Skip to content

Update 475-language-summit-2024.txt #158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 27, 2024
Merged

Update 475-language-summit-2024.txt #158

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 21 additions & 22 deletions transcripts/475-language-summit-2024.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@

00:01:43 150 hours of Python courses? Yeah, that's right. Check them out at talkpython.fm/courses.

00:01:49 Hey, Seth. Welcome back to Talk Pythonomy.
00:01:49 Hey, Seth. Welcome back to Talk Python to Me.

00:01:52 >>Hey, Michael.

Expand Down Expand Up @@ -62,7 +62,7 @@

00:02:55 projects specifically in like the HTTP and internet space. So like requests, urllib3,

00:03:02 TrustStore, things like that.
00:03:02 Trust Store, things like that.

00:03:05 >>Oh, awesome. Yeah. Thanks for everything you're doing there. And how's the role working out? I

Expand Down Expand Up @@ -286,9 +286,9 @@

00:11:59 >>It was such a long game deal. It was crazy. So yeah. What is, >>That's the scary part.

00:12:05 >>What is XZutils and then what is the XZutils security issue?
00:12:05 >>What is XZ-utils and then what is the XZ-utils security issue?

00:12:10 >>Yeah. So XZutils is a library written in C for basically processing archives of the XZ
00:12:10 >>Yeah. So XZ-utils is a library written in C for basically processing archives of the XZ

00:12:19 format, which is just a compression format like, like GZIP, like, you know, any other

Expand All @@ -302,7 +302,7 @@

00:12:53 very few maintainers and also through a series of reasons had a linkage to SSH. And so what

00:13:02 ended up happening. Yep. And so SSH was >>If you can get into SSH and SSHD, then bad things are going to happen.
00:13:02 ended up happening. Yep. And so SSH was , If you can get into SSH and SSHD, then bad things are going to happen.

00:13:09 >>Yeah. So the whole end goal of this entire operation was to get access to open SSH

Expand Down Expand Up @@ -366,7 +366,7 @@

00:16:01 on the day that this happened, report to the security response team for Python, because we,

00:16:06 of course, use the XC utils libraries because Python supports XC format as well. And I,
00:16:06 of course, use the XZ utils libraries because Python supports XC format as well. And I,

00:16:13 there was a, there was a lovely few seconds where I'm like, oh, this is either going to be

Expand Down Expand Up @@ -414,7 +414,7 @@

00:18:16 podcast player show notes. Thank you to the team at Posit for supporting Talk Python.

00:18:21 One of the talks was Python security model after this issue, the XCUtils backdoor. Tell us about
00:18:21 One of the talks was Python security model after this issue, the XZ-Utils backdoor. Tell us about

00:18:28 that. Yeah. So this entire talk was essentially just overviewing like, "Hey, is this possible?

Expand Down Expand Up @@ -506,7 +506,7 @@

00:22:37 binary file, which made it so that code reviewers- - Some of the test binary elements,

00:22:42 'cause if you've got a compression file utility, you've gotta have compressed files for your unit
00:22:42 'cause if you've got a compression file utility, you've got to have compressed files for your unit

00:22:47 test, right? - Exactly. So it was, basically, these files were checked in and there's just huge binary blobs that you can't actually get your

Expand All @@ -518,7 +518,7 @@

00:23:11 script that allows them to be generated anytime and things like that. - Is it one of the changes,

00:23:17 I recently, I can't remember if this was on IPI or if this is a GitHub thing, but allowing GitHub
00:23:17 I recently, I can't remember if this was on PyPI or if this is a GitHub thing, but allowing GitHub

00:23:23 to be the thing that publishes directly, builds the wheels and uploads them to PyPI rather than

Expand Down Expand Up @@ -622,11 +622,11 @@

00:27:57 Yeah, maybe.

00:27:59 Maybe, maybe we can make it happen. All right, next up, the REPL, or the PyREPL for the Python PyREPL. What's the deal with this?
00:27:59 Maybe, maybe we can make it happen. All right, next up, the REPL, or the PyREPL for the Python REPL. What's the deal with this?

00:28:06 Yeah, so this was a talk that was given by a couple of different core devs. I think this

00:28:12 included a bunch of people, Pablo, Lukasz, and Lissandros all gave this talk. And it was about,
00:28:12 included a bunch of people, Pablo, Lukasz, and Lisandro all gave this talk. And it was about,

00:28:18 hey, this new REPL that's coming in Python 3.13. Here's all the cool stuff that it can do, and

Expand All @@ -644,7 +644,7 @@

00:29:01 have to, versus this where it's this completely separate and much more easy to contribute to

00:29:08 piece of software. Yeah. And did this come from the PyPy project? Yes, this was PyPy. And I think
00:29:08 piece of software. Yeah. And did this come from the PyPI project? Yes, this was PyPI. And I think

00:29:15 that there's been some back and forth, contributing back, contributing forward, all of that, which is

Expand Down Expand Up @@ -690,7 +690,7 @@

00:31:11 highlighting is like really huge. That's not a part of the current REPL, I don't think, but like

00:31:15 it becomes much more possible because this PyREPL exists. Yeah, exactly. Yeah. I think that like
00:31:15 it becomes much more possible because this Py REPL exists. Yeah, exactly. Yeah. I think that like

00:31:23 the biggest thing, yeah, like the whole blocks of code, I just remember the demo of them showing

Expand Down Expand Up @@ -858,9 +858,9 @@

00:38:18 so that's going to be a while until they released this pep. Well, so I'm just kidding. The most,

00:38:23 the most important part of this discussion was that the, the Python version 3.14 B B preserved
00:38:23 the most important part of this discussion was that the, the Python version 3.14 B preserved

00:38:31 PI on, so yeah, cool. It wasn't allowed for three, three 14 to change it.
00:38:31 Py on, so yeah, cool. It wasn't allowed for three, three 14 to change it.

00:38:37 Yeah. The only thing that I can think of that you would have the two digits is that there's a lot of

Expand Down Expand Up @@ -936,7 +936,7 @@

00:41:43 about two things, memory and threading. Right. And we just don't do that in Python. We just,

00:41:48 I think we have just leveraged the fact that the Gill gives us kind of enough coarse grain granularity,
00:41:48 I think we have just leveraged the fact that the GIL gives us kind of enough coarse grain granularity,

00:41:56 the execution of our code that it's just not something we hit a lot. And we don't try to do

Expand All @@ -956,7 +956,7 @@

00:42:41 kind of split in the ecosystem and then have it converge together. I think that's like the

00:42:46 overall plan is like, Hey, we gotta, we gotta have a way that if this is really not working out,
00:42:46 overall plan is like, Hey, we got to, we got to have a way that if this is really not working out,

00:42:51 we can go back. But if it is working, we need a way that we can actually land this thing as the

Expand Down Expand Up @@ -1010,13 +1010,13 @@

00:45:07 language. Chinese, ask me something else. Yeah. Yeah. Right. Like next question.

00:45:12 Yeah. So this was, this was a, it's almost almost like a big status update on where Python is in the
00:45:12 Yeah. So this was, this was a, it's almost like a big status update on where Python is in the

00:45:21 mobile space, which is really exciting because they've made a ton of progress on getting like

00:45:26 actual tiering of support for these platforms. So if you don't know, Python has a like platform

00:45:33 support tiers where it's like tier one is like X 86 Linux, right? Like that's a 90% of PI PI
00:45:33 support tiers where it's like tier one is like X 86 Linux, right? Like that's a 90% of PyPI

00:45:40 downloads are, are that like, yeah, probably want to support that one. And then as things like Mac

Expand Down Expand Up @@ -1100,7 +1100,7 @@

00:49:06 be, be a game changer and just, you know, it's not on, it wasn't here. Almost surprised me that it

00:49:11 wasn't here, but front end stuff, WebAssembly, PyScripts, Pyodide, all those things I think are
00:49:11 wasn't here, but front end stuff, Web Assembly, PyScript, Pyodide, all those things I think are

00:49:17 in that same realm. Although they can just kind of ship stuff to the web because there's no gate

Expand Down Expand Up @@ -1234,7 +1234,7 @@

00:55:10 you know, parallelism in Python. Yeah. Yeah. How do we isolate the stuff

00:55:13 so that we can avoid the guilt? We take it out and add different algorithms or do we just
00:55:13 so that we can avoid the GIL? We take it out and add different algorithms or do we just

00:55:18 make copies of the interpreter and run them in isolation, but then you have this

Expand Down Expand Up @@ -1371,4 +1371,3 @@
01:00:53 at talkpython.fm/youtube. This is your host, Michael Kennedy. Thanks so much for listening.

01:00:58 I really appreciate it. Now get out there and write some Python code.