2026-06-11 14:07:00
I’m somewhat embarrassed to finally announce svcs 26.1.0 – my solution to #Python service location and dependency injection.
It’s been a minute, and the changelog is chuck-full, but the main features are autowiring, which looked like a simple add-on that grew to a four-digit monster diff, and of course, TypeForms that allow registering/getting abstract types!
One of my strong suites in all the packaging work is the knowledge in my head.
"Why don't you write it down for others to benefit from, then?", you'd ask.
The thing is, this knowledge is basically "hot cache". I'm bumping hundreds of #Python packages in #Gentoo, so I remember stuff. And because of that, I can quickly notice some things or answer some questions.
If that were written down, the effort needed to find it would diminish all the gain. I mean, technically *it is* already written down, and the whole point is that I have it "cached".
@… I gave this thing a try today... 😉
https://codeberg.org/jjg/paxton
Bookmarked: Phillip B. Ströbel: Von der Pythia zu Python. Einführung in die Programmierung für die Geschichtsforschung #Jupyter
For a tool I'm writing I need to do some web searches from time to time. Mostly from Python. What can I use without having to buy/get an API key? Anything as of today that still works?
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
I do not appreciate finding out via active breakage that Broadcom has decided to screw all #FreeBSD users of the #Salt configuration management tools. Not that I’m shocked, but I wish it didn’t happen because of a ‘pkg upgrade’ run installing the python 3.12 version and all of its py312-* dependencies and then…
for no particular reason whatsoever, I've updated my guide on how to measure #Python coverage across GitHub Action containers without an external service (*cough* Codecov *cough*)
https://hynek.me/articles/ditch-codeco
Should I learn #pico8 or #tic80? I am thinking to learn tic80 because it supports more platforms to support my game on. At the same time pico8 runs better on my powkiddy v90 handheld where I do want my games to run on.
I know python so I think I can learn lua for pico8 or tic80. As well as the other fu…
»Hey, KI! Bestimmt erinnerst du dich noch an die 150.000 Zeilen Code, die du mir vor so sieben, acht Monaten mal in Python vibecoded hast? Der müsste jetzt bitte auf das neue API angepasst werden. Und wenn du eh schon dabei bist: portiere das doch alles auch gleich noch von Python nach Rust.« 🤡 #justthinkin
old and busted: delete failing tests
new and hotness: delete CI configuration
this is FOSS DoS; I have no other term for it
https://github.com/python-attrs/attrs/pull/1585/changes#diff-2e34befd0a8baf062…
#Steady #Klimacrew
Wie lassen sich #Wechselrichterdaten vom APsystems EZ1 lokal speichern?
Für statistische Auswertungen müssen alle Daten kontinuierlich gespeichert werden. Wie…
#TGIQF: „Das Leben des Brian“ — Das Quiz rund zu Monty Pythons Filmklassiker
Die Komödie "Das Leben des Brian" sorgte 1979 für reichlich Gelächter und kirchliche Pikiertheit. Wir würdigen den Monty-Python-Klassiker mit einem Quiz.
So virtualenv solves the issue of brutal incompatibilities between python stuff (at the cost of huge amounts of diskspace), but the minute uwsgi comes into play, it is overboard and there is hardly any way to activate plugins for old python interpreters. #pythonwoes
A lot of open source projects take care to preserve compatibility with the past, so that changes do not break the projects of existing users.
But then there are others. In my list of "damn the past, full speed ahead on incompatible changes!!" are my most recent encounters:
- Python (not only was the Python 2 abandonment unforgivable and cost many of us a lot of useless conversion work, but the versions of Python 3 seem to change from one to the next to the degree that…
Nature publishes a peer-reviewed paper alleging that Microsoft's 2025 quantum breakthrough claims were based on "basic Python errors" and data cherry-picking (Thomas Claburn/The Register)
https://www.theregiste…
wtf does everytime a new v of #python is rolled out in linux distros, all virtual envs break, and i do have to rebuild them manually. we're now 13 minor versions since py v2.7 and everything became worse since then. i have a stable app, and if python would not fuck up this i would not have to touch it in a decade, but because of this, i feel like i'm in the java ecosystem where work is gener…
If uv is not available in a Python environment, you can still specify the versions using pylock.toml. We have described how to do this here: https://python-basics-tutorial.readthedocs.io/en/latest/libs/install.html#of-packages
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
whoah cyclopts sounds incredible! turn any python function into a command line script!!!!! if only it could run in a browser too :-) #NotAskingMuchObvs :)
@… My PhD thesis literally was a bunch of Python classes. On some level. But that’s not the point of the thesis…
@… My PhD thesis literally was a bunch of Python classes. On some level. But that’s not the point of the thesis…
Good news everyone! 🎉
The new version 3.0 of graph-tool is just out with major improvements! See below.
https://graph-tool.skewed.de
graph-tool is a comprehensive and efficient Python library to work with networks, including structural, dynamical, and statistical algorithms, as well as visualiza…
Pro tip:
If your supervisor suggests to submit a paper to a venue of a field relevant for your dissertation, addressing the architecture of the system you develop and which is the heart of your dissertation, maybe, just maybe, it’s not the very best idea to say: I don’t see what could be interesting here, it’s just a bunch of Python classes
> We introduce gpusnek, a fully functional Python interpreter ported to CUDA, enabling execution of arbitrary Python code directly on the GPU by running one whole interpreter on every CUDA core/thread. This is a tremendously bad idea, but for the duration of this paper we pretend that it is not
[Josef Dean in SIGBOVIK 2026]
Noch ein paar der zuletzt hier besonders häufig geteilten #News:
„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python
Working on tempolocus, a tool that analyses time-series activity patterns to infer a user’s likely location.
In @…, we work with a large volume of social-network time series. Estimating users’ locations from these patterns is often a manual task.
I prototyped a Python module that combines potential locations with yearly activity …
On my way to a flying visit to Berlin. Tomorrow, the Python Users Berlin (@…) are meeting for a talk by Sam Bail on PySpark: https://www.meetup.com/python-users-berlin
🔧 Three pieces mirror the Python RLM design: a system prompt, a $CONTEXT file plus bash as the REPL, and the native rlm_query sub-call. Depth 0 and 1 get full tools; the leaf at max depth runs bash only. jj workspaces isolate child edits when available.
🛡️ Five guardrails guarantee termination: dollar budget, wall-clock timeout, call limit, depth limit and PATH scrubbing. Deeper agents are told to be more conservative, preferring direct action over spawning more children.
A user at a client contacted me over what transpired to be them trying to install a python library on a machine (that didn’t have python installed) to run an AI tool at the direction of ChatGPT.
After *I* get it installed:
User: “Ok, how does it work?”
Me: 🤷🏻♀️ (╯°□°)╯︵ ┻━┻ “never seen it before”
PEP 832 – Virtual environment discovery
#python
#Steady #Klimacrew
Vom Puristen zum #IDE-Nutzer
Ganz langsam. 😁 Wie verändert sich der Workflow, wenn man statt eines simplen Editors mit einer IDE arbeitet? Als Hobby-Entwickler hat mir Notepa…
i'm so fucking sick of it
i've got ONE extremely simple and extremely explicit contribution rule/brown m&m test: do not delete the PR checklist
since i'm busy getting structlog out, I’ve let the attrs bug tracker a bit off the leash
go & count for yourself how many PRs opened in the past month followed that instruction.
(and of course, this is not about bureaucracy; they violate many of the important items on that list)
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
Einige der zuletzt hier besonders häufig geteilten #News:
„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python
Yes, I abuse f-strings in python because "print(f'" will always make more sense to my C-poisoned brain than "print('".
Is it only me, or has the hashtag #Python converted in to a LinkedIn-like wave of marketing bullshit? I really like Python, and use it a lot, but this is becoming unbearable.
Discovered a segfault in #FastAPI very strange, does only happen on MacOS with Python 3.14.0 ALPHA
The reason was that I was unaware that I ran an alpha version of Python 3.14.
FastAPI segfaults with Python 3.14.0 on MacOS · fastapi/fastapi · Discussion #15819
A medical student reverse-engineered AI tools used by medical colleges on suspicion they were filtering his applications, highlighting AI-driven hiring concerns (Todd Feathers/Wired)
https://www.wired.com/story/he-couldnt-land-a-job-interview-was-ai-to-blame/
➡️ PyPI · The Python Package Index
#bookmarks
🛡️ It also scans heredocs & inline scripts (python -c, bash -c, node -e) via AST-based analysis to catch destructive operations the outer command hides
🚀 Whitelist-first with a modular pack system; works on Linux, macOS & Windows (WSL) and auto-configures hooks for Claude Code, Codex, Gemini, Copilot & Cursor
https://
«YubiKey Manager — Sicherheitslücke ermöglicht Ausführung untergeschobenen Codes:
Yubico warnt vor einer Suchpfad-Schwachstelle im YubiKey Manager, libfido2 und python-fido2. Updates korrigieren die Fehler.»
Eine IT-Security Meldung die wirklich sicher ist und Updates nun wirklich sofort vor dem Wochenende gemacht werden müssen.
🔐
why can't a minor version change not be goddamn backward compatible ffs.
#python
Kafi Streams, built on (Py)DBSP, treats streaming like batch. Strongly consistent from day one. An open source Python library for the 80% of use cases that do not need extreme scale. Ralph Matthias Debusmann will be unveiling it at #bbuzz26.
Learn more: https://2026.berlinbuzzwords.de/session/kafi-streams-complex-stream-processing-made-simple/
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
#Python Hypothesis package now requires #RustLang. This is a scale of reverse dependencies I can't handle. I guess this means it's the end of WD40 profiles on #Gentoo, and therefore the end of support for Alpha, ARM<v6, HPPA, M68k, i486 and some other random subsets of architectures and profiles. Thanks for all the fish, etc.
https://github.com/HypothesisWorks/hypothesis/issues/4740
Läufer knipste Python - Würgeschlange mitten in der Steiermark gesichtet #News #Nachrichten
Video tutorials for modern ideas and open source tools. #python
from my link log —
Someone’s been messing with Python’s floating point subnormals!
https://moyix.blogspot.com/2022/09/someones-been-messing-with-my-subnormals.html
saved 2022-09-06
#Steady #Klimacrew
Was tun, wenn falsche Einträge im #Marktstammdatenregister die Auswertung ruinieren?
Das Register ist berüchtigt für Fehleinträge durch Anlagenbetreiber. …
I’m organising the next @… meet-up, featuring a talk by Sam Bail on PySpark: https://www.meetup.com/python-users-berlin-pub/events/315354198…
➡️ fstring.help: Python f-string Guide
#bookmarks
Analysis: the share of entry-level hiring in India's tech sector fell to ~15% in 2025 from 28% in 2024 as companies shifted focus to AI and automation roles (Tanya Pandey/The Economic Times)
https://economictimes.i…
@… @…
> python3 - 3.8.18 => 3.11.15
A long overdue update. I'll have to repackage all my apps and Python dependencies though.
And the next big blocker for #Python 3.15 in #Gentoo is time-machine. Which is obviously broken. There's a patch but it's #slop and complex, and it's sitting for 3 months already with no reply. Because obviously patching CPython internals is so much a better idea than freezegun ever were. All these time-based tests need all the ricing you can get; portability doesn't matter.
https://github.com/adamchainz/time-machine/pull/618
RE: https://seattle.pink/@mxchara/116750125454729237
The fact that (so far) Python is in the lead makes me sad.
Python is unfit for system administration. You’ll only convince me otherwise when every fucking Python program doesn’t need its own bespoke …
python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…
Are you really expected to run five type-checkers now?
#python
🧩 Rich plugin ecosystem: hundreds of plugins run tasks anywhere — local, SSH, #Docker, #Kubernetes or serverless task runners — and code in any language including #Python, Node.js, R, Go and S…
I’d like to announce the most unlikely #Python package release:
service-identity 26.1.0, the best way to verify if a certificate is valid for a hostname, IP, or URI is out!
The main change is that we were able to switch from pyasn1 (thank you for more than a decade of great service! 🫡💛) to do everything within PyCA's cryptography.
I tried to get someone’s Python code to work and could not due to errors and I did a few searches and then gave up.
I could try using some AI chatbot bullshit to help me out but fuck that… it’s easier to just give up and walk away. Oh well.
I have a #Python favor to ask. Could someone look at Python 3.15 test failures in itsdangerous? It's blocking quite a large part of package dependency graph in #Gentoo, and the failure looks, errr, dangerous.
https://github.com/pallets/itsdangerous/issues/420
Google releases macOS versions of AI Edge Gallery, which lets users run open models on their devices, and AI Edge Eloquent, an on-device voice dictation app (Google Developers Blog)
https://developers.googleblog.com/brin
I got some Python code working yesterday after being convinced I could not figure it out… but figured it out!
Realized I needed extra code today, thought it would be a pain but figured it out in no time.
Maybe I can write Python okay…
Now elementary-data has also been hit: for just under half a day, a malicious version 0.23.3 was available on PyPI, which had stolen credentials such as SSH keys, AWS login details, API tokens and wallet files. The attack was carried out via a script injection vulnerability in one of the GitHub Actions workflows. Cooldown helps protect against such attacks, as we have described here:
It's always important to have a consistent #security policy.
For example, a policy of "If somebody filed a CVE, it's an important security issue, and we will fix it as such, no matter how meaningless the fix is. If nobody did, it's just a glorified bug fix, no matter how serious the bug was."
So we've just seen a #pip security release over "installing random packages can overwrite pip's files and pip can lazy-import some of them immediately afterwards", with a fix of "pip will no longer load them until you run it again" (leaving the underlying security issue of "any #Python package can override files installed by any other Python package" as intended behavior). As Eli Schwartz beautifully put it, you are not expected to be using the virtual environment; you should create it, install packages into it (at most once!), and then frame it and put it on the wall to admire.
Now we're seeing a "bug fix" for "malicious entry point names can write outside of virtual environment". If nobody filed a CVE, it's obviously not a security issue at all. At least upstream graced us with fixing it without correcting the spec to forbid that first.
https://github.com/pypa/pip/issues/14000
@… Yes, for a Python tutorium.
The #Gentoo #Python 3.14 switch / 3.11 3.13t removal PR is green. Doing some final testing locally before merging it (one that involves 350 "merge wait" packages, what could possibly go wrong…).
https://codeberg.org/gentoo/gentoo/pulls/1031
Starlette, an open-source Python framework underpinning FastAPI, has a vulnerability, called BadHost, that can allow hackers to bypass authorization (Dan Goodin/Ars Technica)
https://arstechnica.com/information-te
I’m shocked I haven’t sold out PyTexas yet! What’s up Austin, I even got a fresh haircut! #Python
https://pretix.eu/pytexas/2026/
> No significant changes.
Looks inside.
> Significant changes.
#Python
➡️ Beautiful Soup - Python Screen-Scraping
#bookmarks
I've been sad about the upcoming removal of #PyPy from #Gentoo, but given how many regressions I've been seeing recently in a variety of #Python packages, I'm eagerly waiting for the day when I'll remove the support and be able to stop having to deal with the test failures somehow. Not that at this point any other way of dealing besides skipping them makes any sense.
> #Python Stable ABI
> makes extensions unstable (they start segfaulting)
https://github.com/pikepdf/pikepdf/issues/723#issuecomment-4507472913
Always appreciate #Python package developers being responsible about API stability, and… [checks notes]… raising the major version number over a "minor API tweak", then delaying the release until a security fix demanded one.
#packaging
Yes, please reinvent more wheels by rewriting #Python logic in #RustLang. What could possibly go wrong?!
https://github.com/awolverp/cachebox/issues/51
The state of #security these days: #Python #virtualenv package now includes SHA256 sums of their bundled wheels, declaring that it protects against "supply-chain compromise". Because obviously there are so many attack vectors that permit you to alter a .whl file but not the .py file in the same directory.
No, I'm not saying verifying checksum makes no sense, because indeed it can save some pain if fs is damaged somehow. However, calling this a "security" feature is a misnomer at best, and openly giving people false sense of security at worst.
How to get a package removed from #Gentoo?
1. Add a new #NIH dependency.
2. The dependency turns out to use coherent.build. Nightmare! Oh, wait, apparently coherent.build generates source distributions that use flit.core (understandable; coherent.build is unusable).
3. The dependency depends on chardet (the project famous for GPL copywashing). Okay, technically it works with the older version, and the dependency is optional with poor person's fallback, so I guess it would be fine.
4. But hey, this package is not used by anything, and the last package using it in Gentoo was removed in 2020, after not being touched for 4 years already. Also, that package is not maintained upstream since 2017, so I guess there's negligible risk of it ever coming back.
#Python