Topics covered in this episode: “We must replace uwsgi by something else” Let’s build and optimize a Rust extension for Python Fake recruiter coding tests target devs with malicious Python packages Monthly PSF Board Office Hours Extras Joke Watch on YouTube About the show Sponsored by ScoutAPM: pythonbytes.fm/scout Connect with the hosts Michael: @mkennedy@fosstodon.org Brian: @brianokken@fosstodon.org Show: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: “We must replace uwsgi by something else” uWSGI is now in maintenance mode: https://uwsgi-docs.readthedocs.io/en/latest/ The project is in maintenance mode (only bugfixes and updates for new languages apis). Do not expect quick answers on github issues and/or pull requests (sorry for that) A big thanks to all of the users and contributors since 2009. Reasonable options look like: granian uvicorn hypercorn gunicorn (potentially with uvicorn workers for async) Brian #2: Let’s build and optimize a Rust extension for Python Itamar Turner-Trauring Example: algorithm for approximating the number of unique values in a list Comparison to non-approximation non-approx is faster but uses way more memory Rust version Use Maturin and PyO3 Pull in Rust dependencies (rand for random numbers) Optimization link-time optimization faster random store hashes only Future optimizations change algorithm maybe pass numpy array instead of Python list (I’d like to see that spedup) Michael #3: Fake recruiter coding tests target devs with malicious Python packages via python weekly GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews. Attackers posing as employees of major financial services firms. This previously happened via other means such as NPM This analysis revealed that the direct parent of the detected, malicious files is a PythonPYC file, meaning that once again the team encountered malware hidden in a compiled Python file. “The README files tell would-be candidates to make sure the project is running successfully on their system before making modifications.” What can you do (according to Michael)? Try out new packages in a docker container Work on code and projects using a VM which has snapshotting (to roll back completely after you’re done) Fire up a Windows desktop in the cloud for the project then destroy it Brian #4: Monthly PSF Board Office Hours “The Office Hours will be sessions where you can share with us how we can help your community, express your perspectives, and provide feedback for the PSF.” “Unless we have a dedicated topic for a session, you are not limited to talking with us about the above topics, although the discussions should be focused on Python, the PSF, and our community. If you think there’s something we can help with or we should know, we welcome you to come and talk to us!” Upcoming office hours October 8th, 2024: 9pm UTC November 12th, 2024: 2pm UTC December 10th, 2024: 9pm UTC January 14th, 2025: 2pm UTC February 11th, 2025: 9pm UTC March 11th, 2025: 1pm UTC April 8th, 2025: 9pm UTC May 13th, 2025: 1pm UTC (Live from PyCon US!) June 10th, 2025: 9pm UTC July 9th, 2025: 1pm UTC August 12th, 2025: 9pm UTC Extras Brian: PyCascades CFP closes Friday, Sept 20 PyCascades is in Portland in 2025 (Feb 8 & 9) uv now supports Python 3.13.0rc2 uv self update uv venv -p 3.13 Free threaded is still an open issue Michael: Big Python Humble Bundle with both of our products Get $1,800 worth of Python content and tools for $30 and contribute to charity Includes 5 Talk Python courses Several of Brian’s and his book Djangonaut Space Session 3 Applications Open! I interviewed Sarah and Tushar on Talk Python AltTab: Windows alt-tab on macOS Joke: Election joke
Topics include We must replace uwsgi by something else, Let’s build and optimize a Rust extension for Python, Fake recruiter coding tests target devs with malicious Python packages, and Monthly PSF Board Office Hours.