Podcasts about software developers

If you've ever been to PyCon, you know one of the best parts of the expo hall is Startup Row, a stretch of booths where early-stage companies built on Python show off what they're creating. But only attendees get to walk that lane, so let's bring it to everyone. In this episode, we stroll down Startup Row together. We kick things off with the organizers, Jason and Shay, who share the program's origin story going back to Paul Graham and the PSF, plus some surprising stats, including two unicorns among the alumni. Then we meet five startups: Tetrix, bringing AI to institutional investing in private markets. Arcjet, security that lives inside your app as an SDK. Phemeral.dev, serverless hosting built for Python web apps. CapiscIO, an identity and authority layer for AI agents. And Pixeltable, a multimodal database from Marcel Kornacker, co-creator of Apache Parquet. See if you can spot the theme running through them all. Let's go for a walk. Episode sponsors AgentField AI Talk Python Courses Links from the show Guests Naunidh Bhalla: linkedin.com Grant Gittes: linkedin.com Marcel Kornacker: linkedin.com Beon de Nood: linkedin.com Chinmaya Joshi: linkedin.com David Mytton: linkedin.com Shea Tate-Di Donna: linkedin.com Jason Rowley: linkedin.com Azul Garza: github.com Renée Rosillo: linkedin.com Tetrix: tetrix.co Tetrix Jobs: tetrix.co Arcjet: arcjet.com Pixeltable: pixeltable.com Phemeral.dev: phemeral.dev CapiscIO: capisc.io Episode #551 deep-dive: talkpython.fm/551 Episode transcripts: talkpython.fm Theme Song: Developer Rap

WeAreDevelopers, the Berlin-based developer conference founded in 2015, has grown into a major global event, attracting 15,000 developers from over 70 countries each year. In 2026, it expands beyond Europe with new editions in San Jose, California, and Bengaluru, India. Co-founder and CEO Sead Ahmetovic says the conference was created to give developers a stronger voice in an industry where marketers, salespeople, and entrepreneurs often receive more recognition.  He believes developers, despite being less vocal, build the products that power the modern world. The event began as a small meetup that quickly gained popularity, filling a gap between highly specialized technical gatherings and broader business-focused conferences. Former GitHub CEO Thomas Dohmke highlights another benefit: giving developers a platform to share the stories behind their work and inspire peers.  Discussing the future of software development, Dohmke predicts AI agents will handle much of the coding, while developers focus on managing ideas, prompts, and workflows. Ahmetovic agrees, arguing that developers will remain essential, spending less time typing code and more time thinking, orchestrating, and creating new solutions.  Learn more from The New Stack around the latest in developer community growth:  How Community Helps Developers Grow  Empowering Developers Is Critical to Drive AI Innovation  3 Ways Organizations Can Redefine the Developer Experience  Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

Topics covered in this episode: Vulnerability and malware checks in uv HTTP GET requests with the Python standard library Millions of AI agents imperiled by critical vulnerability in open source package alembic-git-revisions Extras Joke Watch on YouTube About the show Goodbye and Thanks Brian Thanks Calvin for being part of this and future episodes! Also new time for the live show. Thanks Brian for all the hard work over the years. Calvin #1: Vulnerability and malware checks in uv release just yesterday by Astral https://astral.sh/blog/uv-audit uv audit scans dependencies for known vulnerabilities and abandoned packages via the OSV database — runs 4–10x faster than pip-audit Malware check runs on every install/sync, catching actively malicious packages (credential stealers, etc.) before they execute — including ones PyPI quarantined but lockfiles can still reference Enable malware scanning with UV_MALWARE_CHECK=1 — it's opt-in and in preview Future roadmap includes a resolver that steers toward vulnerability-free versions and install-time warnings scoped to newly added deps only Michael #2: HTTP GET requests with the Python standard library If you're doing HTTP in Python, you're probably using one of three popular libraries: requests, httpx, or urllib3. There have been issues with httpx lately. Niquest is another option: Drop-in replacement for Requests. Automatic HTTP/1.1, HTTP/2, and HTTP/3. WebSocket, and SSE included. But maybe less is more, especially in the age of agentic AI A good candidate needs two things to be true at once, not one: the used surface is small, and the behavior behind that surface is shallow. Calvin #3: Millions of AI agents imperiled by critical vulnerability in open source package "BadHost" (CVE-2026-48710) is a critical vulnerability in Starlette — the ASGI framework underlying FastAPI — with 325 million weekly downloads; also affects vLLM, LiteLLM, and most MCP server tooling The exploit is trivial: injecting a single character into an HTTP Host header bypasses path-based authentication, and can lead to credential theft, SSRF, and in some cases remote code execution MCP servers are a prime target since they store credentials for external services (email, databases, cloud accounts) — exposed data in the wild includes biopharma clinical trial DBs, full mailboxes, HR/PII pipelines, and AWS topology Fix is available — patch to Starlette 1.0.1 immediately; use the free scanner at mcp-scan.nemesis.services to check if your servers are still running a vulnerable version Open source sustainability footnote: the maintainer triages near-daily security reports solo, in his free time — most are AI-generated noise, and real ones like this still compete for the same evenings and weekends Michael #4: alembic-git-revisions By Julien Danjou from Mergify Automatic Alembic migration chaining based on git commit history. No more Multiple head revisions are present for given argument 'head'. See the introductory article Caused by two migrations landed with the same down_revision, and Alembic doesn't know which one comes first. The fix is always the same: someone manually edits the migration file to re-chain the revisions. The insight: git already knows the order Extras Calvin: GNU make can do pattern matching in the target. Not new at all, mentioned in the 1994-era docs. just and task don't have this super power on the target name yet. train-%: uv run ./train.py $* --save-hyper-params --overwrite $(TRAIN_ARGS) Michael: Updated my HTTP client using packages from httpx to httpx2: listmonk, umami, and memberful. For motivation, see this reddit thread. Joke: Accurate

Erik Torenberg speaks with tech analyst Benedict Evans about the current state of AI, what has changed over the past year, and which questions remain unanswered. The conversation covers coding agents, foundation models, AI infrastructure spending, software economics, and the tension between today's AI excitement and the long-term realities of technology adoption. Evans discusses why coding has emerged as AI's first breakout use case, how previous platform shifts can help frame the current moment, and why many of the most important questions about AI remain unresolved. Along the way, they explore the future of software, enterprise adoption, consumer behavior, and whether AI models ultimately capture value themselves or become infrastructure for the next generation of applications.   Resources: Follow Benedict Evans on X: https://x.com/benedictevans Follow Erik Torenberg on X: https://x.com/eriktorenberg Stay Updated:Find a16z on YouTube: YouTubeFind a16z on XFind a16z on LinkedInListen to the a16z Show on SpotifyListen to the a16z Show on Apple PodcastsFollow our host: https://twitter.com/eriktorenberg Please note that the content here is for informational purposes only; should NOT be taken as legal, business, tax, or investment advice or be used to evaluate any investment or security; and is not directed at any investors or potential investors in any a16z fund. a16z and its affiliates may maintain investments in the companies discussed. For more details please see a16z.com/disclosures. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Open source é um dos pilares da tecnologia moderna, mas, por trás de cada projeto existe um trabalho contínuo de manutenção, revisão e construção da comunidade. Com o avanço da inteligência artificial, esse cenário está mudando rapidamente. Conforme o crescimento de contribuições, levantaram-se novas questões sobre qualidade e trazendo desafios inéditos para mantenedores. A Camila Maia participou dessa discussão com a gente.

Founder of Upshift, Shawn Yeager, joined me on Ditching Hourly to talk about how AI is killing the billable hour and what professional services firms can do about it. Jonathan and Shawn dig into judgment versus execution, what firms should commercialize after AI, why cost-cutting is only the first move, and how agent workflows change what small and midsize firms can do.00:00 - Introduction01:54 - AI and the billable hour03:56 - The judgment sandwich05:19 - Strategy, execution, and hidden value09:06 - Client conversations about AI pressure13:26 - Validating AI output15:29 - Judgment, marketing, and cost of being wrong17:07 - AI transformation and commercialization20:08 - The hard parts big firms still need humans for22:20 - Cost recovery versus new offerings25:35 - Agents as extra employees26:40 - Interns versus chiefs of staff28:44 - Scaffolding agent workflows30:12 - From chatbots to delegated workflows37:00 - AI adoption inside firms42:01 - Closing remarksShawn Yeager runs Upshift, a firm focused on helping professional services firms understand what they sell after AI. His career has focused on emerging technology and getting it to market, including work on Microsoft's first browser team, the SaaS/cloud wave, mobile, Bitcoin, and AI. His background is in computer science, and his work has included sales, marketing, partnerships, consulting, Accenture, early-stage startups, and his own ventures. Learn more at upshiftco.com. (00:00) - Introduction (01:54) - AI and the billable hour (03:56) - The judgment sandwich (05:19) - Strategy, execution, and hidden value (09:06) - Client conversations about AI pressure (13:26) - Validating AI output (15:29) - Judgment, marketing, and cost of being wrong (17:07) - AI transformation and commercialization (20:08) - The hard parts big firms still need humans for (22:20) - Cost recovery versus new offerings (25:35) - Agents as extra employees (26:40) - Interns versus chiefs of staff (28:44) - Scaffolding agent workflows (30:12) - From chatbots to delegated workflows (37:00) - AI adoption inside firms (42:01) - Closing remarks ----Do you have questions about how to improve your business? Things like:Value pricing your work instead of billing for your time?Positioning yourself as the go-to person in your space?Productizing your services so you never have to have another awkward sales call or spend hours writing another custom proposal?Book a one-on-one coaching call with me and get answers to these questions and others in the time it takes to get ready for work in the morning.Best of all, you're covered by my 100% satisfaction guarantee. If at the end of the call, you don't feel like it was worth it, just say the word, and I'll refund your purchase in full.To book your one-on-one coaching call, go to: https://jonathanstark.com/callI hope to see you there!

Topics covered in this episode: CVE-2026-48710: A Maintainer's Perspective daily-stars-explorer Markdown to pdf with pandoc and typst postman2pytest Extras Joke Watch on YouTube About the show Brian #1: CVE-2026-48710: A Maintainer's Perspective Marcelo Trylesinski suggested by Lee Luocks Short version: users of Starlette: upgrade to Starlette 1.0.1 security professionals: we can't treat open source projects like corporations This top link is a Starlette security advisory with the title Missing Host header validation poisons request.url.path, bypassing path-based security checks The CVE apparently caused some negative press targeting starlette. However, “the vulnerability came from the application pattern and the deployment, never from something Starlette intended.” A quote from an OSTIF article: “This bug is a classic “responsibility gap” where if this maintainer didn't patch, thousands of exposed projects would have to individually secure their projects. In doing this work, they've voluntarily taken on the responsibility to protect the ecosystem from long-term systemic harm. As with all open source projects, they owed us nothing and could have left this to be everyone else's problem and took the extraordinary steps of helping the ecosystem.” Both X40 D-Sec and Ars Technica expected immediate fixes and responses from Starlette. That's not good. We can do better. Michael #2: daily-stars-explorer Explore the full history of any GitHub repository.

You wake up, brew the coffee, open GitHub, and there it is. Another pull request on your open source project. Thirteen thousand lines added. No issue filed first. No discussion. Just "here, please review this for me." Over the past year, GitHub activity has spiked roughly twelve times in a few short months, and a huge chunk of that signal is landing on the same small group of maintainers who were already stretched thin. The curl bug bounty got buried under AI-generated noise. Jazzband, the home of Django classics like pip-tools and the Django debug toolbar, hit what its maintainer called an "apocalypse" and started sunsetting. Even CPython just shipped fresh guidelines on AI-assisted contributions this week. So what does all of this actually look like from the receiving end of the pull request? On this episode, Paolo Melchiorre joins us to tell that story from inside the maintainer's chair. Paolo is a director of the Django Software Foundation, an organizer of PyCon Italy, a Django Girls coach, and he has spent the past year carefully collecting examples of how AI is reshaping open source contributions. The good, the bad, and the extra fingers. We dig into his PyCon US talk on AI-assisted contributions and maintainer load, why AI is best understood as an amplifier rather than a new kind of contributor, the wildly different policies across 86 open source foundations, whether projects banning AI today are reacting to last year's models. Episode sponsors AgentField AI Talk Python Courses Links from the show Guest Paolo Melchiorre: github.com DSF: www.djangoproject.com djangonaut-space: djangonaut.space PyCon Italia: 2026.pycon.it uDjango: github.com My PyCon US 2026 post: www.paulox.net AI-Assisted Contributions and Maintainer Load: www.paulox.net Senior Engineer Tries Vibe Coding: www.youtube.com Code Rabbit AI PR Reviews: www.coderabbit.ai GitHub Usage Graphs: github.blog Update on CPython's AI Policies: fosstodon.org High-Quality Chaos from Curl: daniel.haxx.se The Generative AI Policy Landscape in Open Source: redmonk.com Watch this episode on YouTube: youtube.com Episode #550 deep-dive: talkpython.fm/550 Episode transcripts: talkpython.fm Theme Song: Developer Rap

At a recent MCP developer summit, The New Stack spoke with Till Döhmen, AI lead atMotherDuck, about the company's growing role in the evolving DuckDB ecosystem. Backed by investors includingTomasz Tunguz, MotherDuck is commercializing the open-source analytical databaseDuckDBwhile also expanding how employees interact with data through AI agents rather than traditional dashboards. Döhmen emphasized the company's close collaboration withDuckDB FoundationandDuckDB Labs. Because MotherDuck operates what he described as the world's largest fleet of DuckDB databases, the startup regularly pushes the database to its limits and feeds insights back to the core maintainers. Rather than forking DuckDB to create proprietary advantages, MotherDuck instead extends the platform through its existing architecture while contributing core improvements upstream when needed. The conversation highlighted the delicate but productive relationship between venture-backed companies and the open-source projects they commercialize, positioning MotherDuck as another example of startups driving both OSS adoption and strong business growth simultaneously. Learn more from The New Stack around the latest in DuckDB: DuckDB: Query Processing Is King DuckDB: In-Process Python Analytics for Not-Quite-Big Data Join our community of newsletter subscribers to stay on top of the news and at the top of your game.

Angular expert Alain Chautard rejoined me on Ditching Hourly to share how he scaled his certification business through partnerships and automation.Jonathan and Alain talk about turning niche expertise into a certification business, reducing support demands, using expert partners across time zones and languages, negotiating a licensing-style partnership, and what happens when a soloist plugs their business into a larger organization.00:00 - Introduction and Welcome Back03:24 - Creating the Angular Certification Program07:00 - Automating Customer Support10:04 - Scaling with Global Partnerships12:08 - Handling Certification Interviews15:04 - Partnerships and Business Growth20:05 - Negotiating a Business Partnership24:38 - Email Marketing Journey36:51 - Exploring New Content Formats38:51 - Mastermind Groups for SoloistsAlain Chautard is a Google Developer Expert in Angular who does consulting, training, and conference/content work around the Angular framework. He created an Angular certification program after clients asked for proof of completion beyond a simple training certificate. His work now includes helping teams make architecture decisions, get up to speed with Angular, and scale the certification business through partnerships. Learn more at alainchautard.com. ----Do you have questions about how to improve your business? Things like:Value pricing your work instead of billing for your time?Positioning yourself as the go-to person in your space?Productizing your services so you never have to have another awkward sales call or spend hours writing another custom proposal?Book a one-on-one coaching call with me and get answers to these questions and others in the time it takes to get ready for work in the morning.Best of all, you're covered by my 100% satisfaction guarantee. If at the end of the call, you don't feel like it was worth it, just say the word, and I'll refund your purchase in full.To book your one-on-one coaching call, go to: https://jonathanstark.com/callI hope to see you there!

Your documentation has two audiences now - humans reading the rendered HTML, and AI agents trying to make sense of your library. Rich Iannone and Michael Chow from Posit are back on Talk Python with a brand new Python documentation tool called Great Docs that takes both seriously. Rich is the creator of Great Tables, and before that the R package GT, the man has a serious eye for design, and he's pointed that energy at the Python docs ecosystem. We'll talk about how Great Docs spins up a polished site in three commands, why every page ships as Markdown for your favorite LLM, how it leans on Quarto for executable code blocks and tabbed install sections, and where it lands against Sphinx, MkDocs, and Zensical. Plus, you'll meet Tablin. Here we go. Episode sponsors Sentry Error Monitoring, Code talkpython26 Temporal Talk Python Courses Links from the show Guests Michael Chow: github.com Rich lannone: github.com Python Web Security with OWASP Top 10 and Agentic AI Course: talkpython.fm Great Docs: posit-dev.github.io/great-docs Great Tables: posit-dev.github.io GT Episode: talkpython.fm Sphinx: www.sphinx-doc.org mkdocs: www.mkdocs.org Zensical: zensical.org Hugo: gohugo.io Ghost: ghost.org Rs pkgdown: pkgdown.r-lib.org Quarto: quarto.org quickstart: posit-dev.github.io llms.txt file: llmstxt.org llms.txt: talkpython.fm mcp: talkpython.fm cli: talkpython.fm Watch this episode on YouTube: youtube.com Episode #549 deep-dive: talkpython.fm/549 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Dumb Ways for an Open Source Project to Die How to create a pylock.toml lockfile https://github.com/facebook/Lifeguard Choosing a Python Logging Library in 2026 Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Dumb Ways for an Open Source Project to Die Core categories The maintainer left The maintainer is still there Sabotage and capture The release pipeline broke Force majeure The world moved on The project split - Examples Bulma PRs still from 2023, issues and PRs with no maintainer response for years, last release 1.5 years ago diskcache Similar, got hired by OpenAI, crickets after that Brian #2: How to create a pylock.toml lockfile Tim Hopper Tim walks through using uv, pip and pdm to create pylock.toml files. Recommendation: use uv export --format pylock.toml -o pylock.toml He also has How to install from a pylock.toml lockfile with pip but the short version is: use -r because tools treat it like a requirements file Michael #3: https://github.com/facebook/Lifeguard Lifeguard is a static analyzer to detect Lazy Imports incompatibilities and ease the adoption overhead for Lazy Imports in Python. I'm more excited about lazy imports after my Cutting Python Web App Memory Over 31% experience Some Python patterns depend on imports executing immediately. For example: Module-level side effects — a module that registers a handler or modifies global state at import time will behave differently if that import is deferred. The registry pattern — a module that registers itself (e.g., adding to a global dict) when imported will silently fail to register under Lazy Imports. sys.modules manipulation — code that reads or writes sys.modules assumes prior imports have already executed. Metaclasses and __init_subclass__ — class creation side effects may depend on imports being resolved. Project Stage: Beta Lifeguard is in active development. We are aiming to be ready for general use by the Python 3.15 final release. Brian #4: Choosing a Python Logging Library in 2026 Ayooluwa Isaiah " which libraries matter, how they compare, where they overlap with the standard module, and when each one makes sense.” The slant with this article is the need to log json output, which seems reasonable as things like API entry and exit point logging will include json. Covered libraries standard library logging with a hat tip to python-json-logger Same site has a guide to setting up python-json-logger structlog Loguru Logbook picologging Some benchmarks with structlog, stdlib+json, and Loguru, with structlog coming out faster I liked the Loguru example I'm going to have to try @logger.catch and logger.exception() for easily logging exceptions and serialize=True to enable JSON output. Extras Brian: When Women Stopped Coding - Planet Money segment , spotted on BlueSky from Savannah Ostrowski Lean TDD is now leaner Still working on audio version, but some great changes in 0.7.1 version Ch 6, TDD Interpretations, move ATDD and some of BDD to chapter Ch 7, Change name to TDD with Teams: BDD and ATDD Ch 9, Lean TDD, streamline steps and chapter Ch 10, Change name to Lean TDD with Teams: Lean ATDD Ch 11, Lean TDD with AI, Add short discussion about guardrails and security Michael: New course: Python Web Security: OWASP Top 10 with Agentic AI All courses now with Spanish subtitles, see announcement Joke: Stop texting me

Build AI engineering skills at Parsity. Spots filling fast.It's been a rough week. Meta just laid off 8,000 people, and then the CEO of ClickUp — a company most people have never heard of — went online to brag about cutting 20-something percent of his staff even though they're profitable. No financial pressure. Just vibes. Just "AI made our engineers 100X more capable" so we don't need these people anymore. Then he had the nerve to talk about million-dollar salary bands for the survivors while publicly dunking on the people he just fired.I'm not here to cover the Meta layoffs. There are a hundred channels doing that. I'm here to talk about the people nobody covers: the developer at the 50-person company who gets two weeks and a Slack message. The person who doesn't have a FAANG brand on their resume to fall back on. That's who I was when I got laid off in 2023.In this episode I get into what actually happened when I got canned - the Zoom call with the person you've never seen before, the access revocation, the immediate panic. What I did right after (not much). What I did wrong (a lot). The psychological damage that nobody talks about, and the things I wish somebody had told me before I spent weeks spiraling.This isn't a "5 tips to be layoff-proof" episode. I don't think layoff-proof exists. This is what it actually feels like, what actually helps, and what I'd do differently if it happened again tomorrow. Because it might. Your company doesn't have any loyalty to you, no matter how good things seem right now.If you're going through it, you're not alone.

Transição de carreira é um dos momentos mais desafiadores na vida de quem trabalha com tecnologia. Sair de uma atuação profundamente técnica para um papel mais estratégico, próximo do negócio e do cliente, exige muito mais do que conhecimento técnico. Exige mudança de mentalidade. Neste programa, conversamos com a Amanda Portela, que construiu a carreira como DBRE e, após longos anos na área técnica, fez a transição para Technical Account Manager.

In Elixir Wizards S15E04, Charles Suggs and Emma Whamond are joined by Somtochi Onyekwere, a software engineer at Fly.io and contributor to the Corrosion distributed database project, to talk about distributed systems, infrastructure resilience, and the growing fragility of centralized cloud platforms.   We discuss what recent outages across major providers reveal about modern infrastructure and why more teams are starting to rethink assumptions around reliability, failover, and system design. Somtochi explains how Fly.io approaches geographic distribution, eventual consistency, and replication across nodes, along with the trade-offs that come with building systems this way.   The conversation explores CRDTs (Conflict-free Replicated Data Types), consensus, split-brain prevention, and what actually happens when distributed systems fail in production. We also talk about testing strategies, rollback planning, property-based testing tools, and how teams can reduce blast radius when things inevitably go wrong.   Along the way, we discuss AI infrastructure, sandboxing AI agents, and how newer workloads may add pressure to already centralized systems. The episode closes with practical advice for developers who want to build more resilient applications without over-complicating their architecture. Topics Discussed in this Episode: Corrosion and distributed database replication Centralized cloud fragility and recent outage patterns Distributed systems versus traditional cloud architectures Multi-region deployment strategies for Phoenix applications CRDTs and conflict resolution in distributed systems Eventual consistency versus strict consistency tradeoffs Consensus, leader election, and split-brain prevention Testing failover and recovery scenarios Property-based testing and Antithesis Rollback planning for database schema migrations Reducing blast radius through system isolation Health checks and blue-green deployment strategies Fly Proxy request routing and replay behavior Cross-region synchronization and replication challenges Single points of failure inside “redundant” systems Backup restoration testing and disaster recovery planning Network partitions and failure handling in production Infrastructure monitoring and operational visibility AI infrastructure workloads and operational strain Sandboxing and securing AI agents Sprites and AI workflows at Fly.io Latency improvements from geographic distribution Distributed systems tradeoffs in real-world environments Transitive dependency failures across cloud providers Practical resilience strategies for modern engineering teams Links Mentioned: https://fly.io https://github.com/superfly/corrosion https://docs.gitops.weaveworks.org/ FluxCD https://fluxcd.io/ Fly.io Stateful Sandbox Environments https://sprites.dev/ Cloudflare Workers AI Inference Platform https://www.cloudflare.com/products/workers-ai/ “An AI Agent Just Destroyed Our Production Data. It Confessed in Writing” Twitter post from PocketOS founder: https://x.com/lifeof_jer/status/2048103471019434248 Oct 2025 AWS Outage https://www.theguardian.com/technology/2025/oct/24/amazon-reveals-cause-of-aws-outage Dec 2025 Cloudflare Outage https://www.theguardian.com/technology/2025/dec/05/another-cloudflare-outage-takes-down-websites-linkedin-zoom July 2025 Crowdstrike Outage https://www.ibm.com/think/news/recent-crowdstrike-outage-what-you-should-know March 2026 Stryker Cyber Attack https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html https://aws.amazon.com/ https://cloud.google.com/ https://azure.microsoft.com/en-us https://fly.io/docs/elixir/ CRDTs!! https://smartlogic.io/podcast/elixir-wizards/s13-e03-local-first-liveview-svelte-pwa/ https://antithesis.com/docs/resources/property_based_testing/ https://hex.pm/packages/proper

JetBrains is positioning itself as the last major independent AI coding-tool vendor in a market increasingly tied to hyperscalers and foundation model labs. Speaking at Google Cloud Next, JetBrains VP of business developmentMikhail Vink argued that competitors such as Microsoft Copilot, Anysphere Cursor, and Windsurfare all tied to either AI labs or cloud providers. By contrast, JetBrains says its independence allows customers to switch freely between models fromOpenAI,Anthropic, andGoogle Cloudwithout being locked into one ecosystem. That flexibility underpins JetBrains' broader AI strategy. Rather than building its own foundation model, the company is focusing on orchestration and governance through JetBrains Central, announced in March as a management layer for AI agents, usage controls, analytics, and consumption-based billing. Vink said the company's profitability, 16 million users, and 300,000 commercial customers from its long-running IDE business have allowed it to remain venture-free and model-neutral. JetBrains argues that as developers increasingly swap between AI models, neutrality may become more valuable than owning the models themselves. Learn more from The New Stack around the latest in AI coding-tools:  JetBrains ‘Agentic' AI Agent Helps Automate Coding Tasks JetBrains: AI agents are about to repeat the cloud ROI crisis  JetBrains names the debt AI agents leave behind Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

Topics covered in this episode: Using Django Tasks in production Co-authored with Claude? PyPI packages are increasing rapidly httpx2 Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Using Django Tasks in production Tim Schilling shares how the Djangonaut Space website has been using Django's new tasks framework and some of the info missing from the official Django docs. Tasks require a third party package, django-tasks-db to actually run the tasks. Article walks through all changes necessary to get an email process running to notify admins of new testimonials. Cool simple example. With the db backend, you can monitor progress of tasks in the admin, to see which tasks are scheduled, completed, or have errors. Some wishes for the community to implement new tutorial in the Django docs Django Debug toolbar panel for tasks test/mock backend Great title for wish list: Thinks I'd like to see, but I'm too lazy to implement myself. Michael #2: Co-authored with Claude? Via Nik T. We don't put “executed on macOS”, “edited with PyCharm”, etc. in our commits. Why Claude? Seems like a growth hack to me, that I don't really care to participate in. Some projects that have formalized their thoughts on this: The Generative AI Policy Landscape in Open Source Adjust to turn off in ~/.claude/settings.json see the docs. { "attribution": { "commit": "", "pr": "" } } Brian #3: PyPI packages are increasing rapidly Artem Golubin There's been an increase of published packages per week on PyPI A pretty big increase in the last handful of months. 30% increase since 2025, clearly due to AI Artem is building hexora, a malicious Python code detector. Cool package too, it can: Audit project dependencies to catch potential supply-chain attacks Detect malicious scripts found on platforms like Pastebin, GitHub, or open directories Analyze IoC files from past security incidents Audit new packages uploaded to PyPi. Artem is using hexora to analyze recently published pypi packages and many are obviously vibecoded and trigger false positives for abuses of eval, exec, and subprocess Side note: I don't think that's necessarily a false positive. Not malicious, but maybe a stupid-code-detector? Lots are LLM related, Lots have bots contributing code Publishing rate is crazy, dozens to hundreds of published versions in a day is a bug, not a feature Brian's proposal, PyPI should limit releases per day for any package to something a sane human would do, even if they make a mistake on a release, to maybe like 2-3, definitely under 10, in a day. And if the repo has obvious agent contributors listed, maybe lower to the limit to 1-2 a day? Honestly, “move fast and break things” doesn't apply to breaking the commons. Michael #4: httpx2 More on the httpx, httpxyz, etc changes: Pydantic people started their own fork, httpx2. Michiel says “while we think httpxyz was definitely needed, we welcome httpx2 and think it should be the ‘blessed' fork.” Kludex, who is among other things maintainer of Starlette, was considering a fork As it stands, httpx2 is lacking the performance improvements they added to httpxyz. But it will not be long before they will add those, too. Also they already made some smart decisions: they are switching from certifi to truststore they are switching to compression.zstd on Python 3.14+, enabling zstd compression by default they merged httpcore and vendored it in their repository Discussion on Hacker News Extras Brian: The Four Horsemen of the LLM Apocalypse - Anarcat Django/JetBrains 2026 developer survey is open Pyrefly 1.0 : “meaning we are confident that Pyrefly is ready for production use.” Michael: Just about ready to release Python Web Security: OWASP Top 10 with Agentic AI course. Be sure to be on the courses newsletter to get notified. Joke: Proud Parents

What began as an internal developer tool atBlockhas evolved into a broader open-source initiative with industry backing. Goose, Block's AI coding agent, followed a path similar to Amazon's transformation of internal infrastructure intoAmazon Web Services. After deploying Goose companywide, Block open-sourced the tool under a permissive license, leading to rapid adoption across the developer community. But according to Manik Surtani, Office of the CTO, Block and Co Founder of Agentic AI Foundation, early momentum exposed governance challenges. Although Goose was technically open source, Block retained trademark ownership, creating concerns for enterprises seeking truly independent governance. To address this, the team partnered with the creators ofAnthropicand the Model Context Protocol community to establish theAgentic AI Foundationunder the umbrella of theLinux Foundation. Goose, MCP, and Agents.MD became the foundation's initial projects, chosen largely to accelerate the launch of the new organization and create a collaborative ecosystem around agentic AI development. Learn more from The New Stack around the latest in open-source AI:  Anthropic extends MCP with a UI framework Why the Linux Foundation adopted MCP, with Jim Zemlin and Mazin Gilbert Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

In Season 15 episode 3, Charles Suggs sits down with Greg Medland, aka “The Elixir Fixer,” to talk about the current state of hiring and the software jobs market in 2026.   Greg shares what he's seeing from both sides of the hiring process as an Elixir-focused recruiter, from shifting company expectations to the growing importance of specialization, communication skills, and real-world product thinking. We discuss how the market has changed since the 2021–2022 hiring boom, why things feel more uncertain today, and how developers are adapting to a slower, more competitive landscape.   The conversation also explores how AI is affecting hiring workflows, résumé quality, technical interviews, and even the rise of fraudulent candidates. Greg explains why human relationships and reputation still matter more than ever, especially in smaller ecosystems like Elixir where community connections carry real weight.   Along the way, we talk about what junior developers are up against, why senior engineers with domain expertise continue to stand out, and what developers can do to position themselves more effectively in today's market. Greg shares practical advice for building a sustainable career, developing a clear professional identity, and navigating a rapidly changing industry.   Topics discussed in this episode: The current state of the Elixir job market Hiring trends and market shifts since 2021–2022 How AI is changing hiring and recruiting workflows Fraudulent candidates and AI-generated résumés Domain expertise vs. generalist engineering skills Product thinking and customer-focused development What companies are looking for in 2026 Junior developer challenges in the current market Why senior specialists remain in demand Networking and relationship-building in tech Open source contributions and visibility in the Elixir community Standing out in a crowded hiring environment Résumé quality and application strategies The role of personal branding for developers Remote work trends and geographic hiring patterns Technical interview expectations and evaluation changes Startup vs. enterprise hiring differences Human connection in an increasingly automated industry Career resilience and long-term positioning Building a sustainable software engineering career   Links mentioned: Socially Responsible Recruitment https://sr2rec.com/en/ Greg's LinkedIn https://www.linkedin.com/in/elixirfixer/ Greg's email address: greg@sr2rec.com

At Google Cloud Next 2026, Finout co-founder and CEO Roi Ravhon and Google Cloud FinOps lead Pathik Sharma discussed how FinOps is rapidly evolving for the AI era. Ravhon argued that while cloud FinOps had a decade to mature, AI economics are forcing the industry to adapt within a year. Unlike traditional cloud workloads, AI costs are unpredictable because token usage varies even for identical prompts, while advanced reasoning models consume significantly more tokens despite falling prices. Both emphasized that effective AI FinOps requires intelligent orchestration, routing workloads to the cheapest capable models instead of defaulting to expensive frontier models. Sharma noted that AI costs extend beyond APIs to GPUs, storage, training, and organizational adoption. They also cautioned against relying solely on LLMs for operational automation. Deterministic systems, observability metrics, and human approvals remain essential guardrails. Ultimately, both stressed that FinOps is primarily an organizational and cultural discipline, recommending newcomers start with the FinOps Foundation before investing in tools. Learn more from The New Stack around the latest in FinOps:  Why FinOps Isn't About Saving Money  FinOps Foundation's FOCUS 1.2 Expands to SaaS, PaaS  Join our community of newsletter subscribers to stay on top of the news and at the top of your game.   

What if your database worked more like Git? Every change captured as an immutable event you can replay, instead of a single mutating row that quietly forgets its own history. That's event sourcing, and Chris May is back on Talk Python, fresh off our Datastar panel, to walk us through what it actually looks like in Python. We'll cover the core patterns, the libraries to reach for, when not to use it, and why event sourcing turns out to be a surprisingly good fit for AI-assisted coding. Episode sponsors Sentry Error Monitoring, Code talkpython26 Temporal Talk Python Courses Links from the show Guest Chris May: everydaysuperpowers.dev Intro to event sourcing e-book: everydaysuperpowers.gumroad.com Domain-Driven Design: The Power of CQRS and Event Sourcing: How CQRS/ES Redefine Building Scalable System: ricofritzsche.me DDD: www.amazon.com Understanding Eventsourcing (Martin Dilger): www.amazon.com Event Sourcing Explained using Football Video: www.youtube.com Why I finally embraced event sourcing and why you should too article: everydaysuperpowers.dev valkey: valkey.io diskcache: talkpython.fm eventsourcing package: github.com eventsourcing docs: eventsourcing.readthedocs.io John Bywater: github.com Datastar: data-star.dev Microconf: microconf.com Event Modeling & Event Sourcing Podcast: podcast.eventmodeling.org Python Package Guides for AI Agents: github.com Iodine tablets AI joke: x.com KurrentDb: www.kurrent.io Watch this episode on YouTube: youtube.com Episode #548 deep-dive: talkpython.fm/548 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: httpxyz one month in Learn concurrency - a deep dive into multithreading with Python pip 26.1 - lockfiles and dependency cooldowns Python 3.15 sentinal values from PEP 661 Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: httpxyz one month in First version of httpxyz contained just the fixes to get zstd working, and the fixes to get the test suite running on python 3.14, some ‘housekeeping' changes related to the renaming End of March: a compatibility shim that allows you to use httpxyz even with third-party packages that import httpx themselves, as long as you import httpxyz first. Importing httpxyz automatically registers it under the httpx name in sys.modules , see https://httpxyz.org/httpx-compatibility/ Fixed a WHOLE bunch of performance related issues by forking httpcore Brian #2: Learn concurrency - a deep dive into multithreading with Python Nikos Vaggalis “Whenever you are trying to speed up code using multiple cores, always ask yourself: “Do these threads need to talk to each other right now?” If the answer is yes, it will be slow. The best parallel code splits a big job into completely isolated chunks, processes them separately, and merges the results at the finish line.” Good overview of thread concurrency with Python and how that's been improved dramatically with free-threaded Python Defines lots of terms you come across, including “embarrassingly parallel multithreading” There's a counter example that's nice Start with a shared resource, a counter, and multiple threads updating it Attempt to fix with threading.Lock(), which fixes it, but slows things down Good explanation of why Proper fix with concurrent.futures and separating the work of different threads so that they can be independent and their results can be combined when they're all finished. Michael #3: pip 26.1 - lockfiles and dependency cooldowns Python 3.9 is no longer supported Experimental: installing from pylock files Dependency cooldowns (see my post about this) Lifting several 2020 resolver limitations Brian #4: Python 3.15 sentinal values from PEP 661 MISSING = sentinel("MISSING") def next_value(default: int | MISSING = MISSING): ... if default is MISSING: ... Take a name str as a constructor parameter Intended to be compared with is operator, similar to None Sentinal objects can be used as a type, also similar to None and can be combined with other types with |. Unlike None, sentinal values are truthy. (Elipses ... are also truthy) This seems like a strange choice. but I guess it must have made sense to someone. It does force you to use is instead of depending on False-ness, so I guess it'll make code using sentinels more readable. Interesting that the PEP was started in 2021, and we're finally getting it this year. Extras Brian: Before GitHub - Armin Ronacher tenacity - cross-platform multi-track audio editor/recorder learned about it from Armin's article Joke: Joke option Make it myself Seems similar to what people think about software now Links httpxyz one month in httpxyz.org/httpx-compatibility Learn concurrency - a deep dive into multithreading with Python pip 26.1 - lockfiles and dependency cooldowns my post about this Python 3.15 sentinal values from PEP 661 Before GitHub tenacity Make it myself

Free interview prep guide: ⁠https://www.parsity.io/interview-prep⁠Free career roadmap for developers: ⁠https://www.parsity.io/career-roadmap⁠Carter Nadain spent four years trying to break into software development. He started with a bootcamp in 2022, got his CS degree, worked at Amazon delivering packages, sent out thousands of applications, and went through every kind of setback you can imagine — including having to move back in with his mom at 25 and completely restart his life.In this episode, Carter shares what actually worked: the interview tip that landed his current job, why recording yourself talking through problems is the most underrated prep strategy, and how he stayed consistent for four years when most people quit after three months.We also get into imposter syndrome, what it's really like walking into your first dev job, and why this career rewards people who refuse to stop.

In Season 15 episode 2, Elixir Wizards Sundi Myint and Charles Suggs chat with Micah Cooper to talk about distributed systems, data replication, and what it actually looks like to build these ideas in Elixir.   Micah shares his journey from Ruby to Elixir and walks us through Visor, a library he's building based on the Viewstamps replication algorithm. Inspired by systems like TigerBeetle, Visor explores how you can replicate state across nodes using GenServers, giving you fault tolerance and recovery without relying entirely on traditional database patterns.   We talk about the difference between distributed systems and data replication, where things tend to get misunderstood, and what changes when you start thinking about state this way. The conversation also touches on event sourcing, tradeoffs in system design, and how Elixir's distributed model makes some of these concepts more approachable than you might expect.   Along the way, we talk about building for curiosity, experimenting with new ideas, and how projects like this push the ecosystem forward.   Topics discussed in this episode: Building Visor and working with the Viewstamps replication model Replicating GenServer state across nodes Distributed systems vs. data replication Lessons from TigerBeetle and financial system design Event sourcing challenges and tradeoffs Rethinking database-first architectures Snapshotting, recovery, and fault tolerance The role of Elixir's distributed model Experimentation, learning, and building for curiosity   Links mentioned: Micah's GitHub https://github.com/mrmicahcooper Micah's GitLab https://gitlab.com/mrmicahcooper The Visor repository: https://gitlab.com/mrmicahcooper/visor Visor Hex Package https://hex.pm/packages/visor Ruby on Rails https://rubyonrails.org/ Phoenix LiveView Framework https://www.phoenixframework.org/ Zig Programming Language https://ziglang.org/ TigerBeetle https://tigerbeetle.com/ TigerBeetle internal docs https://github.com/tigerbeetle/tigerbeetle/tree/main/docs/internals The BEAM https://www.erlang-solutions.com/blog/the-beam-erlangs-virtual-machine/ GenServer https://hexdocs.pm/elixir/GenServer.html Apache Kafka https://github.com/apache/kafka RabbitMQ https://www.rabbitmq.com/ Redpanda https://www.redpanda.com/ SQL https://www.ibm.com/think/topics/structured-query-language Kubernetes https://kubernetes.io/ YAML https://yaml.org/ Nomad Workload Orchestrator https://developer.hashicorp.com/nomad Flutter https://flutter.dev/ Commanded https://hexdocs.pm/commanded/Commanded.html Go Programming Language https://go.dev/ Clojure Programming Language https://clojure.org/ Nebulex https://hexdocs.pm/nebulex/Nebulex.html Mnesia https://www.erlang.org/doc/apps/mnesia/mnesia.html Cachex https://hexdocs.pm/cachex/Cachex.html libgraph https://hexdocs.pm/libgraph/Graph.html Horde https://hexdocs.pm/horde/Horde.Registry.html NocFree split keyboard https://www.nocfree.com/ Micah's LinkedIn https://www.linkedin.com/in/micah-cooper-4a737560/ 

Managing Kubernetes at fleet scale introduces significant complexity, especially as organizations expand from a few clusters to hundreds or thousands across cloud, on-premises, and edge environments. While GitOps remains the dominant model for declarative management, its traditional one-to-one repository-to-cluster approach struggles to handle multi-cluster realities such as global traffic routing, shared secrets, and unified observability. AsStephane Erbrech, Principal Software Engineer at Microsoftexplains, the challenge shifts from deployment to governance—maintaining consistency, security, and compliance across a vast distributed system without manual intervention. This need is amplified by the rise of AI workloads at the edge, where inference is increasingly decentralized. To address these challenges,Microsoft Azure Kubernetes Fleet Managerenables coordinated, staged rollouts across clusters, allowing teams to validate updates in lower-risk environments before production. Supporting this,Cilium Cluster Meshprovides seamless cross-cluster connectivity, enabling workload mobility and efficient resource use, especially for scarce GPU capacity. Together, these tools help modern platform teams manage lifecycle, networking, and orchestration at scale.  Learn more from The New Stack around managing Kubernetes at fleet scale:  KubeFleet: The Future of Multicluster Kubernetes App Management Why Microsoft is betting on temporary identities to stop autonomous agents from going rogue Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

When OpenAI trained GPT-3, they didn't roll their own orchestration layer. They used Ray, an open source Python framework born out of the same Berkeley research lab lineage that gave us Apache Spark. And here's the twist: Ray was originally built for reinforcement learning research, then quietly faded as RL hit a wall. Until ChatGPT showed up. Suddenly reinforcement learning was back, as the post-training step that turns a raw language model into something genuinely useful. Edward Oakes and Richard Liaw, two founding engineers behind Ray and Anyscale, join me on Talk Python to tell that story. We'll trace Ray from its RISE Lab origins at UC Berkeley to powering some of the largest training runs in the world. We'll talk about what Ray actually is, a distributed execution engine for AI workloads, and how a few lines of Python become work running across hundreds of GPUs. We'll cover Ray Data for multimodal pipelines, the dashboard, the VS Code remote debugger, KubRay for Kubernetes, and where Ray fits alongside Dask, multiprocessing, and asyncio. If you've ever stared at a single-machine Python script and thought, "there has to be a better way to scale this", this one's for you Episode sponsors Sentry Error Monitoring, Code talkpython26 AgentField AI Talk Python Courses Links from the show Guests Richard Liaw: github.com Edward Oakes: github.com Ray: www.ray.io Example code (we used for walk-through): docs.ray.io Getting Started with Ray: docs.ray.io Ray Libraries: docs.ray.io kuberay: github.com Watch this episode on YouTube: youtube.com Episode #547 deep-dive: talkpython.fm/547 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Agentic AI is advancing rapidly, with open-source projects racing to keep pace with real-world deployment. To accelerate progress, the Linux Foundation consolidated key technologies—Model Context Protocol (MCP), Goose, and AGENTS.md—under the newly formed Agentic AI Foundation (AAIF) in late 2025. At the MCP Dev Summit in New York City, Linux Foundation CEO Jim Zemlin and newly appointed AAIF executive director Mazin Gilbert discussed this transition. Zemlin explained that leading both organizations was unsustainable, prompting a careful search for a leader with both technical expertise and collaborative leadership skills. Gilbert now takes on the challenge of guiding AAIF as it shapes the emerging agentic AI ecosystem. While the foundation currently oversees three projects, its broader mission involves defining the future architecture of agent-driven systems—deciding what to build, when, and why. These decisions will influence the trajectory of open-source AI development. The conversation also highlights the importance of open collaboration, funding dynamics, and early adopters in shaping the agentic stack's evolution.   Learn more from The New Stack around the latest in open-source projects and The Linux Foundation:  Anthropic Donates the MCP Protocol to the Agentic AI Foundation SAFE-MCP, a Community-Built Framework for AI Agent Security Google Donates the Agent2Agent Protocol to the Linux Foundation Join our community of newsletter subscribers to stay on top of the news and at the top of your game.

In this episode ofThe New Stack Makers, Matthew O'Riordan, CEO of Ably, explains how infrastructure originally built for human collaboration is now well-suited for long-running AI agents. While Ably initially resisted positioning itself as an AI company, the rise of agents that reason, call tools, and operate over extended periods revealed a natural fit for its real-time communication platform. O'Riordan highlights the limitations of HTTP for these use cases. While effective for short, request-response interactions, HTTP struggles with persistent, stateful experiences—such as handling dropped connections, multi-device usage, or mid-task interruptions. To address this, a new “durable session” layer is emerging, enabling continuous synchronization between agents and users through shared state, presence, and recovery mechanisms. Ably's solution, AI Transport, augments existing architectures by keeping HTTP for requests while shifting responses to durable sessions. Features like mutable message streams and “live objects” allow seamless reconnection and collaboration. The goal is to provide a drop-in layer that developers can adopt without rethinking their stack—moving beyond traditional pub/sub models. Learn more from The New Stack around Ably and AI Transport:  How MCP Uses Streamable HTTP for Real-Time AI Tool Interaction Ably Touts Real-Time Starter Kits for Vercel and Netlify AI Agents Need Help. Here's 4 Ways To Ship Software Reliably Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

Topics covered in this episode: profiling-explorer Reverting the incremental GC in Python 3.14 and 3.15 VSCode AI Co-author defaults to on, then off django freeze Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: profiling-explorer Adam Johnson And intro post Python: introducing profiling-explorer “profiling-explorer is a tool for exploring profiling data from Python's built-in profilers, which are stored in pstats files. ” Features Dark mode Click the calls, internal ms, or cumulative ms column headers to sort by that column. Use the search box to filter by filename or function name. Hover by a filename + line number pair to reveal the copy button, which copies the location to your clipboard for faster opening. Click the callers or callees links on the right of a row (not pictured above) to see the callers or callees of that function. Michael #2: Reverting the incremental GC in Python 3.14 and 3.15 Python 3.14 shipped with a new incremental garbage collector, but production reports of severe memory pressure (Neil Schemenauer measured up to 5× peak RSS on pathological cyclic workloads) have pushed the core team and Steering Council to revert it in both 3.14 and 3.15 - returning to the 3.13-era generational GC. This is the second time the inc GC has been pulled back: it was also reverted right before 3.13.0 final, and it shipped in 3.14 without going through the PEP process. The tradeoff is real: Neil's benchmarks showed max GC pause times of 1.3ms with inc GC versus 26ms with the generational one - great for latency-sensitive apps, terrible for memory-constrained ones. Release manager Hugo van Kemenade will ship 3.14.5 early with the revert, and Gregory Smith floated the idea of a 3.14.5rc1 - the first patch-release RC since 3.9.2 back in 2021. Tim Peters spent the thread doing live forensics on Windows, running a toy deque program that should cap at 1GB and watching it balloon to 15.6GB on a 16GB machine - and discovered the gen0 collector effectively never fires under the new scheme. Tim's bigger meta-point: CPython has a chronic shortage of real-world GC benchmarks, pyperformance has "basically no interesting" cyclic workloads, and users almost never share real data - so core devs keep flying blind on changes like this. Django maintainer Adam Johnson published a blog post mid-thread documenting a real memory "leak" in Django's migration system caused by inc GC, with a manual gc.collect() workaround - the listener-facing receipt that this wasn't just theoretical. If the inc GC comes back for 3.16, it'll go through a proper PEP, and the discussion is already shifting toward keeping both collectors available via a startup flag - which Neil and Sergey Miryanov have both prototyped. Brian #3: VSCode AI Co-author defaults to on, then off VSCode merges Enabling ai co author by default - 3 week ago Ton's of “why would you do this” and related comments VSCode merges Change default for git.addAICoAuthor to off - yesterday Take-away, don't rely on default, set addAICoAuthor to off yourself Michael #4: django freeze Convert your dynamic django site to a static one with one line of code. Just run python manage.py generate_static_site :) Features Generate the static version of your Django site, optionally compressed .zip file Generate/download the static site using urls (only superuser and staff) Follow sitemap.xml urls Follow internal links founded in each page Follow redirects Report invalid/broken urls Selectively include/exclude media and static files Custom base url (very useful if the static site will run in a specific folder different by the document-root) Convert urls to relative urls (very useful if the static site will run offline or in an unknown folder different by the document-root) Prevent local directory index Extras Brian: Thinking Less, Trusting More: GenAI's Impacts on Students' Cognitive Habits Michael: Vercel breached, employee to blame Introducing the new Talk Python web player GitHub uptime (a couple of views 1, 2) Joke: Friends in tech

Kubernetes is rapidly emerging as the de facto operating system for AI, with two-thirds of organizations using it for generative AI inference and 82% adopting it in production. Its ecosystem — including tools like Kubeflow — enables organizations to build, scale, and retain control of AI systems through open, community-driven infrastructure. Bob Killen of CNCF and Liam Bollmann-Dodd of SlashData shared insights from recent reports showing that AI success still hinges on strong engineering fundamentals—especially internal developer platforms and overall developer experience. While AI-generated code accelerates development, it shifts bottlenecks to DevOps, reliability, and security, increasing operational complexity. As a result, operator experience and well-defined guardrails have become critical to safely scaling AI. These controls help constrain both human and AI developers, reducing risk while enabling speed. At the same time, organizations are evolving team structures, expanding platform engineering groups to support internal users more effectively. Despite growing complexity, the core lesson remains consistent: open source innovation thrives on people, processes, and collaboration as much as on technology itself. Learn more from The New Stack around the latest in Kubernetes and its emergence as an operating system for AI:  Kubernetes and AI: Are They a Fit? How AI Is Pushing Kubernetes Storage Beyond Its Limits Kubernetes and AI Are Shaping the Next Generation of Platforms Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

In this episode ofThe New Stack Makers,Pete Smailsoutlines howSUSEis evolving from its Linux roots into an AI-native infrastructure platform. Speaking atKubeCon + CloudNativeCon Europe 2026, Smails explains the company's strategy to unify AI, containers and virtual machines on a single open, enterprise-ready foundation. Central to this isSUSE Rancher Prime, which enables consistent orchestration across hybrid and multi-cloud environments, alongsideSUSE Virtualizationfor modernizing legacy systems. A key innovation is “Liz,” a context-aware AI agent embedded in Rancher Prime that helps engineers identify vulnerabilities, troubleshoot deployments and interact with infrastructure using natural language. Unlike generic AI tools, Liz understands real-time cluster states and uses Model Context Protocol to deliver actionable insights. Smails emphasizes developer experience as critical to adoption, highlighting Rancher Developer Access for simplified local Kubernetes workflows. Overall, SUSE aims to deliver secure, automated infrastructure that reduces complexity while accelerating cloud-native and AI adoption. Learn more from The New Stack around the latest around SUSE:  SUSE Displays Enhanced Enterprise Linux at SECESSION SUSE Launches a Sovereign Premium Support Service for EU Customers Join our community of newsletter subscribers to stay on top of the news and at the top of your game.

In this episode of The New Stack Makers, AWS developer advocate Morgan Willis demonstrates Strands Agents, an open source agentic framework with rapid adoption since its launch. Using a simple accounting API, she walks through three approaches to retrieving a customer's latest invoice, highlighting how design choices dramatically impact efficiency. The initial method maps each API endpoint to a separate tool, requiring five chained calls and consuming about 52,000 tokens. By shifting to intent-based tools—focused on outcomes rather than individual data operations—the same task is completed in a single call using just 2,000 tokens, improving both efficiency and reasoning. In a third iteration, tools are hosted on a remote MCP server via AWS Agent Core Gateway, with semantic search limiting the agent's toolset to only what's relevant per query, further reducing token usage. Willis emphasizes that narrowly scoped agents outperform general-purpose ones, delivering better speed, accuracy, and context efficiency. Designing smaller, specialized agents with tailored tools is key as tool ecosystems expand. Learn more from The New Stack around the latest with Strands and MCP: AWS Launches Its Take on an Open Source AI Agents SDK What Is MCP? Game Changer or Just More Hype? MCP's biggest growing pains for production use will soon be solved Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

Data science consultant and podcast host Genevieve Hayes joined me on Ditching Hourly to talk about podcasting as a boost for an expertise-based business.Chapters00:00 - Genevieve Hayes and Value-Driven Data Science02:27 - Committing to Start a Podcast05:35 - Simple Production Is Good Enough07:02 - First Guests and Inbound Momentum11:46 - The 100-Episode Surprises15:07 - Relationships Beat Direct Lead Gen18:12 - Pitching Guests and Building Luck Surface Area29:30 - Buyers, Peers, and Referral Paths34:58 - Almost Quitting, Seasons, and Persistence39:00 - Preparation, Editing, and Production Workflow42:18 - Editing as Learning and Content Fuel49:20 - What You Actually Need to Start58:20 - Guest Referrals, Swaps, and Live Formats68:40 - Podcasting vs. Writing for Trust78:30 - Landing Dream Guests and Wrap-UpGuest BioGenevieve Hayes is an actuary and statistician-turned-data scientist who helps organizations improve decision-making by quantifying uncertainty, often when data is sparse. She became a soloist in early 2022 and provides data science consulting services. She also mentors data professionals who want to transform their technical skills into strategic expertise and move from tactical execution to strategic advisory roles. Genevieve hosts Value-Driven Data Science, a podcast for practicing data professionals making that technical-to-strategic shift. Learn more at Value-Driven Data Science.  ----Do you have questions about how to improve your business? Things like:Value pricing your work instead of billing for your time?Positioning yourself as the go-to person in your space?Productizing your services so you never have to have another awkward sales call or spend hours writing another custom proposal?Book a one-on-one coaching call with me and get answers to these questions and others in the time it takes to get ready for work in the morning.Best of all, you're covered by my 100% satisfaction guarantee. If at the end of the call, you don't feel like it was worth it, just say the word, and I'll refund your purchase in full.To book your one-on-one coaching call, go to: https://jonathanstark.com/callI hope to see you there!

Broadcom's VMware Cloud Foundation (VCF) is evolving from a turnkey infrastructure stack into a modern application platform, balancing simplicity with the flexibility demanded by Kubernetes-driven environments. AtKubeCon + CloudNativeCon Europe 2026, Broadcom leaders highlighted how VCF is adapting to support platform engineering teams, cloud-native workloads, and large-scale operations. A key industry shift is the return to private cloud, driven by data sovereignty concerns and the growing impact of AI. Enterprises are bringing workloads back on-premises while still expecting a cloud-like operating model. Broadcom is responding by prioritizing on-prem stability and aligning closely with open source, reflecting its strong contributions toKubernetesand related projects. Kubernetes is no longer a bolt-on but the core control plane of VCF, enabling unified management of compute, storage, and networking through declarative APIs. At the same time, the distinction between virtual machines and containers is fading. The focus is shifting toward application-centric platforms, where developers interact through consistent abstractions, allowing infrastructure to be provisioned seamlessly behind the scenes. Learn more from The New Stack around the latest around Broadcom:  Broadcom ‘Doubles Down' on Open Source, Donates Kubernetes Tool to CNCF Why Broadcom gave Velero to the CNCF Sandbox — and what it means for Kubernetes data protection Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

The cloud is convenient until it isn't. You upload your photos, sync your contacts, click through the cookie banners. Then prices go up again or you read about a family that lost their entire Google account over a medical photo sent to a doctor. At some point, the question shifts from "why would I run this myself?" to "why aren't I?" My guest this week is Alex Kretzschmar, head of DevRel at Tailscale, longtime host of the Self-Hosted podcast, and co-founder of Linuxserver.io. We cover what self-hosting really means in 2026, the apps worth running yourself like Immich and Home Assistant, why Docker Compose ties it all together, and how Tailscale lets you reach any of it from anywhere, without opening a single port. If you've been thinking about pulling your digital life back behind your own walls, this is your roadmap. Episode sponsors Temporal Talk Python Courses Links from the show Guest Alex Kretzschmar: alex.ktz.me Bitflip podcast: bitflip.show Self-Hosted podcast (Alex's previous show): selfhosted.show Perfect Media Server: perfectmediaserver.com KTZ Systems on YouTube: youtube.com/@ktzsystems Linuxserver.io (co-founded by Alex): linuxserver.io "How Tailscale Works" blog post: tailscale.com/blog/how-tailscale-works https://tailscale.com/: tailscale.com Self-hosted apps discussed Awesome Self-Hosted (GitHub list): github.com Immich (Google Photos alternative): immich.app Home Assistant: home-assistant.io Open Home Foundation: openhomefoundation.org Plausible Analytics: plausible.io Umami Analytics: umami.is Python integration for umami: pypi.org Pi-hole: pi-hole.net AdGuard Home: adguard.com NextDNS: nextdns.io Coolify: coolify.io Docker + ufw: docs.docker.com Storage, backup & filesystem OpenZFS: openzfs.org ZFS.rent (offsite ZFS replication): zfs.rent Backblaze: backblaze.com Hetzner Storage Box: hetzner.com DigitalOcean: digitalocean.com Secrets management mentioned OpenBao (open-source Vault fork): openbao.org HashiCorp Vault: hashicorp.com Bitwarden: bitwarden.com 1Password: 1password.com Hardware mentioned Proxmox VE: proxmox.com Minisforum MS01: minisforum.com Zima Board / Zima OS: zimaspace.com Other references Cory Doctorow on "enshittification" (Cory's blog where he coined the term): pluralistic.net Linus Tech Tips' WAN Show (Linus mentioned NAS-building going mainstream): linustechtips.com Watch this episode on YouTube: youtube.com Episode #546 deep-dive: talkpython.fm/546 Episode transcripts: talkpython.fm Theme Song: Developer Rap

In this episode of The New Stack Makers, Nimisha Asthagiri of Thoughtworks explores why many AI initiatives stall between proof of concept and production. A key issue is that organizations focus on speed—asking how to move faster—rather than rethinking what new capabilities AI actually enables. Successful companies take a systems-thinking approach, investing in organizational literacy and aligning teams around meaningful use cases instead of retrofitting AI into existing workflows. Asthagiri highlights that core engineering practices are ফিরে to prominence. As AI-generated code increases, so does the risk of “cognitive debt,” where developers lose understanding of their own systems. To counter this, teams are reviving fundamentals like test-driven development, mutation testing, observability, and zero-trust security, especially as autonomous agents contribute to production code. She also introduces the concept of “dark code”—AI-generated code that may never be used—and argues for more intentional lifecycle management, including ephemeral code. Ultimately, the focus shifts from code itself to specifications, context management, and disciplined engineering practices.   Learn more from The New Stack around the latest about system-thinking approaches:  System Two AI: The Dawn of Reasoning Agents in Business  A practical systems engineering guide: Architecting AI-ready infrastructure for the agentic era  Join our community of newsletter subscribers to stay on top of the news and at the top of your game.

Graduating within the CNCF marks a major milestone for an open source project, signaling not just technical maturity but strong governance, security practices, and widespread adoption. Kyverno, a Kubernetes policy engine, reached this stage after five years — becoming only the 35th project to progress from sandbox to graduation. As co-founder Jim Bugwadia explains, incubation reflects production readiness and adoption, while graduation validates the project's long-term sustainability and governance rigor. Originally built to help teams manage Kubernetes complexity through declarative policies, Kyverno has evolved alongside the ecosystem. Its shift to the Kubernetes-native Common Expression Language (CEL) and rising demand driven by AI workloads have expanded its user base beyond regulated industries to mainstream enterprises. With over three billion downloads, it underscores the growing need for automated policy enforcement across development, security, and operations teams. Commercially, Nirmata maintains a clear boundary between open source and enterprise offerings, focusing on remediation and advanced management. While only 2–5% of users convert, that small percentage becomes meaningful at Kyverno's scale. Learn more from The New Stack around the latest about Kyverno: Simplify Kubernetes Security With Kyverno and OPA Gatekeeper Using the Kyverno CLI to Write Policy Test Cases Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

At the MCP Summit in New York City, AWS's Luca Chang, a Bedrock team member and MCP specification maintainer, discussed the rapid rise of the Model Context Protocol (MCP) as a standard for connecting AI models and agents to tools and data. He explained that MCP's development is shaped by a diverse group of maintainers who collaboratively prioritize features, balancing major challenges with smaller enhancements that can unlock creative new capabilities. This breadth of perspectives prevents groupthink but makes prioritization difficult, as many ideas compete for limited bandwidth. Chang highlighted the role of large organizations like Amazon in advancing open source projects. AWS contributions such as Tasks and Elicitations emerged from internal efforts to map cloud services to MCP, revealing gaps in the protocol. Rather than contributing for speed, AWS focuses on real customer use cases, contributing only when clear needs arise. Chang also noted growing demand for MCP servers, while expressing caution about overly specialized, agent-specific implementations that could limit broader interoperability. Learn more from The New Stack around  the latest in Model Context Protocol (MCP) becoming a standard for connecting AI models and agents to tools and data:  Model Context Protocol: A Primer for the Developers Beyond the vibe code: The steep mountain MCP must climb to reach production https://thenewstack.io/model-context-protocol-evolution/ Join our community of newsletter subscribers to stay on top of the news and at the top of your game.

Topics covered in this episode: Django Modern Rest Already playing with Python 3.15 Cutting Python Web App Memory Over 31% tryke - A Rust-based Ptyhon test runner with a Jest-style API Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Django Modern Rest Modern REST framework for Django with types and async support Supports Pydantic, Attrs, and msgspec Has ai coding support with llms.txt See an example at the “showcase” section Brian #2: Already playing with Python 3.15 3.15.0a8, 2.14.4 and 3.13.13 are out Hugo von Kemenade beta comes in May, CRs in Sept, and Final planned for October But still, there's awesome stuff here already, here's what I'm looking forward to: PEP 810: Explicit lazy imports PEP 814: frozendict built-in type PEP 798: Unpacking in comprehensions with * and ** PEP 686: Python now uses UTF-8 as the default encoding Michael #3: Cutting Python Web App Memory Over 31% I cut 3.2 GB of memory usage from our Python web apps using five techniques: async workers import isolation the Raw+DC database pattern local imports for heavy libraries disk-based caching See the full article for details. Brian #4: tryke - A Rust-based Ptyhon test runner with a Jest-style API Justin Chapman Watch mode, Native async support, Fast test discovery, In-source testing, Support for doctests, Client/server mode for fast editor integrations, Pretty, per-assertion diagnostics, Filtering and marks, Changed mode (like pytest-picked), Concurrent tests, Soft assertions, JSON, JUnit, Dot, and LLM reporters Honestly haven't tried it yet, but you know, I'm kinda a fan of thinking outside the box with testing strategies so I welcome new ideas. Extras Brian: Why are't we uv yet? Interesting take on the “agents prefer pip” Problem with analysis. Many projects are libraries and don't publish uv.lock file Even with uv, it still often seen as a developer preference for non-libarries. You can sitll use uv with requirements.txt PyCon US 2026 talks schedule is up Interesting that there's an AI track now. I won't be attending, but I might have a bot watch the videos and summarize for me. :) What has technology done to us? Justin Jackson Lean TDD new cover Also, 0.6.1 is so ready for me to start f-ing reading the audio book and get on with this shipping the actual f-ing book and yes I realize I seem like I'm old because I use “f-ing” while typing. Michael: Python 3.14.4 is out Beanie 2.1 release Joke: HumanDB - Blazingly slow. Emotionally consistent.

The OWASP Top 10 just got a fresh update, and there are some big changes: supply chain attacks, exceptional condition handling, and more. Tanya Janca is back on Talk Python to walk us through every single one of them. And we're not just talking theory, we're going to turn Claude Code loose on a real open source project and see what it finds. Let's do it. Episode sponsors Temporal Talk Python Courses Links from the show DevSec Station Podcast: www.devsecstation.com SheHacksPurple Newsletter: newsletter.shehackspurple.ca owasp.org: owasp.org owasp.org/Top10/2025: owasp.org from here: github.com Kinto: github.com A01:2025 - Broken Access Control: owasp.org A02:2025 - SecuA02 Security Misconfiguration: owasp.org ASP.NET: ASP.NET A03:2025 - Software Supply Chain Failures: owasp.org A04:2025 - Cryptographic Failures: owasp.org A05:2025 - Injection: owasp.org A06:2025 - Insecure Design: owasp.org A07:2025 - Authentication Failures: owasp.org A08:2025 - Software or Data Integrity Failures: owasp.org A09:2025 - Security Logging and Alerting Failures: owasp.org A10 Mishandling of Exceptional Conditions: owasp.org https://github.com/KeygraphHQ/shannon: github.com anthropic.com/news/mozilla-firefox-security: www.anthropic.com generalpurpose.com/the-distillation/claude-mythos-what-it-means-for-your-business: www.generalpurpose.com Python Example Concepts: blobs.talkpython.fm Watch this episode on YouTube: youtube.com Episode #545 deep-dive: talkpython.fm/545 Episode transcripts: talkpython.fm Theme Song: Developer Rap

At the MCP Summit inNew York City,Clare LiguoriofAmazon Web Servicesdiscussed the rapid rise of theModel Context Protocol(MCP), now a leading way to connect AI agents with tools and data. Originally developed byAnthropicand later transferred to theLinux Foundation, MCP has seen surging enterprise adoption as agentic AI expands. Liguori highlighted her dual role shaping MCP's evolving specification, including work on integrating webhooks, events, and notifications to support always-on AI agents. AWS has actively contributed features like Tasks and Elicitations and offers managed MCP servers, positioning itself as both contributor and experimental platform for emerging capabilities. This collaboration illustrates how corporate involvement can accelerate open-source innovation and adoption. Looking ahead, MCP's role as connective infrastructure for AI agents is expected to grow, especially as tools become more accessible. With broader adoption of AI development platforms across non-engineering roles, MCP could help extend automation beyond tech teams to businesses of all sizes. Learn more from The New Stack about the latest around Model Context Protocol(MCP):  MCP: The Missing Link Between AI Agents and APIs Beyond the vibe code: The steep mountain MCP must climb to reach production MCP is everywhere, but don't panic. Here's why your existing APIs still matter. Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

When you pip install a package with compiled code, the wheel you get is built for CPU features from 2009. Want newer optimizations like AVX2? Your installer has no way to ask for them. GPU support? You're on your own configuring special index URLs. The result is fat binaries, nearly gigabyte-sized wheels, and install pages that read like puzzle books. A coalition from NVIDIA, Astral, and QuanSight has been working on Wheel Next: A set of PEPs that let packages declare what hardware they need and let installers like uv pick the right build automatically. Just uv pip install torch and it works. I sit down with Jonathan Dekhtiar from NVIDIA, Ralf Gommers from Quansight and the NumPy and SciPy teams, and Charlie Marsh, founder of Astral and creator of uv, to dig into all of it. Episode sponsors Sentry Error Monitoring, Code talkpython26 Temporal Talk Python Courses Links from the show Guests Charlie Marsh: github.com Ralf Gommers: github.com Jonathan Dekhtiar: github.com CPU dispatcher: numpy.org build options: numpy.org Red Hat RHEL: www.redhat.com Red Hat RHEL AI: www.redhat.com RedHats presentation: wheelnext.dev CUDA release: developer.nvidia.com requires a PEP: discuss.python.org WheelNext: wheelnext.dev Github repo: github.com PEP 817: peps.python.org PEP 825: discuss.python.org uv: docs.astral.sh A variant-enabled build of uv: astral.sh pyx: astral.sh pypackaging-native: pypackaging-native.github.io PEP 784: peps.python.org Watch this episode on YouTube: youtube.com Episode #544 deep-dive: talkpython.fm/544 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Migrating from mypy to ty: Lessons from FastAPI Oxyde ORM Typeshedded CPython docs Raw+DC Database Pattern: A Retrospective Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Migrating from mypy to ty: Lessons from FastAPI Tim Hopper I saw this post by Sebastián Ramírez about all of his projects switching to ty FastAPI, Typer, SQLModel, Asyncer, FastAPI CLI SqlModel is already ty only - mypy removed This signals that ty is ready to use Tim lists some steps to apply ty to your own projects Add ty alongside mypy Set error-on-warning = true Accept the double-ignore comments Pick a smaller project to cut over first Drop mypy when the noise exceeds the signalAdd ty alongside mypy Related anecdote: I had tried out ty with pytest-check in the past with difficulty Tried it again this morning, only a few areas where mypy was happy but ty reported issues At least one ty warning was a potential problem for people running pre-releases of pytest, Not really related: packaging.version.parse is awesome Michael #2: Oxyde ORM Oxyde ORM is a type-safe, Pydantic-centric asynchronous ORM with a high-performance Rust core. Note: Oxyde is a young project under active development. The API may evolve between minor versions. No sync wrappers or thread pools. Oxyde is async from the ground up Includes oxyde-admin Features Django-style API - Familiar Model.objects.filter() syntax Pydantic v2 models - Full validation, type hints, serialization Async-first - Built for modern async Python with asyncio Rust performance - SQL generation and execution in native Rust Multi-database - PostgreSQL, SQLite, MySQL support Transactions - transaction.atomic() context manager with savepoints Migrations - Django-style makemigrations and migrate CLI Brian #3: Typeshedded CPython docs Thanks emmatyping for the suggestion Documentation for Python with typeshed types Source: typeshedding_cpython_docs Michael #4: Raw+DC Database Pattern: A Retrospective A new design pattern I'm seeing gain traction in the software space: Raw+DC: The ORM pattern of 2026 I've had a chance to migrate three of my most important web app. Thrilled to report that yes, the web app is much faster using Raw+DC Plus, this was part of the journey to move from 1.3 GB memory usage to 0.45 GB (more on this next week) Extras Brian: Lean TDD 0.5 update Significant rewrite and focus Michael: pytest-just (for just command file testing), by Michael Booth Something going on with Encode httpx: Anyone know what's up with HTTPX? And forked starlette and uvicorn: Transfer of Uvicorn & Starlette mkdocs: The Slow Collapse of MkDocs django-rest-framework: Move to django commons? Certificates at Talk Python Training Joke: Neue Rich

When you type a question into ChatGPT, the model only has what you typed to work with. But tools like Claude Code can plan, iterate, test, and recover from mistakes. They work more like we do. The difference is the agent harness: Planning tools, file system access, sub-agents, and carefully crafted system prompts that turn a raw LLM into something genuinely capable. Sydney Runkle is back on Talk Python representing LangChain and their new open source library, Deep Agents: A framework for building your own deep agents with plain Python functions, middleware hooks, and MCP support. This is how the magic works under the hood. Episode sponsors Sentry Error Monitoring, Code talkpython26 Agentic AI Course Talk Python Courses Links from the show Guest Sydney Runkle: github.com Claude Code uses: x.com Deep Research: openai.com Manus: manus.im Blog post announcement: blog.langchain.com Claudes system prompt: github.com sub agents: docs.anthropic.com the quick start: docs.langchain.com CLIs: github.com Talk Python's CLI: talkpython.fm custom tools: docs.langchain.com DeepAgents Examples: github.com Custom Middleware: docs.langchain.com Built in middleware: docs.langchain.com Improving Deep Agents with harness engineering: blog.langchain.com Prebuilt middleware: docs.langchain.com Watch this episode on YouTube: youtube.com Episode #543 deep-dive: talkpython.fm/543 Episode transcripts: talkpython.fm Theme Song: Developer Rap

In this episode of Ditching Hourly, host Jonathan Stark welcomes Carl Franklin, co-host of the .NET Rocks podcast, to discuss the intricacies and benefits of value pricing. Listeners will gain insights into how value pricing can transform their business approach, moving away from the traditional hourly billing model.The conversation covers key topics such as the differences between fixed pricing and hourly billing, the importance of the "why" conversation with clients, and strategies for handling project changes. Carl shares his experiences with proposal options, client negotiations, and overcoming resistance to value pricing.(00:00) Introduction(00:15) Carl Franklin's Background(02:09) Early Podcasting Days(04:39) The Starbucks Card Story(05:44) Introduction to Value Pricing(07:06) Fixed Pricing vs. Hourly(08:01) The Why Conversation(08:45) First Experiences with Value Pricing(20:39) Proposal Options and Client Choices(23:09) Handling Project Changes(25:02) Partnering and Value Pricing(27:00) Payment Terms and Client Negotiations(40:59) Expertise and Pricing Strategy(41:52) Overcoming Resistance to Value Pricing(44:02) Collaborative Projects and Revenue Sharing(45:44) Carl's Current Projects and Podcasts(48:54) Closing RemarksCarl Franklin is a seasoned podcaster and developer, best known as the co-host of the .NET Rocks podcast, which has been a staple in the developer community since 2002. Learn more about Carl and his work at .NET Rocks. ----Do you have questions about how to improve your business? Things like:Value pricing your work instead of billing for your time?Positioning yourself as the go-to person in your space?Productizing your services so you never have to have another awkward sales call or spend hours writing another custom proposal?Book a one-on-one coaching call with me and get answers to these questions and others in the time it takes to get ready for work in the morning.Best of all, you're covered by my 100% satisfaction guarantee. If at the end of the call, you don't feel like it was worth it, just say the word, and I'll refund your purchase in full.To book your one-on-one coaching call, go to: https://jonathanstark.com/callI hope to see you there!

Topics covered in this episode: Lock the Ghost Fence for Sandboxing MALUS: Liberate Open Source Harden your GitHub Actions Workflows with zizmor, dependency pinning, and dependency cooldowns Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course **Patreon SupportersConnect with the hosts** Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Lock the Ghost The five core takeaways: PyPI "removal" doesn't delete distribution files. When a package is removed from PyPI, it disappears from the index and project page, but the actual distribution files remain accessible if you have a direct URL to them. uv.lock uniquely preserves access to ghost packages. Because uv.lock stores direct URLs to distribution files rather than relying on the index API at install time, uv sync can successfully install packages that have already been removed, even with cache disabled. No other Python lock file implementation tested behaved this way. This creates a supply chain attack vector. An attacker could upload a malicious package, immediately remove it to dodge automated security scanning, and still have it installable via a uv.lock file, or combine this with the xz-style strategy of hiding malicious additions in large, auto-generated lock files that nobody reviews. Removed package names can be hijacked with version collisions. When an owner removes a package, the name can be reclaimed by someone else who can upload different distribution types under the same version number, as happened with "umap." Lock files help until you regenerate them, then you're exposed. Your dependency scanning needs to cover lock files, not just manifest files. Scanning only pyproject.toml or requirements.txt misses threats embedded in lock files, which is where the actual resolved URLs and hashes live. Brian #2: Fence for Sandboxing Suggested by Martin Häcker “Some coding platforms have since integrated built-in sandboxing (e.g., Claude Code) to restrict write access to directories and/or network connectivity. However, these safeguards are typically optional and not enabled by default.” “JY Tan (on cc) has extracted the sandboxing logic from Claude Code and repackaged it into a standalone Go binary.” Source code on GitHub: https://github.com/Use-Tusk/fence Related: Simon Willison lethal trifecta for AI agents article from June 2025 Claude Code Sandboxing Michael #3: MALUS: Liberate Open Source via Paul Bauer The service will generate the specs of a library with one AI and build the newly licensed library using the specs with another AI circumventing the licensing and copyright rules. AI that has not been trained on open source reads the docs and API signature, creates a spec. Another AI processes that spec into working software. Is it a real site? Are they accepting real money, or are they just trying to cause a stir around copyright? Brian #4: Harden your GitHub Actions Workflows with zizmor, dependency pinning, and dependency cooldowns Matthias Schoettle Avoid things like this: hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far Extras Brian: GitHub is asking to spy on us, that's nice Michael: Michael's new SaaS for podcasters: InterviewCue DigitalOcean's Spaces cold storage for infrequently accessed data Minor issue about my fire and forget post, was a latent bug? Fire and Forget at Textual follow up article Joke: Can you?

If you've built documentation in the Python ecosystem, chances are you've used Martin Donath's work. His Material for MKDocs powers docs for FastAPI, uv, AWS, OpenAI, and tens of thousands of other projects. But when MKDocs 2.0 took a direction that would break Material and 300 ecosystem plugins, Martin went back to the drawing board. The result is Zensical: A new static site generator with a Rust core, differential builds in milliseconds instead of minutes, and a migration path designed to bring the whole community along. Episode sponsors Sentry Error Monitoring, Code talkpython26 Talk Python Courses Links from the show Guest Martin Donath: github.com Zensical: zensical.org Material for MkDocs: squidfunk.github.io Getting Started: zensical.org Github pages: docs.github.com Cloudflare pages: pages.cloudflare.com Michaels Example: gist.github.com Material for MkDocs: zensical.org gohugo.io/content-management/shortcodes: gohugo.io a sense of size of the project: blobs.talkpython.fm Zensical Spark: zensical.org Watch this episode on YouTube: youtube.com Episode #542 deep-dive: talkpython.fm/542 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Topics covered in this episode: Starlette 1.0.0 Astral to join OpenAI uv audit Fire and forget (or never) with Python's asyncio Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Starlette 1.0.0 As a reminder, Starlette is the foundation for FastAPI Starlette 1.0 is here! - fun blog post from Marcello Trylesinski “The changes in 1.0 were limited to removing old deprecated code that had been on the way out for years, along with a few bug fixes. From now on we'll follow SemVer strictly.” Fun comment in the “What's next?” section: “Oh, and Sebastián, Starlette is now out of your way to release FastAPI 1.0.

When LLMs write code to accomplish a task, that code has to actually run somewhere. And right now, the options aren't great. Spin up a sandboxed container and you're paying a full second of cold start overhead plus the complexity of another service. Let the LLM loose on your actual machine and... well, you'd better be watching. On this episode, I sit down with Samuel Colvin, creator of Pydantic, now at 10 billion downloads, to explore Monty, a Python interpreter written from scratch in Rust, purpose-built to run LLM-generated code. It starts in microseconds, is completely sandboxed by design, and can even serialize its entire state to a database and resume later. We dig into why this deliberately limited interpreter might be exactly what the AI agent era needs. Episode sponsors Talk Python Courses Python in Production Links from the show Guest Samuel Colvin: github.com CPython: github.com IronPython: ironpython.net Jython: www.jython.org Pyodide: pyodide.com monty: github.com Pydantic AI: pydantic.dev Python AI conference: pyai.events bashkit: github.com just-bash: github.com Narwhals: narwhals-dev.github.io Polars: pola.rs Strands Agents: aws.amazon.com Subscribe Running Pydantic's Monty Rust sandboxed Python subset in WebAssembly: simonwillison.net Rust Python: github.com Valgrind: valgrind.org Cod Speed: codspeed.io Watch this episode on YouTube: youtube.com Episode #541 deep-dive: talkpython.fm/541 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Monorepos -- you've heard the talks, you've read the blog posts, maybe you've seen a few tantalizing glimpses into how Google or Meta organize their massive codebases. But it's often in the abstract and behind closed doors. What if you could crack open a real, production monorepo, one with over a million lines of Python and over 100 of sub-packages, and actually see how it's built, step by step, using modern tools and standards? That's exactly what Apache Airflow gives us. On this episode, I sit down with Jarek Potiuk and Amogh Desai, two of Airflow's top contributors, to go inside one of the largest open-source Python monorepos in the world and learn how they manage it with uv, pyproject.toml, and the latest packaging standards, so you can apply those same patterns to your own projects. Episode sponsors Agentic AI Course Python in Production Talk Python Courses Links from the show Guests Amogh Desai: github.com Jarek's GitHub: github.com definition of a monorepo: monorepo.tools airflow: airflow.apache.org Activity: github.com OpenAI: airflowsummit.org Part 1. Pains of big modular Python projects: medium.com Part 2. Modern Python packaging standards and tools for monorepos: medium.com Part 3. Monorepo on steroids - modular prek hooks: medium.com Part 4. Shared “static” libraries in Airflow monorepo: medium.com PEP-440: peps.python.org PEP-517: peps.python.org PEP-518: peps.python.org PEP-566: peps.python.org PEP-561: peps.python.org PEP-660: peps.python.org PEP-621: peps.python.org PEP-685: peps.python.org PEP-723: peps.python.org PEP-735: peps.python.org uv: docs.astral.sh uv workspaces: blobs.talkpython.fm prek.j178.dev: prek.j178.dev your presentation at FOSDEM26: fosdem.org Tallyman: github.com Watch this episode on YouTube: youtube.com Episode #540 deep-dive: talkpython.fm/540 Episode transcripts: talkpython.fm Theme Song: Developer Rap