Deep Dive
Shownotes Transcript
Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds. This is episode 431, recorded May 5th, 2025, and I am Brian Ocken. And I am Michael Kennedy. And this episode is sponsored by NordLayer. Listen to their spot later in the show. And if you'd like to connect with us, you can, or suggest topics, please...
feel free to send us an email or head on over to either Mastodon or blue sky. And the links to both of us and the show are in the show notes. And you can join this episode live or, um, join it live. Usually Mondays at 10, but sometimes other times, but head on over to pythonbytes.fm slash live to sign up and see the schedule. So for the next one, but, um, also you can, uh, that's on YouTube. So you can watch them later if you'd like. And, uh,
I'd also like to encourage people to sign up for the newsletter. We send out a weekly email with all the links from the show plus background information. It's a lot of fun. So check that out. Also, I think it'd be cool to have a cool first topic, Michael. What you got?
This was a nice, easy one, easy to adopt, easy to appreciate, I think. So you and I, we spend a lot of time talking about, here's the new things for this, and here's the new thing for Python, and here's the new features, the next version, and test the alpha, test the beta. And we also talk about when they go out of support, but I don't know how you feel. I often, that sneaks up on me. I mean-
The fact that three eight is out of support seems wrong, but it is, you know what I mean? Yeah. And so you might be sitting at your terminal just going, what's that status again? And so I present to you, uh, pyrel P I R E L. And what it is is it's the release cycle of Python at your fingertips. Ooh. Yeah. So there's a little, uh, graphic here, I suppose. Uh,
We could open up the image full size perhaps. And you just type whatever, it doesn't matter how you have Python active, if it's the system one or if it's a virtual environment one, you can write pyrel check and it'll give you a nice summary of what's going on here. It can say you're using Python 3.13, which is actively maintained.
and it will be this good for this long. You can say PyroList, and it'll give you a list of all of the last 10 or so versions when they came and when they went. So it's pretty cool. I mean, that's more or less what it does.
But it tells you that you can get, you know, go get a new Python version if yours is getting older. And the status as well. Is it still getting feature updates? Is it in bug fix level? Is it security fixes? Or is it YOLO? I just can't be bothered out of it.
Anyway, that's what this is. What do you think? I think that's pretty fun. Yeah. Also. Yeah. Yeah. And it, and it uses the rocket emoji, which will make a reappearance, right? Yeah. I do like the rocket emoji. Indeed. So there's a little bit else you can do with it, though. I, it does not particularly interest me as a tool. Nonetheless, you can also, um,
Pyrel guess and it will do things like give you various trivia about the release history of Python. So for example it might ask when was Python 3.11 released or who is the release manager for 3.6 and
it gives you a multi-choice select and you can pick and it'll tell you if you're right or wrong so if you like python release history and seeing the details you can do that but i think the pyro list and the pyro check is pretty cool yeah i like it neat yeah that's it all right well um i want to cover something that we've covered before kind of oh back to the back to the future back
to we're going to go back in time. This is episode 123, which when was that? That was like in May 26, 2019. We recorded it and it came out on the 29th. Right. And we had no idea. Things were different back then. 2019. 2019. Different world.
But one of the things that started in that was when we announced, well, we didn't announce it, but we covered it on the show way back in 2019, the introduction to FastAPI. So we talked about it. This new cool web framework called FastAPI. Well, FastAPI has been growing and it's now the number one web framework, not just across
Python, but across everything. So it's been an incredible thing to watch. Some great work out there. Well, today, Sebastian Ramirez, the dude that created FastAPI in the first place, he announced that he is forming FastAPI Labs, a new company
and that they are, the FastAPI Labs is a new company and they're building FastAPI Cloud. So we're gonna take a look, what does this mean? It kinda means that you just get to build your Fast, if you do this, the promise is you build a FastAPI application and you can just deploy it with FastAPI Deploy, just a single line and
And then they'll host it on their, like a subdomain of the fastapicloud.dev. So kind of interesting. I'm intrigued. So I've definitely joined the wait list. There is an announcement blog post by the same team behind FastAPI. So this is kind of an incredible, he's built FastAPI up and it's not just,
not just Sebastian. Now there's other people working on it. It's built on top of Pydantic and a couple of cool things that I can't remember, but,
But the team is, the blog post talks about the problems of deploying to the cloud. Now there are, there is documentation on the FastAPI. We've often commented that the FastAPI documentation is excellent. They've done a great job with documentation. But it is not trivial to really deploy anything anymore, aside from maybe a static site. But
you have to get concerned with a lot of stuff, especially if you start growing with security. And so they are looking at that security bit. So far it looks like Patrick Armino, Alejandro Sanchez, Sophie Van Landengem, sorry, and Sebastian, and probably more. I'm not sure if that's part of the team or if that's just...
Anyway, they might be... I don't know how many people are in the company right now, but he's promising to keep FastAPI open source and to also... Interesting in this is that he doesn't want to have vendor lock-in. So whatever processes they...
build up, it won't make it so that you're stuck with FastAPI without having, with their hosting. So essentially this is hosting for FastAPI. So kind of neat. Yeah. Congratulations, Sebastian and crew. That's awesome. Yeah. It is a hassle to deploy things. And presumably these folks know the best way to host FastAPI. FastAPI might be tuned for the infrastructure that they choose over time.
I'll have to look more into this, like how do you host a database and things like that. But presumably you can do things like use a CNAME for your app at fastapicloud.com. Get your own domain name and all that sort of stuff. But very interesting. Yeah, it is. Also, interestingly, that was the first thing I thought is like, well, I probably don't want to use their domain. But for an API endpoint for some internal tools and stuff, I might not care.
So I think some people- - That's a good point. You would care a whole lot less, right? If it's just an API and it's not like your landing page or whatever. - Yeah, yeah. Anyway, cool stuff. - Absolutely. Well, what else is cool, Brian?
But Nord layer, let me tell everyone about our sponsor and Nord layer here. So Nord layer is actually a pretty neat product. And this episode of Python bites is brought to you by Nord layer. So it's a toggle ready network security platform for modern businesses and combines VPNs. Like you would expect, of course, from the,
the parent company Nord. However, it's also access control, threat protection, visibility into what's happening in case you spot some sort of malware. All of those in one easy-to-use platform. There's no hardware, no complex setup, just secure connections and full control in less than 10 minutes. So it's easy to start with quick deployment, step-by-step onboarding, 24-7 support. It's easy to combine. It works with existing setups in all major platforms.
and NordLater is easy to scale. Just add users, features, servers in a few clicks. SSO and provisioning included. If you want zero trust network access, you got it. It provides those, uh,
network, your trust solutions. It adds threat protection to keep malware, ransomware, and phishing from reaching your endpoints, including servers. How cool is that? Increases your threat intelligence to spot threats before they escalate and helps businesses achieve like HIPAA compliance and stuff. So if you're responsible for security of your software or data science team, you should definitely give Nord layer a look as I'm
Python Bytes listeners, you get an exclusive offer of up to 22% off NordLayer yearly plans plus 10% off the top with a coupon. And that coupon is PythonBytes-10. If you visit the link in your show notes, there's a landing page and it gives you the code right there. So PythonBytes-10.
Try Nord layer risk-free with their 14 day money back guarantee. Visit pythonbytes.fm slash Nord layer to get started. Link is in your podcast player show notes. Thank you to Nord layer for supporting the show. All right. Uh,
Next, we, you know, going back in time a little less in time. This is just a couple episodes ago in episode 428. And we covered T-strings. So T-strings are going to come in 3.14 in the Pi release. So there is one of the authors, Dave Beck or Dave Peck. Sorry, Dave Peck.
an article about the Python's new T strings and I'm kind of excited about it because when we talked about it on the show I was I'm excited about them but I also they're like template strings but how are they different than F strings when would I use one over the other and I got
I got all these answers in this blog post. So he talks about what's the big idea of T-strings and interestingly enough, we've loved F-strings so much that they're used inappropriately and I didn't really realize that there's security problems.
So there's like he comments on using F strings to take user data, user input and and fill in like maybe a SQL statement. Don't do that. You want to clean your your user input first.
But so people have been using it and, or possibly to use it to generate a webpage. So you've got a possibility of somebody inserting cross cross site scripting or other bad things that you don't expect by just sticking,
sticking user data into HTML. So misusing F strings is one of the reasons why T strings were kind of a cool thing. So, uh, the template strings are a generalization of F strings and they keep things separate. So F strings actually create a string, but, um, T strings don't create, when you create a T string, you don't get a T string, you get a, or a string, you get a, um, a template object. And this template object has these two separate things. You've got, um, uh,
it's got a, I'm going to scroll down. It's got a, a strings section and a values. And so it keeps, it's a, they're both tuples of, of things of what's inside of it. And you can iterate through them. There's all sorts of cool stuff you can do with templates, these template strings, but this is a nice, really good walkthrough of kind of what's inside and why they're different than F strings. They're very different now. And it,
but talking about there's inside, there's a, what's the value? There's a interpolations are a thing that's in there. So you might have, it might be a string, it might be something else.
and the interpolations have all the pieces in place. And you can even dive really deep into it and have things like what's the value of the variable that you passed in, the expression name, the conversion, the format specifier, even if you've got format specifiers on it.
And this is all sorts of nitty gritty detail, but the gist I'm taking away is they're just really kept separate. So you've got like the template and the things you're passing into the template as completely separate things. Why is that great? Well, one of the great things about that is you can, like in the example of SQL or HTML, you can take the user data and
check all of that and run things over it. So you can, if you've got user data and you expected a string, but you expected people to not be nefarious about it, you can do like a safe HTML or something, convert like the brackets into something else, strip out SQL statements so that they're not, it's not a, you know, escape things, escaping things and making them
cleaner. One fun example in this, I love this. The fun example is how to create pig Latin.
using template strings. And so there's like this Pig Latin converter that takes a template and returns a string. So you're able to have like a hello world and then you run Pig Latin on the template and it converts the template into, we have these converter functions, you can convert into actual string. And I kind of, okay,
Okay. I got it. I went down a rabbit hole on this because this example says to convert, I kind of forgot the rules of pig Latin cause it's been a while since I've been a kid. But, um, it says essentially if the first character is a vowel, uh, if, if the words in the word, the first character is a vowel, then you append yay on the end. But if it's not a vowel, you take the, uh,
take the rest of the word and take the first character and put it at the end and say a, and I don't think that's correct. Or I, I think it might be correct, but I forgot the rules. So I looked it up and pig, pig Latin. Sorry about this, but pig Latin, it says that it's not just the first constant, but it's the first constant cluster. So I don't think this is the correct implementation.
So, well, as an example, that fits on one screen. Yeah. So Brian would translate into Ian Bray, not Ryan Bay. You know, anyway. Okay. The diversion. But anyway, so,
So there's some great ideas for when we finally have T-strings and we ship Python 3.14, we can do things like possibly having everything more safer and more flexible. One of the things that's coming up possibly is, oh, where'd it go? 787. So there's a proposal for safer subprocess usage with like Schlecks and Subpros, which I love Schlecks.
But you could use a, if those could be implemented with T strings, they'd be a lot safer. So there are some security vulnerabilities in these things. So it could simplify the implementation. You don't want to ampersand, ampersand, do other thing as part of your command, right? Yeah. So this, and then,
So having a lot of things that to take user input and create other things, having them use T-strings might, and having like some quick safe conversions, instead of having to convert user data ahead of time, you just grab the user data and stick it in a template string. And then later in your pipeline, clean up the user data. Those are pretty cool things.
So there's also some attribute things you can, there's other ways you can, since they're separate all the way until you do the conversion, you can do like some cool attribute things that he covers in the article too. So anyway. Yeah, looks like a great article. Thanks, Dave. Right. I'm going to have...
Paul Everett on TalkPython not this week, next week to talk about T-strings. Oh, perfect. Yeah, we're going to be diving into it some more. Yeah, it should be fun. Nice. Indeed. Let's go back to the terminal and
And this one I think is also pretty interesting, especially if you're learning the terminal or you're just like, how do I do that again? Zev, have you heard of Zev? No. It's a simple CLI tool that helps you remember terminal commands. So if you're sitting here and you're like, I don't really know what I'm doing with this stuff. I can type Zev and it says, what do you wanna do? It says, show all files in this directory with human readable sizes.
and it says, okay, great. Here are a couple of things you could do. And it gives you a select list like LS dash LH or, or I think it was find is one of the options, but basically it gives you a bunch of options to do those types of things. And off it goes. Pretty cool, right? Yeah. Yeah. So this project runs on top of LM APIs, like open API.
AI, Google Gemini, or local Ollama. So basically it sends that command over and then it looks at all the responses, but it probably does a bunch of work to format it for you. But more importantly, it puts it right there in your terminal where you can just select the answer and hit enter. You don't have to go to chat, copy it, move it back over.
run it, you know, like that sort of round tripping. Yeah. Okay. Yeah. So suggestions that you might use are like show all running process, Python processes, find all Python files modified in the last 24 hours, show disk usage for the current directory, check if google.com is reachable, et cetera, et cetera. So yeah, pretty neat. It does say everything's generated by LLMs. So careful. Yeah.
Because you know how it goes, right? It could be delete all files like this in this directory and in this directory part gets forgotten. RM-RF star. Okay. Slash star.
Slash star. Anyway, super simple, but you set up an LLM provider. I recently wrote a really cool program that I'm, program, utility, simple tool that I use that I'm thinking of making public somehow, but I also don't need another thing to babysit. But basically, if you're in a Git repository, you can just hit a command and it will look at all the new files, the changed files, and then correlate that with the local repository.
coding based LLM. It says, create me a get summary of everything like the header. And then like actually a detailed summary. And what, what happened if you forgot all the things you did a little bit like this, but it's, that's not out yet, but this is cool. I like to look at what did I do on Friday? Like to run on Monday. Yeah, exactly. You could totally do it. And it says, and here it improves it in this way. Like, Oh gosh, I did improve it in that way. Aren't I smart. Yeah.
And before we carry on looping back to your topic, the T-strings, Henry Schreiner writes, I've been wondering if this could be supported in the logging module. Since it's an actual type, it could be detected. Yeah. That would be cool, right? Maybe have a slightly different output with more information about the parts of the string. Yeah. Indeed. All right.
Well, uh, we're back to extras. Um, I really should, should have put up. So one of the things I, um, I didn't cover, uh, about the T strings, we'll get to my extra first or second, but, um, in the T string article, there is a link to a whole bunch of examples of, um, uh,
other non-silly examples of T-strings. We did, he does pig, pig Latin in the article, but there's a bunch of others too. And one of them is a treatment of logging with, with T-strings. So check that out. My extra really is, I kind of went, speaking of rabbit holes, found out Monty Python and the Holy Grail turns 50 this year. So 50 years ago, Monty Python, I can't believe that. Bring out the Holy hand grenade. Yeah.
But one of the comments in here, which is, it's a, it's, this is, I'm linking to an Ars Technica article. And I learned a new word today because they were, it says they were, Monty Python and the Holy Grail were nerd gassing before it was cool. So talk, they were talking about nerd gassing. And one of the, the, the wonderful discussions in that, in the,
the movie is using coconuts because they're supposedly riding horses. They don't have yet. Yeah, there's just some guy banging coconuts and somebody stops and says, like, where did you get the coconuts? Oh, we found them. No, you couldn't have found them because like they're not native to England. They're tropical.
So great discussion about coconuts. And apparently that is nerd gassing. I didn't know the term. So I looked that up. Nerd gassing was coined in 2008 by
Um, by John Scalzi, a sci-fi author and blogger. Um, and nerd gassing is a, the venting nerd venting, the venting that nerds emit when some often minor detail of a book or movie or TV show, comic book, et cetera, either conflicts with Canon or, uh,
hand waves through some suspect science. And so I was totally nerd gassing in one of our topics when I went off on what the correct rules for Pig Latin are. - Yes, you were. And I do the same thing when people mess up that quote from Captain Picard about may the force be with you. Okay, so let's go on to the next. - Nice.
Okay. Please write us and tell me that that's wrong. All right. This is it for your extras? Yeah. I would like to also point out for those as a follow-up who don't know, because Python, the community has done a poor job of this. All the logos for Python are snakes, but the name Python came from Monty Python, which is why it's relevant on this show. Yes. Yes.
And that's why we have wheels because they're wheels of cheese because they used to... And the cheese shop for PyPI and all, yeah. The cheese skit. I mean, if you haven't seen the cheese skit from Monty Python, you have to go watch the cheese skit because it's awesome. The rabbit part is my favorite by far. Okay.
Here's a quote. This is not the joke. This is actually a real thing. So it has a picture of Firefox and it says, you either die a hero or you live long enough to see yourself become a villain. And underneath it, it shows the preferences in Firefox for website advertising. Allow websites to perform privacy preserving ad management or measurement. This helps the site understand how their ads perform, et cetera, et cetera. Like this is built into Firefox now. And there was like,
some terms and use changes about how the stuff you submit in Firefox is now being used and being shared and so on. And, oh, right. Firefox was like one of the last bastions of privacy, like real privacy, the antithesis of Chrome, which is, you know, tracking and correlating and reselling everything. So both you, Brian and me, we love,
We care about these things. And for example, Brian used Vivaldi. I use Vivaldi quite a bit. But I also started using Zen, Zen browser. That's what's actually on the screen right now. And I love Zen browser because of it's such a clean, nice little layout. And it's based on Firefox as well. So when this stuff got announced 10 months ago or whenever it was, it was over on the Zen browser GitHub repo. There was like, so...
What is Zen going to do about this? And at the time, there wasn't a lot of clarity, but now Zen 1.2.1 is out and it's got some features. One of the things it says, if you go read the full release notes, it's got some new features. But in response to recent privacy concerns, bracket about Firefox, we've significantly strengthened Zen.
Zen's privacy measures. Previously, we only disabled telemetry, but other things were being done. Now Firefox telemetry has been completely stripped out of this. Basically, they've...
Much like Vivaldi de-Google-ifies his Chrome, Zen has had to go to the step of actually de-Mozillifying? I don't know, whatever, what is the term here? Extracting evil. Extracting the in-poopification of...
Yeah. And I don't necessarily blame Firefox. They are in a tough spot. They've squandered their position quite badly for quite a long time, such that if the ruling against Google goes through, they lose 90% of their revenue overnight. That's a problem. But they're also doing good things like starting to create like docs alternatives that we've covered before. But...
you know, because things, things must be, people must be resold and ads must be put upon people. And that's the way it seems to be. I don't know. I don't agree with it, but that's how it is. Anyway, I'm happy to see Zen browser do this. Yeah. There's all, there's also a ton of cool. Well, there are a handful at least of cool PyTest plugins that I use that, that started in, in Mozilla. So yeah, there's lots of great people that have worked there over the years. And I'm sure still do. A lot of people do. And,
And I suspect not all of them are super psyched about turning on all the ad stuff, right? Just like I'm sure there's people that still work at Google that don't think they should have removed don't be evil from their tagline. Yeah, but those people are evil. Okay, let's keep going. Just kidding. Just kidding. Please don't email me. Yeah, email him. It's Michael at... Testingcode.com. Okay. Okay.
Next. Or you go to jail. No, that was such a fun episode that we did last week. Yeah. But I pulled up this episode, not because I care about that, but I've changed the way that transcripts work. So previously we had, you know, transcripts are every word spoken for 30 minutes or however long the show is. And I thought, well, that should go on its own page. You can go and check it out. But I'd like you to be able to come to the page and hit Command F and...
and let you know what we said about, I don't know, AI or...
Pork button, we'll just pick the sponsor because it doesn't show up too many times. But now the transcripts show up on the main page just as a section farther down. You can collapse them if you like. But it lets you click on the time link anywhere and play it back as you go. So if you find something in the transcript and you're like, I just want to hear it, you just click right there and boom, off it goes. Put tons of effort into making these transcripts accurate. Yeah.
and good. They're not perfect. Please, again, don't email me and say, there is an imperfection I have discovered. You were wrong. But we make a lot of effort to say things like PyPI are spelled correctly and are
Other words are correct in here so that when you search for them, they show up. It also powers our search engine that you can just search and like even add to your browser that we've talked about before, but transcripts are slightly better and the pages are slightly more useful. So visit the website. Yeah. And that, you know, that helps all the, helps us track every part of your life because we know we don't do that. Just, we need just one cookie to get it started. No, just kidding. We have no cookies.
Okay. That's it for my extras. Joke? Yeah. This is a re-envisioning of an old joke.
I think it's pretty good. There's this person running a China shop and there's a big sign that says China shop. And then above it, my code base. And there's a character here holding a giant angry looking bull by a nose ring. And the person holding it says, mind my friend comes in with me. And the bull is labeled cursor. Welcome to the era of AI, huh? Just add that one feature. Sure, we only need 27 changes. You don't mind if we do, do we? Yeah.
Interesting. That's funny. So why is this a flashback? This joke actually comes from, this is the original one from when George W. Bush was president in the U.S. and the China shop was not code base. The China shop was social security. Okay. Yeah. Something like that. That's, I don't know, somewhere down here in this thread, people talk about stuff. I don't know. Anyway, I think it's a pretty appropriate joke. It's pretty good. Yeah.
Yeah, it's funny. Good, good, good fun. Yeah, indeed. Indeed. All right. Well, that's what I had for our joke. Not absolutely hilarious, but amusing, I think. If you want hilarious, you got to go back to 430, episode 430 last week. Yeah. Yeah. Yeah. And if you haven't listened to that, you have to watch that video because it's excellent. That's right. Or you go to jail. Or you go to jail. Listen to it or you go to jail.
Well, once again, wonderful episode. Thanks everybody for listening and we'll see everybody next week.