Podcasts about python3

If you've ever been to PyCon, you know one of the best parts of the expo hall is Startup Row, a stretch of booths where early-stage companies built on Python show off what they're creating. But only attendees get to walk that lane, so let's bring it to everyone. In this episode, we stroll down Startup Row together. We kick things off with the organizers, Jason and Shay, who share the program's origin story going back to Paul Graham and the PSF, plus some surprising stats, including two unicorns among the alumni. Then we meet five startups: Tetrix, bringing AI to institutional investing in private markets. Arcjet, security that lives inside your app as an SDK. Phemeral.dev, serverless hosting built for Python web apps. CapiscIO, an identity and authority layer for AI agents. And Pixeltable, a multimodal database from Marcel Kornacker, co-creator of Apache Parquet. See if you can spot the theme running through them all. Let's go for a walk. Episode sponsors AgentField AI Talk Python Courses Links from the show Guests Naunidh Bhalla: linkedin.com Grant Gittes: linkedin.com Marcel Kornacker: linkedin.com Beon de Nood: linkedin.com Chinmaya Joshi: linkedin.com David Mytton: linkedin.com Shea Tate-Di Donna: linkedin.com Jason Rowley: linkedin.com Azul Garza: github.com Renée Rosillo: linkedin.com Tetrix: tetrix.co Tetrix Jobs: tetrix.co Arcjet: arcjet.com Pixeltable: pixeltable.com Phemeral.dev: phemeral.dev CapiscIO: capisc.io Episode #551 deep-dive: talkpython.fm/551 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Vulnerability and malware checks in uv HTTP GET requests with the Python standard library Millions of AI agents imperiled by critical vulnerability in open source package alembic-git-revisions Extras Joke Watch on YouTube About the show Goodbye and Thanks Brian Thanks Calvin for being part of this and future episodes! Also new time for the live show. Thanks Brian for all the hard work over the years. Calvin #1: Vulnerability and malware checks in uv release just yesterday by Astral https://astral.sh/blog/uv-audit uv audit scans dependencies for known vulnerabilities and abandoned packages via the OSV database — runs 4–10x faster than pip-audit Malware check runs on every install/sync, catching actively malicious packages (credential stealers, etc.) before they execute — including ones PyPI quarantined but lockfiles can still reference Enable malware scanning with UV_MALWARE_CHECK=1 — it's opt-in and in preview Future roadmap includes a resolver that steers toward vulnerability-free versions and install-time warnings scoped to newly added deps only Michael #2: HTTP GET requests with the Python standard library If you're doing HTTP in Python, you're probably using one of three popular libraries: requests, httpx, or urllib3. There have been issues with httpx lately. Niquest is another option: Drop-in replacement for Requests. Automatic HTTP/1.1, HTTP/2, and HTTP/3. WebSocket, and SSE included. But maybe less is more, especially in the age of agentic AI A good candidate needs two things to be true at once, not one: the used surface is small, and the behavior behind that surface is shallow. Calvin #3: Millions of AI agents imperiled by critical vulnerability in open source package "BadHost" (CVE-2026-48710) is a critical vulnerability in Starlette — the ASGI framework underlying FastAPI — with 325 million weekly downloads; also affects vLLM, LiteLLM, and most MCP server tooling The exploit is trivial: injecting a single character into an HTTP Host header bypasses path-based authentication, and can lead to credential theft, SSRF, and in some cases remote code execution MCP servers are a prime target since they store credentials for external services (email, databases, cloud accounts) — exposed data in the wild includes biopharma clinical trial DBs, full mailboxes, HR/PII pipelines, and AWS topology Fix is available — patch to Starlette 1.0.1 immediately; use the free scanner at mcp-scan.nemesis.services to check if your servers are still running a vulnerable version Open source sustainability footnote: the maintainer triages near-daily security reports solo, in his free time — most are AI-generated noise, and real ones like this still compete for the same evenings and weekends Michael #4: alembic-git-revisions By Julien Danjou from Mergify Automatic Alembic migration chaining based on git commit history. No more Multiple head revisions are present for given argument 'head'. See the introductory article Caused by two migrations landed with the same down_revision, and Alembic doesn't know which one comes first. The fix is always the same: someone manually edits the migration file to re-chain the revisions. The insight: git already knows the order Extras Calvin: GNU make can do pattern matching in the target. Not new at all, mentioned in the 1994-era docs. just and task don't have this super power on the target name yet. train-%: uv run ./train.py $* --save-hyper-params --overwrite $(TRAIN_ARGS) Michael: Updated my HTTP client using packages from httpx to httpx2: listmonk, umami, and memberful. For motivation, see this reddit thread. Joke: Accurate

Topics covered in this episode: CVE-2026-48710: A Maintainer's Perspective daily-stars-explorer Markdown to pdf with pandoc and typst postman2pytest Extras Joke Watch on YouTube About the show Brian #1: CVE-2026-48710: A Maintainer's Perspective Marcelo Trylesinski suggested by Lee Luocks Short version: users of Starlette: upgrade to Starlette 1.0.1 security professionals: we can't treat open source projects like corporations This top link is a Starlette security advisory with the title Missing Host header validation poisons request.url.path, bypassing path-based security checks The CVE apparently caused some negative press targeting starlette. However, “the vulnerability came from the application pattern and the deployment, never from something Starlette intended.” A quote from an OSTIF article: “This bug is a classic “responsibility gap” where if this maintainer didn't patch, thousands of exposed projects would have to individually secure their projects. In doing this work, they've voluntarily taken on the responsibility to protect the ecosystem from long-term systemic harm. As with all open source projects, they owed us nothing and could have left this to be everyone else's problem and took the extraordinary steps of helping the ecosystem.” Both X40 D-Sec and Ars Technica expected immediate fixes and responses from Starlette. That's not good. We can do better. Michael #2: daily-stars-explorer Explore the full history of any GitHub repository.

You wake up, brew the coffee, open GitHub, and there it is. Another pull request on your open source project. Thirteen thousand lines added. No issue filed first. No discussion. Just "here, please review this for me." Over the past year, GitHub activity has spiked roughly twelve times in a few short months, and a huge chunk of that signal is landing on the same small group of maintainers who were already stretched thin. The curl bug bounty got buried under AI-generated noise. Jazzband, the home of Django classics like pip-tools and the Django debug toolbar, hit what its maintainer called an "apocalypse" and started sunsetting. Even CPython just shipped fresh guidelines on AI-assisted contributions this week. So what does all of this actually look like from the receiving end of the pull request? On this episode, Paolo Melchiorre joins us to tell that story from inside the maintainer's chair. Paolo is a director of the Django Software Foundation, an organizer of PyCon Italy, a Django Girls coach, and he has spent the past year carefully collecting examples of how AI is reshaping open source contributions. The good, the bad, and the extra fingers. We dig into his PyCon US talk on AI-assisted contributions and maintainer load, why AI is best understood as an amplifier rather than a new kind of contributor, the wildly different policies across 86 open source foundations, whether projects banning AI today are reacting to last year's models. Episode sponsors AgentField AI Talk Python Courses Links from the show Guest Paolo Melchiorre: github.com DSF: www.djangoproject.com djangonaut-space: djangonaut.space PyCon Italia: 2026.pycon.it uDjango: github.com My PyCon US 2026 post: www.paulox.net AI-Assisted Contributions and Maintainer Load: www.paulox.net Senior Engineer Tries Vibe Coding: www.youtube.com Code Rabbit AI PR Reviews: www.coderabbit.ai GitHub Usage Graphs: github.blog Update on CPython's AI Policies: fosstodon.org High-Quality Chaos from Curl: daniel.haxx.se The Generative AI Policy Landscape in Open Source: redmonk.com Watch this episode on YouTube: youtube.com Episode #550 deep-dive: talkpython.fm/550 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Your documentation has two audiences now - humans reading the rendered HTML, and AI agents trying to make sense of your library. Rich Iannone and Michael Chow from Posit are back on Talk Python with a brand new Python documentation tool called Great Docs that takes both seriously. Rich is the creator of Great Tables, and before that the R package GT, the man has a serious eye for design, and he's pointed that energy at the Python docs ecosystem. We'll talk about how Great Docs spins up a polished site in three commands, why every page ships as Markdown for your favorite LLM, how it leans on Quarto for executable code blocks and tabbed install sections, and where it lands against Sphinx, MkDocs, and Zensical. Plus, you'll meet Tablin. Here we go. Episode sponsors Sentry Error Monitoring, Code talkpython26 Temporal Talk Python Courses Links from the show Guests Michael Chow: github.com Rich lannone: github.com Python Web Security with OWASP Top 10 and Agentic AI Course: talkpython.fm Great Docs: posit-dev.github.io/great-docs Great Tables: posit-dev.github.io GT Episode: talkpython.fm Sphinx: www.sphinx-doc.org mkdocs: www.mkdocs.org Zensical: zensical.org Hugo: gohugo.io Ghost: ghost.org Rs pkgdown: pkgdown.r-lib.org Quarto: quarto.org quickstart: posit-dev.github.io llms.txt file: llmstxt.org llms.txt: talkpython.fm mcp: talkpython.fm cli: talkpython.fm Watch this episode on YouTube: youtube.com Episode #549 deep-dive: talkpython.fm/549 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Dumb Ways for an Open Source Project to Die How to create a pylock.toml lockfile https://github.com/facebook/Lifeguard Choosing a Python Logging Library in 2026 Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Dumb Ways for an Open Source Project to Die Core categories The maintainer left The maintainer is still there Sabotage and capture The release pipeline broke Force majeure The world moved on The project split - Examples Bulma PRs still from 2023, issues and PRs with no maintainer response for years, last release 1.5 years ago diskcache Similar, got hired by OpenAI, crickets after that Brian #2: How to create a pylock.toml lockfile Tim Hopper Tim walks through using uv, pip and pdm to create pylock.toml files. Recommendation: use uv export --format pylock.toml -o pylock.toml He also has How to install from a pylock.toml lockfile with pip but the short version is: use -r because tools treat it like a requirements file Michael #3: https://github.com/facebook/Lifeguard Lifeguard is a static analyzer to detect Lazy Imports incompatibilities and ease the adoption overhead for Lazy Imports in Python. I'm more excited about lazy imports after my Cutting Python Web App Memory Over 31% experience Some Python patterns depend on imports executing immediately. For example: Module-level side effects — a module that registers a handler or modifies global state at import time will behave differently if that import is deferred. The registry pattern — a module that registers itself (e.g., adding to a global dict) when imported will silently fail to register under Lazy Imports. sys.modules manipulation — code that reads or writes sys.modules assumes prior imports have already executed. Metaclasses and __init_subclass__ — class creation side effects may depend on imports being resolved. Project Stage: Beta Lifeguard is in active development. We are aiming to be ready for general use by the Python 3.15 final release. Brian #4: Choosing a Python Logging Library in 2026 Ayooluwa Isaiah " which libraries matter, how they compare, where they overlap with the standard module, and when each one makes sense.” The slant with this article is the need to log json output, which seems reasonable as things like API entry and exit point logging will include json. Covered libraries standard library logging with a hat tip to python-json-logger Same site has a guide to setting up python-json-logger structlog Loguru Logbook picologging Some benchmarks with structlog, stdlib+json, and Loguru, with structlog coming out faster I liked the Loguru example I'm going to have to try @logger.catch and logger.exception() for easily logging exceptions and serialize=True to enable JSON output. Extras Brian: When Women Stopped Coding - Planet Money segment , spotted on BlueSky from Savannah Ostrowski Lean TDD is now leaner Still working on audio version, but some great changes in 0.7.1 version Ch 6, TDD Interpretations, move ATDD and some of BDD to chapter Ch 7, Change name to TDD with Teams: BDD and ATDD Ch 9, Lean TDD, streamline steps and chapter Ch 10, Change name to Lean TDD with Teams: Lean ATDD Ch 11, Lean TDD with AI, Add short discussion about guardrails and security Michael: New course: Python Web Security: OWASP Top 10 with Agentic AI All courses now with Spanish subtitles, see announcement Joke: Stop texting me

Topics covered in this episode: Using Django Tasks in production Co-authored with Claude? PyPI packages are increasing rapidly httpx2 Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Using Django Tasks in production Tim Schilling shares how the Djangonaut Space website has been using Django's new tasks framework and some of the info missing from the official Django docs. Tasks require a third party package, django-tasks-db to actually run the tasks. Article walks through all changes necessary to get an email process running to notify admins of new testimonials. Cool simple example. With the db backend, you can monitor progress of tasks in the admin, to see which tasks are scheduled, completed, or have errors. Some wishes for the community to implement new tutorial in the Django docs Django Debug toolbar panel for tasks test/mock backend Great title for wish list: Thinks I'd like to see, but I'm too lazy to implement myself. Michael #2: Co-authored with Claude? Via Nik T. We don't put “executed on macOS”, “edited with PyCharm”, etc. in our commits. Why Claude? Seems like a growth hack to me, that I don't really care to participate in. Some projects that have formalized their thoughts on this: The Generative AI Policy Landscape in Open Source Adjust to turn off in ~/.claude/settings.json see the docs. { "attribution": { "commit": "", "pr": "" } } Brian #3: PyPI packages are increasing rapidly Artem Golubin There's been an increase of published packages per week on PyPI A pretty big increase in the last handful of months. 30% increase since 2025, clearly due to AI Artem is building hexora, a malicious Python code detector. Cool package too, it can: Audit project dependencies to catch potential supply-chain attacks Detect malicious scripts found on platforms like Pastebin, GitHub, or open directories Analyze IoC files from past security incidents Audit new packages uploaded to PyPi. Artem is using hexora to analyze recently published pypi packages and many are obviously vibecoded and trigger false positives for abuses of eval, exec, and subprocess Side note: I don't think that's necessarily a false positive. Not malicious, but maybe a stupid-code-detector? Lots are LLM related, Lots have bots contributing code Publishing rate is crazy, dozens to hundreds of published versions in a day is a bug, not a feature Brian's proposal, PyPI should limit releases per day for any package to something a sane human would do, even if they make a mistake on a release, to maybe like 2-3, definitely under 10, in a day. And if the repo has obvious agent contributors listed, maybe lower to the limit to 1-2 a day? Honestly, “move fast and break things” doesn't apply to breaking the commons. Michael #4: httpx2 More on the httpx, httpxyz, etc changes: Pydantic people started their own fork, httpx2. Michiel says “while we think httpxyz was definitely needed, we welcome httpx2 and think it should be the ‘blessed' fork.” Kludex, who is among other things maintainer of Starlette, was considering a fork As it stands, httpx2 is lacking the performance improvements they added to httpxyz. But it will not be long before they will add those, too. Also they already made some smart decisions: they are switching from certifi to truststore they are switching to compression.zstd on Python 3.14+, enabling zstd compression by default they merged httpcore and vendored it in their repository Discussion on Hacker News Extras Brian: The Four Horsemen of the LLM Apocalypse - Anarcat Django/JetBrains 2026 developer survey is open Pyrefly 1.0 : “meaning we are confident that Pyrefly is ready for production use.” Michael: Just about ready to release Python Web Security: OWASP Top 10 with Agentic AI course. Be sure to be on the courses newsletter to get notified. Joke: Proud Parents

What if your database worked more like Git? Every change captured as an immutable event you can replay, instead of a single mutating row that quietly forgets its own history. That's event sourcing, and Chris May is back on Talk Python, fresh off our Datastar panel, to walk us through what it actually looks like in Python. We'll cover the core patterns, the libraries to reach for, when not to use it, and why event sourcing turns out to be a surprisingly good fit for AI-assisted coding. Episode sponsors Sentry Error Monitoring, Code talkpython26 Temporal Talk Python Courses Links from the show Guest Chris May: everydaysuperpowers.dev Intro to event sourcing e-book: everydaysuperpowers.gumroad.com Domain-Driven Design: The Power of CQRS and Event Sourcing: How CQRS/ES Redefine Building Scalable System: ricofritzsche.me DDD: www.amazon.com Understanding Eventsourcing (Martin Dilger): www.amazon.com Event Sourcing Explained using Football Video: www.youtube.com Why I finally embraced event sourcing and why you should too article: everydaysuperpowers.dev valkey: valkey.io diskcache: talkpython.fm eventsourcing package: github.com eventsourcing docs: eventsourcing.readthedocs.io John Bywater: github.com Datastar: data-star.dev Microconf: microconf.com Event Modeling & Event Sourcing Podcast: podcast.eventmodeling.org Python Package Guides for AI Agents: github.com Iodine tablets AI joke: x.com KurrentDb: www.kurrent.io Watch this episode on YouTube: youtube.com Episode #548 deep-dive: talkpython.fm/548 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: httpxyz one month in Learn concurrency - a deep dive into multithreading with Python pip 26.1 - lockfiles and dependency cooldowns Python 3.15 sentinal values from PEP 661 Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: httpxyz one month in First version of httpxyz contained just the fixes to get zstd working, and the fixes to get the test suite running on python 3.14, some ‘housekeeping' changes related to the renaming End of March: a compatibility shim that allows you to use httpxyz even with third-party packages that import httpx themselves, as long as you import httpxyz first. Importing httpxyz automatically registers it under the httpx name in sys.modules , see https://httpxyz.org/httpx-compatibility/ Fixed a WHOLE bunch of performance related issues by forking httpcore Brian #2: Learn concurrency - a deep dive into multithreading with Python Nikos Vaggalis “Whenever you are trying to speed up code using multiple cores, always ask yourself: “Do these threads need to talk to each other right now?” If the answer is yes, it will be slow. The best parallel code splits a big job into completely isolated chunks, processes them separately, and merges the results at the finish line.” Good overview of thread concurrency with Python and how that's been improved dramatically with free-threaded Python Defines lots of terms you come across, including “embarrassingly parallel multithreading” There's a counter example that's nice Start with a shared resource, a counter, and multiple threads updating it Attempt to fix with threading.Lock(), which fixes it, but slows things down Good explanation of why Proper fix with concurrent.futures and separating the work of different threads so that they can be independent and their results can be combined when they're all finished. Michael #3: pip 26.1 - lockfiles and dependency cooldowns Python 3.9 is no longer supported Experimental: installing from pylock files Dependency cooldowns (see my post about this) Lifting several 2020 resolver limitations Brian #4: Python 3.15 sentinal values from PEP 661 MISSING = sentinel("MISSING") def next_value(default: int | MISSING = MISSING): ... if default is MISSING: ... Take a name str as a constructor parameter Intended to be compared with is operator, similar to None Sentinal objects can be used as a type, also similar to None and can be combined with other types with |. Unlike None, sentinal values are truthy. (Elipses ... are also truthy) This seems like a strange choice. but I guess it must have made sense to someone. It does force you to use is instead of depending on False-ness, so I guess it'll make code using sentinels more readable. Interesting that the PEP was started in 2021, and we're finally getting it this year. Extras Brian: Before GitHub - Armin Ronacher tenacity - cross-platform multi-track audio editor/recorder learned about it from Armin's article Joke: Joke option Make it myself Seems similar to what people think about software now Links httpxyz one month in httpxyz.org/httpx-compatibility Learn concurrency - a deep dive into multithreading with Python pip 26.1 - lockfiles and dependency cooldowns my post about this Python 3.15 sentinal values from PEP 661 Before GitHub tenacity Make it myself

When OpenAI trained GPT-3, they didn't roll their own orchestration layer. They used Ray, an open source Python framework born out of the same Berkeley research lab lineage that gave us Apache Spark. And here's the twist: Ray was originally built for reinforcement learning research, then quietly faded as RL hit a wall. Until ChatGPT showed up. Suddenly reinforcement learning was back, as the post-training step that turns a raw language model into something genuinely useful. Edward Oakes and Richard Liaw, two founding engineers behind Ray and Anyscale, join me on Talk Python to tell that story. We'll trace Ray from its RISE Lab origins at UC Berkeley to powering some of the largest training runs in the world. We'll talk about what Ray actually is, a distributed execution engine for AI workloads, and how a few lines of Python become work running across hundreds of GPUs. We'll cover Ray Data for multimodal pipelines, the dashboard, the VS Code remote debugger, KubRay for Kubernetes, and where Ray fits alongside Dask, multiprocessing, and asyncio. If you've ever stared at a single-machine Python script and thought, "there has to be a better way to scale this", this one's for you Episode sponsors Sentry Error Monitoring, Code talkpython26 AgentField AI Talk Python Courses Links from the show Guests Richard Liaw: github.com Edward Oakes: github.com Ray: www.ray.io Example code (we used for walk-through): docs.ray.io Getting Started with Ray: docs.ray.io Ray Libraries: docs.ray.io kuberay: github.com Watch this episode on YouTube: youtube.com Episode #547 deep-dive: talkpython.fm/547 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: profiling-explorer Reverting the incremental GC in Python 3.14 and 3.15 VSCode AI Co-author defaults to on, then off django freeze Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: profiling-explorer Adam Johnson And intro post Python: introducing profiling-explorer “profiling-explorer is a tool for exploring profiling data from Python's built-in profilers, which are stored in pstats files. ” Features Dark mode Click the calls, internal ms, or cumulative ms column headers to sort by that column. Use the search box to filter by filename or function name. Hover by a filename + line number pair to reveal the copy button, which copies the location to your clipboard for faster opening. Click the callers or callees links on the right of a row (not pictured above) to see the callers or callees of that function. Michael #2: Reverting the incremental GC in Python 3.14 and 3.15 Python 3.14 shipped with a new incremental garbage collector, but production reports of severe memory pressure (Neil Schemenauer measured up to 5× peak RSS on pathological cyclic workloads) have pushed the core team and Steering Council to revert it in both 3.14 and 3.15 - returning to the 3.13-era generational GC. This is the second time the inc GC has been pulled back: it was also reverted right before 3.13.0 final, and it shipped in 3.14 without going through the PEP process. The tradeoff is real: Neil's benchmarks showed max GC pause times of 1.3ms with inc GC versus 26ms with the generational one - great for latency-sensitive apps, terrible for memory-constrained ones. Release manager Hugo van Kemenade will ship 3.14.5 early with the revert, and Gregory Smith floated the idea of a 3.14.5rc1 - the first patch-release RC since 3.9.2 back in 2021. Tim Peters spent the thread doing live forensics on Windows, running a toy deque program that should cap at 1GB and watching it balloon to 15.6GB on a 16GB machine - and discovered the gen0 collector effectively never fires under the new scheme. Tim's bigger meta-point: CPython has a chronic shortage of real-world GC benchmarks, pyperformance has "basically no interesting" cyclic workloads, and users almost never share real data - so core devs keep flying blind on changes like this. Django maintainer Adam Johnson published a blog post mid-thread documenting a real memory "leak" in Django's migration system caused by inc GC, with a manual gc.collect() workaround - the listener-facing receipt that this wasn't just theoretical. If the inc GC comes back for 3.16, it'll go through a proper PEP, and the discussion is already shifting toward keeping both collectors available via a startup flag - which Neil and Sergey Miryanov have both prototyped. Brian #3: VSCode AI Co-author defaults to on, then off VSCode merges Enabling ai co author by default - 3 week ago Ton's of “why would you do this” and related comments VSCode merges Change default for git.addAICoAuthor to off - yesterday Take-away, don't rely on default, set addAICoAuthor to off yourself Michael #4: django freeze Convert your dynamic django site to a static one with one line of code. Just run python manage.py generate_static_site :) Features Generate the static version of your Django site, optionally compressed .zip file Generate/download the static site using urls (only superuser and staff) Follow sitemap.xml urls Follow internal links founded in each page Follow redirects Report invalid/broken urls Selectively include/exclude media and static files Custom base url (very useful if the static site will run in a specific folder different by the document-root) Convert urls to relative urls (very useful if the static site will run offline or in an unknown folder different by the document-root) Prevent local directory index Extras Brian: Thinking Less, Trusting More: GenAI's Impacts on Students' Cognitive Habits Michael: Vercel breached, employee to blame Introducing the new Talk Python web player GitHub uptime (a couple of views 1, 2) Joke: Friends in tech

The cloud is convenient until it isn't. You upload your photos, sync your contacts, click through the cookie banners. Then prices go up again or you read about a family that lost their entire Google account over a medical photo sent to a doctor. At some point, the question shifts from "why would I run this myself?" to "why aren't I?" My guest this week is Alex Kretzschmar, head of DevRel at Tailscale, longtime host of the Self-Hosted podcast, and co-founder of Linuxserver.io. We cover what self-hosting really means in 2026, the apps worth running yourself like Immich and Home Assistant, why Docker Compose ties it all together, and how Tailscale lets you reach any of it from anywhere, without opening a single port. If you've been thinking about pulling your digital life back behind your own walls, this is your roadmap. Episode sponsors Temporal Talk Python Courses Links from the show Guest Alex Kretzschmar: alex.ktz.me Bitflip podcast: bitflip.show Self-Hosted podcast (Alex's previous show): selfhosted.show Perfect Media Server: perfectmediaserver.com KTZ Systems on YouTube: youtube.com/@ktzsystems Linuxserver.io (co-founded by Alex): linuxserver.io "How Tailscale Works" blog post: tailscale.com/blog/how-tailscale-works https://tailscale.com/: tailscale.com Self-hosted apps discussed Awesome Self-Hosted (GitHub list): github.com Immich (Google Photos alternative): immich.app Home Assistant: home-assistant.io Open Home Foundation: openhomefoundation.org Plausible Analytics: plausible.io Umami Analytics: umami.is Python integration for umami: pypi.org Pi-hole: pi-hole.net AdGuard Home: adguard.com NextDNS: nextdns.io Coolify: coolify.io Docker + ufw: docs.docker.com Storage, backup & filesystem OpenZFS: openzfs.org ZFS.rent (offsite ZFS replication): zfs.rent Backblaze: backblaze.com Hetzner Storage Box: hetzner.com DigitalOcean: digitalocean.com Secrets management mentioned OpenBao (open-source Vault fork): openbao.org HashiCorp Vault: hashicorp.com Bitwarden: bitwarden.com 1Password: 1password.com Hardware mentioned Proxmox VE: proxmox.com Minisforum MS01: minisforum.com Zima Board / Zima OS: zimaspace.com Other references Cory Doctorow on "enshittification" (Cory's blog where he coined the term): pluralistic.net Linus Tech Tips' WAN Show (Linus mentioned NAS-building going mainstream): linustechtips.com Watch this episode on YouTube: youtube.com Episode #546 deep-dive: talkpython.fm/546 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Django Modern Rest Already playing with Python 3.15 Cutting Python Web App Memory Over 31% tryke - A Rust-based Ptyhon test runner with a Jest-style API Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Django Modern Rest Modern REST framework for Django with types and async support Supports Pydantic, Attrs, and msgspec Has ai coding support with llms.txt See an example at the “showcase” section Brian #2: Already playing with Python 3.15 3.15.0a8, 2.14.4 and 3.13.13 are out Hugo von Kemenade beta comes in May, CRs in Sept, and Final planned for October But still, there's awesome stuff here already, here's what I'm looking forward to: PEP 810: Explicit lazy imports PEP 814: frozendict built-in type PEP 798: Unpacking in comprehensions with * and ** PEP 686: Python now uses UTF-8 as the default encoding Michael #3: Cutting Python Web App Memory Over 31% I cut 3.2 GB of memory usage from our Python web apps using five techniques: async workers import isolation the Raw+DC database pattern local imports for heavy libraries disk-based caching See the full article for details. Brian #4: tryke - A Rust-based Ptyhon test runner with a Jest-style API Justin Chapman Watch mode, Native async support, Fast test discovery, In-source testing, Support for doctests, Client/server mode for fast editor integrations, Pretty, per-assertion diagnostics, Filtering and marks, Changed mode (like pytest-picked), Concurrent tests, Soft assertions, JSON, JUnit, Dot, and LLM reporters Honestly haven't tried it yet, but you know, I'm kinda a fan of thinking outside the box with testing strategies so I welcome new ideas. Extras Brian: Why are't we uv yet? Interesting take on the “agents prefer pip” Problem with analysis. Many projects are libraries and don't publish uv.lock file Even with uv, it still often seen as a developer preference for non-libarries. You can sitll use uv with requirements.txt PyCon US 2026 talks schedule is up Interesting that there's an AI track now. I won't be attending, but I might have a bot watch the videos and summarize for me. :) What has technology done to us? Justin Jackson Lean TDD new cover Also, 0.6.1 is so ready for me to start f-ing reading the audio book and get on with this shipping the actual f-ing book and yes I realize I seem like I'm old because I use “f-ing” while typing. Michael: Python 3.14.4 is out Beanie 2.1 release Joke: HumanDB - Blazingly slow. Emotionally consistent.

The OWASP Top 10 just got a fresh update, and there are some big changes: supply chain attacks, exceptional condition handling, and more. Tanya Janca is back on Talk Python to walk us through every single one of them. And we're not just talking theory, we're going to turn Claude Code loose on a real open source project and see what it finds. Let's do it. Episode sponsors Temporal Talk Python Courses Links from the show DevSec Station Podcast: www.devsecstation.com SheHacksPurple Newsletter: newsletter.shehackspurple.ca owasp.org: owasp.org owasp.org/Top10/2025: owasp.org from here: github.com Kinto: github.com A01:2025 - Broken Access Control: owasp.org A02:2025 - SecuA02 Security Misconfiguration: owasp.org ASP.NET: ASP.NET A03:2025 - Software Supply Chain Failures: owasp.org A04:2025 - Cryptographic Failures: owasp.org A05:2025 - Injection: owasp.org A06:2025 - Insecure Design: owasp.org A07:2025 - Authentication Failures: owasp.org A08:2025 - Software or Data Integrity Failures: owasp.org A09:2025 - Security Logging and Alerting Failures: owasp.org A10 Mishandling of Exceptional Conditions: owasp.org https://github.com/KeygraphHQ/shannon: github.com anthropic.com/news/mozilla-firefox-security: www.anthropic.com generalpurpose.com/the-distillation/claude-mythos-what-it-means-for-your-business: www.generalpurpose.com Python Example Concepts: blobs.talkpython.fm Watch this episode on YouTube: youtube.com Episode #545 deep-dive: talkpython.fm/545 Episode transcripts: talkpython.fm Theme Song: Developer Rap

When you pip install a package with compiled code, the wheel you get is built for CPU features from 2009. Want newer optimizations like AVX2? Your installer has no way to ask for them. GPU support? You're on your own configuring special index URLs. The result is fat binaries, nearly gigabyte-sized wheels, and install pages that read like puzzle books. A coalition from NVIDIA, Astral, and QuanSight has been working on Wheel Next: A set of PEPs that let packages declare what hardware they need and let installers like uv pick the right build automatically. Just uv pip install torch and it works. I sit down with Jonathan Dekhtiar from NVIDIA, Ralf Gommers from Quansight and the NumPy and SciPy teams, and Charlie Marsh, founder of Astral and creator of uv, to dig into all of it. Episode sponsors Sentry Error Monitoring, Code talkpython26 Temporal Talk Python Courses Links from the show Guests Charlie Marsh: github.com Ralf Gommers: github.com Jonathan Dekhtiar: github.com CPU dispatcher: numpy.org build options: numpy.org Red Hat RHEL: www.redhat.com Red Hat RHEL AI: www.redhat.com RedHats presentation: wheelnext.dev CUDA release: developer.nvidia.com requires a PEP: discuss.python.org WheelNext: wheelnext.dev Github repo: github.com PEP 817: peps.python.org PEP 825: discuss.python.org uv: docs.astral.sh A variant-enabled build of uv: astral.sh pyx: astral.sh pypackaging-native: pypackaging-native.github.io PEP 784: peps.python.org Watch this episode on YouTube: youtube.com Episode #544 deep-dive: talkpython.fm/544 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Migrating from mypy to ty: Lessons from FastAPI Oxyde ORM Typeshedded CPython docs Raw+DC Database Pattern: A Retrospective Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Migrating from mypy to ty: Lessons from FastAPI Tim Hopper I saw this post by Sebastián Ramírez about all of his projects switching to ty FastAPI, Typer, SQLModel, Asyncer, FastAPI CLI SqlModel is already ty only - mypy removed This signals that ty is ready to use Tim lists some steps to apply ty to your own projects Add ty alongside mypy Set error-on-warning = true Accept the double-ignore comments Pick a smaller project to cut over first Drop mypy when the noise exceeds the signalAdd ty alongside mypy Related anecdote: I had tried out ty with pytest-check in the past with difficulty Tried it again this morning, only a few areas where mypy was happy but ty reported issues At least one ty warning was a potential problem for people running pre-releases of pytest, Not really related: packaging.version.parse is awesome Michael #2: Oxyde ORM Oxyde ORM is a type-safe, Pydantic-centric asynchronous ORM with a high-performance Rust core. Note: Oxyde is a young project under active development. The API may evolve between minor versions. No sync wrappers or thread pools. Oxyde is async from the ground up Includes oxyde-admin Features Django-style API - Familiar Model.objects.filter() syntax Pydantic v2 models - Full validation, type hints, serialization Async-first - Built for modern async Python with asyncio Rust performance - SQL generation and execution in native Rust Multi-database - PostgreSQL, SQLite, MySQL support Transactions - transaction.atomic() context manager with savepoints Migrations - Django-style makemigrations and migrate CLI Brian #3: Typeshedded CPython docs Thanks emmatyping for the suggestion Documentation for Python with typeshed types Source: typeshedding_cpython_docs Michael #4: Raw+DC Database Pattern: A Retrospective A new design pattern I'm seeing gain traction in the software space: Raw+DC: The ORM pattern of 2026 I've had a chance to migrate three of my most important web app. Thrilled to report that yes, the web app is much faster using Raw+DC Plus, this was part of the journey to move from 1.3 GB memory usage to 0.45 GB (more on this next week) Extras Brian: Lean TDD 0.5 update Significant rewrite and focus Michael: pytest-just (for just command file testing), by Michael Booth Something going on with Encode httpx: Anyone know what's up with HTTPX? And forked starlette and uvicorn: Transfer of Uvicorn & Starlette mkdocs: The Slow Collapse of MkDocs django-rest-framework: Move to django commons? Certificates at Talk Python Training Joke: Neue Rich

When you type a question into ChatGPT, the model only has what you typed to work with. But tools like Claude Code can plan, iterate, test, and recover from mistakes. They work more like we do. The difference is the agent harness: Planning tools, file system access, sub-agents, and carefully crafted system prompts that turn a raw LLM into something genuinely capable. Sydney Runkle is back on Talk Python representing LangChain and their new open source library, Deep Agents: A framework for building your own deep agents with plain Python functions, middleware hooks, and MCP support. This is how the magic works under the hood. Episode sponsors Sentry Error Monitoring, Code talkpython26 Agentic AI Course Talk Python Courses Links from the show Guest Sydney Runkle: github.com Claude Code uses: x.com Deep Research: openai.com Manus: manus.im Blog post announcement: blog.langchain.com Claudes system prompt: github.com sub agents: docs.anthropic.com the quick start: docs.langchain.com CLIs: github.com Talk Python's CLI: talkpython.fm custom tools: docs.langchain.com DeepAgents Examples: github.com Custom Middleware: docs.langchain.com Built in middleware: docs.langchain.com Improving Deep Agents with harness engineering: blog.langchain.com Prebuilt middleware: docs.langchain.com Watch this episode on YouTube: youtube.com Episode #543 deep-dive: talkpython.fm/543 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Lock the Ghost Fence for Sandboxing MALUS: Liberate Open Source Harden your GitHub Actions Workflows with zizmor, dependency pinning, and dependency cooldowns Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course **Patreon SupportersConnect with the hosts** Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Lock the Ghost The five core takeaways: PyPI "removal" doesn't delete distribution files. When a package is removed from PyPI, it disappears from the index and project page, but the actual distribution files remain accessible if you have a direct URL to them. uv.lock uniquely preserves access to ghost packages. Because uv.lock stores direct URLs to distribution files rather than relying on the index API at install time, uv sync can successfully install packages that have already been removed, even with cache disabled. No other Python lock file implementation tested behaved this way. This creates a supply chain attack vector. An attacker could upload a malicious package, immediately remove it to dodge automated security scanning, and still have it installable via a uv.lock file, or combine this with the xz-style strategy of hiding malicious additions in large, auto-generated lock files that nobody reviews. Removed package names can be hijacked with version collisions. When an owner removes a package, the name can be reclaimed by someone else who can upload different distribution types under the same version number, as happened with "umap." Lock files help until you regenerate them, then you're exposed. Your dependency scanning needs to cover lock files, not just manifest files. Scanning only pyproject.toml or requirements.txt misses threats embedded in lock files, which is where the actual resolved URLs and hashes live. Brian #2: Fence for Sandboxing Suggested by Martin Häcker “Some coding platforms have since integrated built-in sandboxing (e.g., Claude Code) to restrict write access to directories and/or network connectivity. However, these safeguards are typically optional and not enabled by default.” “JY Tan (on cc) has extracted the sandboxing logic from Claude Code and repackaged it into a standalone Go binary.” Source code on GitHub: https://github.com/Use-Tusk/fence Related: Simon Willison lethal trifecta for AI agents article from June 2025 Claude Code Sandboxing Michael #3: MALUS: Liberate Open Source via Paul Bauer The service will generate the specs of a library with one AI and build the newly licensed library using the specs with another AI circumventing the licensing and copyright rules. AI that has not been trained on open source reads the docs and API signature, creates a spec. Another AI processes that spec into working software. Is it a real site? Are they accepting real money, or are they just trying to cause a stir around copyright? Brian #4: Harden your GitHub Actions Workflows with zizmor, dependency pinning, and dependency cooldowns Matthias Schoettle Avoid things like this: hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far Extras Brian: GitHub is asking to spy on us, that's nice Michael: Michael's new SaaS for podcasters: InterviewCue DigitalOcean's Spaces cold storage for infrequently accessed data Minor issue about my fire and forget post, was a latent bug? Fire and Forget at Textual follow up article Joke: Can you?

If you've built documentation in the Python ecosystem, chances are you've used Martin Donath's work. His Material for MKDocs powers docs for FastAPI, uv, AWS, OpenAI, and tens of thousands of other projects. But when MKDocs 2.0 took a direction that would break Material and 300 ecosystem plugins, Martin went back to the drawing board. The result is Zensical: A new static site generator with a Rust core, differential builds in milliseconds instead of minutes, and a migration path designed to bring the whole community along. Episode sponsors Sentry Error Monitoring, Code talkpython26 Talk Python Courses Links from the show Guest Martin Donath: github.com Zensical: zensical.org Material for MkDocs: squidfunk.github.io Getting Started: zensical.org Github pages: docs.github.com Cloudflare pages: pages.cloudflare.com Michaels Example: gist.github.com Material for MkDocs: zensical.org gohugo.io/content-management/shortcodes: gohugo.io a sense of size of the project: blobs.talkpython.fm Zensical Spark: zensical.org Watch this episode on YouTube: youtube.com Episode #542 deep-dive: talkpython.fm/542 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Starlette 1.0.0 Astral to join OpenAI uv audit Fire and forget (or never) with Python's asyncio Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Starlette 1.0.0 As a reminder, Starlette is the foundation for FastAPI Starlette 1.0 is here! - fun blog post from Marcello Trylesinski “The changes in 1.0 were limited to removing old deprecated code that had been on the way out for years, along with a few bug fixes. From now on we'll follow SemVer strictly.” Fun comment in the “What's next?” section: “Oh, and Sebastián, Starlette is now out of your way to release FastAPI 1.0.

When LLMs write code to accomplish a task, that code has to actually run somewhere. And right now, the options aren't great. Spin up a sandboxed container and you're paying a full second of cold start overhead plus the complexity of another service. Let the LLM loose on your actual machine and... well, you'd better be watching. On this episode, I sit down with Samuel Colvin, creator of Pydantic, now at 10 billion downloads, to explore Monty, a Python interpreter written from scratch in Rust, purpose-built to run LLM-generated code. It starts in microseconds, is completely sandboxed by design, and can even serialize its entire state to a database and resume later. We dig into why this deliberately limited interpreter might be exactly what the AI agent era needs. Episode sponsors Talk Python Courses Python in Production Links from the show Guest Samuel Colvin: github.com CPython: github.com IronPython: ironpython.net Jython: www.jython.org Pyodide: pyodide.com monty: github.com Pydantic AI: pydantic.dev Python AI conference: pyai.events bashkit: github.com just-bash: github.com Narwhals: narwhals-dev.github.io Polars: pola.rs Strands Agents: aws.amazon.com Subscribe Running Pydantic's Monty Rust sandboxed Python subset in WebAssembly: simonwillison.net Rust Python: github.com Valgrind: valgrind.org Cod Speed: codspeed.io Watch this episode on YouTube: youtube.com Episode #541 deep-dive: talkpython.fm/541 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: chardet ,AI, and licensing refined-github pgdog: PostgreSQL connection pooler, load balancer and database sharder Agentic Engineering Patterns Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: chardet ,AI, and licensing Thanks Ian Lessing Wow, where to start? A bit of legal precedence research. Chardet dispute shows how AI will kill software licensing, argues Bruce Perens on the Register Also see this GitHub issue. Dan Blanchard, maintainer of a Python character encoding detection library called chardet, released a new version of the library under a new software license. (LGPL → MIT) Dan is allowed to make this change because v7 is a complete “clean room” rewrite using AI BTW, v7 is WAY better: The result is a 48x increase in detection speed for a project that lives in the hot loops of many projects. That will lead to noticeable performance increases for literally millions of users (the package gets ~130M downloads per month). It paves a path towards inclusion in the standard library (assuming they don't institute policies against using AI tools). Thread-safe detect() and detect_all() with no measurable overhead; scales on free-threaded Python 3.13t+ An individual claiming to be Mark Pilgrim, the original creator of the library, opened an issue in the project's GitHub repo arguing that Blanchard had no right to change the software license, citing the LPGL requirement that the license remain unchanged. A 'complete rewrite' is irrelevant, since they had ample exposure to the originally licensed code (i.e. this is not a 'clean room' implementation). Blanchard disagreed, citing how version 7.0.0 and 6.0.0 compare when subjected to JPlag, a library for detecting plagiarism. Blanchard told The Register he had wanted to get chardet added to the Python standard library for more than a decade since it's a core dependency to most Python projects. Brian #2: refined-github Suggested by Matthias Schöttle A browser plugin that improves the GitHub experience A sampling Adds a build/CI status icon next to the repo's name. Adds a link back to the PR that ran the workflow. Enables tab and shift tab for indentation in comment fields. Auto-resizes comment fields to fit their content and no longer show scroll bars. Highlights the most useful comment in issues. Changes the default sort order of issues/PRs to Recently updated. But really, it's a huge list of improvements Michael #3: pgdog: PostgreSQL connection pooler, load balancer and database sharder PgDog is a proxy for scaling PostgreSQL. It supports connection pooling, load balancing queries and sharding entire databases. Written in Rust, PgDog is fast, secure and can manage thousands of connections on commodity hardware. Features PgDog is an application layer load balancer for PostgreSQL Health Checks: PgDog maintains a real-time list of healthy hosts. When a database fails a health check, it's removed from the active rotation and queries are re-routed to other replicas Single Endpoint: PgDog can detect writes (e.g. INSERT, UPDATE, CREATE TABLE, etc.) and send them to the primary, leaving the replicas to serve reads Failover: PgDog monitors Postgres replication state and can automatically redirect writes to a different database if a replica is promoted Sharding: PgDog is able to manage databases with multiple shards Brian #4: Agentic Engineering Patterns Simon Willison So much great stuff here, especially Anti-patterns: things to avoid And 3 sections on testing Red/green TDD First run the test Agentic manual testing Extras Brian: uv python upgrade will upgrade all versions of Python installed with uv to latest patch release suggested by John Hagen Coding After Coders: The End of Computer Programming as We Know It NY Times Article Suggested by Christopher Best quote: “Pushing code that fails pytest is unacceptable and embarrassing.” Michael: Talk Python Training users get a better account dashboard Package Managers Need to Cool Down Will AI Kill Open Source, article + video My Always activate the venv is now a zsh-plugin, sorta. Joke: Ergonomic keyboard Also pretty good and related: Claude Code Mandated Links legal precedence research Chardet dispute shows how AI will kill software licensing, argues Bruce Perens this GitHub issue citing JPlag refined-github Agentic Engineering Patterns Anti-patterns: things to avoid Red/green TDD First run the test Agentic manual testing uv python upgrade Coding After Coders: The End of Computer Programming as We Know It Suggested by Christopher a better account dashboard Package Managers Need to Cool Down Will AI Kill Open Source Always activate the venv now a zsh-plugin Ergonomic keyboard Claude Code Mandated claude-mandated.png blobs.pythonbytes.fm/keyboard-joke.jpeg?cache_id=a6026b

Topics covered in this episode: chardet ,AI, and licensing refined-github pgdog: PostgreSQL connection pooler, load balancer and database sharder Agentic Engineering Patterns Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: chardet ,AI, and licensing Thanks Ian Lessing Wow, where to start? A bit of legal precedence research. Chardet dispute shows how AI will kill software licensing, argues Bruce Perens on the Register Also see this GitHub issue. Dan Blanchard, maintainer of a Python character encoding detection library called chardet, released a new version of the library under a new software license. (LGPL → MIT) Dan is allowed to make this change because v7 is a complete “clean room” rewrite using AI BTW, v7 is WAY better: The result is a 48x increase in detection speed for a project that lives in the hot loops of many projects. That will lead to noticeable performance increases for literally millions of users (the package gets ~130M downloads per month). It paves a path towards inclusion in the standard library (assuming they don't institute policies against using AI tools). Thread-safe detect() and detect_all() with no measurable overhead; scales on free-threaded Python 3.13t+ An individual claiming to be Mark Pilgrim, the original creator of the library, opened an issue in the project's GitHub repo arguing that Blanchard had no right to change the software license, citing the LPGL requirement that the license remain unchanged. A 'complete rewrite' is irrelevant, since they had ample exposure to the originally licensed code (i.e. this is not a 'clean room' implementation). Blanchard disagreed, citing how version 7.0.0 and 6.0.0 compare when subjected to JPlag, a library for detecting plagiarism. Blanchard told The Register he had wanted to get chardet added to the Python standard library for more than a decade since it's a core dependency to most Python projects. Brian #2: refined-github Suggested by Matthias Schöttle A browser plugin that improves the GitHub experience A sampling Adds a build/CI status icon next to the repo's name. Adds a link back to the PR that ran the workflow. Enables tab and shift tab for indentation in comment fields. Auto-resizes comment fields to fit their content and no longer show scroll bars. Highlights the most useful comment in issues. Changes the default sort order of issues/PRs to Recently updated. But really, it's a huge list of improvements Michael #3: pgdog: PostgreSQL connection pooler, load balancer and database sharder PgDog is a proxy for scaling PostgreSQL. It supports connection pooling, load balancing queries and sharding entire databases. Written in Rust, PgDog is fast, secure and can manage thousands of connections on commodity hardware. Features PgDog is an application layer load balancer for PostgreSQL Health Checks: PgDog maintains a real-time list of healthy hosts. When a database fails a health check, it's removed from the active rotation and queries are re-routed to other replicas Single Endpoint: PgDog can detect writes (e.g. INSERT, UPDATE, CREATE TABLE, etc.) and send them to the primary, leaving the replicas to serve reads Failover: PgDog monitors Postgres replication state and can automatically redirect writes to a different database if a replica is promoted Sharding: PgDog is able to manage databases with multiple shards Brian #4: Agentic Engineering Patterns Simon Willison So much great stuff here, especially Anti-patterns: things to avoid And 3 sections on testing Red/green TDD First run the test Agentic manual testing Extras Brian: uv python upgrade will upgrade all versions of Python installed with uv to latest patch release suggested by John Hagen Coding After Coders: The End of Computer Programming as We Know It NY Times Article Suggested by Christopher Best quote: “Pushing code that fails pytest is unacceptable and embarrassing.” Michael: Talk Python Training users get a better account dashboard Package Managers Need to Cool Down Will AI Kill Open Source, article + video My Always activate the venv is now a zsh-plugin, sorta. Joke: Ergonomic keyboard Also pretty good and related: Claude Code Mandated Links legal precedence research Chardet dispute shows how AI will kill software licensing, argues Bruce Perens this GitHub issue citing JPlag refined-github Agentic Engineering Patterns Anti-patterns: things to avoid Red/green TDD First run the test Agentic manual testing uv python upgrade Coding After Coders: The End of Computer Programming as We Know It Suggested by Christopher a better account dashboard Package Managers Need to Cool Down Will AI Kill Open Source Always activate the venv now a zsh-plugin Ergonomic keyboard Claude Code Mandated claude-mandated.png blobs.pythonbytes.fm/keyboard-joke.jpeg?cache_id=a6026b

Monorepos -- you've heard the talks, you've read the blog posts, maybe you've seen a few tantalizing glimpses into how Google or Meta organize their massive codebases. But it's often in the abstract and behind closed doors. What if you could crack open a real, production monorepo, one with over a million lines of Python and over 100 of sub-packages, and actually see how it's built, step by step, using modern tools and standards? That's exactly what Apache Airflow gives us. On this episode, I sit down with Jarek Potiuk and Amogh Desai, two of Airflow's top contributors, to go inside one of the largest open-source Python monorepos in the world and learn how they manage it with uv, pyproject.toml, and the latest packaging standards, so you can apply those same patterns to your own projects. Episode sponsors Agentic AI Course Python in Production Talk Python Courses Links from the show Guests Amogh Desai: github.com Jarek's GitHub: github.com definition of a monorepo: monorepo.tools airflow: airflow.apache.org Activity: github.com OpenAI: airflowsummit.org Part 1. Pains of big modular Python projects: medium.com Part 2. Modern Python packaging standards and tools for monorepos: medium.com Part 3. Monorepo on steroids - modular prek hooks: medium.com Part 4. Shared “static” libraries in Airflow monorepo: medium.com PEP-440: peps.python.org PEP-517: peps.python.org PEP-518: peps.python.org PEP-566: peps.python.org PEP-561: peps.python.org PEP-660: peps.python.org PEP-621: peps.python.org PEP-685: peps.python.org PEP-723: peps.python.org PEP-735: peps.python.org uv: docs.astral.sh uv workspaces: blobs.talkpython.fm prek.j178.dev: prek.j178.dev your presentation at FOSDEM26: fosdem.org Tallyman: github.com Watch this episode on YouTube: youtube.com Episode #540 deep-dive: talkpython.fm/540 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Setting up a Python monorepo with uv workspaces cattrs: Flexible Object Serialization and Validation Learning to program in the AI age VS Code extension for FastAPI and friends Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Setting up a Python monorepo with uv workspaces Dennis Traub The 3 things Give the Root a Distinct Name Use workspace = true for Inter-Package Deps Use importlib Mode for pytest Michael #2: cattrs: Flexible Object Serialization and Validation cattrs is a Swiss Army knife for (un)structuring and validating data in Python. A natural alternative/follow on from DataClass Wizard Converts to ←→ from dictionaries cattrs also focuses on functional composition and not coupling your data model to its serialization and validation rules. When you're handed unstructured data (by your network, file system, database, …), cattrs helps to convert this data into trustworthy structured data. Batteries Included: cattrs comes with pre-configured converters for a number of serialization libraries, including JSON (standard library, orjson, UltraJSON), msgpack, cbor2, bson, PyYAML, tomlkit and msgspec (supports only JSON at this time). Brian #3: Learning to program in the AI age Jose Blanca “I teach a couple of introductory Python courses and I've been thinking about which advice to give to my students, that are studying how to program for the first time. I have collected my ideas in these blog posts” Why learning to program is as useful as ever, even with powerful AI tools available. How to use AI as a tutor rather than a shortcut, and why practice remains the key to real understanding. What the real learning objectives are: mental models, managing complexity, and thinking like a software developer. Michael #4: VS Code extension for FastAPI and friends Enhances the FastAPI development experience in Visual Studio Code Path Operation Explorer: Provides a hierarchical tree view of all FastAPI routes in your application. Search for routes: Use the Command Palette and quickly search for routes by path, method, or name. CodeLens links appear above HTTP client calls like client.get('/items'), letting you jump directly to the matching route definition. Deploy your application directly to FastAPI Cloud from the status bar with zero config. View real-time logs from your FastAPI Cloud deployed applications directly within VS Code. Install from Marketplace. Extras Brian: Guido van Rossum interviews key Python developers from the first 25 years Interview with Brett Cannon Interview with Thomas Wouters Michael: IntelliJ IDEA: The Documentary | An origin story video Cursor Joined the ACP Registry and Is Now Live in Your JetBrains IDE What hyper-personal software looks like I'm doing in-person training again (limited scope): On-site, hands-on AI engineering enablement for software teams with Michael Joke: Saas is dead

You're adding type hints to your Python code, your editor is happy, autocomplete is working great. But then you switch tools and suddenly there are red squiggles everywhere. Who decides what a float annotation actually means? Or whether passing None where an int is expected should be an error? It turns out there's a five-person council dedicated to exactly these questions -- and two brand-new Rust-based type checkers are raising the bar. On this episode, I sit down with three members of the Python Typing Council -- Jelle Zijlstra, Rebecca Chen, and Carl Meyer -- to learn how the type system is governed, where the spec and the type checkers agree and disagree, and get the council's official advice on how much typing is just enough. Episode sponsors Sentry Error Monitoring, Code talkpython26 Agentic AI Course Talk Python Courses Links from the show Guests Carl Meyer: github.com Jelle Zijlstra: jellezijlstra.github.io Rebecca Chen: github.com Typing Council: github.com typing.python.org: typing.python.org details here: github.com ty: docs.astral.sh pyrefly: pyrefly.org conformance test suite project: github.com typeshed: github.com Stub files: mypy.readthedocs.io Pydantic: pydantic.dev Beartype: github.com TOAD AI: github.com PEP 747 – Annotating Type Forms: peps.python.org PEP 724 – Stricter Type Guards: peps.python.org Python Typing Repo (PRs and Issues): github.com Watch this episode on YouTube: youtube.com Episode #539 deep-dive: talkpython.fm/539 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Raw+DC: The ORM pattern of 2026? pytest-check releases Dataclass Wizard SQLiteo - “native macOS SQLite browser built for normal people” Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Raw+DC: The ORM pattern of 2026? ORMs/ODMs provide great support and abstractions for developers They are not the native language of agentic AI Raw queries are trained 100x+ more than standard ORMs Using raw queries at the data access optimizes for AI coding Returning some sort of object mapped to the data optimizes for type safety and devs Brian #2: pytest-check releases 3 merged pull requests 8 closed issues at one point got to 0 PR's and 1 enhancement request Now back to 2 issues and 1 PR, but activity means it's still alive and being used. so cool Check out changelog for all mods A lot of changes around supporting mypy I've decided to NOT have the examples be fully --strict as I find it reduces readability See tox.ini for explanation But src is --strict clean now, so user tests can be --strict clean. Michael #3: Dataclass Wizard Simple, elegant wizarding tools for Python's dataclasses. Features

Digital humanities sounds niche, until you realize it can mean a searchable archive of U.S. amendment proposals, Irish folklore, or pigment science in ancient art. Today I'm talking with David Flood from Harvard's DARTH team about an unglamorous problem: What happens when the grant ends but the website can't. His answer, static sites, client-side search, and sneaky Python. Let's dive in. Episode sponsors Sentry Error Monitoring, Code talkpython26 Command Book Talk Python Courses Links from the show Guest David Flood: davidaflood.com DARTH: digitalhumanities.fas.harvard.edu Amendments Project: digitalhumanities.fas.harvard.edu Fionn Folklore Database: fionnfolklore.org Mapping Color in History: iiif.harvard.edu Apatosaurus: apatosaurus.io Criticus: github.com github.com/palewire/django-bakery: github.com sigsim.acm.org/conf/pads/2026/blog/artifact-evaluation: sigsim.acm.org Hugo: gohugo.io Water Stories: waterstories.fas.harvard.edu Tsumeb Mine Notebook: tmn.fas.harvard.edu Dharma and Punya: dharmapunya2019.org Pagefind library: pagefind.app django_webassembly: github.com Astro Static Site Generator: astro.build PageFind Python Lib: pypi.org Frozen-Flask: frozen-flask.readthedocs.io Watch this episode on YouTube: youtube.com Episode #538 deep-dive: talkpython.fm/538 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Better Python tests with inline-snapshot jolt Battery intelligence for your laptop Markdown code formatting with ruff act - run your GitHub actions locally Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Better Python tests with inline-snapshot Alex Hall, on Pydantic blog Great for testing complex data structures Allows you to write a test like this: from inline_snapshot import snapshot def test_user_creation(): user = create_user(id=123, name="test_user") assert user.dict() == snapshot({}) Then run pytest --inline-snapshot=fix And the library updates the test source code to look like this: def test_user_creation(): user = create_user(id=123, name="test_user") assert user.dict() == snapshot({ "id": 123, "name": "test_user", "status": "active" }) Now, when you run the code without “fix” the collected data is used for comparison Awesome to be able to visually inspect the test data right there in the test code. Projects mentioned inline-snapshot pytest-examples syrupy dirty-equals executing Michael #2: jolt Battery intelligence for your laptop Support for both macOS and Linux Battery Status — Charge percentage, time remaining, health, and cycle count Power Monitoring — System power draw with CPU/GPU breakdown Process Tracking — Processes sorted by energy impact with color-coded severity Historical Graphs — Track battery and power trends over time Themes — 10+ built-in themes with dark/light auto-detection Background Daemon — Collect historical data even when the TUI isn't running Process Management — Kill energy-hungry processes directly Brian #3: Markdown code formatting with ruff Suggested by Matthias Schoettle ruff can now format code within markdown files Will format valid Python code in code blocks marked with python, py, python3 or py3. Also recognizes pyi as Python type stub files. Includes the ability to turn off formatting with comment [HTML_REMOVED] , [HTML_REMOVED] blocks. Requires preview mode [tool.ruff.lint] preview = true Michael #4: act - run your GitHub actions locally Run your GitHub Actions locally! Why would you want to do this? Two reasons: Fast Feedback - Rather than having to commit/push every time you want to test out the changes you are making to your .github/workflows/ files (or for any changes to embedded GitHub actions), you can use act to run the actions locally. The environment variables and filesystem are all configured to match what GitHub provides. Local Task Runner - I love make. However, I also hate repeating myself. With act, you can use the GitHub Actions defined in your .github/workflows/ to replace your Makefile! When you run act it reads in your GitHub Actions from .github/workflows/ and determines the set of actions that need to be run. Uses the Docker API to either pull or build the necessary images, as defined in your workflow files and finally determines the execution path based on the dependencies that were defined. Once it has the execution path, it then uses the Docker API to run containers for each action based on the images prepared earlier. The environment variables and filesystem are all configured to match what GitHub provides. Extras Michael: Winter is coming: Frozendict accepted Django ORM stand-alone Command Book app announcement post Joke: Plug ‘n Paste

You love building web apps with Python, and HTMX got you excited about the hypermedia approach -- let the server drive the HTML, skip the JavaScript build step, keep things simple. But then you hit that last 10%: You need Alpine.js for interactivity, your state gets out of sync, and suddenly you're juggling two unrelated libraries that weren't designed to work together. What if there was a single 11-kilobyte framework that gave you everything HTMX and Alpine do, and more, with real-time updates, multiplayer collaboration out of the box, and performance so fast you're actually bottlenecked by the monitor's refresh rate? That's Datastar. On this episode, I sit down with its creator Delaney Gillilan, core maintainer Ben Croker, and Datastar convert Chris May to explore how this backend-driven, server-sent-events-first framework is changing the way full-stack developers think about the modern web. Episode sponsors Sentry Error Monitoring, Code talkpython26 Command Book Talk Python Courses Links from the show Guests Delaney Gillilan: linkedin.com Ben Croker: x.com Chris May: everydaysuperpowers.dev Datastar: data-star.dev HTMX: htmx.org AlpineJS: alpinejs.dev Core Attribute Tour: data-star.dev data-star.dev/examples: data-star.dev github.com/starfederation/datastar-python: github.com VSCode: marketplace.visualstudio.com OpenVSX: open-vsx.org PyCharm/Intellij plugin: plugins.jetbrains.com data-star.dev/datastar_pro: data-star.dev gg: discord.gg HTML-ivating your Django web app's experience with HTMX, AlpineJS, and streaming HTML - Chris May: www.youtube.com Senior Engineer tries Vibe Coding: www.youtube.com 1 Billion Checkboxes: checkboxes.andersmurphy.com Game of life example: example.andersmurphy.com Watch this episode on YouTube: youtube.com Episode #537 deep-dive: talkpython.fm/537 Episode transcripts: talkpython.fm Theme Song: Developer Rap

You've built your FastAPI app, it's running great locally, and now you want to share it with the world. But then reality hits -- containers, load balancers, HTTPS certificates, cloud consoles with 200 options. What if deploying was just one command? That's exactly what Sebastian Ramirez and the FastAPI Cloud team are building. On this episode, I sit down with Sebastian, Patrick Arminio, Savannah Ostrowski, and Jonathan Ehwald to go inside FastAPI Cloud, explore what it means to build a "Pythonic" cloud, and dig into how this commercial venture is actually making FastAPI the open-source project stronger than ever. Episode sponsors Command Book Python in Production Talk Python Courses Links from the show Guests Sebastián Ramírez: github.com Savannah Ostrowski: github.com Patrick Arminio: github.com Jonathan Ehwald: github.com FastAPI labs: fastapilabs.com quickstart: fastapicloud.com an episode on diskcache: talkpython.fm Fastar: github.com FastAPI: The Documentary: www.youtube.com Tailwind CSS Situation: adams-morning-walk.transistor.fm FastAPI Job Meme: fastapi.meme Migrate an Existing Project: fastapicloud.com Join the waitlist: fastapicloud.com Talk Python CLI Talk Python CLI Announcement: talkpython.fm Talk Python CLI GitHub: github.com Command Book Download Command Book: commandbookapp.com Announcement post: mkennedy.codes Watch this episode on YouTube: youtube.com Episode #536 deep-dive: talkpython.fm/536 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Command Book App uvx.sh: Install Python tools without uv or Python Ending 15 years of subprocess polling monty: A minimal, secure Python interpreter written in Rust for use by AI Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Command Book App New app from Michael Command Book App is a native macOS app for developers, data scientists, AI enthusiasts and more. This is a tool I've been using lately to help build Talk Python, Python Bytes, Talk Python Training, and many more applications. It's a bit like advanced terminal commands or complex shell aliases, but hosted outside of your terminal. This leaves the terminal there for interactive commands, exploration, short actions. Command Book manages commands like "tail this log while I'm developing the app", "Run the dev web server with true auto-reload", and even "Run MongoDB in Docker with exactly the settings I need" I'd love it if you gave it a look, shared it with your team, and send me feedback. Has a free version and paid version. Build with Swift and Swift UI Check it out at https://commandbookapp.com Brian #2: uvx.sh: Install Python tools without uv or Python Tim Hopper Michael #3: Ending 15 years of subprocess polling by Giampaolo Rodola The standard library's subprocess module has relied on a busy-loop polling approach since the timeout parameter was added to Popen.wait() in Python 3.3, around 15 years ago The problem with busy-polling CPU wake-ups: even with exponential backoff (starting at 0.1ms, capping at 40ms), the system constantly wakes up to check process status, wasting CPU cycles and draining batteries. Latency: there's always a gap between when a process actually terminates and when you detect it. Scalability: monitoring many processes simultaneously magnifies all of the above. + L1/L2 CPU cache invalidations It's interesting to note that waiting via poll() (or kqueue()) puts the process into the exact same sleeping state as a plain time.sleep() call. From the kernel's perspective, both are interruptible sleeps. Here is the merged PR for this change. Brian #4: monty: A minimal, secure Python interpreter written in Rust for use by AI Samuel Colvin and others at Pydantic Still experimental “Monty avoids the cost, latency, complexity and general faff of using a full container based sandbox for running LLM generated code. “ “Instead, it lets you safely run Python code written by an LLM embedded in your agent, with startup times measured in single digit microseconds not hundreds of milliseconds.” Extras Brian: Expertise is the art of ignoring - Kevin Renskers You don't need to master the language. You need to master your slice. Learning everything up front is wasted effort. Experience changes what you pay attention to. I hate fish - Rands (Michael Lopp) Really about productivity systems And a nice process for dealing with email Michael: Talk Python now has a CLI New essay: It's not vibe coding - Agentic engineering GitHub is having a day Python 3.14.3 and 3.13.12 are available Wall Street just lost $285 billion because of 13 markdown files Joke: Silence, current side project!

Topics covered in this episode: django-bolt: Faster than FastAPI, but with Django ORM, Django Admin, and Django packages pyleak More Django (three articles) Datastar Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: django-bolt : Faster than FastAPI, but with Django ORM, Django Admin, and Django packages Farhan Ali Raza High-Performance Fully Typed API Framework for Django Inspired by DRF, FastAPI, Litestar, and Robyn Django-Bolt docs Interview with Farhan on Django Chat Podcast And a walkthrough video Michael #2: pyleak Detect leaked asyncio tasks, threads, and event loop blocking with stack trace in Python. Inspired by goleak. Has patterns for Context managers decorators Checks for Unawaited asyncio tasks Threads Blocking of an asyncio loop Includes a pytest plugin so you can do @pytest.mark.no_leaks Brian #3: More Django (three articles) Migrating From Celery to Django Tasks Paul Taylor Nice intro of how easy it is to get started with Django Tasks Some notes on starting to use Django Julia Evans A handful of reasons why Django is a great choice for a web framework less magic than Rails a built-in admin nice ORM automatic migrations nice docs you can use sqlite in production built in email The definitive guide to using Django with SQLite in production I'm gonna have to study this a bit. The conclusion states one of the benefits is “reduced complexity”, but, it still seems like quite a bit to me. Michael #4: Datastar Sent to us by Forrest Lanier Lots of work by Chris May Out on Talk Python soon. Official Datastar Python SDK Datastar is a little like HTMX, but The single source of truth is your server Events can be sent from server automatically (using SSE) e.g yield SSE.patch_elements( f"""{(#HTML#)}{datetime.now().isoformat()}""" ) Why I switched from HTMX to Datastar article Extras Brian: Django Chat: Inverting the Testing Pyramid - Brian Okken Quite a fun interview PEP 686 – Make UTF-8 mode default Now with status “Final” and slated for Python 3.15 Michael: Prayson Daniel's Paper tracker Ice Cubes (open source Mastodon client for macOS) Rumdl for PyCharm, et. al cURL Gets Rid of Its Bug Bounty Program Over AI Slop Overrun Python Developers Survey 2026 Joke: Pushed to prod

Topics covered in this episode: GreyNoise IP Check tprof: a targeting profiler TOAD is out Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: GreyNoise IP Check GreyNoise watches the internet's background radiation—the constant storm of scanners, bots, and probes hitting every IP address on Earth. Is your computer sending out bot or other bad-actor traffic? What about the myriad of devices and IoT things on your local IP? Heads up: If your IP has recently changed, it might not be you (false positive). Brian #2: tprof: a targeting profiler Adam Johnson Intro blog post: Python: introducing tprof, a targeting profiler Michael #3: TOAD is out Toad is a unified experience for AI in the terminal Front-end for AI tools such as OpenHands, Claude Code, Gemini CLI, and many more. Better TUI experience (e.g. @ for file context uses fuzzy search and dropdowns) Better prompt input (mouse, keyboard, even colored code and markdown blocks) Terminal within terminals (for TUI support) Brian #4: FastAPI adds Contribution Guidelines around AI usage Docs commit: Add contribution instructions about LLM generated code and comments and automated tools for PRs Docs section: Development - Contributing : Automated Code and AI Great inspiration and example of how to deal with this for popular open source projects “If the human effort put in a PR, e.g. writing LLM prompts, is less than the effort we would need to put to review it, please don't submit the PR.” With sections on Closing Automated and AI PRs Human Effort Denial of Service Use Tools Wisely Extras Brian: Apparently Digg is back and there's a Python Community there Why light-weight websites may one day save your life - Marijke LuttekesHome Michael: Blog posts about Talk Python AI Integrations Announcing Talk Python AI Integrations on Talk Python's Blog Blocking AI crawlers might be a bad idea on Michael's Blog Already using the compile flag for faster app startup on the containers: RUN --mount=type=cache,target=/root/.cache uv pip install --compile-bytecode --python /venv/bin/python I think it's speeding startup by about 1s / container. Biggest prompt yet? 72 pages, 11, 000 Joke: A date via From Pat Decker

Building on the web is like working with the perfect clay. It's malleable and can become almost anything. But too often, frameworks try to hide the web's best parts away from us. Today, we're looking at PyView, a project that brings the real-time power of Phoenix LiveView directly into the Python world. I'm joined by Larry Ogrodnek to dive into PyView. Episode sponsors Talk Python Courses Python in Production Links from the show Guest Larry Ogrodnek: hachyderm.io pyview.rocks: pyview.rocks Phoenix LiveView: github.com this section: pyview.rocks Core Concepts: pyview.rocks Socket and Context: pyview.rocks Event Handling: pyview.rocks LiveComponents: pyview.rocks Routing: pyview.rocks Templating: pyview.rocks HTML Templates: pyview.rocks T-String Templates: pyview.rocks File Uploads: pyview.rocks Streams: pyview.rocks Sessions & Authentication: pyview.rocks Single-File Apps: pyview.rocks starlette: starlette.dev wsproto: github.com apscheduler: github.com t-dom project: github.com Watch this episode on YouTube: youtube.com Episode #535 deep-dive: talkpython.fm/535 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Better Django management commands with django-click and django-typer PSF Lands a $1.5 million sponsorship from Anthropic How uv got so fast PyView Web Framework Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Better Django management commands with django-click and django-typer Lacy Henschel Extend Django manage.py commands for your own project, for things like data operations API integrations complex data transformations development and debugging Extending is built into Django, but it looks easier, less code, and more fun with either django-click or django-typer, two projects supported through Django Commons Michael #2: PSF Lands a $1.5 million sponsorship from Anthropic Anthropic is partnering with the Python Software Foundation in a landmark funding commitment to support both security initiatives and the PSF's core work. The funds will enable new automated tools for proactively reviewing all packages uploaded to PyPI, moving beyond the current reactive-only review process. The PSF plans to build a new dataset of known malware for capability analysis The investment will sustain programs like the Developer in Residence initiative, community grants, and infrastructure like PyPI. Brian #3: How uv got so fast Andrew Nesbitt It's not just be cause “it's written in Rust”. Recent-ish standards, PEPs 518 (2016), 517 (2017), 621 (2020), and 658 (2022) made many uv design decisions possible And uv drops many backwards compatible decisions kept by pip. Dropping functionality speeds things up. “Speed comes from elimination. Every code path you don't have is a code path you don't wait for.” Some of what uv does could be implemented in pip. Some cannot. Andrew discusses different speedups, why they could be done in Python also, or why they cannot. I read this article out of interest. But it gives me lots of ideas for tools that could be written faster just with Python by making design and support decisions that eliminate whole workflows. Michael #4: PyView Web Framework PyView brings the Phoenix LiveView paradigm to Python Recently interviewed Larry on Talk Python Build dynamic, real-time web applications using server-rendered HTML Check out the examples. See the Maps demo for some real magic How does this possibly work? See the LiveView Lifecycle. Extras Brian: Upgrade Django, has a great discussion of how to upgrade version by version and why you might want to do that instead of just jumping ahead to the latest version. And also who might want to save time by leapfrogging Also has all the versions and dates of release and end of support. The Lean TDD book 1st draft is done. Now available through both pythontest and LeanPub I set it as 80% done because of future drafts planned. I'm working through a few submitted suggestions. Not much feedback, so the 2nd pass might be fast and mostly my own modifications. It's possible. I'm re-reading it myself and already am disappointed with page 1 of the introduction. I gotta make it pop more. I'll work on that. Trying to decide how many suggestions around using AI I should include. It's not mentioned in the book yet, but I think I need to incorporate some discussion around it. Michael: Python: What's Coming in 2026 Python Bytes rewritten in Quart + async (very similar to Talk Python's journey) Added a proper MCP server at Talk Python To Me (you don't need a formal MCP framework btw) Example one: latest-episodes-mcp.png Example two: which-episodes-mcp.webp Implmented /llms.txt for Talk Python To Me (see talkpython.fm/llms.txt ) Joke: Reverse Superman

Your cloud SSD is sitting there, bored, and it would like a job. Today we're putting it to work with DiskCache, a simple, practical cache built on SQLite that can speed things up without spinning up Redis or extra services. Once you start to see what it can do, a universe of possibilities opens up. We're joined by Vincent Warmerdam to dive into DiskCache. Episode sponsors Talk Python Courses Python in Production Links from the show diskcache docs: grantjenks.com LLM Building Blocks for Python course: training.talkpython.fm JSONDisk: grantjenks.com Git Code Archaeology Charts: koaning.github.io Talk Python Cache Admin UI: blobs.talkpython.fm Litestream SQLite streaming: litestream.io Plash hosting: pla.sh Watch this episode on YouTube: youtube.com Episode #534 deep-dive: talkpython.fm/534 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: port-killer How we made Python's packaging library 3x faster CodSpeed Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: port-killer A powerful cross-platform port management tool for developers. Monitor ports, manage Kubernetes port forwards, integrate Cloudflare Tunnels, and kill processes with one click. Features:

Today on Talk Python, the creators behind FastAPI, Flask, Django, Quart, and Litestar get practical about running apps based on their framework in production. Deployment patterns, async gotchas, servers, scaling, and the stuff you only learn at 2 a.m. when the pager goes off. For Django, we have Carlton Gibson and Jeff Triplet. For Flask, we have David Lord and Phil Jones, and on team Litestar we have Janek Nouvertné and Cody Fincher, and finally Sebastián Ramírez from FastAPI is here. Let's jump in. Episode sponsors Talk Python Courses Python in Production Links from the show Carlton Gibson - Django: github.com Sebastian Ramirez - FastAPI: github.com David Lord - Flask: davidism.com Phil Jones - Flask and Quartz(async): pgjones.dev Yanik Nouvertne - LiteStar: github.com Cody Fincher - LiteStar: github.com Jeff Triplett - Django: jefftriplett.com Django: www.djangoproject.com Flask: flask.palletsprojects.com Quart: quart.palletsprojects.com Litestar: litestar.dev FastAPI: fastapi.tiangolo.com Coolify: coolify.io ASGI: asgi.readthedocs.io WSGI (PEP 3333): peps.python.org Granian: github.com Hypercorn: github.com uvicorn: uvicorn.dev Gunicorn: gunicorn.org Hypercorn: hypercorn.readthedocs.io Daphne: github.com Nginx: nginx.org Docker: www.docker.com Kubernetes: kubernetes.io PostgreSQL: www.postgresql.org SQLite: www.sqlite.org Celery: docs.celeryq.dev SQLAlchemy: www.sqlalchemy.org Django REST framework: www.django-rest-framework.org Jinja: jinja.palletsprojects.com Click: click.palletsprojects.com HTMX: htmx.org Server-Sent Events (SSE): developer.mozilla.org WebSockets (RFC 6455): www.rfc-editor.org HTTP/2 (RFC 9113): www.rfc-editor.org HTTP/3 (RFC 9114): www.rfc-editor.org uv: docs.astral.sh Amazon Web Services (AWS): aws.amazon.com Microsoft Azure: azure.microsoft.com Google Cloud Run: cloud.google.com Amazon ECS: aws.amazon.com AlloyDB for PostgreSQL: cloud.google.com Fly.io: fly.io Render: render.com Cloudflare: www.cloudflare.com Fastly: www.fastly.com Watch this episode on YouTube: youtube.com Episode #533 deep-dive: talkpython.fm/533 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: ty: An extremely fast Python type checker and LSP Python Supply Chain Security Made Easy typing_extensions MI6 chief: We'll be as fluent in Python as we are in Russian Extras Joke Watch on YouTube About the show Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: ty: An extremely fast Python type checker and LSP Charlie Marsh announced the Beta release of ty on Dec 16 “designed as an alternative to tools like mypy, Pyright, and Pylance.” Extremely fast even from first run Successive runs are incremental, only rerunning necessary computations as a user edits a file or function. This allows live updates. Includes nice visual diagnostics much like color enhanced tracebacks Extensive configuration control Nice for if you want to gradually fix warnings from ty for a project Also released a nice VSCode (or Cursor) extension Check the docs. There are lots of features. Also a note about disabling the default language server (or disabling ty's language server) so you don't have 2 running Michael #2: Python Supply Chain Security Made Easy We know about supply chain security issues, but what can you do? Typosquatting (not great) Github/PyPI account take-overs (very bad) Enter pip-audit. Run it in two ways: Against your installed dependencies in current venv As a proper unit test (so when running pytest or CI/CD). Let others find out first, wait a week on all dependency updates: uv pip compile requirements.piptools --upgrade --output-file requirements.txt --exclude-newer "1 week" Follow up article: DevOps Python Supply Chain Security Create a dedicated Docker image for testing dependencies with pip-audit in isolation before installing them into your venv. Run pip-compile / uv lock --upgrade to generate the new lock file Test in a ephemeral pip-audit optimized Docker container Only then if things pass, uv pip install / uv sync Add a dedicated Docker image build step that fails the docker build step if a vulnerable package is found. Brian #3: typing_extensions Kind of a followup on the deprecation warning topic we were talking about in December. prioinv on Mastodon notified us that the project typing-extensions includes it as part of the backport set. The warnings.deprecated decorator is new to Python 3.13, but with typing-extensions, you can use it in previous versions. But typing_extesions is way cooler than just that. The module serves 2 purposes: Enable use of new type system features on older Python versions. Enable experimentation with type system features proposed in new PEPs before they are accepted and added to the typing module. So cool. There's a lot of features here. I'm hoping it allows someone to use the latest typing syntax across multiple Python versions. I'm “tentatively” excited. But I'm bracing for someone to tell me why it's not a silver bullet. Michael #4: MI6 chief: We'll be as fluent in Python as we are in Russian "Advances in artificial intelligence, biotechnology and quantum computing are not only revolutionizing economies but rewriting the reality of conflict, as they 'converge' to create science fiction-like tools,” said new MI6 chief Blaise Metreweli. She focused mainly on threats from Russia, the country is "testing us in the grey zone with tactics that are just below the threshold of war.” This demands what she called "mastery of technology" across the service, with officers required to become "as comfortable with lines of code as we are with human sources, as fluent in Python as we are in multiple other languages." Recruitment will target linguists, data scientists, engineers, and technologists alike. Extras Brian: Next chapter of Lean TDD being released today, Finding Waste in TDD Still going to attempt a Jan 31 deadline for first draft of book. That really doesn't seem like enough time, but I'm optimistic. SteamDeck is not helping me find time to write But I very much appreciate the gift from my fam Send me game suggestions on Mastodon or Bluesky. I'd love to hear what you all are playing. Michael: Astral has announced the Beta release of ty, which they say they are "ready to recommend to motivated users for production use." Blog post Release page Reuven Lerner has a video series on Pandas 3 Joke: Error Handling in the age of AI Play on the inversion of JavaScript the Good Parts

Python in 2025 is in a delightfully refreshing place: the GIL's days are numbered, packaging is getting sharper tools, and the type checkers are multiplying like gremlins snacking after midnight. On this episode, we have an amazing panel to give us a range of perspectives on what matter in 2025 in Python. We have Barry Warsaw, Brett Cannon, Gregory Kapfhammer, Jodie Burchell, Reuven Lerner, and Thomas Wouters on to give us their thoughts. Episode sponsors Seer: AI Debugging, Code TALKPYTHON Talk Python Courses Links from the show Python Software Foundation (PSF): www.python.org PEP 810: Explicit lazy imports: peps.python.org PEP 779: Free-threaded Python is officially supported: peps.python.org PEP 723: Inline script metadata: peps.python.org PyCharm: www.jetbrains.com JetBrains: www.jetbrains.com Visual Studio Code: code.visualstudio.com pandas: pandas.pydata.org PydanticAI: ai.pydantic.dev OpenAI API docs: platform.openai.com uv: docs.astral.sh Hatch: github.com PDM: pdm-project.org Poetry: python-poetry.org Project Jupyter: jupyter.org JupyterLite: jupyterlite.readthedocs.io PEP 690: Lazy Imports: peps.python.org PyTorch: pytorch.org Python concurrent.futures: docs.python.org Python Package Index (PyPI): pypi.org EuroPython: tickets.europython.eu TensorFlow: www.tensorflow.org Keras: keras.io PyCon US: us.pycon.org NumFOCUS: numfocus.org Python discussion forum (discuss.python.org): discuss.python.org Language Server Protocol: microsoft.github.io mypy: mypy-lang.org Pyright: github.com Pylance: marketplace.visualstudio.com Pyrefly: github.com ty: github.com Zuban: docs.zubanls.com Jedi: jedi.readthedocs.io GitHub: github.com PyOhio: www.pyohio.org Watch this episode on YouTube: youtube.com Episode #532 deep-dive: talkpython.fm/532 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Has the cost of building software just dropped 90%? More on Deprecation Warnings How FOSS Won and Why It Matters Should I be looking for a GitHub alternative? Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. HEADS UP: We are taking next week off, happy holiday everyone. Michael #1: Has the cost of building software just dropped 90%? by Martin Alderson Agentic coding tools are collapsing “implementation time,” so the cost curve of shipping software may be shifting sharply Recent programming advancements haven't been that great of a true benefit: Cloud, TDD, microservices, complex frontends, Kubernetes, etc. Agentic AI's big savings are not just code generation, but coordination overhead reduction (fewer handoffs, fewer meetings, fewer blocks). Thinking, product clarity, and domain decisions stay hard, while typing and scaffolding get cheap. Is it the end of software dev? Not really, see Jevons paradox: when production gets cheaper, total demand can rise rather than spending simply falling. (Historically: the efficiency of coal use led to the increased consumption of coal) Pushes back on “only good for greenfield” by arguing agents also help with legacy code comprehension and bug-fixing. I 100% agree. #Legacy code for the win. Brian #2: More on Deprecation Warnings How are people ignoring them? yep, it's right in the Python docs: -W ignore::DeprecationWarning Don't do that! Perhaps the docs should give the example of emitting them only once -W once::::DeprecationWarning See also -X dev mode , which sets -W default and some other runtime checks Don't use warn, use the @warnings.deprecated decorator instead Thanks John Hagen for pointing this out Emits a warning It's understood by type checkers, so editors visually warn you You can pass in your own custom UserWarning with category mypy also has a command line option and setting for this --enable-error-code deprecated or in [tool.mypy] enable_error_code = ["deprecated"] My recommendation Use @deprecated with your own custom warning and test with pytest -W error Michael #3: How FOSS Won and Why It Matters by Thomas Depierre Companies are not cheap, companies optimize cost control. They do this by making purchasing slow and painful. FOSS is/was a major unlock hack to skip procurement, legal, etc. Example is months to start using a paid “Add to calendar” widget! It “works both ways”: the same bypass lowers the barrier for maintainers too, no need for a legal entity, lawyers, liability insurance, or sales motion. Proposals that “fix FOSS” by reintroducing supply-chain style controls (he name-checks SBOMs and mandated processes) risk being rejected or gamed, because they restore the very friction FOSS sidesteps. Brian #4: Should I be looking for a GitHub alternative? Pricing changes for GitHub Actions The self-hosted runner pricing change caused a kerfuffle. It's has been postponed But… if you were to look around, maybe pay attention to These 4 GitHub alternatives are just as good—or better Codeburg, BitBucket, GitLab, Gitea And a new-ish entry, Tangled Extras Brian: End of year sale for The Complete pytest Course Use code XMAS2025 for 50% off before Dec 31 Writing work on Lean TDD book on hold for holidays Will pick up again in January Michael: PyCharm has better Ruff support now out of the box, via Daniel Molnar This is from the release notes of 2025.3: "PyCharm 2025.3 expands its LSP integration with support for Ruff, ty, Pyright, and Pyrefly.” If you check out the LSP section it will land you on this page and you can go to Ruff. The Ruff doc site was also updated. Previously it was only available external tools and a third party plugin, this feels like a big step. Fun quote I saw on ExTwitter: May your bug tracker be forever empty. Joke: Try/Catch/Stack Overflow Create a super annoying linkedin profile - From Tim Kellogg, submitted by archtoad

Have you ever thought about getting your small product into production, but are worried about the cost of the big cloud providers? Or maybe you think your current cloud service is over-architected and costing you too much? Well, in this episode, we interview Michael Kennedy, author of "Talk Python in Production," a new book that guides you through deploying web apps at scale with right-sized engineering. Episode sponsors Seer: AI Debugging, Code TALKPYTHON Agntcy Talk Python Courses Links from the show Christopher Trudeau - guest host: www.linkedin.com Michael's personal site: mkennedy.codes Talk Python in Production Book: talkpython.fm glances: github.com btop: github.com Uptimekuma: uptimekuma.org Coolify: coolify.io Talk Python Blog: talkpython.fm Hetzner (€20 credit with link): hetzner.cloud OpalStack: www.opalstack.com Bunny.net CDN: bunny.net Galleries from the book: github.com Pandoc: pandoc.org Docker: www.docker.com Watch this episode on YouTube: youtube.com Episode #531 deep-dive: talkpython.fm/531 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Deprecations via warnings docs PyAtlas: interactive map of the top 10,000 Python packages on PyPI. Buckaroo Extras Joke Watch on YouTube About the show Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Deprecations via warnings Deprecations via warnings don't work for Python libraries Seth Larson How to encourage developers to fix Python warnings for deprecated features Ines Panker Michael #2: docs A collaborative note taking, wiki and documentation platform that scales. Built with Django and React. Made for self hosting Docs is the result of a joint effort led by the French

For years, building interactive widgets in Python notebooks meant wrestling with toolchains, platform quirks, and a mountain of JavaScript machinery. Most developers took one look and backed away slowly. Trevor Manz decided that barrier did not need to exist. His idea was simple: give Python users just enough JavaScript to unlock the web's interactivity, without dragging along the rest of the web ecosystem. That idea became anywidget, and it is quickly becoming the quiet connective tissue of modern interactive computing. Today we dig into how it works, why it has taken off, and how it might change the way we explore data. Episode sponsors Seer: AI Debugging, Code TALKPYTHON PyCharm, code STRONGER PYTHON Talk Python Courses Links from the show Trevor on GitHub: github.com anywidget GitHub: github.com Trevor's SciPy 2024 Talk: www.youtube.com Marimo GitHub: github.com Myst (Markdown docs): mystmd.org Altair: altair-viz.github.io DuckDB: duckdb.org Mosaic: uwdata.github.io ipywidgets: ipywidgets.readthedocs.io Tension between Web and Data Sci Graphic: blobs.talkpython.fm Quak: github.com Walk through building a widget: anywidget.dev Widget Gallery: anywidget.dev Video: How do I anywidget?: www.youtube.com PyCharm + PSF Fundraiser: pycharm-psf-2025 code STRONGER PYTHON Watch this episode on YouTube: youtube.com Episode #530 deep-dive: talkpython.fm/530 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: PEP 798: Unpacking in Comprehensions Pandas 3.0.0rc0 typos A couple testing topics Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: PEP 798: Unpacking in Comprehensions After careful deliberation, the Python Steering Council is pleased to accept PEP 798 – Unpacking in Comprehensions. Examples [*it for it in its] # list with the concatenation of iterables in 'its' {*it for it in its} # set with the union of iterables in 'its' {**d for d in dicts} # dict with the combination of dicts in 'dicts' (*it for it in its) # generator of the concatenation of iterables in 'its' Also: The Steering Council is happy to unanimously accept “PEP 810, Explicit lazy imports” Brian #2: Pandas 3.0.0rc0 Pandas 3.0.0 will be released soon, and we're on Release candidate 0 Here's What's new in Pands 3.0.0 Dedicated string data type by default Inferred by default for string data (instead of object dtype) The str dtype can only hold strings (or missing values), in contrast to object dtype. (setitem with non string fails) The missing value sentinel is always NaN (np.nan) and follows the same missing value semantics as the other default dtypes. Copy-on-Write The result of any indexing operation (subsetting a DataFrame or Series in any way, i.e. including accessing a DataFrame column as a Series) or any method returning a new DataFrame or Series, always behaves as if it were a copy in terms of user API. As a consequence, if you want to modify an object (DataFrame or Series), the only way to do this is to directly modify that object itself. pd.col syntax can now be used in DataFrame.assign() and DataFrame.loc() You can now do this: df.assign(c = pd.col('a') + pd.col('b')) New Deprecation Policy Plus more - Michael #3: typos You've heard about codespell … what about typos? VSCode extension and OpenVSX extension. From Sky Kasko: Like codespell, typos checks for known misspellings instead of only allowing words from a dictionary. But typos has some extra features I really appreciate, like finding spelling mistakes inside snake_case or camelCase words. For example, if you have the line: *connecton_string = "sqlite:///my.db"* codespell won't find the misspelling, but typos will. It gave me the output: *error: `connecton` should be `connection`, `connector` ╭▸ ./main.py:1:1 │1 │ connecton_string = "sqlite:///my.db" ╰╴━━━━━━━━━* But the main advantage for me is that typos has an LSP that supports editor integrations like a VS Code extension. As far as I can tell, codespell doesn't support editor integration. (Note that the popular Code Spell Checker VS Code extension is an unrelated project that uses a traditional dictionary approach.) For more on the differences between codespell and typos, here's a comparison table I found in the typos repo: https://github.com/crate-ci/typos/blob/master/docs/comparison.md By the way, though it's not mentioned in the installation instructions, typos is published on PyPI and can be installed with uv tool install typos, for example. That said, I don't bother installing it, I just use the VS Code extension and run it as a pre-commit hook. (By the way, I'm using prek instead of pre-commit now; thanks for the tip on episode #448!) It looks like typos also publishes a GitHub action, though I haven't used it. Brian #4: A couple testing topics slowlify suggested by Brian Skinn Simulate slow, overloaded, or resource-constrained machines to reproduce CI failures and hunt flaky tests. Requires Linux with cgroups v2 Why your mock breaks later Ned Badthelder Ned's taught us before to “Mock where the object is used, not where it's defined.” To be more explicit, but probably more confusing to mock-newbies, “don't mock things that get imported, mock the object in the file it got imported to.” See? That's probably worse. Anyway, read Ned's post. If my project myproduct has user.py that uses the system builtin open() and we want to patch it: DONT DO THIS: @patch("builtins.open") This patches open() for the whole system DO THIS: @patch("myproduct.user.open") This patches open() for just the user.py file, which is what we want Apparently this issue is common and is mucking up using coverage.py Extras Brian: The Rise and Rise of FastAPI - mini documentary “Building on Lean” chapter of LeanTDD is out The next chapter I'm working on is “Finding Waste in TDD” Notes to delete before end of show: I'm not on track for an end of year completion of the first pass, so pushing goal to 1/31/26 As requested by a reader, I'm releasing both the full-so-far versions and most-recent-chapter Michael: My Vanishing Gradient's episode is out Django 6 is out Joke: tabloid - A minimal programming language inspired by clickbait headlines

A lot of people building software today never took the traditional CS path. They arrived through curiosity, a job that needed automating, or a late-night itch to make something work. This week, David Kopec joins me to talk about rebuilding computer science for exactly those folks, the ones who learned to program first and are now ready to understand the deeper ideas that power the tools they use every day. Episode sponsors Sentry Error Monitoring, Code TALKPYTHON NordStellar Talk Python Courses Links from the show David Kopec: davekopec.com Classic Computer Science Book: amazon.com Computer Science from Scratch Book: computersciencefromscratch.com Computer Science from Scratch at NoStartch (CSFS30 for 30% off): nostarch.com Watch this episode on YouTube: youtube.com Episode #529 deep-dive: talkpython.fm/529 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Advent of Code starts today Django 6 is coming Advanced, Overlooked Python Typing codespell Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Advent of Code starts today A few changes, like 12 days this year, which honestly, I'm grateful for. See also: elf: Advent of Code CLI helper for Python Michael #2: Django 6 is coming Expected December 2025 Django 6.0 supports Python 3.12, 3.13, and 3.14 Built-in support for the Content Security Policy (CSP) standard is now available, making it easier to protect web applications against content injection attacks such as cross-site scripting (XSS). The Django Template Language now supports template partials, making it easier to encapsulate and reuse small named fragments within a template file. Django now includes a built-in Tasks framework for running code outside the HTTP request–response cycle. This enables offloading work, such as sending emails or processing data, to background workers. Email handling in Django now uses Python's modern email API, introduced in Python 3.6. This API, centered around the email.message.EmailMessage class Brian #3: Advanced, Overlooked Python Typing get_args, TypeGuard, TypeIs, and more goodies Michael #4: codespell Learned from this PR for the Talk Python book. Fix common misspellings in text files. It's designed primarily for checking misspelled words in source code (backslash escapes are skipped), but it can be used with other files as well. It does not check for word membership in a complete dictionary, but instead looks for a set of common misspellings. Therefore it should catch errors like "adn", but it will not catch "adnasdfasdf". It shouldn't generate false-positives when you use a niche term it doesn't know about. Extras Brian: Is mkdocs maintained? Hatch 1.16 Michael: Follow up on tach from Gerben Dekker: tach has been unmaintained for a bit but is not anymore. It was the main product from Gauge which is a Y combinator startup that pivoted to something unrelated and abandoned tach. However, https://github.com/DetachHead forked it but now got access to the main repo and has committed to maintaining it. ruff analyze graph is fully independent of tach - we actually started to look into alternatives for tach when it became unmaintained and then found ruff analyze graph. For our use case, with just a bit of manipulation on top of ruff analyze graph we replaced our use of deptry (which was slower - and I try to be careful depending on one-man projects). A Review of Michael Kennedy's book, “Talk Python in Production” - Thanks Doug Joke: NoaaS

In this episode, I'm talking with Vincent Warmerdam about treating LLMs as just another API in your Python app, with clear boundaries, small focused endpoints, and good monitoring. We'll dig into patterns for wrapping these calls, caching and inspecting responses, and deciding where an LLM API actually earns its keep in your architecture. Episode sponsors Seer: AI Debugging, Code TALKPYTHON NordStellar Talk Python Courses Links from the show Vincent on X: @fishnets88 Vincent on Mastodon: @koaning LLM Building Blocks for Python Co-urse: training.talkpython.fm Top Talk Python Episodes of 2024: talkpython.fm LLM Usage - Datasette: llm.datasette.io DiskCache - Disk Backed Cache (Documentation): grantjenks.com smartfunc - Turn docstrings into LLM-functions: github.com Ollama: ollama.com LM Studio - Local AI: lmstudio.ai marimo - A Next-Generation Python Notebook: marimo.io Pydantic: pydantic.dev Instructor - Complex Schemas & Validation (Python): python.useinstructor.com Diving into PydanticAI with marimo: youtube.com Cline - AI Coding Agent: cline.bot OpenRouter - The Unified Interface For LLMs: openrouter.ai Leafcloud: leaf.cloud OpenAI looks for its "Google Chrome" moment with new Atlas web browser: arstechnica.com Watch this episode on YouTube: youtube.com Episode #528 deep-dive: talkpython.fm/528 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Today we're digging into the Model Context Protocol, or MCP. Think LSP for AI: build a small Python service once and your tools and data show up across editors and agents like VS Code, Claude Code, and more. My guest, Den Delimarsky from Microsoft, helps build this space and will keep us honest about what's solid versus what's just shiny. We'll keep it practical: transports that actually work, guardrails you can trust, and a tiny server you could ship this week. By the end, you'll have a clear mental model and a path to plug Python into the internet of agents. Episode sponsors Sentry AI Monitoring, Code TALKPYTHON NordStellar Talk Python Courses Links from the show Den Delimarsky: den.dev Agentic AI Programming for Python Course: training.talkpython.fm Model Context Protocol: modelcontextprotocol.io Model Context Protocol Specification (2025-03-26): modelcontextprotocol.io MCP Python Package (PyPI): pypi.org Awesome MCP Servers (punkpeye) GitHub Repo: github.com Visual Studio Code Docs: Copilot MCP Servers: code.visualstudio.com GitHub MCP Server (GitHub repo): github.com GitHub Blog: Meet the GitHub MCP Registry: github.blog MultiViewer App: multiviewer.app GitHub Blog: Spec-driven development with AI (open source toolkit): github.blog Model Context Protocol Registry (GitHub): github.com mcp (GitHub organization): github.com Tailscale: tailscale.com Watch this episode on YouTube: youtube.com Episode #527 deep-dive: talkpython.fm/527 Episode transcripts: talkpython.fm Theme Song: Developer Rap