuvicornhypercorngunicorn (potentially with uvicorn workers for async) Brian #2: Let’s build and optimize a Rust extension for Python Itamar Turner-TrauringExample: algorithm for approximating the number of unique values in a listComparison to non-approximation non-approx is faster but uses way more memoryRust version Use Maturin and PyO3Pull in Rust dependencies (rand for random numbers)Optimization link-time optimizationfaster randomstore hashes onlyFuture optimizations change algorithm maybepass numpy array instead of Python list (I’d like to see that spedup) Michael #3: Fake recruiter coding tests target devs with malicious Python packages via python weeklyGitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews.Attackers posing as employees of major financial services firms.This previously happened via other means such as NPMThis analysis revealed that the direct parent of the detected, malicious files is a PythonPYC file, meaning that once again the team encountered malware hidden in a compiled Python file.“The README files tell would-be candidates to make sure the project is running successfully on their system before making modifications.”What can you do (according to Michael)? Try out new packages in a docker containerWork on code and projects using a VM which has snapshotting (to roll back completely after you’re done)Fire up a Windows desktop in the cloud for the project then destroy it Brian #4: Monthly PSF Board Office Hours “The Office Hours will be sessions where you can share with us how we can help your community, express your perspectives, and provide feedback for the PSF.”“Unless we have a dedicated topic for a session, you are not limited to talking with us about the above topics, although the discussions should be focused on Python, the PSF, and our community. If you think there’s something we can help with or we should know, we welcome you to come and talk to us!”Upcoming office hours October 8th, 2024: 9pm UTCNovember 12th, 2024: 2pm UTCDecember 10th, 2024: 9pm UTCJanuary 14th, 2025: 2pm UTCFebruary 11th, 2025: 9pm UTCMarch 11th, 2025: 1pm UTCApril 8th, 2025: 9pm UTCMay 13th, 2025: 1pm UTC (Live from PyCon US!)June 10th, 2025: 9pm UTCJuly 9th, 2025: 1pm UTCAugust 12th, 2025: 9pm UTC Extras Brian: PyCascades CFP closes Friday, Sept 20 PyCascades is in Portland in 2025 (Feb 8 & 9)uv now supports Python 3.13.0rc2 uv self update uv venv -p 3.13 Free threaded is still an open issue Michael: Big Python Humble Bundle with both of our products Get $1,800 worth of Python content and tools for $30 and contribute to charityIncludes 5 Talk Python coursesSeveral of Brian’s and his bookDjangonaut Space Session 3 Applications Open! I interviewed Sarah and Tushar on Talk PythonAltTab: Windows alt-tab on macOS Joke: Election joke