Podcasts about Cloud computing

If you've ever been to PyCon, you know one of the best parts of the expo hall is Startup Row, a stretch of booths where early-stage companies built on Python show off what they're creating. But only attendees get to walk that lane, so let's bring it to everyone. In this episode, we stroll down Startup Row together. We kick things off with the organizers, Jason and Shay, who share the program's origin story going back to Paul Graham and the PSF, plus some surprising stats, including two unicorns among the alumni. Then we meet five startups: Tetrix, bringing AI to institutional investing in private markets. Arcjet, security that lives inside your app as an SDK. Phemeral.dev, serverless hosting built for Python web apps. CapiscIO, an identity and authority layer for AI agents. And Pixeltable, a multimodal database from Marcel Kornacker, co-creator of Apache Parquet. See if you can spot the theme running through them all. Let's go for a walk. Episode sponsors AgentField AI Talk Python Courses Links from the show Guests Naunidh Bhalla: linkedin.com Grant Gittes: linkedin.com Marcel Kornacker: linkedin.com Beon de Nood: linkedin.com Chinmaya Joshi: linkedin.com David Mytton: linkedin.com Shea Tate-Di Donna: linkedin.com Jason Rowley: linkedin.com Azul Garza: github.com Renée Rosillo: linkedin.com Tetrix: tetrix.co Tetrix Jobs: tetrix.co Arcjet: arcjet.com Pixeltable: pixeltable.com Phemeral.dev: phemeral.dev CapiscIO: capisc.io Episode #551 deep-dive: talkpython.fm/551 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Vulnerability and malware checks in uv HTTP GET requests with the Python standard library Millions of AI agents imperiled by critical vulnerability in open source package alembic-git-revisions Extras Joke Watch on YouTube About the show Goodbye and Thanks Brian Thanks Calvin for being part of this and future episodes! Also new time for the live show. Thanks Brian for all the hard work over the years. Calvin #1: Vulnerability and malware checks in uv release just yesterday by Astral https://astral.sh/blog/uv-audit uv audit scans dependencies for known vulnerabilities and abandoned packages via the OSV database — runs 4–10x faster than pip-audit Malware check runs on every install/sync, catching actively malicious packages (credential stealers, etc.) before they execute — including ones PyPI quarantined but lockfiles can still reference Enable malware scanning with UV_MALWARE_CHECK=1 — it's opt-in and in preview Future roadmap includes a resolver that steers toward vulnerability-free versions and install-time warnings scoped to newly added deps only Michael #2: HTTP GET requests with the Python standard library If you're doing HTTP in Python, you're probably using one of three popular libraries: requests, httpx, or urllib3. There have been issues with httpx lately. Niquest is another option: Drop-in replacement for Requests. Automatic HTTP/1.1, HTTP/2, and HTTP/3. WebSocket, and SSE included. But maybe less is more, especially in the age of agentic AI A good candidate needs two things to be true at once, not one: the used surface is small, and the behavior behind that surface is shallow. Calvin #3: Millions of AI agents imperiled by critical vulnerability in open source package "BadHost" (CVE-2026-48710) is a critical vulnerability in Starlette — the ASGI framework underlying FastAPI — with 325 million weekly downloads; also affects vLLM, LiteLLM, and most MCP server tooling The exploit is trivial: injecting a single character into an HTTP Host header bypasses path-based authentication, and can lead to credential theft, SSRF, and in some cases remote code execution MCP servers are a prime target since they store credentials for external services (email, databases, cloud accounts) — exposed data in the wild includes biopharma clinical trial DBs, full mailboxes, HR/PII pipelines, and AWS topology Fix is available — patch to Starlette 1.0.1 immediately; use the free scanner at mcp-scan.nemesis.services to check if your servers are still running a vulnerable version Open source sustainability footnote: the maintainer triages near-daily security reports solo, in his free time — most are AI-generated noise, and real ones like this still compete for the same evenings and weekends Michael #4: alembic-git-revisions By Julien Danjou from Mergify Automatic Alembic migration chaining based on git commit history. No more Multiple head revisions are present for given argument 'head'. See the introductory article Caused by two migrations landed with the same down_revision, and Alembic doesn't know which one comes first. The fix is always the same: someone manually edits the migration file to re-chain the revisions. The insight: git already knows the order Extras Calvin: GNU make can do pattern matching in the target. Not new at all, mentioned in the 1994-era docs. just and task don't have this super power on the target name yet. train-%: uv run ./train.py $* --save-hyper-params --overwrite $(TRAIN_ARGS) Michael: Updated my HTTP client using packages from httpx to httpx2: listmonk, umami, and memberful. For motivation, see this reddit thread. Joke: Accurate

William and Eyvonne discuss recent tech news, including the growing political and community opposition to AI data centers driven by fears over power and water usage. They also analyze the “AI Chip War” as hyperscalers such as AWS and Google invest in specialized silicon for training and inference.  Episode Links: Amid backlash, O'Leary Digital CEO... Read more »

Topics covered in this episode: CVE-2026-48710: A Maintainer's Perspective daily-stars-explorer Markdown to pdf with pandoc and typst postman2pytest Extras Joke Watch on YouTube About the show Brian #1: CVE-2026-48710: A Maintainer's Perspective Marcelo Trylesinski suggested by Lee Luocks Short version: users of Starlette: upgrade to Starlette 1.0.1 security professionals: we can't treat open source projects like corporations This top link is a Starlette security advisory with the title Missing Host header validation poisons request.url.path, bypassing path-based security checks The CVE apparently caused some negative press targeting starlette. However, “the vulnerability came from the application pattern and the deployment, never from something Starlette intended.” A quote from an OSTIF article: “This bug is a classic “responsibility gap” where if this maintainer didn't patch, thousands of exposed projects would have to individually secure their projects. In doing this work, they've voluntarily taken on the responsibility to protect the ecosystem from long-term systemic harm. As with all open source projects, they owed us nothing and could have left this to be everyone else's problem and took the extraordinary steps of helping the ecosystem.” Both X40 D-Sec and Ars Technica expected immediate fixes and responses from Starlette. That's not good. We can do better. Michael #2: daily-stars-explorer Explore the full history of any GitHub repository.

You wake up, brew the coffee, open GitHub, and there it is. Another pull request on your open source project. Thirteen thousand lines added. No issue filed first. No discussion. Just "here, please review this for me." Over the past year, GitHub activity has spiked roughly twelve times in a few short months, and a huge chunk of that signal is landing on the same small group of maintainers who were already stretched thin. The curl bug bounty got buried under AI-generated noise. Jazzband, the home of Django classics like pip-tools and the Django debug toolbar, hit what its maintainer called an "apocalypse" and started sunsetting. Even CPython just shipped fresh guidelines on AI-assisted contributions this week. So what does all of this actually look like from the receiving end of the pull request? On this episode, Paolo Melchiorre joins us to tell that story from inside the maintainer's chair. Paolo is a director of the Django Software Foundation, an organizer of PyCon Italy, a Django Girls coach, and he has spent the past year carefully collecting examples of how AI is reshaping open source contributions. The good, the bad, and the extra fingers. We dig into his PyCon US talk on AI-assisted contributions and maintainer load, why AI is best understood as an amplifier rather than a new kind of contributor, the wildly different policies across 86 open source foundations, whether projects banning AI today are reacting to last year's models. Episode sponsors AgentField AI Talk Python Courses Links from the show Guest Paolo Melchiorre: github.com DSF: www.djangoproject.com djangonaut-space: djangonaut.space PyCon Italia: 2026.pycon.it uDjango: github.com My PyCon US 2026 post: www.paulox.net AI-Assisted Contributions and Maintainer Load: www.paulox.net Senior Engineer Tries Vibe Coding: www.youtube.com Code Rabbit AI PR Reviews: www.coderabbit.ai GitHub Usage Graphs: github.blog Update on CPython's AI Policies: fosstodon.org High-Quality Chaos from Curl: daniel.haxx.se The Generative AI Policy Landscape in Open Source: redmonk.com Watch this episode on YouTube: youtube.com Episode #550 deep-dive: talkpython.fm/550 Episode transcripts: talkpython.fm Theme Song: Developer Rap

In the Tech.eu podcast, Coreweave executive Ben Richardson discusses Coreweave's strategy in the UK and Europe.

Your documentation has two audiences now - humans reading the rendered HTML, and AI agents trying to make sense of your library. Rich Iannone and Michael Chow from Posit are back on Talk Python with a brand new Python documentation tool called Great Docs that takes both seriously. Rich is the creator of Great Tables, and before that the R package GT, the man has a serious eye for design, and he's pointed that energy at the Python docs ecosystem. We'll talk about how Great Docs spins up a polished site in three commands, why every page ships as Markdown for your favorite LLM, how it leans on Quarto for executable code blocks and tabbed install sections, and where it lands against Sphinx, MkDocs, and Zensical. Plus, you'll meet Tablin. Here we go. Episode sponsors Sentry Error Monitoring, Code talkpython26 Temporal Talk Python Courses Links from the show Guests Michael Chow: github.com Rich lannone: github.com Python Web Security with OWASP Top 10 and Agentic AI Course: talkpython.fm Great Docs: posit-dev.github.io/great-docs Great Tables: posit-dev.github.io GT Episode: talkpython.fm Sphinx: www.sphinx-doc.org mkdocs: www.mkdocs.org Zensical: zensical.org Hugo: gohugo.io Ghost: ghost.org Rs pkgdown: pkgdown.r-lib.org Quarto: quarto.org quickstart: posit-dev.github.io llms.txt file: llmstxt.org llms.txt: talkpython.fm mcp: talkpython.fm cli: talkpython.fm Watch this episode on YouTube: youtube.com Episode #549 deep-dive: talkpython.fm/549 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Dumb Ways for an Open Source Project to Die How to create a pylock.toml lockfile https://github.com/facebook/Lifeguard Choosing a Python Logging Library in 2026 Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Dumb Ways for an Open Source Project to Die Core categories The maintainer left The maintainer is still there Sabotage and capture The release pipeline broke Force majeure The world moved on The project split - Examples Bulma PRs still from 2023, issues and PRs with no maintainer response for years, last release 1.5 years ago diskcache Similar, got hired by OpenAI, crickets after that Brian #2: How to create a pylock.toml lockfile Tim Hopper Tim walks through using uv, pip and pdm to create pylock.toml files. Recommendation: use uv export --format pylock.toml -o pylock.toml He also has How to install from a pylock.toml lockfile with pip but the short version is: use -r because tools treat it like a requirements file Michael #3: https://github.com/facebook/Lifeguard Lifeguard is a static analyzer to detect Lazy Imports incompatibilities and ease the adoption overhead for Lazy Imports in Python. I'm more excited about lazy imports after my Cutting Python Web App Memory Over 31% experience Some Python patterns depend on imports executing immediately. For example: Module-level side effects — a module that registers a handler or modifies global state at import time will behave differently if that import is deferred. The registry pattern — a module that registers itself (e.g., adding to a global dict) when imported will silently fail to register under Lazy Imports. sys.modules manipulation — code that reads or writes sys.modules assumes prior imports have already executed. Metaclasses and __init_subclass__ — class creation side effects may depend on imports being resolved. Project Stage: Beta Lifeguard is in active development. We are aiming to be ready for general use by the Python 3.15 final release. Brian #4: Choosing a Python Logging Library in 2026 Ayooluwa Isaiah " which libraries matter, how they compare, where they overlap with the standard module, and when each one makes sense.” The slant with this article is the need to log json output, which seems reasonable as things like API entry and exit point logging will include json. Covered libraries standard library logging with a hat tip to python-json-logger Same site has a guide to setting up python-json-logger structlog Loguru Logbook picologging Some benchmarks with structlog, stdlib+json, and Loguru, with structlog coming out faster I liked the Loguru example I'm going to have to try @logger.catch and logger.exception() for easily logging exceptions and serialize=True to enable JSON output. Extras Brian: When Women Stopped Coding - Planet Money segment , spotted on BlueSky from Savannah Ostrowski Lean TDD is now leaner Still working on audio version, but some great changes in 0.7.1 version Ch 6, TDD Interpretations, move ATDD and some of BDD to chapter Ch 7, Change name to TDD with Teams: BDD and ATDD Ch 9, Lean TDD, streamline steps and chapter Ch 10, Change name to Lean TDD with Teams: Lean ATDD Ch 11, Lean TDD with AI, Add short discussion about guardrails and security Michael: New course: Python Web Security: OWASP Top 10 with Agentic AI All courses now with Spanish subtitles, see announcement Joke: Stop texting me

In Elixir Wizards S15E04, Charles Suggs and Emma Whamond are joined by Somtochi Onyekwere, a software engineer at Fly.io and contributor to the Corrosion distributed database project, to talk about distributed systems, infrastructure resilience, and the growing fragility of centralized cloud platforms.   We discuss what recent outages across major providers reveal about modern infrastructure and why more teams are starting to rethink assumptions around reliability, failover, and system design. Somtochi explains how Fly.io approaches geographic distribution, eventual consistency, and replication across nodes, along with the trade-offs that come with building systems this way.   The conversation explores CRDTs (Conflict-free Replicated Data Types), consensus, split-brain prevention, and what actually happens when distributed systems fail in production. We also talk about testing strategies, rollback planning, property-based testing tools, and how teams can reduce blast radius when things inevitably go wrong.   Along the way, we discuss AI infrastructure, sandboxing AI agents, and how newer workloads may add pressure to already centralized systems. The episode closes with practical advice for developers who want to build more resilient applications without over-complicating their architecture. Topics Discussed in this Episode: Corrosion and distributed database replication Centralized cloud fragility and recent outage patterns Distributed systems versus traditional cloud architectures Multi-region deployment strategies for Phoenix applications CRDTs and conflict resolution in distributed systems Eventual consistency versus strict consistency tradeoffs Consensus, leader election, and split-brain prevention Testing failover and recovery scenarios Property-based testing and Antithesis Rollback planning for database schema migrations Reducing blast radius through system isolation Health checks and blue-green deployment strategies Fly Proxy request routing and replay behavior Cross-region synchronization and replication challenges Single points of failure inside “redundant” systems Backup restoration testing and disaster recovery planning Network partitions and failure handling in production Infrastructure monitoring and operational visibility AI infrastructure workloads and operational strain Sandboxing and securing AI agents Sprites and AI workflows at Fly.io Latency improvements from geographic distribution Distributed systems tradeoffs in real-world environments Transitive dependency failures across cloud providers Practical resilience strategies for modern engineering teams Links Mentioned: https://fly.io https://github.com/superfly/corrosion https://docs.gitops.weaveworks.org/ FluxCD https://fluxcd.io/ Fly.io Stateful Sandbox Environments https://sprites.dev/ Cloudflare Workers AI Inference Platform https://www.cloudflare.com/products/workers-ai/ “An AI Agent Just Destroyed Our Production Data. It Confessed in Writing” Twitter post from PocketOS founder: https://x.com/lifeof_jer/status/2048103471019434248 Oct 2025 AWS Outage https://www.theguardian.com/technology/2025/oct/24/amazon-reveals-cause-of-aws-outage Dec 2025 Cloudflare Outage https://www.theguardian.com/technology/2025/dec/05/another-cloudflare-outage-takes-down-websites-linkedin-zoom July 2025 Crowdstrike Outage https://www.ibm.com/think/news/recent-crowdstrike-outage-what-you-should-know March 2026 Stryker Cyber Attack https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html https://aws.amazon.com/ https://cloud.google.com/ https://azure.microsoft.com/en-us https://fly.io/docs/elixir/ CRDTs!! https://smartlogic.io/podcast/elixir-wizards/s13-e03-local-first-liveview-svelte-pwa/ https://antithesis.com/docs/resources/property_based_testing/ https://hex.pm/packages/proper

Starting an AI company is all about spotting a real problem and using AI to solve it in a smarter, faster way than what's out there today. It's less about having the perfect idea and more about starting focused, learning fast, and building something people actually want.This week, Dave, Esmee, and Rob are joined by Gijs van de Nieuwegiessen and Tijn van Daelen, founders of One Horizon AI, to explore what it really takes to start and build an AI‑native company TLDR00:32 – Introduction00:55 – Hang out: Why Dutch names can be a real tongue-twister02:00 – Dig in: Exploring how an AI-native culture fits with human-to-human interaction13:35 – Deep dive with Gijs van de Nieuwegiessen and Tijn van Daelen1:01:54 – Following AI: Bloopers, reflections, and field hockey with the kids GuestGijs van de Nieuwegiessen: https://www.linkedin.com/in/nieuwegiessen/Tijn van Daelen: https://www.linkedin.com/in/tijn-van-daelen-495986131/Open source repo: https://github.com/onehorizonai/ink HostsDave Chapman:  https://www.linkedin.com/in/chapmandr/Esmee van de Giessen:  https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan:  https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg:  https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman:  https://www.linkedin.com/in/chapmandr/ SoundBen Corbett:  https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:   https://www.linkedin.com/in/louis-corbett-087250264/ 'Realities Remixed' is an original podcast from Capgemini

Today our Packet Pushers team assembles to discuss whether the grass is greener on the NetOps or DevOps side of the telemetry fence. William of The Cloud Gambit, Scott of Total Network Operations, and Ned and Kyler of Day Two DevOps discuss the difficulties and differences of getting telemetry and state from devices across different... Read more »

Greg Murphy of Vectra AI explains why no single security tool is enough in 2026, and how AI is transforming overwhelmed security teams into lean, highly responsive defense operations.Topics Include:Vectra AI helps enterprises detect and respond to cyberattacks before they become breaches.CISOs face millions of alerts monthly with dangerously understaffed security teams.Vectra pioneered AI-driven triage to prioritize only the most critical threats.The result: analysts act on two or three alerts, not thousands.Generative AI is now actively being weaponized by sophisticated bad actors.The first fully AI-orchestrated cyberattack by a nation state has already happened.Vectra and AWS Bedrock are building autonomous agents to fight back.Agentic AI can investigate thousands of incidents and surface only what matters.Over-reliance on single tools like EDR leaves dangerous gaps in defense.Modern attacks move fluidly across identity, network, and cloud environments simultaneously.AI stitches cross-surface signals together, revealing attacks hidden in isolated events.Best practice: assume breach, expand your network definition, and layer best-of-breed solutions.Participants:Greg Murphy – Chief Business Officer, Vectra AISee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Topics covered in this episode: Using Django Tasks in production Co-authored with Claude? PyPI packages are increasing rapidly httpx2 Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Using Django Tasks in production Tim Schilling shares how the Djangonaut Space website has been using Django's new tasks framework and some of the info missing from the official Django docs. Tasks require a third party package, django-tasks-db to actually run the tasks. Article walks through all changes necessary to get an email process running to notify admins of new testimonials. Cool simple example. With the db backend, you can monitor progress of tasks in the admin, to see which tasks are scheduled, completed, or have errors. Some wishes for the community to implement new tutorial in the Django docs Django Debug toolbar panel for tasks test/mock backend Great title for wish list: Thinks I'd like to see, but I'm too lazy to implement myself. Michael #2: Co-authored with Claude? Via Nik T. We don't put “executed on macOS”, “edited with PyCharm”, etc. in our commits. Why Claude? Seems like a growth hack to me, that I don't really care to participate in. Some projects that have formalized their thoughts on this: The Generative AI Policy Landscape in Open Source Adjust to turn off in ~/.claude/settings.json see the docs. { "attribution": { "commit": "", "pr": "" } } Brian #3: PyPI packages are increasing rapidly Artem Golubin There's been an increase of published packages per week on PyPI A pretty big increase in the last handful of months. 30% increase since 2025, clearly due to AI Artem is building hexora, a malicious Python code detector. Cool package too, it can: Audit project dependencies to catch potential supply-chain attacks Detect malicious scripts found on platforms like Pastebin, GitHub, or open directories Analyze IoC files from past security incidents Audit new packages uploaded to PyPi. Artem is using hexora to analyze recently published pypi packages and many are obviously vibecoded and trigger false positives for abuses of eval, exec, and subprocess Side note: I don't think that's necessarily a false positive. Not malicious, but maybe a stupid-code-detector? Lots are LLM related, Lots have bots contributing code Publishing rate is crazy, dozens to hundreds of published versions in a day is a bug, not a feature Brian's proposal, PyPI should limit releases per day for any package to something a sane human would do, even if they make a mistake on a release, to maybe like 2-3, definitely under 10, in a day. And if the repo has obvious agent contributors listed, maybe lower to the limit to 1-2 a day? Honestly, “move fast and break things” doesn't apply to breaking the commons. Michael #4: httpx2 More on the httpx, httpxyz, etc changes: Pydantic people started their own fork, httpx2. Michiel says “while we think httpxyz was definitely needed, we welcome httpx2 and think it should be the ‘blessed' fork.” Kludex, who is among other things maintainer of Starlette, was considering a fork As it stands, httpx2 is lacking the performance improvements they added to httpxyz. But it will not be long before they will add those, too. Also they already made some smart decisions: they are switching from certifi to truststore they are switching to compression.zstd on Python 3.14+, enabling zstd compression by default they merged httpcore and vendored it in their repository Discussion on Hacker News Extras Brian: The Four Horsemen of the LLM Apocalypse - Anarcat Django/JetBrains 2026 developer survey is open Pyrefly 1.0 : “meaning we are confident that Pyrefly is ready for production use.” Michael: Just about ready to release Python Web Security: OWASP Top 10 with Agentic AI course. Be sure to be on the courses newsletter to get notified. Joke: Proud Parents

Open Source is giving AI a real boost, making it easier and faster for organisations to build and experiment with new ideas. As adoption grows, these open ecosystems are helping businesses move quicker, stay flexible, and unlock value with more confidence.This week, Dave, Esmee, and Rob are joined by Richard Harmon, VP & Global Head of Financial Services at Red Hat to explore how Open Source is shaping AI, from mainframes to Kubernetes, and from regulation and sovereignty to a future of AI agents writing code. TLDR00:25 – Introduction00:52 – Hangout: Deep democracy training and “what instrument are you?”03:19 – Dig in: Open‑source culture and AI, do they complement each other?10:02 – Conversation with Richard Harmon51:12 – Sitting in the chair and trying to keep up with AI GuestRichard Harmon: https://www.linkedin.com/in/richardlaurenharmon/ HostsDave Chapman:  https://www.linkedin.com/in/chapmandr/Esmee van de Giessen:  https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan:  https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg:  https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman:  https://www.linkedin.com/in/chapmandr/ SoundBen Corbett:  https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:   https://www.linkedin.com/in/louis-corbett-087250264/ 'Realities Remixed' is an original podcast from Capgemini

If you're betting on agentic AI, hear directly from the builders navigating the challenges, innovating pricing models, and creating the coming reality where every employee manages thousands of agents.Topics Include:Four panelists represent the full AI stack: build, run, secure, monitor.Agentic AI moved faster than anyone predicted just 18 months ago.Writer AI's no-code agent builder missed both its target personas entirely.Non-technical users now just prompt agents instead of building workflows.Fireworks AI processes over ten trillion tokens daily across open models.DeepSeek's Christmas release tripled Fireworks' capacity needs almost overnight.Okta identified agent identity as a security problem from day one.91% of organizations are already using AI agents in some capacity.Datadog evolved naturally from dashboards to autonomous investigative agents.Bits.ai agents now diagnose production incidents before engineers wake up.Trust requires explainability — black-box agents stall enterprise adoption cold.Human-in-the-loop remains essential; risk tolerance varies wildly by organization.Writer AI compressed a four-month retail workflow down to one week.Multi-provider inference consistency is one of the hardest unsolved infrastructure problems.Agentic pricing models are fundamentally broken for enterprise budget planning today.Agents managing agents means every employee becomes a manager of thousands.POC data gaps are the most underrated blocker to production deployment.Security must be designed in from the start — retrofitting is painful.Build evaluations first so you know if you're actually improving anything.Find your uniquely differentiated data and build your agentic bet there.Participants:Yannick Guillerm – Regional Manager, Sales Engineering, DatadogRay Thai – Director of Product Management, Fireworks AIAndrew Yu – Vice President of Engineering, OktaMatan-Paul Shetrit – Director of Product Management, Writer AIModerator: Carol Potts – General Manager, North America ISV Sales, AWSSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

What if your database worked more like Git? Every change captured as an immutable event you can replay, instead of a single mutating row that quietly forgets its own history. That's event sourcing, and Chris May is back on Talk Python, fresh off our Datastar panel, to walk us through what it actually looks like in Python. We'll cover the core patterns, the libraries to reach for, when not to use it, and why event sourcing turns out to be a surprisingly good fit for AI-assisted coding. Episode sponsors Sentry Error Monitoring, Code talkpython26 Temporal Talk Python Courses Links from the show Guest Chris May: everydaysuperpowers.dev Intro to event sourcing e-book: everydaysuperpowers.gumroad.com Domain-Driven Design: The Power of CQRS and Event Sourcing: How CQRS/ES Redefine Building Scalable System: ricofritzsche.me DDD: www.amazon.com Understanding Eventsourcing (Martin Dilger): www.amazon.com Event Sourcing Explained using Football Video: www.youtube.com Why I finally embraced event sourcing and why you should too article: everydaysuperpowers.dev valkey: valkey.io diskcache: talkpython.fm eventsourcing package: github.com eventsourcing docs: eventsourcing.readthedocs.io John Bywater: github.com Datastar: data-star.dev Microconf: microconf.com Event Modeling & Event Sourcing Podcast: podcast.eventmodeling.org Python Package Guides for AI Agents: github.com Iodine tablets AI joke: x.com KurrentDb: www.kurrent.io Watch this episode on YouTube: youtube.com Episode #548 deep-dive: talkpython.fm/548 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: httpxyz one month in Learn concurrency - a deep dive into multithreading with Python pip 26.1 - lockfiles and dependency cooldowns Python 3.15 sentinal values from PEP 661 Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: httpxyz one month in First version of httpxyz contained just the fixes to get zstd working, and the fixes to get the test suite running on python 3.14, some ‘housekeeping' changes related to the renaming End of March: a compatibility shim that allows you to use httpxyz even with third-party packages that import httpx themselves, as long as you import httpxyz first. Importing httpxyz automatically registers it under the httpx name in sys.modules , see https://httpxyz.org/httpx-compatibility/ Fixed a WHOLE bunch of performance related issues by forking httpcore Brian #2: Learn concurrency - a deep dive into multithreading with Python Nikos Vaggalis “Whenever you are trying to speed up code using multiple cores, always ask yourself: “Do these threads need to talk to each other right now?” If the answer is yes, it will be slow. The best parallel code splits a big job into completely isolated chunks, processes them separately, and merges the results at the finish line.” Good overview of thread concurrency with Python and how that's been improved dramatically with free-threaded Python Defines lots of terms you come across, including “embarrassingly parallel multithreading” There's a counter example that's nice Start with a shared resource, a counter, and multiple threads updating it Attempt to fix with threading.Lock(), which fixes it, but slows things down Good explanation of why Proper fix with concurrent.futures and separating the work of different threads so that they can be independent and their results can be combined when they're all finished. Michael #3: pip 26.1 - lockfiles and dependency cooldowns Python 3.9 is no longer supported Experimental: installing from pylock files Dependency cooldowns (see my post about this) Lifting several 2020 resolver limitations Brian #4: Python 3.15 sentinal values from PEP 661 MISSING = sentinel("MISSING") def next_value(default: int | MISSING = MISSING): ... if default is MISSING: ... Take a name str as a constructor parameter Intended to be compared with is operator, similar to None Sentinal objects can be used as a type, also similar to None and can be combined with other types with |. Unlike None, sentinal values are truthy. (Elipses ... are also truthy) This seems like a strange choice. but I guess it must have made sense to someone. It does force you to use is instead of depending on False-ness, so I guess it'll make code using sentinels more readable. Interesting that the PEP was started in 2021, and we're finally getting it this year. Extras Brian: Before GitHub - Armin Ronacher tenacity - cross-platform multi-track audio editor/recorder learned about it from Armin's article Joke: Joke option Make it myself Seems similar to what people think about software now Links httpxyz one month in httpxyz.org/httpx-compatibility Learn concurrency - a deep dive into multithreading with Python pip 26.1 - lockfiles and dependency cooldowns my post about this Python 3.15 sentinal values from PEP 661 Before GitHub tenacity Make it myself

In this episode of the Crazy Wisdom Podcast, host Stewart Alsop sits down with Tyler Cloutier, founder of Clockwork Labs and creator of SpaceTimeDB. They explore how SpaceTimeDB functions as more than just a database—it's essentially a distributed operating system that merges server logic with data storage, enabling real-time applications and time-travel capabilities. The conversation ranges from the technical architecture of databases and operating systems to the philosophy of distributed systems, touching on everything from Unix and Linux to how SpaceTimeDB could revolutionize AI-generated software deployment. Tyler explains how their system reduces the complexity of building real-time applications, makes deployment simpler for both humans and AI agents, and why games like their MMORPG BitCraft Online drove them to create this new infrastructure. They also discuss the future of the internet, the role of bots in gaming, and how SpaceTimeDB fits into the broader landscape of cloud computing alongside tools like Cloudflare, Vercel, and Docker. For more information, visit spacetimedb.com or check out Clockwork Labs on GitHub and Twitter.Timestamps00:00 Stewart introduces Tyler Cloutier, founder of Clockwork Labs, discussing the origin of SpaceTimeDB's name inspired by Einstein's theory and its time travel capabilities that store all operations indefinitely05:00 Tyler explains SpaceTimeDB as more of an operating system than a database, using tables instead of file systems while running code in a sandboxed environment with full atomic properties10:00 Discussion of how SpaceTimeDB replaces both Node.js and Postgres by merging web server and database functionality, eliminating separate deployment concerns15:00 Tyler explains JavaScript execution through Chrome's V8 engine and JIT compiling, leading to Node.js creation for server-side JavaScript development20:00 Explanation of stateless web servers versus stateful game servers, and why games require in-memory state management for real-time performance25:00 Tyler introduces reducers and real-time subscriptions, questioning why more applications aren't real-time when state changes should update immediately30:00 Discussion of Facebook as essentially a text-based MMO, comparing social media architecture to game server requirements and the need for unified systems35:00 Tyler explains ACID properties in databases: atomic, consistent, isolated, and durable, using game item trading examples40:00 Comparing SpaceTimeDB to smart contract systems without cryptocurrency or global consensus, positioning it as a smart database with centralized trust45:00 Tyler reveals SpaceTimeDB uses 43% fewer tokens than Postgres for AI-generated applications, making it valuable for vibe coding platforms50:00 Conversation shifts to bots in games and proof-of-human concepts, with Tyler proposing biometric systems and discussing potential in-person gaming applications55:00 Closing discussion about tracking AI-driven traffic through UTM parameters and finding SpaceTimeDB at spacetimedb.comKey Insights1. SpaceTimeDB is fundamentally a database that runs application code directly inside it, combining what traditionally required separate systems like Postgres and Node.js. Users compile their application logic into WebAssembly or JavaScript and upload it to run within the database itself. This architecture provides high performance because the entire server backend operates inside the database environment. The system also features time travel capabilities, storing every operation and change to data persistently and indefinitely, allowing users to set application state back to any earlier point in time. This makes SpaceTimeDB more accurately described as an operating system rather than just a database, where the abstraction is that everything is a table rather than a file.2. The inspiration for SpaceTimeDB came from building BitCraft Online, an MMORPG where all players exist in a single persistent world and rebuild civilization together. Traditional MMO backends required complex custom solutions to handle real-time state, with game servers storing state in memory and periodically writing to databases. This complexity existed because games cannot afford the latency of constantly delegating to distant databases like traditional web applications can. SpaceTimeDB solved this by making the database fast enough to handle real-time requirements directly, eliminating the need for separate game servers. This same performance advantage that benefits games also applies to web applications, which is why SpaceTimeDB evolved from a game-specific tool to a general-purpose platform.3. SpaceTimeDB functions as a distributed operating system where each database acts like a process in an actor model system, similar to Erlang or Scala Akka. Databases can send messages to other databases and be spawned across a cluster for horizontal scaling. This represents an overlay operating system running on top of Linux rather than competing with it, providing a distributed abstraction across many machines while Linux handles device drivers and hardware support. The vision is for the cloud to function as a single enormous computer running one operating system, where developers simply publish their programs without managing separate services, deployment, routing, networking, or persistence infrastructure.4. The real-time capabilities of SpaceTimeDB address a fundamental limitation in how most web applications work today. Traditional web servers are stateless, delegating all state to databases and accepting network round-trip latency for each request, which is why users often must refresh pages to see updates. SpaceTimeDB allows queries to be subscribed to, maintaining open connections that stream changes whenever query results update. This makes applications like Discord, Facebook, or banking systems naturally real-time without requiring page refreshes. The historical accident that more things are not real-time represents a problem SpaceTimeDB solves by unifying the web world with the game world's real-time requirements.5. SpaceTimeDB implements ACID properties—Atomic, Consistent, Isolated, and Durable—ensuring database operations are reliable and safe. Atomic means operations either fully happen or not at all, preventing issues like item duplication in games when trading between players. Consistent means declared invariants like unique usernames are always enforced. Isolated means concurrent operations do not interfere with each other. Durable means changes persist even if computers restart, with varying levels from in-memory on one machine to disk storage across multiple geographic locations. These properties are managed through reducers, functions inspired by React Redux that fold changes into application state incrementally.6. For AI and large language models, SpaceTimeDB offers significant advantages in building and deploying applications. Testing showed that creating applications with SpaceTimeDB uses 43% fewer tokens compared to Postgres implementations, costs less, has fewer bugs, and is easier to extend. This matters because the primary cost for vibe coding platforms is tokens. As more software gets written in the next twelve months than ever before, there is insufficient focus on infrastructure required to run all this AI-generated software. SpaceTimeDB positions itself as ideal for LLMs to target because of its simplified deployment model where developers just publish code and the system handles everything behind the scenes.7. SpaceTimeDB can be understood as a smart contract system without cryptocurrency or global decentralized consensus. Like blockchain smart contracts, it executes code with atomic, consistent, isolated, and durable properties, but avoids the expense and slowness of requiring all computers worldwide to agree on everything. Instead, it offers centralized trust where users trust Clockwork Labs not to modify deployed contracts, rather than the trustless but extremely costly blockchain approach. This makes it functionally similar to Cloudflare's durable objects but with full relational database capabilities. The system exists before the networking layer where Cloudflare operates, handling deployment, server, and database functions while Cloudflare could provide DDoS protection in front of it.

The SaaSpocalypse marks the end of traditional CRM with manual data entry, rigid interfaces, and seat‑based software no longer make sense in an AI‑driven world. Success now depends on outcome‑focused plumbing: intelligent orchestration that delivers results, not screens.This week, Dave, Esmee, and Rob are joined by Hannah Datz, Americas Vice President of CRM at ServiceNow, to unpack the major announcements from ServiceNow Knowledge 2026 in Las Vegas and explore how AI is accelerating the SaaSpocalypse and driving a fundamental shift in the future of CRM. TLDR00:34 – Introduction 00:54 – Hang out: Happy Password Day and emerging threats 06:46 – Conversation with Hannah Datz 57:20 – From tennis excitement to the best burger ever GuestHannah Datz: https://www.linkedin.com/in/hannahdatz/ HostsDave Chapman:  https://www.linkedin.com/in/chapmandr/Esmee van de Giessen:  https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan:  https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg:  https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman:  https://www.linkedin.com/in/chapmandr/ SoundBen Corbett:  https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:   https://www.linkedin.com/in/louis-corbett-087250264/ 'Realities Remixed' is an original podcast from Capgemini

When OpenAI trained GPT-3, they didn't roll their own orchestration layer. They used Ray, an open source Python framework born out of the same Berkeley research lab lineage that gave us Apache Spark. And here's the twist: Ray was originally built for reinforcement learning research, then quietly faded as RL hit a wall. Until ChatGPT showed up. Suddenly reinforcement learning was back, as the post-training step that turns a raw language model into something genuinely useful. Edward Oakes and Richard Liaw, two founding engineers behind Ray and Anyscale, join me on Talk Python to tell that story. We'll trace Ray from its RISE Lab origins at UC Berkeley to powering some of the largest training runs in the world. We'll talk about what Ray actually is, a distributed execution engine for AI workloads, and how a few lines of Python become work running across hundreds of GPUs. We'll cover Ray Data for multimodal pipelines, the dashboard, the VS Code remote debugger, KubRay for Kubernetes, and where Ray fits alongside Dask, multiprocessing, and asyncio. If you've ever stared at a single-machine Python script and thought, "there has to be a better way to scale this", this one's for you Episode sponsors Sentry Error Monitoring, Code talkpython26 AgentField AI Talk Python Courses Links from the show Guests Richard Liaw: github.com Edward Oakes: github.com Ray: www.ray.io Example code (we used for walk-through): docs.ray.io Getting Started with Ray: docs.ray.io Ray Libraries: docs.ray.io kuberay: github.com Watch this episode on YouTube: youtube.com Episode #547 deep-dive: talkpython.fm/547 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Eyvonne and William sit down with Joseph Nicholson, a Network Operations Engineer with NTT DATA, to share how public speaking transformed his career and technical experience. Joseph went from a terrifying ten minute lightning talk at AutoCon 2 to presenting 45-minute sessions at conferences like NANOG. Together they discuss how conversations in conference halls influenced... Read more »

Asana CPO Arnab Bose breaks down how AI agents are transforming collaborative work management with multiplayer AI teammates that any team member can coach and correct.Topics Include:Asana is a collaborative work management platform used by 170,000+ companies worldwide.The "Pyramid of Clarity" connects individual tasks all the way up to company strategy.Asana's "work graph" maps tasks, teams, projects, and portfolios in one connected system.Generative AI now converts unstructured data like emails into structured project plans.Asana integrates directly with AWS, Gemini, and Claude to automate that conversion.AI Teammates are first-party agents that take on and complete tasks inside Asana.These agents work in multiplayer mode — visible, collaborative, and team-correctable.A third AI unlock is coming: letting any external agent builder plug into Asana's interface.Asana runs entirely on AWS, including a new FedRAMP moderate GovCloud deployment.AWS Marketplace listings help customers transact faster using existing AWS credits.Arnab advises startups to bet on AWS long-term rather than chasing short-term LLM trends.His 2026 prediction: multi-agent orchestration standards will be the enterprise AI battleground.Participants:Arnab Bose – Chief Product Officer, AsanaSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Topics covered in this episode: profiling-explorer Reverting the incremental GC in Python 3.14 and 3.15 VSCode AI Co-author defaults to on, then off django freeze Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: profiling-explorer Adam Johnson And intro post Python: introducing profiling-explorer “profiling-explorer is a tool for exploring profiling data from Python's built-in profilers, which are stored in pstats files. ” Features Dark mode Click the calls, internal ms, or cumulative ms column headers to sort by that column. Use the search box to filter by filename or function name. Hover by a filename + line number pair to reveal the copy button, which copies the location to your clipboard for faster opening. Click the callers or callees links on the right of a row (not pictured above) to see the callers or callees of that function. Michael #2: Reverting the incremental GC in Python 3.14 and 3.15 Python 3.14 shipped with a new incremental garbage collector, but production reports of severe memory pressure (Neil Schemenauer measured up to 5× peak RSS on pathological cyclic workloads) have pushed the core team and Steering Council to revert it in both 3.14 and 3.15 - returning to the 3.13-era generational GC. This is the second time the inc GC has been pulled back: it was also reverted right before 3.13.0 final, and it shipped in 3.14 without going through the PEP process. The tradeoff is real: Neil's benchmarks showed max GC pause times of 1.3ms with inc GC versus 26ms with the generational one - great for latency-sensitive apps, terrible for memory-constrained ones. Release manager Hugo van Kemenade will ship 3.14.5 early with the revert, and Gregory Smith floated the idea of a 3.14.5rc1 - the first patch-release RC since 3.9.2 back in 2021. Tim Peters spent the thread doing live forensics on Windows, running a toy deque program that should cap at 1GB and watching it balloon to 15.6GB on a 16GB machine - and discovered the gen0 collector effectively never fires under the new scheme. Tim's bigger meta-point: CPython has a chronic shortage of real-world GC benchmarks, pyperformance has "basically no interesting" cyclic workloads, and users almost never share real data - so core devs keep flying blind on changes like this. Django maintainer Adam Johnson published a blog post mid-thread documenting a real memory "leak" in Django's migration system caused by inc GC, with a manual gc.collect() workaround - the listener-facing receipt that this wasn't just theoretical. If the inc GC comes back for 3.16, it'll go through a proper PEP, and the discussion is already shifting toward keeping both collectors available via a startup flag - which Neil and Sergey Miryanov have both prototyped. Brian #3: VSCode AI Co-author defaults to on, then off VSCode merges Enabling ai co author by default - 3 week ago Ton's of “why would you do this” and related comments VSCode merges Change default for git.addAICoAuthor to off - yesterday Take-away, don't rely on default, set addAICoAuthor to off yourself Michael #4: django freeze Convert your dynamic django site to a static one with one line of code. Just run python manage.py generate_static_site :) Features Generate the static version of your Django site, optionally compressed .zip file Generate/download the static site using urls (only superuser and staff) Follow sitemap.xml urls Follow internal links founded in each page Follow redirects Report invalid/broken urls Selectively include/exclude media and static files Custom base url (very useful if the static site will run in a specific folder different by the document-root) Convert urls to relative urls (very useful if the static site will run offline or in an unknown folder different by the document-root) Prevent local directory index Extras Brian: Thinking Less, Trusting More: GenAI's Impacts on Students' Cognitive Habits Michael: Vercel breached, employee to blame Introducing the new Talk Python web player GitHub uptime (a couple of views 1, 2) Joke: Friends in tech

This week, Ari Paparo sits down with Andrew Casale, CEO of Index Exchange, for a detailed look at the company's latest push into cloud containerization. The discussion explores how deploying DSPs and data applications directly inside Index's cloud infrastructure could reframe economic and technical dynamics across programmatic advertising. Key themes include maturing industry standards (ARTF), how the move impacts privacy, data security, and efficiency, and the wider implications for buyers and partners. Ari and Andrew break down technical trade-offs, the economic upside, and what shifting core infrastructure into exchange clouds could mean for the future of bidding, measurement, and AI-driven performance. The episode also delivers a recap of the Possible event and analyzes current trends: ad tech consolidation, the expanding footprint of CTV and commerce media, identity solution shifts, and ongoing investment in AI and cloud from major platforms. If you want a practical take on current ad tech developments and where things are headed, this conversation is worth your time. Guests: Ari Paparo, Andrew Casale Chapters 00:00 Possible event recap and industry themes 02:00 Ad tech maturity and consolidation trends 05:00 AI, measurement, and optimism in the market 07:10 Episode format and upcoming interview preview 10:28 Big Tech earnings overview begins 10:43 Meta performance and AI driven growth 15:44 Google, Microsoft, and Amazon cloud surge 18:28 Key announcements from Possible 18:58 Pinterest data expands into CTV 19:54 PayPal launches deterministic Ad ID 21:12 TTD and commerce media integrations 23:03 Walmart pushes into CTV and SMB market 24:19 Magnite introduces agentic AI tools 26:03 HighTouch funding and CDP evolution 27:53 Universal Commerce Protocol adoption 29:45 Interview with Andrew Casale begins 30:47 Index Exchange containerization explained 33:16 Cost and speed advantages of edge compute 35:16 Agentic frameworks and future potential 39:03 DSP orchestration challenges 41:11 Privacy and data control benefits 44:29 Future of bidding and exchange infrastructure Learn more about your ad choices. Visit megaphone.fm/adchoices

AI is only as strong as the data beneath it, and as it moves into the core of the enterprise, fragmented, duplicated, and poorly governed data is no longer hidden in the background, it's amplified, exposed, and impossible to ignore.This week, Dave, Esmee, and Rob are joined by Edward Calvesbert, VP Product Management for IBM watsonx AI & Data Platform, to dig into the foundations of enterprise AI, from data silos and the SaaSpocalypse to lakehouse architectures and agent‑driven workflows. TLDR00:17 – Introduction 00:55 – Dig in: The big data unlock for AI14:02 – Conversation with Edward Calvesbert57:58 – Hiking Mount Rainier near Seattle GuestEdward Calvesbert: https://www.linkedin.com/in/ecalvesbert/ HostsDave Chapman:  https://www.linkedin.com/in/chapmandr/Esmee van de Giessen:  https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan:  https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg:  https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman:  https://www.linkedin.com/in/chapmandr/ SoundBen Corbett:  https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:   https://www.linkedin.com/in/louis-corbett-087250264/ 'Realities Remixed' is an original podcast from Capgemini

AI agents move at machine speed. Your security doesn't. Discover how enterprises are finding shadow agents, measuring agent ROI, and transforming agentic AI from risk to strategic value. Learn from Arti Arora Raman, CEO Founder of Portal 26 and Neil Cohen, VP of Marketing in Portal 26 how Portal26's platform capabilities mitigate enterprise challenges around AI adoption, security, ROI, and governance. AI agents operate autonomously at machine speed, making decisions and tool calls without human approval. But most enterprises don't know which agents are running, what they're accessing, or whether they're creating value or risk.In this episode of AWS re:Think, host Malini and Preethi explores Portal26's Agent Management Platform (AMP) and how it helps enterprises discover, secure, and measure ROI from agentic AI. We discuss the five primary agentic AI security risks—from rogue agents to agent drift—and how organizations are using agent-level visibility to transform AI from an operational risk into a strategic asset.Learn how finance teams are tracking token consumption, how security teams are identifying high-risk agents before they cause damage, and how enterprises are finally closing the gap between AI investments and returns.Discover how to govern AI agents at the speed they operate.Reference: https://portal26.ai/AWS Hosts: Preethi Ravula & Malini ChatterjeeEmail Your Feedback: rethinkpodcast@amazon.com

Discover how Detectify's hacker-DNA culture, multi-account AWS architecture, and Claude Code on Bedrock helped a lean security team deliver zero-day protection to customers before they even knew they needed it.Topics Include:Haris Kabiljagić leads cloud operations, data, and scanning at Detectify.Detectify started in 2013 as a group of ethical hackers in Stockholm.The platform continuously scans customers' attack surfaces for exploitable vulnerabilities.A global community of elite ethical hackers feeds real-world payloads into the engine.Early on, a centralized cloud team caused over 40 service disruptions monthly.A multi-account AWS strategy via Control Tower eliminated disruptions entirely.The hardest part of decentralizing wasn't technology — it was the culture shift.Cloud ops had to evolve from gatekeepers into enablers of secure, fast deployment.Detectify's architecture runs on three pillars: scalability, event-driven services, and security.MSK and Amazon MQ replaced self-hosted RabbitMQ, enabling true event-driven microservices.AWS Security Hub provides a single pane of glass for security posture visibility.When the CAPS zero-day hit, Detectify delivered a live test to customers same day.Customers logged in braced for panic — and found the threat was already handled.AI-assisted development via Claude Code on Bedrock accelerated code migration 30x.The team moved from five modules per week to 150, without sacrificing review quality.Success is now measured by speed of remediation, not volume of vulnerabilities found.A new internal scanner lets customers protect applications before they ever reach production.Detectify's roadmap: make security effortlessly native inside the pipelines teams already use.Participants:Haris Kabiljagić - Head of Developer Services, DetectifyJohan Broman – EMEA ISV, Head of Solutions Architecture, Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

The cloud is convenient until it isn't. You upload your photos, sync your contacts, click through the cookie banners. Then prices go up again or you read about a family that lost their entire Google account over a medical photo sent to a doctor. At some point, the question shifts from "why would I run this myself?" to "why aren't I?" My guest this week is Alex Kretzschmar, head of DevRel at Tailscale, longtime host of the Self-Hosted podcast, and co-founder of Linuxserver.io. We cover what self-hosting really means in 2026, the apps worth running yourself like Immich and Home Assistant, why Docker Compose ties it all together, and how Tailscale lets you reach any of it from anywhere, without opening a single port. If you've been thinking about pulling your digital life back behind your own walls, this is your roadmap. Episode sponsors Temporal Talk Python Courses Links from the show Guest Alex Kretzschmar: alex.ktz.me Bitflip podcast: bitflip.show Self-Hosted podcast (Alex's previous show): selfhosted.show Perfect Media Server: perfectmediaserver.com KTZ Systems on YouTube: youtube.com/@ktzsystems Linuxserver.io (co-founded by Alex): linuxserver.io "How Tailscale Works" blog post: tailscale.com/blog/how-tailscale-works https://tailscale.com/: tailscale.com Self-hosted apps discussed Awesome Self-Hosted (GitHub list): github.com Immich (Google Photos alternative): immich.app Home Assistant: home-assistant.io Open Home Foundation: openhomefoundation.org Plausible Analytics: plausible.io Umami Analytics: umami.is Python integration for umami: pypi.org Pi-hole: pi-hole.net AdGuard Home: adguard.com NextDNS: nextdns.io Coolify: coolify.io Docker + ufw: docs.docker.com Storage, backup & filesystem OpenZFS: openzfs.org ZFS.rent (offsite ZFS replication): zfs.rent Backblaze: backblaze.com Hetzner Storage Box: hetzner.com DigitalOcean: digitalocean.com Secrets management mentioned OpenBao (open-source Vault fork): openbao.org HashiCorp Vault: hashicorp.com Bitwarden: bitwarden.com 1Password: 1password.com Hardware mentioned Proxmox VE: proxmox.com Minisforum MS01: minisforum.com Zima Board / Zima OS: zimaspace.com Other references Cory Doctorow on "enshittification" (Cory's blog where he coined the term): pluralistic.net Linus Tech Tips' WAN Show (Linus mentioned NAS-building going mainstream): linustechtips.com Watch this episode on YouTube: youtube.com Episode #546 deep-dive: talkpython.fm/546 Episode transcripts: talkpython.fm Theme Song: Developer Rap

What does it take to build and lead technology at a global, mission-critical scale? ☁️

Las Vegas, you're officially on the record during Google Cloud Next 2026. The #RealitiesRemixed podcast team is back at GCN'26, recording live from the Strip, where bright lights collide with big ideas.This week, we're swapping roulette wheels for real talk, hosting live conversations with Google leaders who are redefining what's next across AI‑first enterprise transformation, agentic AI, data, sovereignty, security, and beyond.Expect sharp insights, bold opinions, and future‑shaping conversations, delivered straight from Las Vegas to your headphones. Dave, Rachel, and Rob discusse the highlights of Google Cloud Next 2026! TLDR00:24 – Introduction01:14 – Hang out: Progress from Google Cloud Next 2025 to Google Cloud Next 202608:15 – Dig in: Executive overview of this year's key themes31:38 – Closing remarksHostsDave Chapman:   https://www.linkedin.com/in/chapmandr/Rachel Belmonte:  https://www.linkedin.com/in/rachel-belmonte-63550358/Rob Kernahan:   https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg:   https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman:   https://www.linkedin.com/in/chapmandr/ SoundBen Corbett:   https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:    https://www.linkedin.com/in/louis-corbett-087250264/ 'Realities Remixed' is an original podcast from Capgemini

Las Vegas, you're officially on the record during Google Cloud Next 2026. The #RealitiesRemixed podcast team is back at GCN'26, recording live from the Strip, where bright lights collide with big ideas.This week, we're swapping roulette wheels for real talk, hosting live conversations with Google leaders who are redefining what's next across AI‑first enterprise transformation, agentic AI, data, sovereignty, security, and beyond.Expect sharp insights, bold opinions, and future‑shaping conversations, delivered straight from Las Vegas to your headphones. Dave, Rachel, and Rob close out their conversation with Cliff Krimmel, Head of Customer Engineering for Banking at Google Cloud, diving into the changing stack and the rise of the agentic development platform. TLDR00:32 – Day 3 kicks off01:25 – Hang out: Travel-ready tips05:18 – Dig in: The Agentic Data Cloud09:00 – Conversation with Cliff Krimmel32:05 – Closing with burgers & hotdogs GuestCliff Krimmel: https://www.linkedin.com/in/ckrimmel/ HostsDave Chapman:   https://www.linkedin.com/in/chapmandr/Rachel Belmonte:  https://www.linkedin.com/in/rachel-belmonte-63550358/Rob Kernahan:   https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg:   https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman:   https://www.linkedin.com/in/chapmandr/ SoundBen Corbett:   https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:    https://www.linkedin.com/in/louis-corbett-087250264/ 'Realities Remixed' is an original podcast from Capgemini

Las Vegas, you're officially on the record during Google Cloud Next 2026. The #RealitiesRemixed podcast team is back at GCN'26, recording live from the Strip, where bright lights collide with big ideas.This week, we're swapping roulette wheels for real talk, hosting live conversations with Google leaders who are redefining what's next across AI‑first enterprise transformation, agentic AI, data, sovereignty, security, and beyond.Expect sharp insights, bold opinions, and future‑shaping conversations, delivered straight from Las Vegas to your headphones. Dave, Rachel, and Rob continue their conversation with Khulan Davaajav, Product Marketing Manager, Generative Media Models at Google about the rise of creative AI and how it's redefining human expression in the age of intelligent tools. TLDR00:24 – Day 2 on it's way!00:40 – Hangout: Producer distracted and Rob's red eye03:31 – Highlights: Roving reporter's media related announcements07:16 – Conversation with Khulan Davaajav34:24– Mongolian BBQ GuestKhulan Davaajav: https://www.linkedin.com/in/khulandav/ HostsDave Chapman:   https://www.linkedin.com/in/chapmandr/Rachel Belmonte:  https://www.linkedin.com/in/rachel-belmonte-63550358/Rob Kernahan:   https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg:   https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman:   https://www.linkedin.com/in/chapmandr/ SoundBen Corbett:   https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:    https://www.linkedin.com/in/louis-corbett-087250264/ 'Realities Remixed' is an original podcast from Capgemini

Las Vegas, you're officially on the record during Google Cloud Next 2026. The #RealitiesRemixed podcast team is back at GCN'26, recording live from the Strip, where bright lights collide with big ideas.This week, we're swapping roulette wheels for real talk, hosting live conversations with Google leaders who are redefining what's next across AI‑first enterprise transformation, agentic AI, data, sovereignty, security, and beyond.Expect sharp insights, bold opinions, and future‑shaping conversations, delivered straight from Las Vegas to your headphones. Dave, Rachel, and Rob continue their conversation with Gina Fratarcangeli, Managing Director and NA GSI Leader, exploring how partners are redefining their role, from funding models and board‑level conversations to shaping the agentic enterprise blueprint. TLDR00:24 – Day 2 kicks off!00:40 – Hangout: impressions from GCN '26 at the Mandalay Bay Convention Center and Dave denting his stuff05:26 – Dig in: What announcements our roving reporter spotted09:54 – Conversation with Gina Fratarcangeli32:41 – Texas brisket on paper BBQ GuestGina Fratarcangeli: https://www.linkedin.com/in/gina-fratarcangeli/ HostsDave Chapman:   https://www.linkedin.com/in/chapmandr/Rachel Belmonte:  https://www.linkedin.com/in/rachel-belmonte-63550358/Rob Kernahan:   https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg:   https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman:   https://www.linkedin.com/in/chapmandr/ SoundBen Corbett:   https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:    https://www.linkedin.com/in/louis-corbett-087250264/ 'Realities Remixed' is an original podcast from Capgemini

Eyvonne Sharp and William Collins speak with Sif Baksh, Principal Solutions Architect at Tines, to discuss the power of automation. Sif shares some personal stories of how he has been able to use automation to innovate and modernize networking operations. They also discuss the importance of learning AI and using it as a tool, how... Read more »

Las Vegas, you're officially on the record during Google Cloud Next 2026.The #RealitiesRemixed podcast team is back at GCN'26, recording live from the Strip, where bright lights collide with big ideas. This week, we're swapping roulette wheels for real talk, hosting live conversations with Google leaders who are redefining what's next across AI‑first enterprise transformation, agentic AI, data, sovereignty, security, and beyond. Expect sharp insights, bold opinions, and future‑shaping conversations, delivered straight from Las Vegas to your headphones.Dave, Rachel, and Rob kick off the event with Mark Steel, Director of Retail Industry, EMEA at Google Cloud, diving into the rise of Agentic Commerce and how AI agents are redefining the relationship between brands, retailers, and consumers.TLDR00:24 – Guest introduction and this week's key themes00:52 – Hangout: new podcast equipment and roving reporter Rachel Belmonte05:52 – Dig in: what to expect from Google's announcements11:41 – Conversation with Mark Steel39:10 – Favourite BBQ picks GuestMark Steel: https://www.linkedin.com/in/marksteel220/ HostsDave Chapman:  https://www.linkedin.com/in/chapmandr/Rachel Belmonte:  https://www.linkedin.com/in/rachel-belmonte-63550358/Rob Kernahan:  https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg:  https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman:  https://www.linkedin.com/in/chapmandr/ SoundBen Corbett:  https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:   https://www.linkedin.com/in/louis-corbett-087250264/ 'Realities Remixed' is an original podcast from Capgemini

Las Vegas, you're officially on the record during Google Cloud Next 2026. The #RealitiesRemixed podcast team is back at GCN'26, recording live from the Strip, where bright lights collide with big ideas.This week, we're swapping roulette wheels for real talk, hosting live conversations with Google leaders who are redefining what's next across AI‑first enterprise transformation, agentic AI, data, sovereignty, security, and beyond.Expect sharp insights, bold opinions, and future‑shaping conversations, delivered straight from Las Vegas to your headphones. Dave, Rachel, and Rob continue the conversation with Dominic Cody, Global Director of Technology, Distributed Cloud, about the Sovereign Edge and reclaiming control in the age of Agentic AI. TLDR00:24 – Guest introduction and this week's key themes00:40 – Hangout: AI on the Expo floor and roving reporter Rachel Belmonte01:24– Dig in: what to expect from Google's announcements05:36– Conversation with Dominic Cody31:28 – Favourite BBQ picks GuestDominic Cody: https://www.linkedin.com/in/dominiccody/ HostsDave Chapman:   https://www.linkedin.com/in/chapmandr/Rachel Belmonte:  https://www.linkedin.com/in/rachel-belmonte-63550358/Rob Kernahan:   https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg:   https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman:   https://www.linkedin.com/in/chapmandr/ SoundBen Corbett:   https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:    https://www.linkedin.com/in/louis-corbett-087250264/ 'Realities Remixed' is an original podcast from Capgemini

Dynatrace's Chief Technology Strategist Alois Reitbauer explains how AI-powered observability is moving beyond monitoring to autonomously fixing software issues — and why the best AI doesn't replace human judgment, it sharpens it.Topics Include:Dynatrace helps global enterprise companies observe, optimize, and protect their software.The platform goes beyond monitoring — it takes automated action to fix issues.Business observability connects technical data to real-world operational decisions.Dynatrace has been investing in AI for 14 years, starting with root cause analysis.AI eliminates human confirmation bias when diagnosing critical system failures.Generative AI now enables Dynatrace to propose and implement code-level fixes.AI works best augmenting humans — like a GPS, not an autopilot.The Dynatrace-AWS partnership began with aligning on a shared long-term vision.Joint engineering calls and shared roadmaps made the two teams feel like one.Dynatrace experienced Amazon's famous silent document-reading meeting culture firsthand.Good partnerships require honesty, investment, and knowing when to say no.AI is maturing from an efficiency play toward genuine human augmentation.Participants:Alois Reitbauer – Chief Technology Strategist, DynatraceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Topics covered in this episode: Django Modern Rest Already playing with Python 3.15 Cutting Python Web App Memory Over 31% tryke - A Rust-based Ptyhon test runner with a Jest-style API Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Django Modern Rest Modern REST framework for Django with types and async support Supports Pydantic, Attrs, and msgspec Has ai coding support with llms.txt See an example at the “showcase” section Brian #2: Already playing with Python 3.15 3.15.0a8, 2.14.4 and 3.13.13 are out Hugo von Kemenade beta comes in May, CRs in Sept, and Final planned for October But still, there's awesome stuff here already, here's what I'm looking forward to: PEP 810: Explicit lazy imports PEP 814: frozendict built-in type PEP 798: Unpacking in comprehensions with * and ** PEP 686: Python now uses UTF-8 as the default encoding Michael #3: Cutting Python Web App Memory Over 31% I cut 3.2 GB of memory usage from our Python web apps using five techniques: async workers import isolation the Raw+DC database pattern local imports for heavy libraries disk-based caching See the full article for details. Brian #4: tryke - A Rust-based Ptyhon test runner with a Jest-style API Justin Chapman Watch mode, Native async support, Fast test discovery, In-source testing, Support for doctests, Client/server mode for fast editor integrations, Pretty, per-assertion diagnostics, Filtering and marks, Changed mode (like pytest-picked), Concurrent tests, Soft assertions, JSON, JUnit, Dot, and LLM reporters Honestly haven't tried it yet, but you know, I'm kinda a fan of thinking outside the box with testing strategies so I welcome new ideas. Extras Brian: Why are't we uv yet? Interesting take on the “agents prefer pip” Problem with analysis. Many projects are libraries and don't publish uv.lock file Even with uv, it still often seen as a developer preference for non-libarries. You can sitll use uv with requirements.txt PyCon US 2026 talks schedule is up Interesting that there's an AI track now. I won't be attending, but I might have a bot watch the videos and summarize for me. :) What has technology done to us? Justin Jackson Lean TDD new cover Also, 0.6.1 is so ready for me to start f-ing reading the audio book and get on with this shipping the actual f-ing book and yes I realize I seem like I'm old because I use “f-ing” while typing. Michael: Python 3.14.4 is out Beanie 2.1 release Joke: HumanDB - Blazingly slow. Emotionally consistent.

In this episode we explore how companies should evaluate AI agents across multiple dimensions — including correctness, tool selection, multi-turn reasoning, and safety . The conversation covers building reliable evaluation frameworks, balancing automated vs. human-in-the-loop testing, and leveraging observability to debug agent behavior in production.Links from the ShowAgentCore Evaluation: https://github.com/awslabs/agentcore-samples/tree/main/01-tutorials/07-AgentCore-evaluationsStrands Evaluation: https://strandsagents.com/docs/user-guide/evals-sdk/quickstart/AWS Hosts: Nolan Chen & Malini ChatterjeeEmail Your Feedback: rethinkpodcast@amazon.com

The OWASP Top 10 just got a fresh update, and there are some big changes: supply chain attacks, exceptional condition handling, and more. Tanya Janca is back on Talk Python to walk us through every single one of them. And we're not just talking theory, we're going to turn Claude Code loose on a real open source project and see what it finds. Let's do it. Episode sponsors Temporal Talk Python Courses Links from the show DevSec Station Podcast: www.devsecstation.com SheHacksPurple Newsletter: newsletter.shehackspurple.ca owasp.org: owasp.org owasp.org/Top10/2025: owasp.org from here: github.com Kinto: github.com A01:2025 - Broken Access Control: owasp.org A02:2025 - SecuA02 Security Misconfiguration: owasp.org ASP.NET: ASP.NET A03:2025 - Software Supply Chain Failures: owasp.org A04:2025 - Cryptographic Failures: owasp.org A05:2025 - Injection: owasp.org A06:2025 - Insecure Design: owasp.org A07:2025 - Authentication Failures: owasp.org A08:2025 - Software or Data Integrity Failures: owasp.org A09:2025 - Security Logging and Alerting Failures: owasp.org A10 Mishandling of Exceptional Conditions: owasp.org https://github.com/KeygraphHQ/shannon: github.com anthropic.com/news/mozilla-firefox-security: www.anthropic.com generalpurpose.com/the-distillation/claude-mythos-what-it-means-for-your-business: www.generalpurpose.com Python Example Concepts: blobs.talkpython.fm Watch this episode on YouTube: youtube.com Episode #545 deep-dive: talkpython.fm/545 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Realities Remixed, formerly know as Cloud Realities, launches a new season exploring the intersection of people, culture, industry and tech.As AI accelerates the shift from networks to ecosystems, organisations face a growing tension between fast‑moving technology and slower, socially driven organisational change. Success in the “Never Normal” will depend less on intelligence itself and more on leadership qualities, judgement, narrative, trust, and the ability to create space for corporate explorers to build the Day After Tomorrow, not just optimise today.This week, Dave, Esmee, and Rob are joined by Peter Hinssen, keynote speaker, author and lecturer and co-founder of nexxworks to explore how leaders navigating through rapid change, focused on transforming uncertainty into opportunities for growth and innovation.. TLDR00:41 – Guest introduction and overview of this week's theme 01:02 – Hangout: Episode 200! 06:25 – Dig in: Deep dive into the pace of change 14:17 – Conversation with Peter Hinssen on adaptive organisations and leadership styles 55:10 – Continuing the conversation about Tech 1:11:20 – Travel to Taiwan, Silicon Valley, and China GuestPeter Hinssen: https://www.linkedin.com/in/phinssen/https://www.peterhinssen.com HostsDave Chapman:  https://www.linkedin.com/in/chapmandr/Esmee van de Giessen:  https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan:  https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg:  https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman:  https://www.linkedin.com/in/chapmandr/ SoundBen Corbett:  https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:   https://www.linkedin.com/in/louis-corbett-087250264/ 'Realities Remixed' is an original podcast from Capgemini

Vercel's VP of Engineering Lindsey Simon unpacks how AI is transforming web deployment — from self-driving infrastructure and automatic rollbacks to prompt-to-app magic and what coding will look like by 2027.Topics Include:Vercel turns a simple git push into a live URL, fastCustomers range from solo indie devs to major enterprises globallyUnder Armour, Reuters, and Polymarket all run on Vercel's platformAI agents can detect failed deployments and automatically suggest fixesVercel calls this approach "self-driving infrastructure" — a post-AI evolutionThe AI SDK lets developers write model-agnostic code across any providerV0 lets anyone generate a full app just by typing a promptThe AI Gateway provides intelligent model fallbacks and cost efficiencyVitamins vs. painkillers: Vercel only builds what customers genuinely needAI works best when code has structure, types, and tests already in placeAWS Bedrock helped Vercel scale V0 when it went unexpectedly viralVercel's AI philosophy: "let it rip" — with smart guardrails around dataWeekly "Demo Days" put every engineer in front of 200 colleagues to presentDesign is a company-wide discipline, from product UI to office signageA new AWS integration makes provisioning Aurora and DynamoDB just a few clicksParticipants:Lindsey Simon – Vice President of Engineering, VercelSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

When you pip install a package with compiled code, the wheel you get is built for CPU features from 2009. Want newer optimizations like AVX2? Your installer has no way to ask for them. GPU support? You're on your own configuring special index URLs. The result is fat binaries, nearly gigabyte-sized wheels, and install pages that read like puzzle books. A coalition from NVIDIA, Astral, and QuanSight has been working on Wheel Next: A set of PEPs that let packages declare what hardware they need and let installers like uv pick the right build automatically. Just uv pip install torch and it works. I sit down with Jonathan Dekhtiar from NVIDIA, Ralf Gommers from Quansight and the NumPy and SciPy teams, and Charlie Marsh, founder of Astral and creator of uv, to dig into all of it. Episode sponsors Sentry Error Monitoring, Code talkpython26 Temporal Talk Python Courses Links from the show Guests Charlie Marsh: github.com Ralf Gommers: github.com Jonathan Dekhtiar: github.com CPU dispatcher: numpy.org build options: numpy.org Red Hat RHEL: www.redhat.com Red Hat RHEL AI: www.redhat.com RedHats presentation: wheelnext.dev CUDA release: developer.nvidia.com requires a PEP: discuss.python.org WheelNext: wheelnext.dev Github repo: github.com PEP 817: peps.python.org PEP 825: discuss.python.org uv: docs.astral.sh A variant-enabled build of uv: astral.sh pyx: astral.sh pypackaging-native: pypackaging-native.github.io PEP 784: peps.python.org Watch this episode on YouTube: youtube.com Episode #544 deep-dive: talkpython.fm/544 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Vibe coding: give AI a description of what you want, the model writes the code, you ship it, and then you hope for the best. It works great for side projects, but it can fall apart the moment you point an AI agent at production infrastructure. Today, William and Eyvonne sit down with John Capobianco,... Read more »

Topics covered in this episode: Migrating from mypy to ty: Lessons from FastAPI Oxyde ORM Typeshedded CPython docs Raw+DC Database Pattern: A Retrospective Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Migrating from mypy to ty: Lessons from FastAPI Tim Hopper I saw this post by Sebastián Ramírez about all of his projects switching to ty FastAPI, Typer, SQLModel, Asyncer, FastAPI CLI SqlModel is already ty only - mypy removed This signals that ty is ready to use Tim lists some steps to apply ty to your own projects Add ty alongside mypy Set error-on-warning = true Accept the double-ignore comments Pick a smaller project to cut over first Drop mypy when the noise exceeds the signalAdd ty alongside mypy Related anecdote: I had tried out ty with pytest-check in the past with difficulty Tried it again this morning, only a few areas where mypy was happy but ty reported issues At least one ty warning was a potential problem for people running pre-releases of pytest, Not really related: packaging.version.parse is awesome Michael #2: Oxyde ORM Oxyde ORM is a type-safe, Pydantic-centric asynchronous ORM with a high-performance Rust core. Note: Oxyde is a young project under active development. The API may evolve between minor versions. No sync wrappers or thread pools. Oxyde is async from the ground up Includes oxyde-admin Features Django-style API - Familiar Model.objects.filter() syntax Pydantic v2 models - Full validation, type hints, serialization Async-first - Built for modern async Python with asyncio Rust performance - SQL generation and execution in native Rust Multi-database - PostgreSQL, SQLite, MySQL support Transactions - transaction.atomic() context manager with savepoints Migrations - Django-style makemigrations and migrate CLI Brian #3: Typeshedded CPython docs Thanks emmatyping for the suggestion Documentation for Python with typeshed types Source: typeshedding_cpython_docs Michael #4: Raw+DC Database Pattern: A Retrospective A new design pattern I'm seeing gain traction in the software space: Raw+DC: The ORM pattern of 2026 I've had a chance to migrate three of my most important web app. Thrilled to report that yes, the web app is much faster using Raw+DC Plus, this was part of the journey to move from 1.3 GB memory usage to 0.45 GB (more on this next week) Extras Brian: Lean TDD 0.5 update Significant rewrite and focus Michael: pytest-just (for just command file testing), by Michael Booth Something going on with Encode httpx: Anyone know what's up with HTTPX? And forked starlette and uvicorn: Transfer of Uvicorn & Starlette mkdocs: The Slow Collapse of MkDocs django-rest-framework: Move to django commons? Certificates at Talk Python Training Joke: Neue Rich

When you type a question into ChatGPT, the model only has what you typed to work with. But tools like Claude Code can plan, iterate, test, and recover from mistakes. They work more like we do. The difference is the agent harness: Planning tools, file system access, sub-agents, and carefully crafted system prompts that turn a raw LLM into something genuinely capable. Sydney Runkle is back on Talk Python representing LangChain and their new open source library, Deep Agents: A framework for building your own deep agents with plain Python functions, middleware hooks, and MCP support. This is how the magic works under the hood. Episode sponsors Sentry Error Monitoring, Code talkpython26 Agentic AI Course Talk Python Courses Links from the show Guest Sydney Runkle: github.com Claude Code uses: x.com Deep Research: openai.com Manus: manus.im Blog post announcement: blog.langchain.com Claudes system prompt: github.com sub agents: docs.anthropic.com the quick start: docs.langchain.com CLIs: github.com Talk Python's CLI: talkpython.fm custom tools: docs.langchain.com DeepAgents Examples: github.com Custom Middleware: docs.langchain.com Built in middleware: docs.langchain.com Improving Deep Agents with harness engineering: blog.langchain.com Prebuilt middleware: docs.langchain.com Watch this episode on YouTube: youtube.com Episode #543 deep-dive: talkpython.fm/543 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Lock the Ghost Fence for Sandboxing MALUS: Liberate Open Source Harden your GitHub Actions Workflows with zizmor, dependency pinning, and dependency cooldowns Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course **Patreon SupportersConnect with the hosts** Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Lock the Ghost The five core takeaways: PyPI "removal" doesn't delete distribution files. When a package is removed from PyPI, it disappears from the index and project page, but the actual distribution files remain accessible if you have a direct URL to them. uv.lock uniquely preserves access to ghost packages. Because uv.lock stores direct URLs to distribution files rather than relying on the index API at install time, uv sync can successfully install packages that have already been removed, even with cache disabled. No other Python lock file implementation tested behaved this way. This creates a supply chain attack vector. An attacker could upload a malicious package, immediately remove it to dodge automated security scanning, and still have it installable via a uv.lock file, or combine this with the xz-style strategy of hiding malicious additions in large, auto-generated lock files that nobody reviews. Removed package names can be hijacked with version collisions. When an owner removes a package, the name can be reclaimed by someone else who can upload different distribution types under the same version number, as happened with "umap." Lock files help until you regenerate them, then you're exposed. Your dependency scanning needs to cover lock files, not just manifest files. Scanning only pyproject.toml or requirements.txt misses threats embedded in lock files, which is where the actual resolved URLs and hashes live. Brian #2: Fence for Sandboxing Suggested by Martin Häcker “Some coding platforms have since integrated built-in sandboxing (e.g., Claude Code) to restrict write access to directories and/or network connectivity. However, these safeguards are typically optional and not enabled by default.” “JY Tan (on cc) has extracted the sandboxing logic from Claude Code and repackaged it into a standalone Go binary.” Source code on GitHub: https://github.com/Use-Tusk/fence Related: Simon Willison lethal trifecta for AI agents article from June 2025 Claude Code Sandboxing Michael #3: MALUS: Liberate Open Source via Paul Bauer The service will generate the specs of a library with one AI and build the newly licensed library using the specs with another AI circumventing the licensing and copyright rules. AI that has not been trained on open source reads the docs and API signature, creates a spec. Another AI processes that spec into working software. Is it a real site? Are they accepting real money, or are they just trying to cause a stir around copyright? Brian #4: Harden your GitHub Actions Workflows with zizmor, dependency pinning, and dependency cooldowns Matthias Schoettle Avoid things like this: hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far Extras Brian: GitHub is asking to spy on us, that's nice Michael: Michael's new SaaS for podcasters: InterviewCue DigitalOcean's Spaces cold storage for infrequently accessed data Minor issue about my fire and forget post, was a latent bug? Fire and Forget at Textual follow up article Joke: Can you?