View this email in your browser

Python Weekly

Welcome to issue 659 of Python Weekly. Let's get straight to the links this week.

News

Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine
The JFrog Security Research team identified the leaked secret and immediately reported it to PyPI’s security team, who revoked the token within a mere 17 minutes! This post will explain how we found a GitHub PAT that provided access to the entire Python infrastructure and prevented a supply chain disaster. Using this case, we will discuss the importance of (also) shifting right in secrets detection – searching for secrets in binaries and production artifacts, not just on source code.

Articles, Tutorials and Talks

SE Radio 624: Marcelo Trylesinski on FastAPI

Marcelo Trylesinski, a senior software engineer at Pydantic and a maintainer of open-source Python tools including Starlette and Uvicorn, joins host Gregory M. Kapfhammer to talk about FastAPI. Their conversation focuses on the design and implementation of FastAPI and how programmers can use it to create web-based APIs. They also explore how to create and deploy a FastAPI implemented in the Python programming language. Brought

Bloat beneath Python’s Scales: A Fine-Grained Inter-Project Dependency Analysis
Modern programming languages facilitate software reuse via package managers, but this leads to dependency bloat, which increases security risks, maintenance costs, storage requirements, and slows load times. A detailed analysis of 1,302 Python projects and 3,232 dependencies in the PyPI ecosystem found over 50% of dependencies are bloated, with 15% of security defects residing in these bloated areas, highlighting the need for improved debloating techniques and practices.

Free-threaded CPython is ready to experiment with!
An overview of the ongoing efforts to improve and roll out support for free-threaded CPython throughout the Python open source ecosystem.

Finding Simple Rewrite Rules for the JIT with Z3
The article discusses using Z3, an SMT solver, to find and verify simple rewrite rules for PyPy's JIT compiler operations. It demonstrates how to encode JIT operations into Z3 formulas and use the solver to prove the correctness of simplifications, as well as synthesize constants for more complex rewrite patterns.

A Python Epoch Timestamp Timezone Trap
This is an article about a Python epoch timestamp timezone trap. It discusses how epoch timestamps can be tricky to work with in Python, especially when dealing with timezones. The author provides a few tips for avoiding the trap.

A debugging story
This is an article about debugging a Jupyter Echo Kernel ported to Deno using deno-python. The author encountered a segmentation fault and used gdb to identify the problem. The issue stemmed from the creation of the pyMethodDef buffer, and adding 4 bytes of padding resolved it. However, the kernel still exits unexpectedly.

Instrumenting Python GIL with eBPF
This is an article about using eBPF to analyze the Python GIL (Global Interpreter Lock), a potential performance bottleneck. It explains how to measure the GIL's impact and provides a guide on using eBPF for instrumentation.

PyTorch Lightning: A Comprehensive Hands-On Tutorial
This comprehensive, hands-on tutorial teaches you how to simplify deep learning model development with PyTorch Lightning. Perfect for beginners and experienced developers alike, it covers environment setup, model training, and practical examples.

Build a search index in Python
How can search engines be so fast? While there are many parts of a search system, one of the key concepts to know is the inverted index.

Transcribing Audio with Python on Your Local Machine
If you don't want to pay for a service to transcribe your audio, you can generate it easily on your own machine with a little setup. Here's how.

Resource management and generators in Python
The article explores resource management and cleanup behavior in Python generators, highlighting unexpected issues when generators are not fully consumed. It demonstrates various scenarios, including the use of context managers and the finally clause, to ensure proper cleanup and resource management in generator functions.

Interesting Projects, Tools and Libraries

exo
Run your own AI cluster at home with everyday devices.

Korvus
Korvus is a search SDK that unifies the entire RAG pipeline in a single database query. Built on top of Postgres with bindings for Python, JavaScript, Rust and C.

MobileLLM
MobileLLM Optimizing Sub-billion Parameter Language Models for On-Device Use Cases. In ICML 2024.

vectorlite
A fast and tunable vector search extension for SQLite.

kaskade
kaskade is a text user interface for kafka, which allows you to interact and consume topics from your terminal in style!

AI Dialer
A full stack app for interruptible, low-latency and near-human quality AI phone calls built from stitching LLMs, speech understanding tools, text-to-speech models, and Twilio’s phone API.

Upcoming Events and Webinars

PyLadies Amsterdam Meetup July 2024
Join us for an interactive workshop where we’ll dive into the world of LLM Guardrails. Discover the mechanisms that ensure applications produce reliable, robust, safe, and ethical outputs, and understand their crucial role in LLMs.

PyBerlin 48
There will be following talks

Low effort configurable python: type hints and dependency injection
From Cronjobs to Apache Airflow: Enhancing Our Data Infrastructure
Exploring Creative Fusion: Robotics, 3D Printing, and Python with OpenCV, TensorFlow, and Beyond

PuPPy Meetup July 2024
There will be following talks

Scraping for fun and (no) profit
Python can do ANYthing: unit-testing in sql
Code Reviews: The Art and the Science

PyCologne #1
There will be following talks

Evaluating RAG applications
Estimagic: a package for difficult numerical optimization problems
Intro to OSSci + AI Alliance

Portland Python User Group Meetup July 2024
There will be a talk, Let's Talk Databases in Python: SQLAlchemy and Alembic.

PyData Chicago Meetup July 2024
There will be a talk, Using Bayesian Regression to Link Biochemical and Cellular Efficacy of the Coronavirus Main Protease.

Our Other Newsletters

Programmer Weekly - A free weekly newsletter for programmers.

Founder Weekly - A free weekly newsletter for entrepreneurs featuring best curated content, must read articles, how to guides, tips and tricks, resources, events and more.

Python Weekly

Brooklyn

Brooklyn, NY 11209

Add us to your address book

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Python Weekly - Python Weekly - Issue 659

Python Weekly

Older messages

Python Weekly - Issue 658

Python Weekly - Issue 657

Python Weekly - Issue 656

Python Weekly - Issue 655

Python Weekly - Issue 654

You Might Also Like

Import AI 399: 1,000 samples to make a reasoning model; DeepSeek proliferation; Apple's self-driving car simulator

Defining Your Paranoia Level: Navigating Change Without the Overkill

5 ways AI can help with taxes 🪄

Recurring Automations + Secret Updates

The First Provable AI-Proof Game: Introducing Butterfly Wings 4

GCP Newsletter #437

Charted | The 1%'s Share of U.S. Wealth Over Time (1989-2024) 💰

The Great Social Media Diaspora & Tapestry is here

Daily Coding Problem: Problem #1689 [Medium]

📧 Stop Conflating CQRS and MediatR