Python Bytes

Python Bytes

Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.

https://pythonbytes.fm/

Technology
subscribe
share






claim!
report

episode 377: #377: A Dramatic Episode

Topics covered in this episode:

  • justpath
  • xz back door
  • LPython
  • dramatic
  • Extras
  • Joke
Watch on YouTube

About the show

Sponsored by ScoutAPM: pythonbytes.fm/scout

Connect with the hosts

  • Michael: @mkennedy@fosstodon.org
  • Brian: @brianokken@fosstodon.org
  • Show: @pythonbytes@fosstodon.org

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of

the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Michael #1: justpath

  • Inspect and refine PATH environment variable on both Windows and Linux.
  • Raw, count, duplicates, invalids, corrections, excellent stuff.
  • Check out the video

Brian #2: xz back door

  • In case you kinda heard about this, but not really.
  • Very short version:
    • A Microsoft engineer noticed a performance problem with ssh and tracked it to a particular version update of xz.
    • Further investigations found a multi-year installation of a fairly complex back door into the xz by a new-ish contributor. But still contributing over several years. First commit in early 2022.
    • The problem is caught. But if it had succeeded, it would have been bad.
    • Part of the issue of how this happened is due to having one primary maintainer on a very widely used tool included in tons-o-Linux distributions.
  • Some useful articles
    • Everything I Know About the XZ Backdoor - Evan Boehs - recommended read
  • Don’t think your affected? Think again if you use homebrew, for example:
    • Update and upgrade Homebrew and xz versions
  • Notes
    • Open source maintenance burnout is real
    • Lots of open source projects are maintained by unpaid individuals for long periods of time.
    • Multi-year sneakiness and social bullying is pretty hard to defend against.
    • Handing off projects to another primary maintainer has to be doable.
      • But now I think we need better tools to vet contributors.
      • Maybe? Or would that just suppress contributions?
  • One option to help with burnout:
    • JGMM, Just Give Maintainers Money: Software Needs To Be More Expensive - Glyph

Michael #3: LPython

  • LPython aggressively optimizes type-annotated Python code. It has several backends, including LLVM, C, C++, and WASM.
  • LPython’s primary tenet is speed.
  • Play with the wasm version here: dev.lpython.org
  • Still in alpha, so keep that in mind.

Brian #4: dramatic

  • Trey Hunner
  • More drama in the software world. This time in the Python.
  • Actually, this is just a fun utility to make your Python output more dramatic.
  • More fun output with terminaltexteffects
    • suggested by Allan

Extras

Brian:

  • Textual how has a new inline feature in the new release.

Michael:

  • My keynote talk is out: The State of Python in 2024
  • Have you browsed your github feed lately?
  • 3.10, 3.9, 3.8 security updates

Joke: Definition of terms

fyyd: Podcast Search Engine
share








   32m