@heiseonline@social.heise.de2026-04-30 15:45:34
Einige der zuletzt hier besonders häufig geteilten #News:
„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python
@heiseonline@social.heise.de2026-04-30 15:45:34
@heiseonline@social.heise.de2026-05-01 16:00:34
Noch ein paar der zuletzt hier besonders häufig geteilten #News:
„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python
@veit@mastodon.social2026-04-30 14:10:02
Now elementary-data has also been hit: for just under half a day, a malicious version 0.23.3 was available on PyPI, which had stolen credentials such as SSH keys, AWS login details, API tokens and wallet files. The attack was carried out via a script injection vulnerability in one of the GitHub Actions workflows. Cooldown helps protect against such attacks, as we have described here:
@wraithe@mastodon.social2026-04-30 19:36:08
A user at a client contacted me over what transpired to be them trying to install a python library on a machine (that didn’t have python installed) to run an AI tool at the direction of ChatGPT.
After *I* get it installed:
User: “Ok, how does it work?”
Me: 🤷🏻♀️ (╯°□°)╯︵ ┻━┻ “never seen it before”
@netzschleuder@social.skewed.de2026-02-24 12:00:06
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
@hynek@mastodon.social2026-03-26 17:12:31
Here’s my part in the great nogil/free-threading endeavor: build-and-inspect-python-package now will optionally add 3.14t and 3.15t to the generated matrix if a package indicates to support 3.14 or 3.15!
https://github.com/hynek/build-and-inspect-python-package…
@tschfflr@fediscience.org2026-03-31 19:07:32
surely a project that starts with converting a python script from 2 to 3 cannot go wrong #academicChatter
@sauer_lauwarm@mastodon.social2026-02-28 17:06:31
my python boot is too tight
@mgorny@social.treehouse.systems2026-04-30 04:07:02
@philip@mastodon.mallegolhansen.com2026-04-01 03:58:08
(I suspect the crowd on the fediverse will skew towards “yeah duh” on what I’m about to say - But I think there’s still value in saying it out loud)
As a Very Serious Enterprise Software Consultant I’m quite used to the lead time for running software to be Quite Long, for various Reasons.
So tonight for a change, I fired up my computer, opened up a new file with nano (Sorry vi vs. emarcs warriors) and just like… typed some python?
@michabbb@social.vivaldi.net2026-03-31 18:37:22
#ZenOfAICoding: 16 theses on the future of #softwaredevelopment in the #AI era — a homage to the Zen of
@elduvelle@neuromatch.social2026-02-15 20:53:36
@netzschleuder@social.skewed.de2026-02-21 00:00:07
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
@cybertailor@craba.cab2026-02-24 17:16:38
@lpryszcz@genomic.social2026-03-15 12:30:11
@ellie@ellieayla.net2026-02-25 17:25:29
@tinoeberl@mastodon.online2026-03-21 06:07:01
#Steady #Klimacrew
#BahnMonitor-Projekt: 7. Zufall ist nicht gleich Zufall. 🤭
Nach der Verspätungsmeldung kommt ein Wissenshäppchen. Der
@fanf@mendeddrum.org2026-03-29 17:42:03
from my link log —
Towards scalable dataframe systems.
https://arxiv.org/abs/2001.00888
saved 2026-03-29 https://dotat.at/:/6GM7U.html
@vform@openbiblio.social2026-02-18 20:00:00
Boah, ernsthaft? Kauf mir nen Zi-Stick im Handel und muss erstmal durch dieses Firmware-Prozedere (https://aeotec.freshdesk.com/support/solutions/articles/6000270951-update-zi-stick-to-thread-or-zigbee-with-python-…
@datascience@genomic.social2026-02-27 11:00:01
Polars is a lightning fast DataFrame library/in-memory query engine with parallel execution and cache efficiency. And now you can use is with the tidyverse syntax: #rstats
@netzschleuder@social.skewed.de2026-03-26 18:00:06
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
@frankel@mastodon.top2026-03-18 09:18:49
@qbi@freie-re.de2026-03-15 09:08:43
Thonny, Python IDE for beginners
#IDEsofMarch #python
@rasterweb@mastodon.social2026-04-17 20:57:35
@compfu@mograph.social2026-04-28 16:19:21
My current task for our #VFXPipeline is to accomodate Windows users in a Linux pipeline. Easiest option: give every Photoshop artist a Linux workstation for Nuke. Seems to be a common thing. But out of curiosity (and to be prudent with hardware) I‘m trying to get everything working on Windows. A constant source of sadness I have to say, worse than UTF8 strings in Python 2.
@netzschleuder@social.skewed.de2026-03-27 04:00:06
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
@adlerweb@social.adlerweb.info2026-04-23 09:04:15
@mgorny@social.treehouse.systems2026-02-25 15:16:07
Aaand we're seeing the first '#setuptools < 82' runtime dependencies in random packages because they are trying hard to workaround breakage due to pkg_resources removal.
#Python
@stsquad@mastodon.org.uk2026-03-24 15:01:52
@bthalpin@mastodon.social2026-02-25 22:15:23
I've finally gotten Termux to rsync files via crontab. Needed to set up keychain, something I used to understand in the distant past. Now I have my own quantified-self data (well, location and battery) uploading to my private cloud.
#termux termux.api, python, rsync, crontab, keychain.
@Techmeme@techhub.social2026-03-19 13:15:44
OpenAI agrees to acquire Astral, which makes Python tools for developers, to integrate its team into Codex, and says Codex has 2M users, up 3x since January (Agnee Ghosh/Bloomberg)
https://www.bloomberg.com/news/articles/20
@hynek@mastodon.social2026-02-13 11:26:39
ok so newsletter is out, and i’ve finally posted my PyCon UK keynote with additional material to my homepage.
if you wanna know what took me so long: check out my latest newsletter ;)
back to sauna!
https://hynek.me/talks/python-superpower/
@kubikpixel@chaos.social2026-04-17 15:15:02
«YubiKey Manager — Sicherheitslücke ermöglicht Ausführung untergeschobenen Codes:
Yubico warnt vor einer Suchpfad-Schwachstelle im YubiKey Manager, libfido2 und python-fido2. Updates korrigieren die Fehler.»
Eine IT-Security Meldung die wirklich sicher ist und Updates nun wirklich sofort vor dem Wochenende gemacht werden müssen.
🔐
@floheinstein@chaos.social2026-03-19 13:52:17
User A wrote a nifty little tool in Python. On Windows. Several weeks of work.
User B wants to use it as well.
They copy it, try to run it. Doesn't work.
Call me for help.
A: "It works on my machine. B must configure his python exactly like I do!"
Me: "Can't we run it in a virtual environment (venv). Or with a docker image?"
A: "Hm, I would have to learn how to do that. Is this really necessary?"
Me:
@tinoeberl@mastodon.online2026-03-19 06:07:02
#Steady #Klimacrew
#BahnMonitor-Projekt: 5. Automatisierte Skripte brauchen Kontrolle – besonders bei API-Aufrufen.
Jetzt bekommt das
@gray17@mastodon.social2026-02-24 00:30:19
finally got around to "move my archive of scanned documents out of google drive" with the help of a lovely program "ocrmypdf", which is basically a python wrapper around tesseract and various pdf tools, but it's a really well done wrapper.
the simple invocation:
`ocrmypdf input.pdf output.pdf`
does what I want. the defaults are sensible. and now I can pdfgrep when I need to find that thing from 20 years ago that I still have for questionable "I do…
@seeingwithsound@mas.to2026-02-17 17:27:55
Blindsight Simulator https://github.com/Satoshi88818/BlindsightSim Stand-alone python script by James Squire to simulate visual experience through cortical and retinal visual prostheses a la Cortigent Orion or Neuralink Blindsight;
@guerda@ruhr.social2026-02-17 17:57:19
@veit@mastodon.social2026-02-12 08:05:47
@dawid@social.craftknight.com2026-03-18 09:03:27
Moje nowe odkrycie https://marimo.io/ - pythonowe notebooki jako pliky .py .
Bardzo sprytne narzędzie. To, co zrobimy w "notebooku" możemy też od razu jako skrypt uruchamiać.
#python #notebooks
@tiotasram@kolektiva.social2026-04-24 11:03:24
Idea: statically typed language (or Python type checker?) Where types aren't declared, but can only be assigned by providing tests/examples that use that type. Examples could provide explicit type info where necessary, but code could not.
If it's not documented with an example, it's not safe to use with those types.
@rocksongoftheweek@mastodon.world2026-02-20 09:10:14
We go back to the 60s this week for a bit of bluesy rock as our spotlight falls on a track from Python Lee Jackson.
As always we invite you to give it a listen and see what we had to say about the track and the band behind it.
Don't forget to follow us for more from our weekly showcase, exploring great tracks from across the universe of #rock and
@netzschleuder@social.skewed.de2026-03-23 13:00:06
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
@ellie@ellieayla.net2026-02-22 17:00:25
@UlrikeHeiss@eldritch.cafe2026-03-15 09:23:25
Content warning: CN Schlange
Ausbeute eines wundervollen Ausflugs ins Naturkundemuseum Karlsruhe:
Die Python widme ich aus Gründen @…. Das Buch "Die Frau als Mensch" von @… lag dort im Museumsshop aus und ich habe es mir gleich gekauft - weil ich …
@rasterweb@mastodon.social2026-02-24 11:47:46
So last week I asked people to share their blog URLs, and I got a whole bunch of them! And I’ve been trying to go through them, and some go back to 2015… So there’s a lot to do. I did find a really interesting one about GPX files and Python, but it uses Google maps, and I’m not sure I want to do that since I prefer OpenStreetMap. Nice to find interesting gems though, in the 1,500 (gulp!) blog posts I’m going through.
@roland@devdilettante.com2026-03-24 15:47:46
Remember 2013 when i wrote ruby scripts, https://github.com/rtanglao/momogs , that used the get satisfaction API to report on Mozilla Thunderbird Desktop SUMO metrics? Neither do I :-) but i'm cooking up something better in python! hooray for "free compute" and i wish ruby was as popular as p…
@mgorny@social.treehouse.systems2026-03-31 11:45:30
@thomasfuchs@hachyderm.io2026-03-02 20:15:38
My wife is currently trying to get a python script working on her computer and she's encountering the "fun" of python not having any package manager built-in
@jamesthebard@social.linux.pizza2026-03-07 18:11:46
The rewrite of the Sisyphus server continues, I've got all of the GET endpoints and about 60% of all the endpoints finished overall. Some initial testing on the `/workers` and `/queue` endpoints show some worrying results from the old version and some great results from the new version. The `/workers` endpoint started throwing errors at about 800 RPS on the Python/Flask version (the old one), the rewrite is showing around 4800 RPS (Golang/Gin). The `/queue` endpoint doesn't show a…
@paulusm@scholar.social2026-02-20 20:13:28
Downloading all my old Gmail attachments using this great Python script tool
https://github.com/mjseeley/Gmail-Attachment-Downloader
Finding some great old photos, but also realising how much digital crap we collect!
@netzschleuder@social.skewed.de2026-02-15 01:00:06
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
@publicvoit@graz.social2026-03-22 10:48:53
#MyDeepGuide with some #privacy network tests on #epaper devices. He developed a test method and an interesting Python analysis/report workflow that is supposed to be published. 👍
First run:
@grahamperrin@bsd.cafe2026-04-13 08:36:11
@… thanks!
Marimo OSS Python Notebook RCE: From Disclosure to Exploitation in Under 10 Hours | Sysdig — <https://www.
@joxean@mastodon.social2026-03-05 16:22:26
I have just updated this old #IDA Plugin of mine: IDA Magic Strings.
https://github.com/joxeankoret/idamagicstrings
It now supports installation using hcli (
@kurtsh@mastodon.social2026-03-21 22:40:52
Very smart of Pantages Theater in Hollywood advertising with the RenFair in Los Angeles. I bought tix immediately. 😁
✅ Monty Python's Spamalot - Mar 24-Apr 12, 2026 - Pantages Theater, Hollywood
https://www.broadwayinhollywood.com/events/detail/spamalot
@Techmeme@techhub.social2026-03-24 19:55:53
Two versions of LiteLLM, an interface for accessing LLMs, have been removed from PyPI after a supply chain attack injected them with credential-stealing code (Thomas Claburn/The Register)
https://www.theregister.com/2026/03/24/trivy_compromise_litellm/
@heiseonline@social.heise.de2026-03-19 19:48:00
@netzschleuder@social.skewed.de2026-02-15 04:00:06
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
@arXiv_nlinPS_bot@mastoxiv.page2026-02-24 17:21:34
Replaced article(s) found for nlin.PS. https://arxiv.org/list/nlin.PS/new
[1/1]:
- sangkuriang: A pseudo-spectral Python library for Korteweg-de Vries soliton simulation
Dasapta E. Irawan, Sandy H. S. Herho, Faruq Khadami, Iwan P. Anwar
https://arxiv.org/abs/2601.12029 https://mastoxiv.page/@arXiv_nlinPS_bot/115932078207209076
- Piecewise integrability of the discrete Hasimoto map for analytic prediction and design of helica...
Yiquan Wang
https://arxiv.org/abs/2602.16255 https://mastoxiv.page/@arXiv_qbioBM_bot/116096399354766559
toXiv_bot_toot
@cdarwin@c.im2026-02-15 16:27:21
An AI agent autonomously wrote and published a personalized attack article
against an open-source software maintainer
after he rejected its code contribution.
⚠️ It might be the first documented case of an AI publicly shaming a person as retribution.
Matplotlib, a popular Python plotting library with roughly 130 million monthly downloads, doesn’t allow AI agents to submit code.
So Scott Shambaugh, a volunteer maintainer (like a curator for a repository of comp…
@maxheadroom@hub.uckermark.social2026-02-05 08:56:43
If you have a WordPress blog and want to retrospectively update your media library with image descriptions ... consider my little python script https://repos.mxhdr.net/maxheadroom/wp-image-alt-generator
This will generate images descriptions using various LLM providers …
@fanf@mendeddrum.org2026-02-14 15:42:04
from my link log —
Writing C with indent-based syntax similar to CoffeeScript or Python, via Guile.
https://sph.mn/computer/guides/c/c-indent.html
saved 2026-02-14
@mgorny@social.treehouse.systems2026-02-22 15:44:22
> The next great […] library for #Python
Checks.
> Last commit: 4 years ago. Already broken.
@ellie@ellieayla.net2026-03-13 19:44:01
@tinoeberl@mastodon.online2026-03-17 06:07:02
#Steady #Klimacrew
#BahnMonitor-Projekt: 3. Klappt der erste Zugriff auf die Bahn-API?
Im nächsten Schritt wurde die API-Abfrage getestet udn geprüft, ob die zurückgelieferten Datenstru…
@frankel@mastodon.top2026-04-24 17:17:01
@hynek@mastodon.social2026-03-14 13:05:12
in a world of omnipresent shitty and baity talk/blog/video titles, I cannot appreciate @… 's talk enough:
"How to give your Python code to someone else”
It's perfect. 🥹
https://…
@netzschleuder@social.skewed.de2026-03-22 04:00:05
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
@rasterweb@mastodon.social2026-02-17 02:41:30
It's been a while but I was reminded that Java is shit.
Python is better, but has issues, mostly because of macOS.
And macOS permissions for user-created applications are a nightmare!
But a big, big thanks goes out to tools like Platypus.
"Platypus is a developer tool that creates native Mac applications from command line scripts such as shell scripts or Python, Perl, Ruby, Tcl, JavaScript and PHP programs."
@mgorny@social.treehouse.systems2026-03-24 14:29:27
#Python is just doing great. We're not having impossible constraints, as some projects need old #setuptools for pkg_resources, and other projects are starting to require newer setuptools for some fancy new features. And ofc after promising to release pkg_resources standalone over a month ago, setuptools upstream didn't deliver.
#Gentoo
@tinoeberl@mastodon.online2026-03-16 06:07:12
#Steady #Klimacrew
#BahnMonitor-Projekt: 2. Welche Architektur sollte der Bot haben?
Bevor es ans Coden geht, ist etwas Grübeln über eine sinnvolle Gliederung der Module ratsam. Wie sie…
@ellie@ellieayla.net2026-02-17 06:42:41
Finally put together type stubs for an old (last release 2017!) python library I've been depending on for years. And now wondering whether it would have been easier to just contribute types to the library directly. I thought it abandoned but then the maintainer responded up on an unrelated ticket.
(Though there's no CI infra actually working anymore. Makes testing contributions painful. Wonder whether building that first would be worthwhile & welcome...)
#python #packaging
@lpryszcz@genomic.social2026-03-11 16:04:05
python -c "import this"
The Zen of Python, by Tim Peters
Beautiful is better than ugly.
Explicit is better than implicit.
Simple is better than complex.
Complex is better than complicated.
Flat is better than nested.
Sparse is better than dense.
Readability counts.
Special cases aren't special enough to break the rules.
Although practicality beats purity.
Errors should never pass silently.
Unless explicitly silenced.…
@hynek@mastodon.social2026-03-19 15:34:36
And while we're releasing, here's a double-feature, mostly to avoid GitHub Actions complaining about deprecated actions:
- https://github.com/hynek/build-and-inspect-python-package/releases/tag/v2.15.0
-
@netzschleuder@social.skewed.de2026-03-17 17:00:06
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
@adlerweb@social.adlerweb.info2026-03-19 15:49:01
#Astral, die Firma hinter Python-Tools wie uv und ruff, wurde an #OpenAI abgegeben
https://astral.sh/blog/openai
@tinoeberl@mastodon.online2026-03-15 06:07:03
#Steady #Klimacrew
#BahnMonitor-Projekt: 1. Wie kommt man an Live-Daten der Deutschen Bahn?
Im November konnte ich per Zufall mit einem
@rasterweb@mastodon.social2026-03-10 20:14:18
@mgorny@social.treehouse.systems2026-02-17 13:30:33
Did you know that #PEP425 ("Compatibility Tags for Built Distributions") said:
> Why isn’t there a . in the Python version number?
>
> CPython has lasted 20 years without a 3-digit major release. This should continue for some time. Other implementations may use _ as a delimiter, since both - and . delimit the surrounding filename.
This didn't age well.
#Python
@netzschleuder@social.skewed.de2026-02-05 08:00:06
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
@fanf@mendeddrum.org2026-04-21 08:42:04
from my link log —
Plotnine: grammar of graphics for Python.
https://plotnine.org/
saved 2026-04-20 https://dotat.at/:/96VP8.html…
@netzschleuder@social.skewed.de2026-03-06 19:00:05
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
@rasterweb@mastodon.social2026-03-24 01:20:20
I was using the Python csv library for a script but decided I should dig into the pandas DataFrame stuff instead.
It was more complex, and it took me awhile to figure things out, and I had to read a bunch of web pages explaining things.
But in the end, I am 100% happy I did it that way.
I did not want to ask some AI/LLM for the answers, or to write the code for me.
Because for me, the struggle and the journey is part of creating something worthwhile.
@hynek@mastodon.social2026-04-15 04:42:31
I’m shocked I haven’t sold out PyTexas yet! What’s up Austin, I even got a fresh haircut! #Python
https://pretix.eu/pytexas/2026/
@mgorny@social.treehouse.systems2026-03-11 13:58:34
Fun case of circular logic in #Python #standards:
https://discuss.python.org/t/spaces-not-considered-a-valid-verbatim-character-for-glob-patterns/106463
1. Use "globs" in the specification.
2. Decide that "glob" may be ambiguous, so add severe restrictions on what's supported.
3. Because of the severe restrictions, people may have reinvented the wheel instead of using system `glob` module.
4. Since people may have used their custom implementations, just relaxing the spec is a problem.
@fanf@mendeddrum.org2026-04-20 11:42:02
from my link log —
Nornir: an automation framework in Python.
https://nornir.readthedocs.io/en/latest/
saved 2020-03-23 https://dotat.a…
@hynek@mastodon.social2026-04-13 17:49:06
Here’s stamina 26.1.0, my opinionated #Python retry package, that now supports more than 1024 retries for the cases when you need A LOT of stamina: https://github.com/hynek/stamina/releases/tag/26…
@mgorny@social.treehouse.systems2026-03-02 14:12:28
Oh, in other news, Wheel Variants (formerly PEP 817) is being split into smaller PEPs that will be easier to comprehend. The draft of the first split part, PEP 825, titled "Wheel Variants: Package Format" has been merged. We'd appreciate your feedback!
#Python #packaging
@hynek@mastodon.social2026-04-12 09:33:20
Maintainer friends of wheel-heavy #Python packages: do we already have some practical, standard way to automatically upload all the cibuildwheel output across all architectures? My current workflow is a) a pain in the ass and b) requires me to have one last PyPI upload token.
@mgorny@social.treehouse.systems2026-04-20 01:58:52
How to get a package removed from #Gentoo?
1. Add a new #NIH dependency.
2. The dependency turns out to use coherent.build. Nightmare! Oh, wait, apparently coherent.build generates source distributions that use flit.core (understandable; coherent.build is unusable).
3. The dependency depends on chardet (the project famous for GPL copywashing). Okay, technically it works with the older version, and the dependency is optional with poor person's fallback, so I guess it would be fine.
4. But hey, this package is not used by anything, and the last package using it in Gentoo was removed in 2020, after not being touched for 4 years already. Also, that package is not maintained upstream since 2017, so I guess there's negligible risk of it ever coming back.
#Python
@rasterweb@mastodon.social2026-02-14 12:21:40
I had a question about Olympic success and wealth, and I’m glad someone else did too. And, they brought all the Python!
https://towardsdatascience.com/the-price-of-gold-is-olympic-success-reserved-for-the-wealthy-adade0233d61/…
@hynek@mastodon.social2026-03-08 15:45:39
This is such an end of an era that fresh Python programmers can’t even fathom.
PyPy used to be our hope! No major Python conference that didn’t suggest that they’re gonna fix the GIL and make time go backwards. And yeah, it’s really fast! I suspect the money-backed focus on performance in CPython combined with the compat paper cuts PyPy always came with has sealed its fate. I‘ve watched its decline over the years so I’m not surprised, but damn.
@mgorny@social.treehouse.systems2026-04-15 05:00:43
The state of #security these days: #Python #virtualenv package now includes SHA256 sums of their bundled wheels, declaring that it protects against "supply-chain compromise". Because obviously there are so many attack vectors that permit you to alter a .whl file but not the .py file in the same directory.
No, I'm not saying verifying checksum makes no sense, because indeed it can save some pain if fs is damaged somehow. However, calling this a "security" feature is a misnomer at best, and openly giving people false sense of security at worst.
@rasterweb@mastodon.social2026-03-16 02:43:02
I’ve been working on some Python code for a few days now… just an hour or so in the evening as time allows. I could probably use some AI Slop Generator to quickly kick out what I need, but that’s not gonna happen.
No, Nope, No Way.
I actually *want* to write the code, and understand it, and know that every choice was mine, even if I make mistakes along the way.
If I publish it I want it to be from me, not from me and the AI Slop Generator and every codebase it ever stole …
@hynek@mastodon.social2026-03-19 17:53:32
since I see a lot of gloom re Astral x OpenAI:
⁃ Even if Astral actively (malice) or passively (neglect) ruins uv, Python packaging is 1000x better today than 2 yrs ago.
⁃ Ruff is nice but only nice to have—ty is barely usable. We'll be fine if they vanish today.
⁃ Channelling Buddhism: it’s OK when things change or go away! Expecting things to last forever is an unnecessary source of suffering. But, worst case is that we get the community-maintained pkg mgr you always w…
@mgorny@social.treehouse.systems2026-03-30 05:47:11
I'm looking at Repology, and I think most of the distributions and other downstreams have rightfully boycotted #Python #chardet #copywashing. Of course, there's the possibility that some of them are simply out-of-date, though.
So far chardet-7 is distributed by #Chromebrew, #CondaForge (not on Repology), #Homebrew, #KaOS, #OpenIndiana, #openmamba, #Ravenports, #Spack and #T2 SDE. Shame on you!
https://repology.org/project/chardet/versions
https://repology.org/project/python:chardet/versions
@mgorny@social.treehouse.systems2026-03-11 07:57:54
Always grateful for the new levels of stability and reliability that #RustLang rewrites of #Python stuff bring.
> a = Tibs.from_i(-1, 128)
^^^^^^^^^^^^^^^^^^^^
E pyo3_runtime.PanicException: attempt to negate with overflow
https://github.com/scott-griffiths/tibs/issues/1