با برنامه Player FM !
#401 We must replace uWSGI with something else
Manage episode 440486449 series 1305988
- “We must replace uwsgi by something else”
- Let’s build and optimize a Rust extension for Python
- Fake recruiter coding tests target devs with malicious Python packages
- Monthly PSF Board Office Hours
- Extras
- Joke
About the show
Sponsored by ScoutAPM: pythonbytes.fm/scout
Connect with the hosts
- Michael: @mkennedy@fosstodon.org
- Brian: @brianokken@fosstodon.org
- Show: @pythonbytes@fosstodon.org
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.
Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
Michael #1: “We must replace uwsgi by something else”
- uWSGI is now in maintenance mode: https://uwsgi-docs.readthedocs.io/en/latest/
- The project is in maintenance mode (only bugfixes and updates for new languages apis). Do not expect quick answers on github issues and/or pull requests (sorry for that) A big thanks to all of the users and contributors since 2009.
- Reasonable options look like:
Brian #2: Let’s build and optimize a Rust extension for Python
- Itamar Turner-Trauring
- Example: algorithm for approximating the number of unique values in a list
- Comparison to non-approximation
- non-approx is faster but uses way more memory
- Rust version
- Use Maturin and PyO3
- Pull in Rust dependencies (rand for random numbers)
- Optimization
- link-time optimization
- faster random
- store hashes only
- Future optimizations
- change algorithm maybe
- pass numpy array instead of Python list (I’d like to see that spedup)
Michael #3: Fake recruiter coding tests target devs with malicious Python packages
- via python weekly
- GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews.
- Attackers posing as employees of major financial services firms.
- This previously happened via other means such as NPM
- This analysis revealed that the direct parent of the detected, malicious files is a PythonPYC file, meaning that once again the team encountered malware hidden in a compiled Python file.
- “The README files tell would-be candidates to make sure the project is running successfully on their system before making modifications.”
- What can you do (according to Michael)?
- Try out new packages in a docker container
- Work on code and projects using a VM which has snapshotting (to roll back completely after you’re done)
- Fire up a Windows desktop in the cloud for the project then destroy it
Brian #4: Monthly PSF Board Office Hours
- “The Office Hours will be sessions where you can share with us how we can help your community, express your perspectives, and provide feedback for the PSF.”
- “Unless we have a dedicated topic for a session, you are not limited to talking with us about the above topics, although the discussions should be focused on Python, the PSF, and our community. If you think there’s something we can help with or we should know, we welcome you to come and talk to us!”
- Upcoming office hours
- October 8th, 2024: 9pm UTC
- November 12th, 2024: 2pm UTC
- December 10th, 2024: 9pm UTC
- January 14th, 2025: 2pm UTC
- February 11th, 2025: 9pm UTC
- March 11th, 2025: 1pm UTC
- April 8th, 2025: 9pm UTC
- May 13th, 2025: 1pm UTC (Live from PyCon US!)
- June 10th, 2025: 9pm UTC
- July 9th, 2025: 1pm UTC
- August 12th, 2025: 9pm UTC
Extras
Brian:
- PyCascades CFP closes Friday, Sept 20
- PyCascades is in Portland in 2025 (Feb 8 & 9)
uv now supports Python 3.13.0rc2
uv self update uv venv -p 3.13
Michael:
- Big Python Humble Bundle with both of our products
- Get $1,800 worth of Python content and tools for $30 and contribute to charity
- Includes 5 Talk Python courses
- Several of Brian’s and his book
- Djangonaut Space Session 3 Applications Open!
- I interviewed Sarah and Tushar on Talk Python
- AltTab: Windows alt-tab on macOS
Joke: Election joke
412 قسمت
Manage episode 440486449 series 1305988
- “We must replace uwsgi by something else”
- Let’s build and optimize a Rust extension for Python
- Fake recruiter coding tests target devs with malicious Python packages
- Monthly PSF Board Office Hours
- Extras
- Joke
About the show
Sponsored by ScoutAPM: pythonbytes.fm/scout
Connect with the hosts
- Michael: @mkennedy@fosstodon.org
- Brian: @brianokken@fosstodon.org
- Show: @pythonbytes@fosstodon.org
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.
Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
Michael #1: “We must replace uwsgi by something else”
- uWSGI is now in maintenance mode: https://uwsgi-docs.readthedocs.io/en/latest/
- The project is in maintenance mode (only bugfixes and updates for new languages apis). Do not expect quick answers on github issues and/or pull requests (sorry for that) A big thanks to all of the users and contributors since 2009.
- Reasonable options look like:
Brian #2: Let’s build and optimize a Rust extension for Python
- Itamar Turner-Trauring
- Example: algorithm for approximating the number of unique values in a list
- Comparison to non-approximation
- non-approx is faster but uses way more memory
- Rust version
- Use Maturin and PyO3
- Pull in Rust dependencies (rand for random numbers)
- Optimization
- link-time optimization
- faster random
- store hashes only
- Future optimizations
- change algorithm maybe
- pass numpy array instead of Python list (I’d like to see that spedup)
Michael #3: Fake recruiter coding tests target devs with malicious Python packages
- via python weekly
- GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews.
- Attackers posing as employees of major financial services firms.
- This previously happened via other means such as NPM
- This analysis revealed that the direct parent of the detected, malicious files is a PythonPYC file, meaning that once again the team encountered malware hidden in a compiled Python file.
- “The README files tell would-be candidates to make sure the project is running successfully on their system before making modifications.”
- What can you do (according to Michael)?
- Try out new packages in a docker container
- Work on code and projects using a VM which has snapshotting (to roll back completely after you’re done)
- Fire up a Windows desktop in the cloud for the project then destroy it
Brian #4: Monthly PSF Board Office Hours
- “The Office Hours will be sessions where you can share with us how we can help your community, express your perspectives, and provide feedback for the PSF.”
- “Unless we have a dedicated topic for a session, you are not limited to talking with us about the above topics, although the discussions should be focused on Python, the PSF, and our community. If you think there’s something we can help with or we should know, we welcome you to come and talk to us!”
- Upcoming office hours
- October 8th, 2024: 9pm UTC
- November 12th, 2024: 2pm UTC
- December 10th, 2024: 9pm UTC
- January 14th, 2025: 2pm UTC
- February 11th, 2025: 9pm UTC
- March 11th, 2025: 1pm UTC
- April 8th, 2025: 9pm UTC
- May 13th, 2025: 1pm UTC (Live from PyCon US!)
- June 10th, 2025: 9pm UTC
- July 9th, 2025: 1pm UTC
- August 12th, 2025: 9pm UTC
Extras
Brian:
- PyCascades CFP closes Friday, Sept 20
- PyCascades is in Portland in 2025 (Feb 8 & 9)
uv now supports Python 3.13.0rc2
uv self update uv venv -p 3.13
Michael:
- Big Python Humble Bundle with both of our products
- Get $1,800 worth of Python content and tools for $30 and contribute to charity
- Includes 5 Talk Python courses
- Several of Brian’s and his book
- Djangonaut Space Session 3 Applications Open!
- I interviewed Sarah and Tushar on Talk Python
- AltTab: Windows alt-tab on macOS
Joke: Election joke
412 قسمت
همه قسمت ها
×به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.