Tootfinder

Opt-in global Mastodon full text search. Join the index!

@mgorny@social.treehouse.systems
2026-07-04 13:51:09

And the next big blocker for #Python 3.15 in #Gentoo is time-machine. Which is obviously broken. There's a patch but it's #slop and complex, and it's sitting for 3 months already with no reply. Because obviously patching CPython internals is so much a better idea than freezegun ever were. All these time-based tests need all the ricing you can get; portability doesn't matter.
github.com/adamchainz/time-mac

@tinoeberl@mastodon.online
2026-07-03 15:17:02

#Steady #Klimacrew
Wie lassen sich #Wechselrichterdaten vom APsystems EZ1 lokal speichern?
Für statistische Auswertungen müssen alle Daten kontinuierlich gespeichert werden. Wie…

@hynek@mastodon.social
2026-06-03 04:43:34

i'm so fucking sick of it
i've got ONE extremely simple and extremely explicit contribution rule/brown m&m test: do not delete the PR checklist
since i'm busy getting structlog out, I’ve let the attrs bug tracker a bit off the leash
go & count for yourself how many PRs opened in the past month followed that instruction.
(and of course, this is not about bureaucracy; they violate many of the important items on that list)

@heiseonline@social.heise.de
2026-05-01 16:00:34

Noch ein paar der zuletzt hier besonders häufig geteilten #News:
„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python

@veit@mastodon.social
2026-07-01 06:56:09

On my way to a flying visit to Berlin. Tomorrow, the Python Users Berlin (@…) are meeting for a talk by Sam Bail on PySpark: meetup.com/python-users-berlin

@emilis@social.linux.pizza
2026-07-04 16:29:05

Who thought it was a good idea to put spinners in a shell script?
`pip install` has been running for a few minutes now at 100% CPU and all progress I see is an effing spinner on the last line.
Had to look at process list to see it's not stuck.
#python #pip

@karlauerbach@sfba.social
2026-06-03 17:23:56

A lot of open source projects take care to preserve compatibility with the past, so that changes do not break the projects of existing users.
But then there are others. In my list of "damn the past, full speed ahead on incompatible changes!!" are my most recent encounters:
- Python (not only was the Python 2 abandonment unforgivable and cost many of us a lot of useless conversion work, but the versions of Python 3 seem to change from one to the next to the degree that…

@netzschleuder@social.skewed.de
2026-06-01 11:00:06

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
networks.sk…

python_dependency: Python Dependency Network. 58743 nodes, 108399 edges. https://networks.skewed.de/net/python_dependency
@stf@chaos.social
2026-05-03 13:50:18

wtf does everytime a new v of #python is rolled out in linux distros, all virtual envs break, and i do have to rebuild them manually. we're now 13 minor versions since py v2.7 and everything became worse since then. i have a stable app, and if python would not fuck up this i would not have to touch it in a decade, but because of this, i feel like i'm in the java ecosystem where work is gener…

@rasterweb@mastodon.social
2026-06-05 14:41:30

I tried to get someone’s Python code to work and could not due to errors and I did a few searches and then gave up.
I could try using some AI chatbot bullshit to help me out but fuck that… it’s easier to just give up and walk away. Oh well.

@frankel@mastodon.top
2026-06-26 17:01:54

PEP 832 – Virtual environment discovery
#python

@michabbb@social.vivaldi.net
2026-07-04 01:55:57

🧩 Rich plugin ecosystem: hundreds of plugins run tasks anywhere — local, SSH, #Docker, #Kubernetes or serverless task runners — and code in any language including #Python, Node.js, R, Go and S…

@gray17@mastodon.social
2026-06-02 18:41:15

> We introduce gpusnek, a fully functional Python interpreter ported to CUDA, enabling execution of arbitrary Python code directly on the GPU by running one whole interpreter on every CUDA core/thread. This is a tremendously bad idea, but for the duration of this paper we pretend that it is not
[Josef Dean in SIGBOVIK 2026]

@heiseonline@social.heise.de
2026-04-30 15:45:34

Einige der zuletzt hier besonders häufig geteilten #News:
„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python

@Techmeme@techhub.social
2026-06-04 00:36:01

Google releases macOS versions of AI Edge Gallery, which lets users run open models on their devices, and AI Edge Eloquent, an on-device voice dictation app (Google Developers Blog)
developers.googleblog.com/brin

@veit@mastodon.social
2026-06-01 05:42:17

If uv is not available in a Python environment, you can still specify the versions using pylock.toml. We have described how to do this here: python-basics-tutorial.readthe

@andres4ny@social.ridetrans.it
2026-07-04 03:06:11

Yes, I abuse f-strings in python because "print(f'" will always make more sense to my C-poisoned brain than "print('".

@mgorny@social.treehouse.systems
2026-07-04 04:49:14

#Python Hypothesis package now requires #RustLang. This is a scale of reverse dependencies I can't handle. I guess this means it's the end of WD40 profiles on #Gentoo, and therefore the end of support for Alpha, ARM<v6, HPPA, M68k, i486 and some other random subsets of architectures and profiles. Thanks for all the fish, etc.
github.com/HypothesisWorks/hyp

@stf@chaos.social
2026-05-03 13:51:08

why can't a minor version change not be goddamn backward compatible ffs.
#python

@berlinbuzzwords@floss.social
2026-06-03 06:45:13

Kafi Streams, built on (Py)DBSP, treats streaming like batch. Strongly consistent from day one. An open source Python library for the 80% of use cases that do not need extreme scale. Ralph Matthias Debusmann will be unveiling it at #bbuzz26.
Learn more: 2026.berlinbuzzwords.de/sessio

@netzschleuder@social.skewed.de
2026-06-28 23:00:07

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
networks.sk…

python_dependency: Python Dependency Network. 58743 nodes, 108399 edges. https://networks.skewed.de/net/python_dependency
@wraithe@mastodon.social
2026-04-30 19:36:08

A user at a client contacted me over what transpired to be them trying to install a python library on a machine (that didn’t have python installed) to run an AI tool at the direction of ChatGPT.
After *I* get it installed:
User: “Ok, how does it work?”
Me: 🤷🏻‍♀️ (╯°□°)╯︵ ┻━┻ “never seen it before”

@rasterweb@mastodon.social
2026-06-30 04:00:01

➡️ Python f-string Tips & Cheat Sheets
#bookmarks

@mgorny@social.treehouse.systems
2026-07-02 13:13:26

#TIL that the Python Pillow library uses the PING command as a #Windows equivalent of sleep.
#cmd

@frankel@mastodon.top
2026-06-23 09:13:33

#Python 3.15 #Lazy #Imports: Faster Startup Times and the Design Behind PEP 810

@Techmeme@techhub.social
2026-06-24 15:56:24

Nature publishes a peer-reviewed paper alleging that Microsoft's 2025 quantum breakthrough claims were based on "basic Python errors" and data cherry-picking (Thomas Claburn/The Register)
theregiste…

@netzschleuder@social.skewed.de
2026-05-27 17:00:06

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
networks.sk…

python_dependency: Python Dependency Network. 58743 nodes, 108399 edges. https://networks.skewed.de/net/python_dependency
@hynek@mastodon.social
2026-05-30 12:08:13

I’d like to announce the most unlikely #Python package release:
service-identity 26.1.0, the best way to verify if a certificate is valid for a hostname, IP, or URI is out!
The main change is that we were able to switch from pyasn1 (thank you for more than a decade of great service! 🫡💛) to do everything within PyCA's cryptography.

@cdonat@hostsharing.coop
2026-05-25 12:12:44

Is it only me, or has the hashtag #Python converted in to a LinkedIn-like wave of marketing bullshit? I really like Python, and use it a lot, but this is becoming unbearable.

@adlerweb@social.adlerweb.info
2026-04-23 09:04:15

Falls ihr das #Python "dist"-Modul oder #Ansible nutzt und bei #Gentoo plötzlich für distribution/ansible_distribution/… falsche Werte erhaltet (z.B. ClearLinux):
Gentoo quo…

@guerda@ruhr.social
2026-06-21 13:05:45

Discovered a segfault in #FastAPI very strange, does only happen on MacOS with Python 3.14.0 ALPHA
The reason was that I was unaware that I ran an alpha version of Python 3.14.
FastAPI segfaults with Python 3.14.0 on MacOS · fastapi/fastapi · Discussion #15819

@rasterweb@mastodon.social
2026-05-28 04:58:41

➡️ PyPI · The Python Package Index
#bookmarks

@arXiv_csOS_bot@mastoxiv.page
2026-06-03 07:36:32

Agent libOS: A Library-OS-Inspired Runtime for Long-Running, Capability-Controlled LLM Agents
Yingqi Zhang
arxiv.org/abs/2606.03895 arxiv.org/pdf/2606.03895 arxiv.org/html/2606.03895
arXiv:2606.03895v1 Announce Type: new
Abstract: Large language model (LLM) agents are evolving from request-response assistants into long-running software actors: they maintain state across model calls, fork subtasks, wait for external events, request human authority, generate tools, and perform side effects that must be resumed and audited. This paper presents Agent libOS, a library-OS-inspired runtime substrate for LLM agents. Agent libOS runs above a conventional host operating system; it does not implement hardware drivers, kernel-mode isolation, or a POSIX-compatible operating system. Instead, it treats an agent as an AgentProcess: a schedulable execution subject with process identity, parent-child lineage, lifecycle state, a tool table derived from an AgentImage, typed Object Memory, explicit capabilities, human queues, checkpoints, events, and audit records. Its central design rule is tools are libc-like wrappers; runtime primitives are the authority boundary. Filesystem access, object access, sleeps, human approval, JIT tool registration, and external side effects are checked at primitive boundaries under explicit capabilities and policy.
We describe the design, threat model, Python prototype, and safety-oriented evaluation. The current prototype implements async scheduling, namespace-local Object Memory, runtime-integrated human approval, one-shot permission grants, per-process working directories, shell and image-registration primitives, Deno/TypeScript JIT tools over a libOS syscall broker, filesystem/object bridge tools, an injectable Resource Provider Substrate, deterministic demos, real-model smoke scripts, and 123 regression tests at the time of writing. Rather than improving planner accuracy, Agent libOS demonstrates a runtime substrate in which long-running LLM agents can be scheduled, authorized, resumed, and audited without treating tool dispatch as the trust boundary.
toXiv_bot_toot

@arXiv_physicsgeoph_bot@mastoxiv.page
2026-07-03 07:55:20

Joint elastic full waveform inversion of multi-component geophone and distributed acoustic sensing data
Hoang Anh Nguyen, Ali Tura
arxiv.org/abs/2607.01649 arxiv.org/pdf/2607.01649 arxiv.org/html/2607.01649
arXiv:2607.01649v1 Announce Type: new
Abstract: Joint full waveform inversion (FWI) of distributed acoustic sensing (DAS) and ocean-bottom node (OBN) data typically requires converting measured strain to particle velocity, introducing numerical noise and spectral distortion. To eliminate this, we present an elastic multi-parameter FWI framework using a velocity-stress-strain (VSS) formulation that directly models pressure, particle velocity, and gauge-length-averaged DAS strain from a single forward simulation. Data residuals are injected additively into a single backward simulation, making computational cost independent of the active sensor subsets. We benchmark individual and combined datasets on cross-talk and elastic Marmousi models. Our results show that joint inversion recovers elastic parameters more accurately than single deployments when the sensors offer complementary information. Specifically, pairing two-component geophones with a deviated borehole DAS cable yields the most accurate parameter recovery and mitigates inter-parameter cross-talk by providing a distinct physical observable and complementary depth aperture. We release our implementation as xFWI, an open-source, Devito-based Python package for scalable, multi-deployment inversions.
toXiv_bot_toot

@arXiv_physicscompph_bot@mastoxiv.page
2026-07-03 09:03:49

Replaced article(s) found for physics.comp-ph. arxiv.org/list/physics.comp-ph
[1/1]:
- Walking on Spheres and Talking to Neighbors: Variance Reduction for Laplace's Equation
Michael Czekanski, Benjamin Faber, Margaret Fairborn, Adelle Wright, David Bindel
arxiv.org/abs/2404.17692 mastoxiv.page/@arXiv_physicsco
- From Experiments to Expertise: Scientific Knowledge Consolidation for AI-Driven Computational Phy...
Haonan Huang
arxiv.org/abs/2603.13191 mastoxiv.page/@arXiv_physicsco
- Grounded autonomous scrutiny at scale: emergent critique from reproduction of published computati...
Haonan Huang
arxiv.org/abs/2604.12198 mastoxiv.page/@arXiv_physicsco
- libwignernj: a reusable C/C /Fortran/Python library for exact Wigner symbols and related coeffic...
Susi Lehtola
arxiv.org/abs/2605.06634 mastoxiv.page/@arXiv_physicsco
- An Overview of Relativistic Particle Pushers and their Extension to Arbitrary Order Accuracy
Holger Schmitz
arxiv.org/abs/2603.06509 mastoxiv.page/@arXiv_physicspl
- paces: Parallelized Application of Co-Evolving Subspaces, a method for computing quantum dynamics...
R. Kevin Kessing
arxiv.org/abs/2603.07341 mastoxiv.page/@arXiv_quantph_b
- Topology of Plasma Wakefields Driven by Two Color Laguerre Gaussian Laser Pulses
Saumya Singh, Dinkar Mishra, Shivani Aggarwal, Bhupesh Kumar, Pallavi Jha
arxiv.org/abs/2605.18336 mastoxiv.page/@arXiv_physicspl
- Resolved Anderson localization of light in dense three-dimensional dielectric disorder
Yevgen Grynko, Jens F\"orstner
arxiv.org/abs/2605.25098 mastoxiv.page/@arXiv_physicsop
- A Reproducible Benchmark and Evidence-Retrieval Software Framework for Silicon Detector R&D Liter...
Tianqi Gao, Ruobing Jiang, Dawei Fu, Qiang Li, Matthew Kenzie
arxiv.org/abs/2606.24725
- Probing Light-Matter Interaction with Topological Data Analysis
Timothy Holt, Maxim Goryachev, Jeremy Bourhill
arxiv.org/abs/2606.30007 mastoxiv.page/@arXiv_physicsap
toXiv_bot_toot

@mgorny@social.treehouse.systems
2026-06-30 13:07:57

The conclusion from a big #Python 3.15 #Gentoo porting run today: the most common kind of #NIH Python package is one providing colorful output on the terminal…

@theodric@social.linux.pizza
2026-06-30 22:53:13

ESPHome > reading other people's brainwormed C and turning it into Python to run on the Pi3 I have in the shed and then wondering why the fuck it broke after a sysupgrade

@avstockhausen@fedihum.org
2026-06-10 11:00:02

Bookmarked: Phillip B. Ströbel: Von der Pythia zu Python. Einführung in die Programmierung für die Geschichtsforschung #Jupyter

@heiseonline@social.heise.de
2026-06-11 14:07:00

heise | Grundlagen in Python: Dictionarys meistern und Daten effizient organisieren
Mit Schlüssel-Wert-Paaren lassen sich Daten clever strukturieren. Wir zeigen, wie Sie Python-Dictionarys effizient erstellen und steuern.

@veit@mastodon.social
2026-04-30 14:10:02

Now elementary-data has also been hit: for just under half a day, a malicious version 0.23.3 was available on PyPI, which had stolen credentials such as SSH keys, AWS login details, API tokens and wallet files. The attack was carried out via a script injection vulnerability in one of the GitHub Actions workflows. Cooldown helps protect against such attacks, as we have described here:

@kubikpixel@chaos.social
2026-04-17 15:15:02

«YubiKey Manager — Sicherheitslücke ermöglicht Ausführung untergeschobenen Codes:
Yubico warnt vor einer Suchpfad-Schwachstelle im YubiKey Manager, libfido2 und python-fido2. Updates korrigieren die Fehler.»
Eine IT-Security Meldung die wirklich sicher ist und Updates nun wirklich sofort vor dem Wochenende gemacht werden müssen.
🔐

@grahamperrin@bsd.cafe
2026-06-28 16:50:19

@… @… @…
An ideal is that it should not happen.
The reality might be Python-related in…

@grumpybozo@toad.social
2026-06-14 23:12:55

RE: seattle.pink/@mxchara/11675012
The fact that (so far) Python is in the lead makes me sad.
Python is unfit for system administration. You’ll only convince me otherwise when every fucking Python program doesn’t need its own bespoke …

@fanf@mendeddrum.org
2026-05-27 11:42:02

from my link log —
Someone’s been messing with Python’s floating point subnormals!
moyix.blogspot.com/2022/09/som
saved 2022-09-06

@rasterweb@mastodon.social
2026-06-29 04:00:03

➡️ fstring.help: Python f-string Guide
#bookmarks

@tinoeberl@mastodon.online
2026-07-04 15:17:01

#Steady #Klimacrew
Wie kann man die tägliche #Solarstromproduktion automatisiert auf #Mastodon

@mgorny@social.treehouse.systems
2026-06-29 12:42:29

I have a #Python favor to ask. Could someone look at Python 3.15 test failures in itsdangerous? It's blocking quite a large part of package dependency graph in #Gentoo, and the failure looks, errr, dangerous.
github.com/pallets/itsdangerou

@compfu@mograph.social
2026-04-28 16:19:21

My current task for our #VFXPipeline is to accomodate Windows users in a Linux pipeline. Easiest option: give every Photoshop artist a Linux workstation for Nuke. Seems to be a common thing. But out of curiosity (and to be prudent with hardware) I‘m trying to get everything working on Windows. A constant source of sadness I have to say, worse than UTF8 strings in Python 2.

@tiotasram@kolektiva.social
2026-04-24 11:03:24

Idea: statically typed language (or Python type checker?) Where types aren't declared, but can only be assigned by providing tests/examples that use that type. Examples could provide explicit type info where necessary, but code could not.
If it's not documented with an example, it's not safe to use with those types.

@krone@frawas.de
2026-05-21 06:06:24

Läufer knipste Python - Würgeschlange mitten in der Steiermark gesichtet #News #Nachrichten

@Techmeme@techhub.social
2026-05-27 06:15:51

Analysis: the share of entry-level hiring in India's tech sector fell to ~15% in 2025 from 28% in 2024 as companies shifted focus to AI and automation roles (Tanya Pandey/The Economic Times)
economictimes.i…

@datascience@genomic.social
2026-05-15 10:00:00

Video tutorials for modern ideas and open source tools. #python

@veit@mastodon.social
2026-06-21 14:27:46

I’m organising the next @… meet-up, featuring a talk by Sam Bail on PySpark: meetup.com/python-users-berlin

@mgorny@social.treehouse.systems
2026-06-01 02:39:46

It's always important to have a consistent #security policy.
For example, a policy of "If somebody filed a CVE, it's an important security issue, and we will fix it as such, no matter how meaningless the fix is. If nobody did, it's just a glorified bug fix, no matter how serious the bug was."
So we've just seen a #pip security release over "installing random packages can overwrite pip's files and pip can lazy-import some of them immediately afterwards", with a fix of "pip will no longer load them until you run it again" (leaving the underlying security issue of "any #Python package can override files installed by any other Python package" as intended behavior). As Eli Schwartz beautifully put it, you are not expected to be using the virtual environment; you should create it, install packages into it (at most once!), and then frame it and put it on the wall to admire.
Now we're seeing a "bug fix" for "malicious entry point names can write outside of virtual environment". If nobody filed a CVE, it's obviously not a security issue at all. At least upstream graced us with fixing it without correcting the spec to forbid that first.
github.com/pypa/pip/issues/140

@inthehands@hachyderm.io
2026-05-22 16:05:14

One last example:
The first LLM code example that really made my eyes pop was early after the release of GPT, when somebody got it to combine Breakout with Conway’s Game of Life (a truly delightful idea). It worked!
Funny thing: the Breakout code and the Life code had a •completely• different style and flavor. Red flag. In about 15 minutes of web searching, I was able to find one of the projects (can’t remember if it was the Breakout or the Life half) which it had copied wholesale, with just a few variable renames. And the other half? It was in Python, but it used dictionaries where it really should have used objects — tons of `thing["prop"]` where it should have said `thing.prop`, and lots of other un-Pythonic stuff besides. It was a machine translate of code from another language, very likely Javascript.
The entire thing was a plagiarized Breakout and a plagiarized Game of Life, one transpiled, and all stuck together in a single run loop. To be fair, figuring out how to (1) run both halves of the logic from a single loop and (2) count the Life cells as Breakout bricks is work I'd cheer on from a second-semester intro CS student! It's not, however, quite what's being sold by these companies.
6/

‪@todbot@mastodon.social‬
2026-05-23 18:37:51

I was on the #teachingpython podcast! I got to talk with Kelly and Julian about Python, #CircuitPython, UF2 bootloader troubles, and #embedded systems in general. It was a lot of fun.

@todbot@mastodon.social
2026-05-23 18:37:51

I was on the #teachingpython podcast! I got to talk with Kelly and Julian about Python, #CircuitPython, UF2 bootloader troubles, and #embedded systems in general. It was a lot of fun.

@askans@bonn.social
2026-06-23 20:51:44

Warum gibt es kein Python-only LLM?
Oder gibt es eins?

@stiefkind@mastodon.social
2026-06-10 09:35:43

»Hey, KI! Bestimmt erinnerst du dich noch an die 150.000 Zeilen Code, die du mir vor so sieben, acht Monaten mal in Python vibecoded hast? Der müsste jetzt bitte auf das neue API angepasst werden. Und wenn du eh schon dabei bist: portiere das doch alles auch gleich noch von Python nach Rust.« 🤡 #justthinkin

@cwensel@fosstodon.org
2026-06-24 21:58:01

funny, codex is writing perl scripts where claude probably would be writing python scripts to solve bulk find/edit issues

@ellie@ellieayla.net
2026-05-24 16:06:24

Realization that 90% of the time I'm searching "the internet" I'm actually looking for results from the same 10 websites. All of which have their own search. Like wikipedia. Or docs.python.org. And I already know which one I want to search.
Most of what I want from a unified search head can be delivered by parsing out some prefix (wp, pydoc) and redirecting the rest onward. No mouse. No UI.
Thinking a browser is unnecessary until a result url is selected - I just want qsapp.com.

@hynek@mastodon.social
2026-06-09 04:53:34

for no particular reason whatsoever, I've updated my guide on how to measure #Python coverage across GitHub Action containers without an external service (*cough* Codecov *cough*)
hynek.me/articles/ditch-codeco

@mgorny@social.treehouse.systems
2026-06-01 12:39:41

The #Gentoo #Python 3.14 switch / 3.11 3.13t removal PR is green. Doing some final testing locally before merging it (one that involves 350 "merge wait" packages, what could possibly go wrong…).
codeberg.org/gentoo/gentoo/pul

@netzschleuder@social.skewed.de
2026-06-15 10:00:06

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
networks.sk…

python_dependency: Python Dependency Network. 58743 nodes, 108399 edges. https://networks.skewed.de/net/python_dependency
@rasterweb@mastodon.social
2026-06-28 00:53:59

I got some Python code working yesterday after being convinced I could not figure it out… but figured it out!
Realized I needed extra code today, thought it would be a pain but figured it out in no time.
Maybe I can write Python okay…

@veit@mastodon.social
2026-06-16 21:39:22

Taking Measure spoke to Guido van Rossum to find out more about #Python, what he gets up to in his spare time, and his brief spell at #nist

@fanf@mendeddrum.org
2026-05-24 20:42:03

from my link log —
Inside SPy: language semantics for a statically-typed compiled variant of Python.
antocuni.eu/2026/03/25/inside-
saved 2026-05-23

@mgorny@social.treehouse.systems
2026-04-30 04:07:02

I think we should EOL #Python versions more often. This triggers not-very-active projects to finally make a release, including another batch of releases today (apparently 6 months mark). Unlike, I don't know, bug fixes.
#Gentoo

@frankel@mastodon.top
2026-06-11 09:09:12

Vulnerability and malware checks in #uv
#python

@Techmeme@techhub.social
2026-05-27 16:50:55

Starlette, an open-source Python framework underpinning FastAPI, has a vulnerability, called BadHost, that can allow hackers to bypass authorization (Dan Goodin/Ars Technica)
arstechnica.com/information-te

@grahamperrin@bsd.cafe
2026-04-13 08:36:11

@… thanks!
Marimo OSS Python Notebook RCE: From Disclosure to Exploitation in Under 10 Hours | Sysdig — <

@datascience@genomic.social
2026-06-23 10:00:01

Polars is a lightning fast DataFrame library/in-memory query engine with parallel execution and cache efficiency. And now you can use is with the tidyverse syntax: #rstats

@arXiv_physicscompph_bot@mastoxiv.page
2026-07-01 09:09:33

Replaced article(s) found for physics.comp-ph. arxiv.org/list/physics.comp-ph
[1/1]:
- Learning Stiff Dynamical Operators: Scaling, Fast-Slow Excitation, and Eigen-Consistent Neural Mo...
Mauro Valorani
arxiv.org/abs/2601.01632 mastoxiv.page/@arXiv_physicsco
- How Physical Dynamics Shape the Properties of Ising Machines: Evaluating Oscillators vs. Bistable...
Abir Hasan, Nikhil Shukla
arxiv.org/abs/2603.06843 mastoxiv.page/@arXiv_physicsco
- Quantum metric-induced generalized magneto-optical effects in $\mathcal{PT}$-symmetric antiferrom...
Yongpan Li, Yichen Liu, Cheng-Cheng Liu
arxiv.org/abs/2503.04312 mastoxiv.page/@arXiv_condmatmt
- Filtered Quantum Phase Estimation
Gwonhak Lee, Minhyeok Kang, Jungsoo Hong, Stepan Fomichev, Joonsuk Huh
arxiv.org/abs/2510.04294 mastoxiv.page/@arXiv_quantph_b
- NAVIS: A LAMMPS-Python framework for efficient computation of nanochannel velocity and thermal in...
Sleeba Varghese, Sobin Alosious, Jesper Schmidt Hansen, Billy Dean Todd
arxiv.org/abs/2601.11391 mastoxiv.page/@arXiv_condmatso
- Fast proton transport and neutron production in proton therapy using Fourier neural operators
Blangiardi, Ratliff, Teichert, Ytre-Hauge, Langer, Meric
arxiv.org/abs/2603.03912 mastoxiv.page/@arXiv_physicsme
- Smoluchowski Coagulation Equation and the Evolution of Primordial Black Hole Clusters
Borui Zhang, Wei-Xiang Feng, Haipeng An
arxiv.org/abs/2604.01684 mastoxiv.page/@arXiv_astrophCO
- Identical Particle Systems : Hierarchical Spectral Reconstruction
Hovan Lee, R\'emi Lef\`evre, Gr\'egoire Ithier
arxiv.org/abs/2605.02864 mastoxiv.page/@arXiv_quantph_b
- A matrix free action of the Ashtekar-Lewandowski volume operator of loop quantum gravity
Waleed Sherif
arxiv.org/abs/2606.18397 mastoxiv.page/@arXiv_grqc_bot/
toXiv_bot_toot

@netzschleuder@social.skewed.de
2026-05-07 20:00:07

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
networks.sk…

python_dependency: Python Dependency Network. 58743 nodes, 108399 edges. https://networks.skewed.de/net/python_dependency
@veit@mastodon.social
2026-06-10 06:46:21

📆 On 13 August, all #Berlin #Python user groups – @…, @…

@rasterweb@mastodon.social
2026-04-17 20:57:35

I do not get how Python's math.modf works...
Why do I get all the zeros or nines?
4.4 | 4.0 | 0.40000000000000036
4.5 | 4.0 | 0.5
4.6 | 4.0 | 0.5999999999999996
I can fix it with... more math, but maybe I am doing something wrong?
#python #math

@mgorny@social.treehouse.systems
2026-05-30 04:06:44

0 days since we went from "we should replace `setup.py` with a bunch of standardized #PEP517 backends" to "every package must have its own local PEP517 backend".
#Python

@hynek@mastodon.social
2026-04-15 04:42:31

I’m shocked I haven’t sold out PyTexas yet! What’s up Austin, I even got a fresh haircut! #Python
pretix.eu/pytexas/2026/

@fanf@mendeddrum.org
2026-04-21 08:42:04

from my link log —
Plotnine: grammar of graphics for Python.
plotnine.org/
saved 2026-04-20 dotat.at/:/96VP8.html

@heiseonline@social.heise.de
2026-05-08 11:52:00

#TGIQF: „Das Leben des Brian“ — Das Quiz rund zu Monty Pythons Filmklassiker
Die Komödie "Das Leben des Brian" sorgte 1979 für reichlich Gelächter und kirchliche Pikiertheit. Wir würdigen den Monty-Python-Klassiker mit einem Quiz.

@mgorny@social.treehouse.systems
2026-05-05 05:25:48

#Python #cryptography library (yes, the one that criticizes everything and everyone) is now vibecoded. Our future is truly bright!
Noticed because apparently "Claude" wrote a test that OOM-ed my system. But hey, #RustLang protects against memory errors, so it's fine to vibecode your security critical components.
#security #AI #LLM #NoAI #NoLLM

@hynek@mastodon.social
2026-04-13 17:49:06

Here’s stamina 26.1.0, my opinionated #Python retry package, that now supports more than 1024 retries for the cases when you need A LOT of stamina: github.com/hynek/stamina/relea

@frankel@mastodon.top
2026-06-24 16:34:08

The Java Geek Weekly special "pneumonia during a heatwave" 🥵🤒 edition is out.
Get it before it's too late!
blog.frankel.ch/java-geek-week

@mgorny@social.treehouse.systems
2026-05-28 03:38:25

> No significant changes.
Looks inside.
> Significant changes.
#Python

@fanf@mendeddrum.org
2026-04-20 11:42:02

from my link log —
Nornir: an automation framework in Python.
nornir.readthedocs.io/en/lates
saved 2020-03-23 dotat.a…

@hynek@mastodon.social
2026-04-12 09:33:20

Maintainer friends of wheel-heavy #Python packages: do we already have some practical, standard way to automatically upload all the cibuildwheel output across all architectures? My current workflow is a) a pain in the ass and b) requires me to have one last PyPI upload token.

@rasterweb@mastodon.social
2026-05-26 04:55:03

➡️ Beautiful Soup - Python Screen-Scraping
#bookmarks

@mgorny@social.treehouse.systems
2026-06-02 13:13:05

Well, we've finally packaged #Valkey (another #Redis fork) in #Gentoo, along with its #Python bindings.
Not that we wanted to, but #FakeRedis now started requiring it for tests so heavily that it was too much effort to patch it out. Just to be clear, it just requires the Python bindings, because its test suite happily runs against either Redis or Valkey, and literally doesn't support testing against both simultaneously. But to add the bindings, we needed the database to test them against. And since I've added the package too, I've put a lot of effort (and swearing) to test FakeRedis against both servers.
Should you be using Valkey? Well, let's put it like this. You shouldn't be using Redis, because it's enterprise quality shit. Valkey is roughly what happens when you fork enterprise quality shit and have no clue what you're doing. Though you are able to mostly get renaming right (one valkey-py test failed over the server calling itself "Valkey" rather than "Redis").
Disclaimer: I've only looked at the Python bindings. Maybe the maintainers are more knowledgeable with the server itself.

@frankel@mastodon.top
2026-06-09 17:05:21

Are you really expected to run five type-checkers now?
#python

@mgorny@social.treehouse.systems
2026-05-25 19:42:28

I've been sad about the upcoming removal of #PyPy from #Gentoo, but given how many regressions I've been seeing recently in a variety of #Python packages, I'm eagerly waiting for the day when I'll remove the support and be able to stop having to deal with the test failures somehow. Not that at this point any other way of dealing besides skipping them makes any sense.

@mgorny@social.treehouse.systems
2026-05-22 03:11:10

If #Python package releases continue at this rate, I'm going to have to start getting up earlier.
Or just stop doing all of them in the morning.
#Gentoo

@mgorny@social.treehouse.systems
2026-05-21 11:06:01

> #Python Stable ABI
> makes extensions unstable (they start segfaulting)
github.com/pikepdf/pikepdf/iss

@mgorny@social.treehouse.systems
2026-05-19 05:12:35

Always appreciate #Python package developers being responsible about API stability, and… [checks notes]… raising the major version number over a "minor API tweak", then delaying the release until a security fix demanded one.
#packaging

@mgorny@social.treehouse.systems
2026-06-17 14:36:12

Does anyone happen to know if #PSF is processing contributing membership applications? Mine is stuck with no reply for almost 2 months now, and I'm wondering if it's just normal delay or something went wrong.
#Python

@mgorny@social.treehouse.systems
2026-04-20 01:58:52

How to get a package removed from #Gentoo?
1. Add a new #NIH dependency.
2. The dependency turns out to use coherent.build. Nightmare! Oh, wait, apparently coherent.build generates source distributions that use flit.core (understandable; coherent.build is unusable).
3. The dependency depends on chardet (the project famous for GPL copywashing). Okay, technically it works with the older version, and the dependency is optional with poor person's fallback, so I guess it would be fine.
4. But hey, this package is not used by anything, and the last package using it in Gentoo was removed in 2020, after not being touched for 4 years already. Also, that package is not maintained upstream since 2017, so I guess there's negligible risk of it ever coming back.
#Python

@mgorny@social.treehouse.systems
2026-06-17 02:41:18

0 days since provenance checks protected us from [checks notes] another project starting to upload distributions via #uv.
#Python #security

@mgorny@social.treehouse.systems
2026-05-16 06:30:31

Yes, please reinvent more wheels by rewriting #Python logic in #RustLang. What could possibly go wrong?!
github.com/awolverp/cachebox/i

@mgorny@social.treehouse.systems
2026-06-02 18:30:40

Fun fact: #Azure Pipelines don't support #YAML files with anchors/aliases.
Also fun fact: both #PyYAML and #RuamelYAML *insist* on emitting anchors/aliases, and at least the PyYAML authors seem pretty, errr, opinionated on emitting them.
#Python

@mgorny@social.treehouse.systems
2026-04-15 05:00:43

The state of #security these days: #Python #virtualenv package now includes SHA256 sums of their bundled wheels, declaring that it protects against "supply-chain compromise". Because obviously there are so many attack vectors that permit you to alter a .whl file but not the .py file in the same directory.
No, I'm not saying verifying checksum makes no sense, because indeed it can save some pain if fs is damaged somehow. However, calling this a "security" feature is a misnomer at best, and openly giving people false sense of security at worst.

@mgorny@social.treehouse.systems
2026-05-13 14:52:16

One of my strong suites in all the packaging work is the knowledge in my head.
"Why don't you write it down for others to benefit from, then?", you'd ask.
The thing is, this knowledge is basically "hot cache". I'm bumping hundreds of #Python packages in #Gentoo, so I remember stuff. And because of that, I can quickly notice some things or answer some questions.
If that were written down, the effort needed to find it would diminish all the gain. I mean, technically *it is* already written down, and the whole point is that I have it "cached".