Tootfinder

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

It strikes me that one of the things LLMs rob us of is the exact kind of serendipity that much of OSS relies on.
I was just looking something up on https://docs.python.org, which lead me to stumble on a line of documentation entirely irrelevant to what I was trying to do - But it caught my eye because…

A medical student reverse-engineered AI tools used by medical colleges on suspicion they were filtering his applications, highlighting AI-driven hiring concerns (Todd Feathers/Wired)
https://www.wired.com/story/he-couldnt-land-a-job-interview-was-ai-to-blame/

He Couldn’t Land a Job Interview. Was AI to Blame?
Armed with some Python and a white-hot sense of injustice, one medical student spent six months trying to figure out whether an algorithm trashed his job application.

At work @…, we are testing a new format where everyone from the support team has a one on one with everyone else. I created a python script to create the combinations and dates. At home, I thought it would be nice to make it easier to use and get back into learning Vue. I re-created the script as a tiny web app: MatchICS.
You enter a list of entities (people, t…

Noch ein paar der zuletzt hier besonders häufig geteilten #News:
„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python

„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python
Die Entdecker haben die root-Lücke im Linux-Kernel „Copy Fail“ getauft. Alle größeren Distributionen seit 2017 sind betroffen.

i'm so fucking sick of it
i've got ONE extremely simple and extremely explicit contribution rule/brown m&m test: do not delete the PR checklist
since i'm busy getting structlog out, I’ve let the attrs bug tracker a bit off the leash
go & count for yourself how many PRs opened in the past month followed that instruction.
(and of course, this is not about bureaucracy; they violate many of the important items on that list)

Pull requests · python-attrs/attrs
Python Classes Without Boilerplate. Contribute to python-attrs/attrs development by creating an account on GitHub.

So, decided to get them rookie `/queue` numbers up so did a quick bit of caching. For a 12-job queue, I went from 240 RPS (Python/Flask) to 680 (Golang/Gin) then to 3400 RPS with some proper caching. The `/workers` endpoint would benefit as well, but I think its performant enough though I may end up adding a bit of caching later.
#golang

Installing #Spyder on :nixos: #NixOS, ugh... 😩
• must use spyder from unstable, in stable it depends on insecure qtwebengine-5
• it runs, but the interactive terminal needs spyder_kernels module
• adding python3Packages.spyder-kernels to the python env, doesn't help
• putting pytho…

If uv is not available in a Python environment, you can still specify the versions using pylock.toml. We have described how to do this here: https://python-basics-tutorial.readthedocs.io/en/latest/libs/install.html#of-packages

Adding more Python libraries
Although Python’ „Batteries included“ philosophy means that you can already do a lot with the default installation of Python, there will inevitably come a situation where you need functionality tha...

A lot of open source projects take care to preserve compatibility with the past, so that changes do not break the projects of existing users.
But then there are others. In my list of "damn the past, full speed ahead on incompatible changes!!" are my most recent encounters:
- Python (not only was the Python 2 abandonment unforgivable and cost many of us a lot of useless conversion work, but the versions of Python 3 seem to change from one to the next to the degree that…

🛠️ Code generation with diff preview, cURL builder from captured requests, one-click request replay, VS Code-style command palette (Ctrl K), built-in Swagger UI & dark/light theme with PWA offline support
🌐 Language-agnostic API (#OpenAPI 3.1) - send debug data from #Python,

wtf does everytime a new v of #python is rolled out in linux distros, all virtual envs break, and i do have to rebuild them manually. we're now 13 minor versions since py v2.7 and everything became worse since then. i have a stable app, and if python would not fuck up this i would not have to touch it in a decade, but because of this, i feel like i'm in the java ecosystem where work is gener…

I tried to get someone’s Python code to work and could not due to errors and I did a few searches and then gave up.
I could try using some AI chatbot bullshit to help me out but fuck that… it’s easier to just give up and walk away. Oh well.

1. Do random changes to cython-test-exception-raiser, and commit them as "initial code".
2. Move the extension module from the package directory into top-level "raiser.*.so", for no apparent reason.
3. Switch to CalVer, so that #Twisted newer upgrades to the new releases (it pins to <2).
4. I file a bug, because I'd like to finally remove the old version from #Gentoo.
#Python

Mir fehlte ein simples Tetris ohne Werbung, Irgendwas-Mode und Krimskrams. Geht (dank Python und der sehr praktischen pyGame-Library) auch ohne Vibecoding. Auch wenn's trivial ist: das Gefühl, selbst eine gute Lösung gefunden zu haben, wie sich etwas programmieren lässt, ist immer noch ein sehr gutes ;)

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

Einige der zuletzt hier besonders häufig geteilten #News:
„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python

„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python
Die Entdecker haben die root-Lücke im Linux-Kernel „Copy Fail“ getauft. Alle größeren Distributionen seit 2017 sind betroffen.

> We introduce gpusnek, a fully functional Python interpreter ported to CUDA, enabling execution of arbitrary Python code directly on the GPU by running one whole interpreter on every CUDA core/thread. This is a tremendously bad idea, but for the duration of this paper we pretend that it is not
[Josef Dean in SIGBOVIK 2026]

Here’s my part in the great nogil/free-threading endeavor: build-and-inspect-python-package now will optionally add 3.14t and 3.15t to the generated matrix if a package indicates to support 3.14 or 3.15!
https://github.com/hynek/build-and-inspect-python-package…

Release v2.16.0 · hynek/build-and-inspect-python-package
Added New include-free-threaded input. When set to 'true', free-threaded Python siblings (for example, 3.14t) are included in the version outputs for Python 3.14 and later, inserted inline after e...

#Cython promises to make "writing #C extensions for Python as easy as #Python itself." The reality is: learn C's mental model, express it in Python syntax, and use a separate diagnostic tool to verif…

faster-python-bench/docs/cython-minefield.md at main · cemrehancavdar/faster-python-bench
Contribute to cemrehancavdar/faster-python-bench development by creating an account on GitHub.

A user at a client contacted me over what transpired to be them trying to install a python library on a machine (that didn’t have python installed) to run an AI tool at the direction of ChatGPT.
After *I* get it installed:
User: “Ok, how does it work?”
Me: 🤷🏻‍♀️ (╯°□°）╯︵ ┻━┻ “never seen it before”

#Steady #Klimacrew
#BahnMonitor-Projekt: 7. Zufall ist nicht gleich Zufall. 🤭
Nach der Verspätungsmeldung kommt ein Wissenshäppchen. Der

Python-Projekt mit Bahn-API: 7. JSON-Wissenshäppchen: Zufall clever gemacht
So ergänzt dein Python-Bot Mastodon-Posts mit JSON-Wissenshäppchen – zufällig ausgewählt und fair rotiert.

Sind User Sessions unter Python Web Frameworks wie Flask und FastAPI wirklich so beschissen, oder bilde ich mir das nur ein? Entweder es werden Session-Daten Client-seitig (signiert) in Cookies bzw. JWT gespeichert, oder die Server-seitigen Implementierungen brauchen aufgeblähte Datenbanken :(

#Python #Type Checker Comparison: Typing #Spec Conformance
https://…

@… Yes, for a Python tutorium.

Thonny, Python IDE for beginners
#IDEsofMarch #python

why can't a minor version change not be goddamn backward compatible ffs.
#python

Kafi Streams, built on (Py)DBSP, treats streaming like batch. Strongly consistent from day one. An open source Python library for the 80% of use cases that do not need extreme scale. Ralph Matthias Debusmann will be unveiling it at #bbuzz26.
Learn more: https://2026.berlinbuzzwords.de/session/kafi-streams-complex-stream-processing-made-simple/

➡️ PyPI · The Python Package Index
#bookmarks

It's always important to have a consistent #security policy.
For example, a policy of "If somebody filed a CVE, it's an important security issue, and we will fix it as such, no matter how meaningless the fix is. If nobody did, it's just a glorified bug fix, no matter how serious the bug was."
So we've just seen a #pip security release over "installing random packages can overwrite pip's files and pip can lazy-import some of them immediately afterwards", with a fix of "pip will no longer load them until you run it again" (leaving the underlying security issue of "any #Python package can override files installed by any other Python package" as intended behavior). As Eli Schwartz beautifully put it, you are not expected to be using the virtual environment; you should create it, install packages into it (at most once!), and then frame it and put it on the wall to admire.
Now we're seeing a "bug fix" for "malicious entry point names can write outside of virtual environment". If nobody filed a CVE, it's obviously not a security issue at all. At least upstream graced us with fixing it without correcting the spec to forbid that first.
https://github.com/pypa/pip/issues/14000

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

Is it only me, or has the hashtag #Python converted in to a LinkedIn-like wave of marketing bullshit? I really like Python, and use it a lot, but this is becoming unbearable.

Does VSCode (eg in pylance) have a feature to display a clickable link to the language standard library documentation (eg #python #vscode #askfedi

surely a project that starts with converting a python script from 2 to 3 cannot go wrong #academicChatter

Google releases macOS versions of AI Edge Gallery, which lets users run open models on their devices, and AI Edge Eloquent, an on-device voice dictation app (Google Developers Blog)
https://developers.googleblog.com/brin

Bringing Gemma 4 12B to your Laptop: Unlocking Local, Agentic Workflows with Google AI Edge- Google Developers Blog
Google DeepMind’s Gemma 4 12B model brings agentic, multimodal AI capabilities to everyday laptops with 16GB of RAM, enabling local data processing and visual insight generation. Users can leverage this model on macOS through the Google AI Edge Gallery for dynamic Python code execution and visualization, as well as via Google AI Edge Eloquent for completely offline voice dictation and text editing. Additionally, developer workflows are enhanced by the LiteRT-LM CLI's new serve command, which …

Falls ihr das #Python "dist"-Modul oder #Ansible nutzt und bei #Gentoo plötzlich für distribution/ansible_distribution/… falsche Werte erhaltet (z.B. ClearLinux):
Gentoo quo…

Now elementary-data has also been hit: for just under half a day, a malicious version 0.23.3 was available on PyPI, which had stolen credentials such as SSH keys, AWS login details, API tokens and wallet files. The attack was carried out via a script injection vulnerability in one of the GitHub Actions workflows. Cooldown helps protect against such attacks, as we have described here:

Apps
App projects are suitable for web servers, scripts and CLI. We can also create them with uv init --package: myapp/pyproject.toml, The pyproject.toml file contains a scripts entry point myapp:main: ...

@… Yeah the students use Windows, but I of course also need to be able to use the IDE that's established in the course 😅 Took my a tad longer that I'd have liked to get it running, but as usual with NixOS, I now have something reprodicible and who knows how often I might need just that.
Python's strict indenting also trips me up and …

Looks like there is another supply chain attack on open source, this time the #python based #litellm package. I had a look at the #github page and I can see over a thousand open pull requests and a core t…

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

from my link log —
Towards scalable dataframe systems.
https://arxiv.org/abs/2001.00888
saved 2026-03-29 https://dotat.at/:/6GM7U.html

Towards Scalable Dataframe Systems
Dataframes are a popular abstraction to represent, prepare, and analyze data. Despite the remarkable success of dataframe libraries in Rand Python, dataframes face performance issues even on moderately large datasets. Moreover, there is significant ambiguity regarding dataframe semantics. In this paper we lay out a vision and roadmap for scalable dataframe systems. To demonstrate the potential in this area, we report on our experience building MODIN, a scaled-up implementation of the most widel…

«YubiKey Manager — Sicherheitslücke ermöglicht Ausführung untergeschobenen Codes:
Yubico warnt vor einer Suchpfad-Schwachstelle im YubiKey Manager, libfido2 und python-fido2. Updates korrigieren die Fehler.»
Eine IT-Security Meldung die wirklich sicher ist und Updates nun wirklich sofort vor dem Wochenende gemacht werden müssen.
🔐

YubiKey Manager: Sicherheitslücke ermöglicht Ausführung untergeschobenen Codes
Yubico warnt vor einer Suchpfad-Schwachstelle im YubiKey Manager, libfido2 und python-fido2. Updates korrigieren die Fehler.

#Steady #Klimacrew
#BahnMonitor-Projekt: 5. Automatisierte Skripte brauchen Kontrolle – besonders bei API-Aufrufen.
Jetzt bekommt das

Python-Projekt mit Bahn-API: 5. Fehlerprotokollierung und Logfile
So richtest du Logging in deinem Python-Projekt ein: UTF-8-Logfile, CSV-Struktur, automatische Dateierstellung inklusive.

The #Gentoo #Python 3.14 switch / 3.11 3.13t removal PR is green. Doing some final testing locally before merging it (one that involves 350 "merge wait" packages, what could possibly go wrong…).
https://codeberg.org/gentoo/gentoo/pulls/1031

User A wrote a nifty little tool in Python. On Windows. Several weeks of work.
User B wants to use it as well.
They copy it, try to run it. Doesn't work.
Call me for help.
A: "It works on my machine. B must configure his python exactly like I do!"
Me: "Can't we run it in a virtual environment (venv). Or with a docker image?"
A: "Hm, I would have to learn how to do that. Is this really necessary?"
Me:

Moje nowe odkrycie https://marimo.io/ - pythonowe notebooki jako pliky .py .

Bardzo sprytne narzędzie. To, co zrobimy w "notebooku" możemy też od razu jako skrypt uruchamiać.

#python #notebooks

I’d like to announce the most unlikely #Python package release:
service-identity 26.1.0, the best way to verify if a certificate is valid for a hostname, IP, or URI is out!
The main change is that we were able to switch from pyasn1 (thank you for more than a decade of great service! 🫡💛) to do everything within PyCA's cryptography.

Release 26.1.0 · pyca/service-identity
Highlights The true highlight is that thanks to cryptography 47, we can drop two dependencies (that have served use very well for more than a decade; thank you so much pyasn1 maintainers!). Full c...

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

“they stole my apes, Odo” — Still relevant
“I SEEM TO RECALL YOU TAKING GREAT GLEE IN EXPLAINING THAT CENTRALISED PLATFORMS WERE OBSOLETE THANKS TO NFT'S.”
“WELL-”
“BUT NOW YOU WANT THE AUTHORITIES HELP IN POLICING THE SALE OF THESE…THINGS.”
https://mastodon.social/@Wraithe/11159

Läufer knipste Python - Würgeschlange mitten in der Steiermark gesichtet #News #Nachrichten

Analysis: the share of entry-level hiring in India's tech sector fell to ~15% in 2025 from 28% in 2024 as companies shifted focus to AI and automation roles (Tanya Pandey/The Economic Times)
https://economictimes.i…

India’s tech sector grows with fewer freshers as AI reshapes hiring
The share of entry-level hiring in the sector has fallen to around 15% in 2025 from 28% in 2024 as companies focus more on AI, cloud, cybersecurity and automation-focused roles. Emerging technology roles account for nearly 52% of hiring demand and are expected to touch 60% by the end of 2026, signalling a broader shift away from campus-led pyramid hiring model, experts said.

Agent libOS: A Library-OS-Inspired Runtime for Long-Running, Capability-Controlled LLM Agents
Yingqi Zhang
https://arxiv.org/abs/2606.03895 https://arxiv.org/pdf/2606.03895 https://arxiv.org/html/2606.03895
arXiv:2606.03895v1 Announce Type: new
Abstract: Large language model (LLM) agents are evolving from request-response assistants into long-running software actors: they maintain state across model calls, fork subtasks, wait for external events, request human authority, generate tools, and perform side effects that must be resumed and audited. This paper presents Agent libOS, a library-OS-inspired runtime substrate for LLM agents. Agent libOS runs above a conventional host operating system; it does not implement hardware drivers, kernel-mode isolation, or a POSIX-compatible operating system. Instead, it treats an agent as an AgentProcess: a schedulable execution subject with process identity, parent-child lineage, lifecycle state, a tool table derived from an AgentImage, typed Object Memory, explicit capabilities, human queues, checkpoints, events, and audit records. Its central design rule is tools are libc-like wrappers; runtime primitives are the authority boundary. Filesystem access, object access, sleeps, human approval, JIT tool registration, and external side effects are checked at primitive boundaries under explicit capabilities and policy.
We describe the design, threat model, Python prototype, and safety-oriented evaluation. The current prototype implements async scheduling, namespace-local Object Memory, runtime-integrated human approval, one-shot permission grants, per-process working directories, shell and image-registration primitives, Deno/TypeScript JIT tools over a libOS syscall broker, filesystem/object bridge tools, an injectable Resource Provider Substrate, deterministic demos, real-model smoke scripts, and 123 regression tests at the time of writing. Rather than improving planner accuracy, Agent libOS demonstrates a runtime substrate in which long-running LLM agents can be scheduled, authorized, resumed, and audited without treating tool dispatch as the trust boundary.
toXiv_bot_toot

Video tutorials for modern ideas and open source tools. #python

Code. Simply. Clearly. Calmly.
Short and simple video lessons that start from scratch. Tools and thoughts that might make your professional life more enjoyable.

My current task for our #VFXPipeline is to accomodate Windows users in a Linux pipeline. Easiest option: give every Photoshop artist a Linux workstation for Nuke. Seems to be a common thing. But out of curiosity (and to be prudent with hardware) I‘m trying to get everything working on Windows. A constant source of sadness I have to say, worse than UTF8 strings in Python 2.

Idea: statically typed language (or Python type checker?) Where types aren't declared, but can only be assigned by providing tests/examples that use that type. Examples could provide explicit type info where necessary, but code could not.
If it's not documented with an example, it's not safe to use with those types.

@… thanks!
Marimo OSS Python Notebook RCE: From Disclosure to Exploitation in Under 10 Hours | Sysdig — <https://www.

One last example:
The first LLM code example that really made my eyes pop was early after the release of GPT, when somebody got it to combine Breakout with Conway’s Game of Life (a truly delightful idea). It worked!
Funny thing: the Breakout code and the Life code had a •completely• different style and flavor. Red flag. In about 15 minutes of web searching, I was able to find one of the projects (can’t remember if it was the Breakout or the Life half) which it had copied wholesale, with just a few variable renames. And the other half? It was in Python, but it used dictionaries where it really should have used objects — tons of `thing["prop"]` where it should have said `thing.prop`, and lots of other un-Pythonic stuff besides. It was a machine translate of code from another language, very likely Javascript.
The entire thing was a plagiarized Breakout and a plagiarized Game of Life, one transpiled, and all stuck together in a single run loop. To be fair, figuring out how to (1) run both halves of the logic from a single loop and (2) count the Life cells as Breakout bricks is work I'd cheer on from a second-semester intro CS student! It's not, however, quite what's being sold by these companies.
6/

I think we should EOL #Python versions more often. This triggers not-very-active projects to finally make a release, including another batch of releases today (apparently 6 months mark). Unlike, I don't know, bug fixes.
#Gentoo

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

I do not get how Python's math.modf works...
Why do I get all the zeros or nines?
4.4 | 4.0 | 0.40000000000000036
4.5 | 4.0 | 0.5
4.6 | 4.0 | 0.5999999999999996
I can fix it with... more math, but maybe I am doing something wrong?
#python #math

(I suspect the crowd on the fediverse will skew towards “yeah duh” on what I’m about to say - But I think there’s still value in saying it out loud)
As a Very Serious Enterprise Software Consultant I’m quite used to the lead time for running software to be Quite Long, for various Reasons.
So tonight for a change, I fired up my computer, opened up a new file with nano (Sorry vi vs. emarcs warriors) and just like… typed some python?

Integration in Codex: OpenAI übernimmt das Start-up Astral
OpenAI baut mit der Übernahme des Python-Tool-Entwicklers Astral das Engagement im Bereich Coding weiter aus und will seine Codex-Plattform weiterentwickeln.

#Steady #Klimacrew
#BahnMonitor-Projekt: 3. Klappt der erste Zugriff auf die Bahn-API?
Im nächsten Schritt wurde die API-Abfrage getestet udn geprüft, ob die zurückgelieferten Datenstru…

Python-Projekt mit Bahn-API: 3. Erste Tests mit API-Abfrage
Erfahre, wie du Bahn-API-Antworten in Python einliest, analysierst und debugst – mit Tipps zur Konsolenausgabe und Codeanpassung.

#ZenOfAICoding: 16 theses on the future of #softwaredevelopment in the #AI era — a homage to the Zen of

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

from my link log —
Someone’s been messing with Python’s floating point subnormals!
https://moyix.blogspot.com/2022/09/someones-been-messing-with-my-subnormals.html
saved 2022-09-06

Someone’s Been Messing With My Subnormals!
TL;DR: After noticing an annoying warning, I went on an absurd yak shave, and discovered that because of a tiny handful of Python packages b...

0 days since we went from "we should replace `setup.py` with a bunch of standardized #PEP517 backends" to "every package must have its own local PEP517 backend".
#Python

#Steady #Klimacrew
#BahnMonitor-Projekt: 2. Welche Architektur sollte der Bot haben?
Bevor es ans Coden geht, ist etwas Grübeln über eine sinnvolle Gliederung der Module ratsam. Wie sie…

Python-Projekt mit Bahn-API: 2. Architekturentwurf
Architektur eines Python-Projekts zur Analyse von ICE-Verspätungen via Bahn-API – mit ChatGPT und strukturierter Code-Aufteilung.

in a world of omnipresent shitty and baity talk/blog/video titles, I cannot appreciate @… 's talk enough:
"How to give your Python code to someone else”
It's perfect. 🥹
https://…

How to give your Python code to someone else
You've written some Python code. It works great on your machine. Now you want someone else to use that code. … Presented by: Russell Keith-Magee

OpenAI agrees to acquire Astral, which makes Python tools for developers, to integrate its team into Codex, and says Codex has 2M users, up 3x since January (Agnee Ghosh/Bloomberg)
https://www.bloomberg.com/news/articles/20

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

> No significant changes.
Looks inside.
> Significant changes.
#Python

#Steady #Klimacrew
#BahnMonitor-Projekt: 1. Wie kommt man an Live-Daten der Deutschen Bahn?
Im November konnte ich per Zufall mit einem

Python-Projekt mit Bahn-API: 1. Zugang einrichten
Entdecke, wie du mit Visual Studio Code und ChatGPT ein Python-Projekt realisierst – inklusive Vibe Coding und Bahn-API-Zugriff.

Here's two examples of running command line stuff on iOS via Apple Shortcuts and a-Shell.
One shows the uptime of my phone, the other runs a Python script and shows the output.
#iOS #apple #python

Starlette, an open-source Python framework underpinning FastAPI, has a vulnerability, called BadHost, that can allow hackers to bypass authorization (Dan Goodin/Ars Technica)
https://arstechnica.com/information-te

Millions of AI agents imperiled by critical vulnerability in open source package
BadHost" was found in Starlette, a package with 325 million weekly downloads.

from my link log —
Inside SPy: language semantics for a statically-typed compiled variant of Python.
https://antocuni.eu/2026/03/25/inside-spy-part-2-language-semantics/
saved 2026-05-23

Inside SPy, part 2: Language semantics
Language semantics: phases of execution, redshifting, static typing, and metaprogramming in SPy

#TGIQF: „Das Leben des Brian“ — Das Quiz rund zu Monty Pythons Filmklassiker
Die Komödie "Das Leben des Brian" sorgte 1979 für reichlich Gelächter und kirchliche Pikiertheit. Wir würdigen den Monty-Python-Klassiker mit einem Quiz.

#TGIQF: Das Quiz rund um „Das Leben des Brian“
Die Komödie "Das Leben des Brian" sorgte 1979 für reichlich Gelächter und kirchliche Pikiertheit. Wir würdigen den Monty-Python-Klassiker mit einem Quiz.

And while we're releasing, here's a double-feature, mostly to avoid GitHub Actions complaining about deprecated actions:
- https://github.com/hynek/build-and-inspect-python-package/releases/tag/v2.15.0
-

#Python is just doing great. We're not having impossible constraints, as some projects need old #setuptools for pkg_resources, and other projects are starting to require newer setuptools for some fancy new features. And ofc after promising to release pkg_resources standalone over a month ago, setuptools upstream didn't deliver.
#Gentoo

➡️ Beautiful Soup - Python Screen-Scraping
#bookmarks

Fun case of circular logic in #Python #standards:
https://discuss.python.org/t/spaces-not-considered-a-valid-verbatim-character-for-glob-patterns/106463
1. Use "globs" in the specification.
2. Decide that "glob" may be ambiguous, so add severe restrictions on what's supported.
3. Because of the severe restrictions, people may have reinvented the wheel instead of using system `glob` module.
4. Since people may have used their custom implementations, just relaxing the spec is a problem.

from my link log —
Plotnine: grammar of graphics for Python.
https://plotnine.org/
saved 2026-04-20 https://dotat.at/:/96VP8.html…

Plotnine

I’m shocked I haven’t sold out PyTexas yet! What’s up Austin, I even got a fresh haircut! #Python
https://pretix.eu/pytexas/2026/

PyTexas 2026
April 17 – 19, 2026

Two versions of LiteLLM, an interface for accessing LLMs, have been removed from PyPI after a supply chain attack injected them with credential-stealing code (Thomas Claburn/The Register)
https://www.theregister.com/2026/03/24/trivy_compromise_litellm/

LiteLLM loses game of Trivy pursuit, gets compromised
: Python interface for LLMs infected with malware via polluted CI/CD pipeline

I've been sad about the upcoming removal of #PyPy from #Gentoo, but given how many regressions I've been seeing recently in a variety of #Python packages, I'm eagerly waiting for the day when I'll remove the support and be able to stop having to deal with the test failures somehow. Not that at this point any other way of dealing besides skipping them makes any sense.

I was using the Python csv library for a script but decided I should dig into the pandas DataFrame stuff instead.
It was more complex, and it took me awhile to figure things out, and I had to read a bunch of web pages explaining things.
But in the end, I am 100% happy I did it that way.
I did not want to ask some AI/LLM for the answers, or to write the code for me.
Because for me, the struggle and the journey is part of creating something worthwhile.

Here’s stamina 26.1.0, my opinionated #Python retry package, that now supports more than 1024 retries for the cases when you need A LOT of stamina: https://github.com/hynek/stamina/releases/tag/26…

Release 26.1.0 · hynek/stamina
Highlights stamina now allows more than 1024 retries by handling overflows and warns on a footgun. Full changelog below! Special Thanks This release would not be possible without my generous sponso...

If #Python package releases continue at this rate, I'm going to have to start getting up earlier.
Or just stop doing all of them in the morning.
#Gentoo

Maintainer friends of wheel-heavy #Python packages: do we already have some practical, standard way to automatically upload all the cibuildwheel output across all architectures? My current workflow is a) a pain in the ass and b) requires me to have one last PyPI upload token.

> #Python Stable ABI
> makes extensions unstable (they start segfaulting)
https://github.com/pikepdf/pikepdf/issues/723#issuecomment-4507472913

Well, we've finally packaged #Valkey (another #Redis fork) in #Gentoo, along with its #Python bindings.
Not that we wanted to, but #FakeRedis now started requiring it for tests so heavily that it was too much effort to patch it out. Just to be clear, it just requires the Python bindings, because its test suite happily runs against either Redis or Valkey, and literally doesn't support testing against both simultaneously. But to add the bindings, we needed the database to test them against. And since I've added the package too, I've put a lot of effort (and swearing) to test FakeRedis against both servers.
Should you be using Valkey? Well, let's put it like this. You shouldn't be using Redis, because it's enterprise quality shit. Valkey is roughly what happens when you fork enterprise quality shit and have no clue what you're doing. Though you are able to mostly get renaming right (one valkey-py test failed over the server calling itself "Valkey" rather than "Redis").
Disclaimer: I've only looked at the Python bindings. Maybe the maintainers are more knowledgeable with the server itself.

This is such an end of an era that fresh Python programmers can’t even fathom.
PyPy used to be our hope! No major Python conference that didn’t suggest that they’re gonna fix the GIL and make time go backwards. And yeah, it’s really fast! I suspect the money-backed focus on performance in CPython combined with the compat paper cuts PyPy always came with has sealed its fate. I‘ve watched its decline over the years so I’m not surprised, but damn.

Always appreciate #Python package developers being responsible about API stability, and… [checks notes]… raising the major version number over a "minor API tweak", then delaying the release until a security fix demanded one.
#packaging

Yes, please reinvent more wheels by rewriting #Python logic in #RustLang. What could possibly go wrong?!
https://github.com/awolverp/cachebox/issues/51

How to get a package removed from #Gentoo?
1. Add a new #NIH dependency.
2. The dependency turns out to use coherent.build. Nightmare! Oh, wait, apparently coherent.build generates source distributions that use flit.core (understandable; coherent.build is unusable).
3. The dependency depends on chardet (the project famous for GPL copywashing). Okay, technically it works with the older version, and the dependency is optional with poor person's fallback, so I guess it would be fine.
4. But hey, this package is not used by anything, and the last package using it in Gentoo was removed in 2020, after not being touched for 4 years already. Also, that package is not maintained upstream since 2017, so I guess there's negligible risk of it ever coming back.
#Python

The state of #security these days: #Python #virtualenv package now includes SHA256 sums of their bundled wheels, declaring that it protects against "supply-chain compromise". Because obviously there are so many attack vectors that permit you to alter a .whl file but not the .py file in the same directory.
No, I'm not saying verifying checksum makes no sense, because indeed it can save some pain if fs is damaged somehow. However, calling this a "security" feature is a misnomer at best, and openly giving people false sense of security at worst.

#Python #cryptography library (yes, the one that criticizes everything and everyone) is now vibecoded. Our future is truly bright!
Noticed because apparently "Claude" wrote a test that OOM-ed my system. But hey, #RustLang protects against memory errors, so it's fine to vibecode your security critical components.
#security #AI #LLM #NoAI #NoLLM

One of my strong suites in all the packaging work is the knowledge in my head.
"Why don't you write it down for others to benefit from, then?", you'd ask.
The thing is, this knowledge is basically "hot cache". I'm bumping hundreds of #Python packages in #Gentoo, so I remember stuff. And because of that, I can quickly notice some things or answer some questions.
If that were written down, the effort needed to find it would diminish all the gain. I mean, technically *it is* already written down, and the whole point is that I have it "cached".

Always grateful for the new levels of stability and reliability that #RustLang rewrites of #Python stuff bring.
> a = Tibs.from_i(-1, 128)
^^^^^^^^^^^^^^^^^^^^
E pyo3_runtime.PanicException: attempt to negate with overflow
https://github.com/scott-griffiths/tibs/issues/1