PodcastsNotíciasPython Bytes

Python Bytes

Michael Kennedy and Calvin Hendryx-Parker
Python Bytes
Último episódio

487 episódios

  • Python Bytes

    #486 underscore-underscore-ghost-emoji

    30/06/2026 | 29min
    Topics covered in this episode:

    Free-threaded Python: past, present, and future

    django-admin-site-search

    Qwen 3.6 27B is the sweet spot for local development

    A large batch of PEPs are finalized

    Extras

    Joke

    Watch on YouTube

    Show Intro

    Sponsored by us! Support our work through:

    Our courses at Talk Python

    Consulting from Six Feet Up
    Connect with the hosts

    Michael: Mastodon / BlueSky / X / LinkedIn

    Calvin: Mastodon / BlueSky / X / LinkedIn

    Show: Mastodon / BlueSky / X
    Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesday at 7am PT. Older video versions available there too.
    Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

    Calvin #1: Free-threaded Python: past, present, and future

    The GIL has prevented true multi-threaded parallelism in CPython since the beginning — multiple past attempts to remove it failed on performance grounds

    Sam Gross at Meta finally solved it; his work became PEP 703 and ships as free-threaded CPython today

    Python 3.13 was experimental with 20–40% single-threaded slowdown; 3.14 brought that to 0–10%

    Python 3.15 (October 2026) delivers a unified ABI — one extension binary works on both GIL and free-threaded builds

    Already >50% of the top PyPI binary wheels support free threading

    Wouters predicts free-threaded becomes the default between 3.16–3.20 (2027–2031), with the GIL eventually disappearing next decade

    Michael #2: django-admin-site-search

    via Adam Parkin

    A global/site search modal for the Django admin, by Ahmed Aljawahiry. Hit cmd+k anywhere in the admin and you get a command-palette-style search window, kind of like the one in VS Code.

    It doesn't just search one model's list page. It searches your entire site in one box:

    App labels

    Model labels and field attributes

    Actual model instances (your data)

    Two ways to search the instances:

    model_char_fields (the default): runs an __icontains across every CharField (and subclasses) on the model. Zero config, works out of the box.

    admin_search_fields: defers to each ModelAdmin's existing get_search_results(), so it respects the search_fields you've already set up.

    The part I like: it's permission-aware out of the box. Users only see results for the apps and models they actually have view permission on, so you're not leaking anything through search.

    Results appear as you type, with throttling/debouncing so you're not hammering the server on every keystroke, and it's full keyboard nav: cmd+k to open, up/down to move, enter to go.

    It's responsive, does dark and light mode, and it pulls Django's built-in admin CSS variables so it just matches whatever admin theme you're running.

    Under the hood it's Alpine.js, but bundled into static so there's no external CDN dependency.

    Setup is about what you'd expect: pip install django-admin-site-search, add it to INSTALLED_APPS, mix the AdminSiteSearchView into your AdminSite, and drop a few template includes into base_site.html.

    Supports Python 3.8 through 3.14 and Django 3.2 through 6.0, MIT licensed, and everything is overridable if you want to skip certain models, add TextField matching, etc.

    Calvin #3: Qwen 3.6 27B is the sweet spot for local development

    Qwen 3.6 27B is being called the first local model that genuinely competes as a general-purpose intelligence — benchmarks put it at roughly mid-2025 frontier level (comparable to GPT-5 / Claude Sonnet 4.5)

    Runs locally via llama.cpp; on an M5 MacBook Max with 8-bit quantization + multi-token prediction, it hits ~32 tokens/sec using ~42GB RAM

    4-bit quantization gets it under 18GB, runnable on 32GB devices; Nvidia RTX cards run it even faster

    The dense 27B is recommended over the faster MoE 35B A3B — author prefers higher quality output over raw speed

    Privacy and reliability are the pitch: fine-tunable, can't be taken down, suitable for sensitive/proprietary data

    Author sees this as a stepping stone — frontier open-weight models like GLM 5.2 are now locally runnable with company-grade hardware, and smarter-still local models are coming

    Michael #4: A large batch of PEPs are finalized

    A bunch of PEPs went from accepted to final.

    668, 687, 691, 699, 701, 703, 728, 770, 773, 829

    But this wasn’t them making their way into CPython. It’s an admin sorta thing. (Thanks PyCoders)

    See the commit.

    Extras

    Calvin:

    More fun bling for your terminal this time - https://charm.land/

    Michael:

    Follow up from pls, What the pls? Thanks Pito.

    Joke: BEMoji

    A production-grade utility and component framework built entirely on emoji class names

    via Jeff Triplett
  • Python Bytes

    #485 Creating memories

    23/06/2026 | 38min
    Topics covered in this episode:

    Backup Docker volumes locally or to any S3

    Pyodide 314.0 Release

    nb-cli: A Command-Line Interface for AI Agents and Notebook Automation

    Hindsight Agent Memory That Learns

    Extras

    Joke

    Watch on YouTube

    About the show

    Sponsored by us! Support our work through:

    Our courses at Talk Python

    AWS Community Day Midwest tomorrow Wednesday the 24th in downtown Indianapolis, Six Feet Up is sponsoring and there are 2 Sixies presenting

    Connect with the hosts

    Michael: Mastodon / BlueSky / X / LinkedIn

    Calvin: Mastodon / BlueSky / X / LinkedIn

    Show: Mastodon / BlueSky / X

    Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesday at 7am PT. Older video versions available there too.

    Finally, if you want an bonus digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

    Michael #1: Backup Docker volumes locally or to any S3

    Via Bryan Weber (thanks Bryan!), who spotted it over on Virtualization HowTo. Find Bryan at bryanwweber.com.

    offen/docker-volume-backup is a lightweight companion container that backs up the volumes your apps actually depend on, then ships them somewhere safe.

    It's tiny: written in Go and about 25MB compressed, roughly 1/20th the size of the shell-based image (jareware/docker-volume-backup) that inspired it.

    Drop it into your docker compose file as a backup service, mount the volumes you care about as read-only, and you're off.

    Push backups to a pile of destinations: a local directory, plus any S3, WebDAV, Azure Blob Storage, Dropbox, Google Drive, or SSH-compatible target. Mix and match as many as you want in one run.

    Recurring cron-style backups in a Compose setup, or one-off backups straight from the Docker CLI.

    Production-friendly touches worth calling out:

    Rotates away old backups so you don't quietly fill the disk.

    GPG encryption for your archives.

    Notifications on finished and failed runs (so you find out about failures before you need the backup).

    Stop a container during backup for a consistent snapshot using a simple docker-volume-backup.stop-during-backup=true label, then auto-restart it.

    Run custom commands during the backup lifecycle (great for a database dump before the file copy).

    Docker Swarm support, plus arm64 and arm/v7 builds. Hello, Raspberry Pi homelab.

    Fun aside from Bryan: he searched our back catalog for this tool and the search came back so fast he thought it hadn't run. Love to hear it.

    Calvin #2: Pyodide 314.0 Release

    PEP 783 is the real news — Pyodide maintainers used to hand-build 300+ packages. Now anyone can publish Pyodide wheels to PyPI with cibuildwheel.

    The version jump from 0.29 to 314.0 is intentional — it now tracks the Python version, so 314.x = Python 3.14. Binary compatibility is locked per Python cycle, meaning packages you build today won't break on the next Pyodide release.

    sqlite3, ssl, and lzma are back in the default stdlib — no more await pyodide.loadPackage("sqlite3"). Bigger download, but a much smoother experience for newcomers.

    bigint precision bug is fixed — values above 2^53 were silently losing precision when crossing the Python/JS boundary. The new JsBigInt type makes the roundtrip correct. Worth flagging if anyone is doing numeric work in a browser app.

    Experimental TCP sockets in Node.js — you can now connect Pyodide to a real database (MySQL, PostgreSQL, Redis tested) when running server-side. Blurs the line between "Python in the browser" and "Python runtime anywhere Wasm runs."

    Michael #3: nb-cli: A Command-Line Interface for AI Agents and Notebook Automation

    From Piyush Jain (Jupyter and LangChain maintainer) on the Jupyter blog: nb-cli: A Command-Line Interface for AI Agents and Notebook Automation.

    nb-cli is an experimental, Rust-based CLI to read, write, execute, and search Jupyter notebooks. The premise: agents are great at CLIs but terrible at hand-editing the nested JSON in an .ipynb, so let them operate on the notebook from the outside instead of running inside it.

    Works with or without a Jupyter server. No server? It reads/writes .ipynb files directly and talks to kernels over ZeroMQ. Connected to a live JupyterLab, your edits show up instantly via Y.js (the same CRDT Jupyter uses).

    Smart output format: instead of token-heavy JSON or ambiguous plain markdown, it uses @@cell / @@output sentinels with inline metadata. Less wasted context, unambiguous structure, and it degrades gracefully on truncation.

    The payoff is composability. "Add a summary section and run it" becomes one shell pipeline instead of six agent tool calls. And nb search notebook.ipynb --with-errors returns only the failing cells, so the agent skips the cells that worked.

    Claude Code tie-in: it ships as an agent skill. npx skills install jupyter-ai-contrib/nb-cli and your agent can drive notebooks via nb.

    Out of jupyter-ai-contrib, which aims to become an official Jupyter AI subproject. Still early (crates.io is at v0.0.5), so kick the tires before anything load-bearing.

    See also marimo-pair.

    Calvin #4: Hindsight Agent Memory That Learns

    AI agents forget everything between sessions — Hindsight gives them persistent memory that learns over time

    Simple three-method API: retain(), recall(), reflect() — store, retrieve, and reason over memories

    TEMPR retrieval runs semantic, keyword, graph, and temporal search in parallel for accurate results

    Automatically consolidates related facts into durable observations instead of piling up duplicates

    pip install hindsight-all runs the entire server in-process; integrates with LangChain, LlamaIndex, Pydantic AI, CrewAI, and more

    Extras

    Calvin:

    Clanker: A Word For The Machine

    **Ponytail — You know him. Long ponytail. Oval glasses. Has been at the company longer than the version control**

    **Klangk: Multi-User AI Sandboxing, Collaboration and Coding Platform**

    Cursor announces Origin

    performative-ui to quick start your new idea
    Michael:

    Astral Joins OpenAI: The Interview

    SpaceX to acquire Cursor

    And OpenAI renews Open Source support

    Portuguese subtitles are now available for Talk Python courses

    DSF is hiring including Six Feet Up support

    Joke: Oh Babe…
  • Python Bytes

    #484 All our tools

    16/06/2026 | 49min
    Topics covered in this episode:

    pi + superpowers

    Terminal: Warp.dev + OhMyZSH

    {Blink,kitty} + mosh + tmux

    Claude code

    MacWhisper or Handy

    Tailscale

    Extras

    Joke

    Watch on YouTube

    About the show

    Sponsored by us! Support our work through:

    Our courses at Talk Python Training

    Six Feet Up is hosting a LinkedIn Live
    Connect with the hosts

    Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)

    Calvin: @calvinhp@sixfeetup.social / @calvinhp.com (bsky)

    Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky)

    Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesday at 7am PT. Older video versions available there too.
    Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

    Calvin #1: pi + superpowers

    terminal-first, open-source coding agent

    Session management is a first-class citizen

    Extension model is what makes pi special — it's aggressively composable

    Superpowers brings a structured software development methodology as loadable skills

    Steps back and asks you what you're really trying to do

    “hand you the keys to the car” mode vs guardrails might not be for everyone

    Michael #2: Terminal: Warp.dev + OhMyZSH

    If you’re using the base terminal with default settings, you have so much head-room for improvement.

    I’ve been using Warp.dev since Elvis talked me into it. ;)

    Remarkable terminal but the AI side of things is a bit junky, can be turned off

    OhMyZSH gives better autocomplete

    e.g. git branch [HTML_REMOVED] lists all branches in the local repo!

    Commandbookapp.com is excellent to keep the terminal focused on terminal things and more server commands and other automation in Command Book.

    Calvin #3: {Blink,kitty} + mosh + tmux

    Kitty Terminal — GPU-accelerated terminal emulator for macOS, Linux, and Windows with support for graphics, ligatures, and a powerful tiling layout system built right in.

    Blink Shell — The go-to terminal for iPad/iPhone power users; full SSH and Mosh client with a gorgeous interface built specifically for mobile professional workflows.

    Mosh — Mobile Shell replaces SSH for remote connections, surviving network switches, sleep cycles, and flaky Wi-Fi with zero dropped sessions — essential for staying connected to long-running agentic jobs.

    tmux — Terminal multiplexer that keeps sessions alive on your Linux server indefinitely; detach from a Mosh session on your Mac, reconnect from your iPad, and your agent is right where you left it.

    The combo — Kitty or Blink + Mosh + tmux creates a "persistent remote brain" pattern: your beefy Linux homelab runs the compute-heavy agent sessions 24/7, and any device becomes a thin client to drop in and out at will.

    Michael #4: Claude code

    I prefer the IDE experience, the new PyCharm + Claude integration is really good. VS Code too. Why IDE? Because we should still be present with our code and managing context is much easier.

    Use the best/latest models on high thinking. “Speed” is not your friend, it’s just shortcuts.

    Create skills and agents and use them.

    Curate your own rules (e.g. Talk Python’s Claude.md)

    Works well on non-coding things. Just create a folder, put a ton of files in there and it’s like NotebookLM + Chat + more.

    Calvin #5: MacWhisper or Handy

    Transcribes your speech using your choice of Whisper or Parakeet models.

    All transcription is done on your device, no data leaves your machine.

    Automatic Speaker Recognition with local models.

    Handy is more basic, but open source and runs on all platforms.

    Michael #6: Tailscale

    No need to open ports at all, Tailscale makes machines inside the same network accessible to each other

    Works great for laptops, desktops, etc. But also available for servers.

    Though I still use cloud firewalls for servers.

    How I use it:

    My dev database server, preloaded with QA data, is always running on my home mac mini m4 pro. All my apps look for that server before looking locally and tailscale makes them always accessible to each other

    My local LLMs expose OpenAI API compatible APIs. Tailscale makes these accessible even while traveling or at a coffee shop.

    Use my mini as an exit node. All traffic is routed outbound from my local fiber network. Great to restricted IPs like accessing my servers without caring about the local IP.

    Screen share back to my home machines even while traveling.

    Listen to the Talk Python episode with Alex for a deeper conversation.

    Extras

    Calvin:

    Telescopo great Mac Markdown viewer/editor.
    Michael:

    One more: Typora markdown editor.

    Created formal documentation for many of my open source packages using Great Docs.

    Via Mark Little: Statement on the US government directive to suspend access to Fable 5 and Mythos 5

    Joke: No second date
  • Python Bytes

    #483 Thanks Brian

    09/06/2026 | 28min
    Topics covered in this episode:

    Vulnerability and malware checks in uv

    HTTP GET requests with the Python standard library

    Millions of AI agents imperiled by critical vulnerability in open source package

    alembic-git-revisions

    Extras

    Joke

    Watch on YouTube

    About the show

    Goodbye and Thanks Brian

    Thanks Calvin for being part of this and future episodes! Also new time for the live show. Thanks Brian for all the hard work over the years.

    Calvin #1: Vulnerability and malware checks in uv

    release just yesterday by Astral https://astral.sh/blog/uv-audit

    uv audit scans dependencies for known vulnerabilities and abandoned packages via the OSV database — runs 4–10x faster than pip-audit

    Malware check runs on every install/sync, catching actively malicious packages (credential stealers, etc.) before they execute — including ones PyPI quarantined but lockfiles can still reference

    Enable malware scanning with UV_MALWARE_CHECK=1 — it's opt-in and in preview

    Future roadmap includes a resolver that steers toward vulnerability-free versions and install-time warnings scoped to newly added deps only

    Michael #2: HTTP GET requests with the Python standard library

    If you’re doing HTTP in Python, you’re probably using one of three popular libraries: requests, httpx, or urllib3.

    There have been issues with httpx lately.

    Niquest is another option: Drop-in replacement for Requests. Automatic HTTP/1.1, HTTP/2, and HTTP/3. WebSocket, and SSE included.

    But maybe less is more, especially in the age of agentic AI

    A good candidate needs two things to be true at once, not one: the used surface is small, and the behavior behind that surface is shallow.

    Calvin #3: Millions of AI agents imperiled by critical vulnerability in open source package

    "BadHost" (CVE-2026-48710) is a critical vulnerability in Starlette — the ASGI framework underlying FastAPI — with 325 million weekly downloads; also affects vLLM, LiteLLM, and most MCP server tooling

    The exploit is trivial: injecting a single character into an HTTP Host header bypasses path-based authentication, and can lead to credential theft, SSRF, and in some cases remote code execution

    MCP servers are a prime target since they store credentials for external services (email, databases, cloud accounts) — exposed data in the wild includes biopharma clinical trial DBs, full mailboxes, HR/PII pipelines, and AWS topology

    Fix is available — patch to Starlette 1.0.1 immediately; use the free scanner at mcp-scan.nemesis.services to check if your servers are still running a vulnerable version

    Open source sustainability footnote: the maintainer triages near-daily security reports solo, in his free time — most are AI-generated noise, and real ones like this still compete for the same evenings and weekends

    Michael #4: alembic-git-revisions

    By Julien Danjou from Mergify

    Automatic Alembic migration chaining based on git commit history. No more Multiple head revisions are present for given argument 'head'.

    See the introductory article

    Caused by two migrations landed with the same down_revision, and Alembic doesn’t know which one comes first. The fix is always the same: someone manually edits the migration file to re-chain the revisions.

    The insight: git already knows the order

    Extras

    Calvin:

    GNU make can do pattern matching in the target. Not new at all, mentioned in the 1994-era docs. just and task don’t have this super power on the target name yet.
    train-%:
    uv run ./train.py $* --save-hyper-params --overwrite $(TRAIN_ARGS)

    Michael:

    Updated my HTTP client using packages from httpx to httpx2: listmonk, umami, and memberful. For motivation, see this reddit thread.

    Joke: Accurate
  • Python Bytes

    #482 Mr. Beast's episode

    01/06/2026 | 24min
    Topics covered in this episode:

    CVE-2026-48710: A Maintainer's Perspective

    daily-stars-explorer

    Markdown to pdf with pandoc and typst

    postman2pytest

    Extras

    Joke

    Watch on YouTube

    About the show

    Brian #1: CVE-2026-48710: A Maintainer's Perspective

    Marcelo Trylesinski

    suggested by Lee Luocks

    Short version:

    users of Starlette: upgrade to Starlette 1.0.1

    security professionals: we can’t treat open source projects like corporations

    This top link is a Starlette security advisory with the title

    Missing Host header validation poisons request.url.path, bypassing path-based security checks

    The CVE apparently caused some negative press targeting starlette.

    However, “the vulnerability came from the application pattern and the deployment, never from something Starlette intended.”

    A quote from an OSTIF article: “This bug is a classic “responsibility gap” where if this maintainer didn’t patch, thousands of exposed projects would have to individually secure their projects. In doing this work, they’ve voluntarily taken on the responsibility to protect the ecosystem from long-term systemic harm. As with all open source projects, they owed us nothing and could have left this to be everyone else’s problem and took the extraordinary steps of helping the ecosystem.”

    Both X40 D-Sec and Ars Technica expected immediate fixes and responses from Starlette.

    That’s not good. We can do better.

    Michael #2: daily-stars-explorer

    Explore the full history of any GitHub repository.

    📈 Full Star History - Complete daily star counts for any repo

    ⏰ Hourly Stars - Hour-by-hour activity with timezone support

    🔀 Compare Repos - Side-by-side comparison of any two repositories

    📊 Activity Timelines - Commits, PRs, Issues, Forks, Contributors over time

    📌 Pin Favorites - Bookmark repos for quick access without retyping

    📰 Feed Mentions - See when repos were mentioned on HN, Reddit, YouTube, GitHub

    💾 Export Data - Download as CSV or JSON

    🌙 Dark Mode - Easy on the eyes

    Try/use it online at emanuelef.github.io/daily-stars-explorer or install it for yourself.

    Brian #3: Markdown to pdf with pandoc and typst

    typst suggestion from Matt Harrison

    Markdown is awesome

    Pandoc is great for converting markdown to tons of stuff

    but for pdf, it goes through LaTeX, which is … yuk (my opinion)

    Pandoc also can convert to typst

    And typst creates beautiful pdfs and is way easier (my opinion) to deal with than LaTeX.

    New tools

    brew upgrade pandoc

    brew install typst

    Now convert

    pandoc something.md --to typst -o something.typ

    typst compile something.typ something.pdf

    Michael #4: postman2pytest

    via Mikhail

    Based on postman app

    Convert Postman Collection v2.1 JSON into executable pytest test suites

    Postman collections document your API. postman2pytest turns that documentation into executable regression tests that run in CI. No manual rewriting, no drift.

    Extras:

    New blog, who dis? - testandcode.org is now on .org and a blog and soon to be a “publisher”.

    Joke: Centering a div
Mais podcasts de Notícias
Sobre Python Bytes
Python Bytes is a weekly podcast hosted by Michael Kennedy and Calvin Hendryx-Parker. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
Sítio Web de podcast

Ouve Python Bytes, Comissão Política e muitos outros podcasts de todo o mundo com a aplicação radio.pt

Obtenha a aplicação gratuita radio.pt

  • Guardar rádios e podcasts favoritos
  • Transmissão via Wi-Fi ou Bluetooth
  • Carplay & Android Audo compatìvel
  • E ainda mais funções