Talk Python To Me

The cloud is convenient until it isn't. You upload your photos, sync your contacts, click through the cookie banners. Then prices go up again or you read about a family that lost their entire Google account over a medical photo sent to a doctor. At some point, the question shifts from "why would I run this myself?" to "why aren't I?"



My guest this week is Alex Kretzschmar, head of DevRel at Tailscale, longtime host of the Self-Hosted podcast, and co-founder of Linuxserver.io. We cover what self-hosting really means in 2026, the apps worth running yourself like Immich and Home Assistant, why Docker Compose ties it all together, and how Tailscale lets you reach any of it from anywhere, without opening a single port. If you've been thinking about pulling your digital life back behind your own walls, this is your roadmap.

Episode sponsors

Temporal

Talk Python Courses

Links from the show

Guest

Alex Kretzschmar: alex.ktz.me

Bitflip podcast: bitflip.show

Self-Hosted podcast (Alex's previous show): selfhosted.show

Perfect Media Server: perfectmediaserver.com

KTZ Systems on YouTube: youtube.com/@ktzsystems

Linuxserver.io (co-founded by Alex): linuxserver.io

"How Tailscale Works" blog post: tailscale.com/blog/how-tailscale-works

https://tailscale.com/: tailscale.com

Self-hosted apps discussed

Awesome Self-Hosted (GitHub list): github.com

Immich (Google Photos alternative): immich.app

Home Assistant: home-assistant.io

Open Home Foundation: openhomefoundation.org

Plausible Analytics: plausible.io

Umami Analytics: umami.is

Python integration for umami: pypi.org

Pi-hole: pi-hole.net

AdGuard Home: adguard.com

NextDNS: nextdns.io

Coolify: coolify.io

Docker + ufw: docs.docker.com

Storage, backup & filesystem

OpenZFS: openzfs.org

ZFS.rent (offsite ZFS replication): zfs.rent

Backblaze: backblaze.com

Hetzner Storage Box: hetzner.com

DigitalOcean: digitalocean.com

Secrets management mentioned

OpenBao (open-source Vault fork): openbao.org

HashiCorp Vault: hashicorp.com

Bitwarden: bitwarden.com

1Password: 1password.com

Hardware mentioned

Proxmox VE: proxmox.com

Minisforum MS01: minisforum.com

Zima Board / Zima OS: zimaspace.com

Other references

Cory Doctorow on "enshittification" (Cory's blog where he coined the term): pluralistic.net

Linus Tech Tips' WAN Show (Linus mentioned NAS-building going mainstream): linustechtips.com

Watch this episode on YouTube: youtube.com

Episode #546 deep-dive: talkpython.fm/546

Episode transcripts: talkpython.fm

Theme Song: Developer Rap

🥁 Served in a Flask 🎸: talkpython.fm/flasksong

---== Don't be a stranger ==---

YouTube: youtube.com/@talkpython

Bluesky: @talkpython.fm

Mastodon: @[email protected]

X.com: @talkpython

Michael on Bluesky: @mkennedy.codes

Michael on Mastodon: @[email protected]

Michael on X.com: @mkennedy

The OWASP Top 10 just got a fresh update, and there are some big changes: supply chain attacks, exceptional condition handling, and more. Tanya Janca is back on Talk Python to walk us through every single one of them. And we're not just talking theory, we're going to turn Claude Code loose on a real open source project and see what it finds. Let's do it.

Episode sponsors

Temporal

Talk Python Courses

Links from the show

DevSec Station Podcast: www.devsecstation.com

SheHacksPurple Newsletter: newsletter.shehackspurple.ca

owasp.org: owasp.org

owasp.org/Top10/2025: owasp.org

from here: github.com

Kinto: github.com

A01:2025 - Broken Access Control: owasp.org

A02:2025 - SecuA02 Security Misconfiguration: owasp.org

ASP.NET: ASP.NET

A03:2025 - Software Supply Chain Failures: owasp.org

A04:2025 - Cryptographic Failures: owasp.org

A05:2025 - Injection: owasp.org

A06:2025 - Insecure Design: owasp.org

A07:2025 - Authentication Failures: owasp.org

A08:2025 - Software or Data Integrity Failures: owasp.org

A09:2025 - Security Logging and Alerting Failures: owasp.org

A10 Mishandling of Exceptional Conditions: owasp.org

https://github.com/KeygraphHQ/shannon: github.com

anthropic.com/news/mozilla-firefox-security: www.anthropic.com

generalpurpose.com/the-distillation/claude-mythos-what-it-means-for-your-business: www.generalpurpose.com

Python Example Concepts: blobs.talkpython.fm

Watch this episode on YouTube: youtube.com

Episode #545 deep-dive: talkpython.fm/545

Episode transcripts: talkpython.fm

Theme Song: Developer Rap

🥁 Served in a Flask 🎸: talkpython.fm/flasksong

---== Don't be a stranger ==---

YouTube: youtube.com/@talkpython

Bluesky: @talkpython.fm

Mastodon: @[email protected]

X.com: @talkpython

Michael on Bluesky: @mkennedy.codes

Michael on Mastodon: @[email protected]

Michael on X.com: @mkennedy

When you pip install a package with compiled code, the wheel you get is built for CPU features from 2009. Want newer optimizations like AVX2? Your installer has no way to ask for them. GPU support? You're on your own configuring special index URLs. The result is fat binaries, nearly gigabyte-sized wheels, and install pages that read like puzzle books. A coalition from NVIDIA, Astral, and QuanSight has been working on Wheel Next: A set of PEPs that let packages declare what hardware they need and let installers like uv pick the right build automatically. Just uv pip install torch and it works. I sit down with Jonathan Dekhtiar from NVIDIA, Ralf Gommers from Quansight and the NumPy and SciPy teams, and Charlie Marsh, founder of Astral and creator of uv, to dig into all of it.

Episode sponsors

Sentry Error Monitoring, Code talkpython26

Temporal

Talk Python Courses

Links from the show

Guests

Charlie Marsh: github.com

Ralf Gommers: github.com

Jonathan Dekhtiar: github.com

CPU dispatcher: numpy.org

build options: numpy.org

Red Hat RHEL: www.redhat.com

Red Hat RHEL AI: www.redhat.com

RedHats presentation: wheelnext.dev

CUDA release: developer.nvidia.com

requires a PEP: discuss.python.org

WheelNext: wheelnext.dev

Github repo: github.com

PEP 817: peps.python.org

PEP 825: discuss.python.org

uv: docs.astral.sh

A variant-enabled build of uv: astral.sh

pyx: astral.sh

pypackaging-native: pypackaging-native.github.io

PEP 784: peps.python.org

Watch this episode on YouTube: youtube.com

Episode #544 deep-dive: talkpython.fm/544

Episode transcripts: talkpython.fm

Theme Song: Developer Rap

🥁 Served in a Flask 🎸: talkpython.fm/flasksong

---== Don't be a stranger ==---

YouTube: youtube.com/@talkpython

Bluesky: @talkpython.fm

Mastodon: @[email protected]

X.com: @talkpython

Michael on Bluesky: @mkennedy.codes

Michael on Mastodon: @[email protected]

Michael on X.com: @mkennedy

When you type a question into ChatGPT, the model only has what you typed to work with. But tools like Claude Code can plan, iterate, test, and recover from mistakes. They work more like we do. The difference is the agent harness: Planning tools, file system access, sub-agents, and carefully crafted system prompts that turn a raw LLM into something genuinely capable.



Sydney Runkle is back on Talk Python representing LangChain and their new open source library, Deep Agents: A framework for building your own deep agents with plain Python functions, middleware hooks, and MCP support. This is how the magic works under the hood.

Episode sponsors

Sentry Error Monitoring, Code talkpython26

Agentic AI Course

Talk Python Courses

Links from the show

Guest

Sydney Runkle: github.com

Claude Code uses: x.com

Deep Research: openai.com

Manus: manus.im

Blog post announcement: blog.langchain.com

Claudes system prompt: github.com

sub agents: docs.anthropic.com

the quick start: docs.langchain.com

CLIs: github.com

Talk Python's CLI: talkpython.fm

custom tools: docs.langchain.com

DeepAgents Examples: github.com

Custom Middleware: docs.langchain.com

Built in middleware: docs.langchain.com

Improving Deep Agents with harness engineering: blog.langchain.com

Prebuilt middleware: docs.langchain.com

Watch this episode on YouTube: youtube.com

Episode #543 deep-dive: talkpython.fm/543

Episode transcripts: talkpython.fm

Theme Song: Developer Rap

🥁 Served in a Flask 🎸: talkpython.fm/flasksong

---== Don't be a stranger ==---

YouTube: youtube.com/@talkpython

Bluesky: @talkpython.fm

Mastodon: @[email protected]

X.com: @talkpython

Michael on Bluesky: @mkennedy.codes

Michael on Mastodon: @[email protected]

Michael on X.com: @mkennedy

If you've built documentation in the Python ecosystem, chances are you've used Martin Donath's work. His Material for MKDocs powers docs for FastAPI, uv, AWS, OpenAI, and tens of thousands of other projects. But when MKDocs 2.0 took a direction that would break Material and 300 ecosystem plugins, Martin went back to the drawing board. The result is Zensical: A new static site generator with a Rust core, differential builds in milliseconds instead of minutes, and a migration path designed to bring the whole community along.

Episode sponsors

Sentry Error Monitoring, Code talkpython26

Talk Python Courses

Links from the show

Guest

Martin Donath: github.com

Zensical: zensical.org

Material for MkDocs: squidfunk.github.io

Getting Started: zensical.org

Github pages: docs.github.com

Cloudflare pages: pages.cloudflare.com

Michaels Example: gist.github.com

Material for MkDocs: zensical.org

gohugo.io/content-management/shortcodes: gohugo.io

a sense of size of the project: blobs.talkpython.fm

Zensical Spark: zensical.org

Watch this episode on YouTube: youtube.com

Episode #542 deep-dive: talkpython.fm/542

Episode transcripts: talkpython.fm

Theme Song: Developer Rap

🥁 Served in a Flask 🎸: talkpython.fm/flasksong

---== Don't be a stranger ==---

YouTube: youtube.com/@talkpython

Bluesky: @talkpython.fm

Mastodon: @[email protected]

X.com: @talkpython

Michael on Bluesky: @mkennedy.codes

Michael on Mastodon: @[email protected]

Michael on X.com: @mkennedy