Python Bytes - #416 A Ghostly Episode
Episode Date: January 13, 2025Topics covered in this episode: Terminals & Shells Winloop: An Alternative library for uvloop compatibility with windows Ruff & uv uv-secure Extras Joke Watch on YouTube About the show S...ponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Terminals & Shells Ghostty is out Started by Mitchel Hashimoto, one of the co-founders of Hashicorp “Ghostty is a terminal emulator that differentiates itself by being fast, feature-rich, and native. While there are many excellent terminal emulators available, they all force you to choose between speed, features, or native UIs. Ghostty provides all three.” Currently for macOS & Linux (Windows planned) Version 1.0.1 released Dec 31, announced in Oct Features: cross-platform, windows, tabs, and splits, Themes, Ligatures, … Shell Integration: Some Ghostty features require integrating with your shell. Ghostty can automatically inject shell integration for bash, zsh, fish, and elvish. Fish is moving to Rust “fish is a smart and user-friendly command line shell with clever features that just work, without needing an advanced degree in bash scriptology.” “fish 4.0 is a big upgrade. It’s got lots of new features to make using the command line easier and more enjoyable, such as more natural key binding and expanded history search. And under the hood, we’ve rebuilt the foundation in Rust.” Michael #2: Winloop: An Alternative library for uvloop compatibility with windows via Owen Lamont An alternative library for uvloop compatibility with windows . It always felt disappointing when libuv is available for windows but windows was never compatible with uvloop. Brian #3: Ruff & uv Ruff 0.9.0 has a new 2025 style guide f-string formatting improvements Now formats expressions interpolated inside f-string curly braces Quotes normalized according to project config Unnecessary escapes removed Examines interpolated expressions to see if splitting the string over multiple lines is ok Other changes to, but it’s the f-string improvements I’m excited about. Python 3.14.0a3 is out, and available with uv uv python install 3.14 --preview Michael #4: uv-secure by Owen Lamont (yes again :) ) This tool will scan PyPi dependencies listed in your uv.lock files (or uv generated requirements.txt files) and check for known vulnerabilities listed against those packages and versions in the PyPi json API. I don't intend uv-secure to ever create virtual environments or do dependency resolution - the plan is to leave that all to uv since it does that so well and just target lock files and fully pinned and dependency resolved requirements.txt files). Works “out of the box” with a requirements.txt from uv pip compile. Extras Brian: Test & Code Season 2: pytest plugins Season 1 was something like 223 episodes over 9.5 years Started the summer of 2015 Send in pytest plugin suggestions to Brian on BlueSky or Mastodon or the contact form at pythontest.com Michael: Episode Deep Dive feature at Talk Python Feedback on social media: Those deep dives look really handy. <looks at another one> Yes, those ARE really handy! Thanks for doing that. wow, yes please! This is awesome. Wow, this is amazing. … It helps when going back to check something (without having to re-listen). PyCon Austria at.pycon.org Heavy metal status codes Beautiful Soup feedback CFA via Sumana Harihareswara Joke: That's a stupid cup
Transcript
Discussion (0)
Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
This is episode 416, recorded January 13th, 2025.
I'm Michael Kennedy.
And I'm Brian Ocken.
This episode is brought to you by us.
Check out our stuff that we're doing over at Brian's course.
Where's your course, Brian? I forgot the URL.
PythonTest.com
PythonTest.com, that's right.
And over at TalkPythonTraining, links are in the podcast player show test.com python test.com that's right and over at talk python training links are
in the podcast player show notes or on the home page all of those things follow us on mastodon
and blue sky we love to connect with people over there in fact brian you have you don't really have
visibility into this yet but there's a bunch of recommendations i got from i think it was blue sky
which fills out many of my topics today. So nice.
Yes.
And I encourage people to follow us out there.
Use the starter pack on my profile if they wish.
And if you want to get all this stuff sent to you automatically as an email, and this might be getting an upgrade.
We're not entirely sure yet.
We're playing around with some ideas here, content wise, but you should definitely subscribe
to the email by them by start FM.
Click on newsletter.
Guess what?
You'll get a newsletter. If you do it, that'd be awesome. We'd love, we'd love to subscribe to the email. Python by Stout FM. Click on newsletter. Guess what? You'll get a newsletter if you do it.
That'd be awesome.
We'd love to talk to you there.
And with that, happy new year, Brian.
It's been a couple of weeks we've been on break.
Some of it by decision, some of it mandatory by family stuff, all those kinds of things.
That's on my end.
But welcome back.
Happy new year.
Welcome back.
Yes.
Thanks.
It's really good to be back.
I'm glad to start talking coding and Python on the air again.
Yeah, absolutely.
You get to this age where you get phone calls out of the blue.
You've got to come help your father with this because he's old and can't do stuff.
And just sometimes you jump on a plane for non-vacation reasons, and it's not as fun
as it could be, but you got to do it.
That was me last week.
Okay, well, how about this week?
What do you got for us?
Well, I was thinking that this week at the start of the new year, people might be thinking of some changes.
So some of the changes they might be thinking about is terminal or shell changes, if you're kind of a terminal person, and especially if you were a Mac OS or Linux user.
One of the things that just came out recently is Ghosty.
So G-H-O-S-T-T-Y.
Get it?
TTY?
Yeah, that's clever.
That's clever.
It's a fast, feature-rich, and cross-platform terminal
emulator that uses platform-native UI and GPU acceleration.
So super fast, super featured.
Why am I covering this?
It's kind of fun, actually.
So, Ghosty, have you heard about this?
I have absolutely heard about it.
I have it installed.
I have played with it.
It is fun.
It is not yet dethroned to warp as my way to my go-to yet,
but I like it.
Both of them are written in high speed languages.
I think ghosted is zig of all zig language is awesome.
And yeah, warp is rust.
But yeah, I love it.
Okay.
Yep.
So ghosty just came out.
Let's see.
They did the announcement announcement of a release in October, but it it just came
out at the end of the year.
I think it was the 31st of December
or something like that, end of the year. So why am I talking about this? Because it's kind of fun,
and also it has some interesting heritage. So this is started by Mitchell Hashimoto,
which is one of the co-founders of HashiCorp. I think he left HashiCorp in 2023.
But anyway, some nice heritage.
It's feature-rich.
What does feature-rich mean?
It's fast.
Feature-rich, fast.
It's got themes.
It's got all that sort of stuff.
But a couple of reviews that I was reading of it were saying that it really is pretty fast and partly because it's less code.
The code for it is a lot more streamlined than a lot of other things.
And having it be native and really focusing on some of the speed as well as features.
So the tagline really, when you go to the About page, it says there are many, many excellent terminal emulators available,
but they all kind of force you to either choose speed, features,
or a native UI, and Ghosty wants to do all three,
and I kind of like that.
I've had issues with things that don't really look like,
you know, they don't really look like a native feel.
Anyway, I've just downloaded it, started playing with it a little bit, like you know they're not they don't really look like a native feel um anyway um i kind of i haven't
i've just downloaded it started playing with it a little bit haven't done much with it but a lot
of people on blue sky were talking about it in mastodon over the break um as far as shells go
uh so ghosty does integrate with uh with shells with different shells it integrates with it says
uh some of the features require
integrating with your shell it automatically does automatic injection of shell integration for bash
z shell fish and elvish and i've been thinking about fish because fish was actually in the news
as well um fish you're into jam bands i got it yeah i kind of forgot about fish anyway um but uh
an announcement at in december as well is that fish shell uh is the 4.0 is in beta and it is
rewritten in rust so um that's kind of interesting do you know what what was written in before i think it was cbc or c++ yeah um a port
from c++ to rust so uh not sure about the reasons around that but it's kind of fun um it'd be fun to
get if you want to contribute or whatever i think there's more energy around rust than c++ right now
yeah but um uh one of the things that i'm i'm with Phish, because I've been setting up new environments lately and stuff, and I like my environment, my shell environment, but keeping it all, like all the extras on different machines is a little tricky.
And apparently Phish has, I haven't used Phish, but apparently Phish has a lot of stuff built in that other people have to configure later. later so okay shot also yeah yeah i'll check that out very nice yeah are you used to do
z shell and oh my z shell are you still yeah yeah yeah okay if if i use the regular terminal or i
term or something like that then i am but i think with warp i'm pretty sure yeah i'm sure that it
it doesn't run z shell not directly anyway it may
underneath the cover somehow but okay it feels like it kind of does its own thing you know yeah
and i'm enjoying it it comes rebuilt with a lot of stuff that i used to install like mcfly and
other types of stuff well so i used to have it used to be a heavy duty z shell user and had tons
of configuration changes but when i started doing a bunch of machines,
I kind of just went back to vanilla bash and with a,
with just a,
like a bash RC file.
But we'll see.
It's the history.
The history is so hard on bash compared to some of the other things,
unless you configure it.
Right.
Yeah.
Yeah.
Anyway,
what you got for us?
All right.
Let's take it for a loop here.
This one comes to us from Owen Lamont.
And I told you stuff was coming from blue sky.
And Owen has a special honor in this episode.
He doesn't know it, but he might have a perfect trifecta sort of thing going on here.
So this one that we're going to cover,
he pointed out, and then the next one we're going to cover is the next one I'm going to cover is my
second main topic is actually created by him. Then something else, I can't remember exactly
what it was, was referred to. So he's got three things in three different sections, which is
pretty wild. So Owen, thanks for sending this in. And like I said, I encourage lots of people
to send their stuff in because that is super helpful and we'd love to have it up. So this
one is called WinLoop. Now, something that's a hassle is if you're working in AsyncIO, well,
AsyncIO is not as high performance as it could be, right? So there are things like UVLib,
which is the backend powering things like UVLoop,
hence WinLoop, UVLoop.
The problem is UVLoop is not compatible with Windows,
even though the foundation of LibUV is compatible.
Make that make sense, huh?
So this person came along and worked on it,
Visonex, and said, all right, I've been waiting for people to set this up and make it work.
And, well, I guess I'm going to have to do it myself. So he said, because nobody was willing to step up after so many years of waiting, I went ahead and downloaded the source code for UV loop, started modifying the source code to be Windows compatible by carefully removing and changing parts that were not made for Windows, such as forking processes rather than launching sub-processes, and so on, and so on. So here's a,
does it have any benchmarks? Where are your benchmarks? I think it might actually, no.
Yeah, it does have some benchmarks. So this is a way to replace the async IO event loop to upgrade
it to have faster performance, much like UV loop does for Mac and Linux.
But you can just do that here.
And you can kind of use them both, right?
You can just do sort of an import, try, accept,
like try to import this or check your platform
and import the right thing
and just sort of swap between them.
Okay, cool.
Yeah.
So it says if you run it with the different policies, it'll show you
like how much faster you can get, like it gets, I don't know, is this like five times faster or
something for some benchmark, you know, all those things go. And then where are we? They've got some
nice examples. Yeah, it says check out the how to use WinLoop when UV loop is not available. So it
just basically says if the platform is Win32, SigWin, or CLI,
just import the run method from WinLoop.
Otherwise, import it from UVLoop.
You could also probably,
you know, probably a nice way would just be
set the async IO event loop policy
before an event loop comes into existence,
which then when it goes and creates a no event loop,
automatically it'll use the WinLoop or UVLoop one whatever. But yeah, people can check it out. It shows how
to use it with fast API and things like that. So pretty neat, I think. Yeah, that's cool. Yeah. So
if you're doing async IO stuff and you're on Windows and you've been like, people keep telling
me UV loop is awesome. I hear you. I can't use it. Winloop, check it out.
And thanks, Owen, for sending that in.
I also kind of, I really like that it kind of works with both.
Or you can have some examples to use both because there are people that are test, you know, test developing on Windows and pushing to Linux.
Yeah, or you're a framework creator and you have users on both.
Yeah, which you should think about because like we've said before,
it's like over half of the Python users are using windows.
Yeah.
The majority,
if you single down to a single platform,
the majority,
the biggest one is windows and then it breaks into pieces.
Right.
Yeah.
Luckily all the other pieces are Linuxy sort of thing.
That's right.
And that, I think that's the problem.
Everything is POSIX-like, except for Windows.
That's a challenge.
Yeah.
Oh, well.
Anyway, okay.
Well, let's take a look to get this right.
I've got some news from Astral, a couple of Astral topics, UV and rough.
First off, I saw this little notice that there's a rough
2025 style guide and i'm like what what do we need a new style guide for 2025 um but um but i'm really
there's a bunch of stuff in here but what i'm really excited about is the the modifications
to the f string formatting and yeah um we're getting really nerdy here if you're getting
excited about f string formatting.
But F, yes.
There was a great sticker for us that F, yes, when F strings came out.
So one of the cool things is, I guess it didn't deal with the formatting, the expressions inside, the interpolated expressions inside of the curly braces inside of an F string.
And so, yeah, often it's just a variable name, which isn't a big deal. interpolated expressions inside of the curly braces inside of an f string and so yeah often
it's just a variable name which isn't a big deal but you can put code in there and uh and now um
now rough will will format that correctly so that's cool it's doing like like here's this
shows an example of like uh you know layer layer method plus five and it was too stuck together so
now uh rough will spread it out
a little bit i i do that all the time like if i have a time delta and i want to know how much time
i want to represent that in milliseconds but it has a dot total second so i'll just times a thousand
yeah and actually more and more now i'm like do i really need to assign this to a variable just so
i can stick it into an f string i'll just stick the code in the F string. So I'm doing that more and more.
So having a rough deal with that is great.
But with that also, there's a bunch of other cool things
like quotes are now normalized in F strings
according to a project configuration.
So if you set it to be double quotes or single quotes,
it'll deal with that.
And they're left untouched
if normalizing would result in an invalid F string.
Of course, it checks to make sure it doesn't mess things up.
Looks for unnecessary escape, like backtick or the backslash,
if it's not needed to be there.
So that's nice.
Yeah, that's excellent.
Like, for example, you have single quote,
and then you will have another single quote in the string.
You've got to escape it.
Rather than leave it there, it'll convert it the outer string to double quote
so you just don't need the escape at all which is perfect yeah yeah um and then uh one of the last
things is uh it looks at the interpolated expressions in an f string to see whether it
might be acceptable to split the f string over multiple lines so um, um, and, and it has done that with
strings of splitting it on multiple lines of, but I don't think it did that with F strings before,
because it could have mucked up the interpolation. Now it's figuring that out and doing the right
thing. So, um, it just lots, lots of good cleanup work for F string. Um, there's other stuff in here
too, that, that I think is really nice. There's a, uh, prefer wrapping the assert message. Basically message basically do i care about this not really except for i like the new one better it looks
better um so sure um better looking code is always a good thing so thanks astral for not like
ignoring i mean rough is why we've got fell in love with these guys in the first place and yeah
so uh so i'm glad that there's still work going on here. Now, I've got a bit of a tangent that seems like a tangent, but not really.
The Python 3.14, 3.14, the Py release of Python is in alpha right now.
As of December 17th, there's the alpha 3.
So it's been in alpha for a while.
So you can play with it.
But how do you play with it if you're kind of a UV person?
Well, Charlie Marsh posted in just on the 7th that you can use, what was it?
UV Python install.
Yeah.
3.14.
And then you do dash dash preview because 3.14 isn't there yet.
But if you use the preview, it works. And after I've, after I did this, now I can just,
now I don't have to use preview when I just say like UV, V and V,
and then pick up.
Yeah.
Yeah.
Just, yeah.
314 or whatever.
Yeah.
It just works because now it's on my machine too.
So there's a preview mode to grab that, which is really nice.
I like it.
Oh, that's excellent.
Yeah. They're doing really good work over there and you're right that that rough started at all. So that's,
that's really cool to see. And one of the things that I've noticed that I'm, I, I wasn't really
up for a lot of the, like the big packagers to create my pie project homo for me and to start
a project, but UVA knit, it it rocks um okay it does just enough like if
you pop into a new uh a new project and just say uv and like if you start coding and you say uv init
it creates enough boilerplate that's good but not too much like it'll generate a pipe project
homo for you um but it's not too big you can just you know add more stuff that is such a balancing
act right like i'm gonna create a new project run this cookie cutter or this other template But it's not too big. You can just, you know, add more stuff. That is such a balancing act, right?
Like, I'm going to create a new project, run this cookie cutter or this other template.
Do you want to use Postgres?
How about Celery?
Do you like caching?
What kind of R?
Like, whoa, whoa, whoa.
I just, I just don't, I just need to like a project on a few things.
And what's the right layout relative structure?
Let's, let's not overdo it, you know?
Yeah, let's not.
Too much opinion.
And then also UV sync.
I'm using a UV sync all the time.
So you clone a project and do UV sync
and it'll pick up the project HOMO
and create a virtual environment and all that.
So love that.
Well, I really appreciate your perfect segue
because this next topic of mine is called UV-Secure.
Nice.
Pretty awesome.
This was the one created by owen lamont
and he just released he's been working on for a little while and people might be familiar with
pip audit so pip audit will go and look at what is installed in your virtual environment so i've
got a virtual environment i've installed some packages through whatever pip install dash e
or through just pip install or dash requirements,
however you get it, right?
You've got all those requirements installed.
And what if there's some kind of malware
or some other horrible thing
that you mistyped,
like jangagu or I don't know, whatever.
Like somehow you miss a letter
and you get something terrible
or something was just taken over.
It was fine.
And then it wasn't fine.
This will go,
pip audit will go back and talk to,
can't remember exactly what it's going back to,
but there's an API that checks for vulnerabilities in different packages.
And basically if a vulnerability is found,
it's listed there.
You'll know,
right?
Cool.
Cool.
So that's great.
But that requires you to have all those things installed and it doesn't work.
It doesn't like look at things like the UV lock file.
So UV Secure allows you to ask,
hey, what is the status and vulnerability story
of my project before I install them?
Right, it's good to know,
hey, you've installed a virus
that is now running loose in your computer.
You'll wanna try to work on that, get it out.
It's better to know before you install it, right?
And so when Owen submitted this to us, I'm like, this is awesome, but I'm not a UV sync
kind of guy.
I'm a UV pip install and a UV pip compile to generate a requirements.txt file.
So he said, no problem.
I'll update it to also do requirements files.
And then I ran that, just go in to the working folder for Python bytes
and say UV dash secure. So first of all, you can install it with UV as a tool or with pipx or
however you want. And then you say UV dash secure. And it'll say I'm looking at this requirements
file, or I'm looking at this lock file or whatever it is. And it'll take a minute because it's,
you know, the Python bytes project has 86 packages
it uses. So it calls that API 86 times and gets a response. There's a bit of a delay there.
Sure. You could parallelize that, but maybe harm the API. I don't know how much it can take in
parallel, but anyway, it says if there's a problem or whether everything looks safe and Hey,
everything looks good. Got to love that. Nice. Yeah. So a nice work on that, Owen. And yeah, people can check out UV Secure.
Cool.
Yep.
And yeah, there it is.
I'm being checked to see if I'm secure, trying to pull it up.
But yeah, scan your UV lock file for dependencies with non-filled vulnerabilities.
And now also works with requirements.txt files that were generated by UV.
I imagine with others as well, pinned ones at least, you know?
Yeah. I mean, people might write their own now who knows whatever yeah they might they might all right uh that's it for our main
items isn't it it is yeah you got any extras um just i guess uh a little bit over the uh break i did um i did play around with pytest um more and uh and started testing
code again so um we talked about doing seasons so i thought yeah with that i'll do i'll shift over
and so after nine and a half years and 223 episodes uh season two is starting
um so i'm gonna do pytest plugins so please um anybody uh so there's an episode up just
introducing the introducing the season there they'll be probably short short or long depending
on what we want to talk about for different plugins um some of them are going to combine
uh plugins like all the orderings together or something or whatever um or individual ones so
if you'd like to submit your favorite plugin
or something you'd like me to take a look at, go ahead.
And how would you do that?
You would either go to Blue Sky or Mastodon,
or I recently added a contact form on pythontest.com.
Oh, I have to add my Blue Sky to that contact form also.
Ooh, come on now.
Don't forget it. it anyway so that's my
extra excellent and real-time follow-up uh you have henny uh out there points out that sneak
maybe as possible does something similar yeah that's for sure i wonder it's using the sneak
api for that uv secure not sure anyway but and people bought it but yeah that's another thing
to consider okay i have a few extras this is the try this is the
trifecta part and i'm just going to link to it i'm not going to play it we've already all had
plenty of heavy metal okay owen uh was inspired by the funny song that we did with remember the
curl heavy metal like super heavy metal that was awesome tls connect hello so um. So he did one for HTTP status codes
and it goes through all the different HTTP status codes.
So I'll link to that.
You can play it.
Make sure you turn on the audio
because it's off by default.
It's pretty good.
It is pretty good.
I do enjoy it.
Gosh, I wonder if it has, I'm a teapot in there.
I didn't listen that hard before 18, 19, whatever it is.
That's a pretty good one.
Okay. So people can check that out. That's a pretty good one. Okay.
So people can check that out.
That's pretty fun following on that.
And who knows, maybe I might do some more fun stuff with songs later as well with some of these episodes.
I think we can do it, but we're not doing this episode.
We've got to play around.
So another thing to announce is PyCon Austria is coming.
When is it coming in?
April 6th and 7th.
And it's opening party on the 5th.
I mean, who wouldn't want to go to a party in Austria?
Have some good beer.
Yeah.
It'd be great.
Yeah.
So I met some of the folks behind this at Paikon Slovakia 2018 when I was there giving a talk.
And they're putting this on.
I think it is free.
Yeah.
Attendance is free, but space is limited.
So you still got to sign up. So if you're near Austria, in Austria, or can take a train over to Austria and like to do that, you know, check it out.
I would absolutely go if I could, but it intersects with some family stuff that I can't get out of.
So I'm not going this year, unfortunately, because of the dates, but it still would be fun.
And people can check it out, right?
Yeah. Yeah. Very cool. All right. unfortunately because of the dates but it still would be fun and people can check it out right yeah yeah very cool all right another one leonard richardson uh the guy who created beautiful soup
um this was sent in to me i want to give a little bit of credit here as well this one was sent in by
sue mana and she said hey check it out new for Beautiful Soup. Apparently this is a pretty big change.
4.13 Beta 3 was just uploaded to PyPI.
And hoping to get another round of feedback, says Leonard, before the final release.
Because apparently there's some kind of changes and stuff.
And you can check out Google Groups link to talk about the changes that he's proposing and trying out and so on.
That's pretty awesome.
I think I've been using Beautiful Soup since I started using Python.
Yeah, I agree. If you scroll through the comments here, Eric Holscher says,
I just want to say thanks. Beautiful Soup has been a constant utility basically as long as I've been doing Python. So I thought that was a pretty, you're on the same vibe there. Pretty
awesome. Yeah, cool. So Beautiful Soup certainly rocks and I've used it a ton as well. Okay. I have one more extra Ryan, but I want to close out the show with
something special and unexpected for people. Okay. Okay. Okay. So in order to do that at the end,
I think let's do the joke first. I'm all for jokes. Yeah. So you know what it's like to go
to Stack Overflow, right? It's not, it's super helpful, but it can be a little prickly, let's say.
Yeah.
Yeah.
You'll submit a question like, well, that question was answered seven,
asked and answered seven years ago over there.
Like, well, yes, but it doesn't work that way anymore.
Or, you know, you just, you shouldn't, why are you even asking this?
You shouldn't do this, right?
So this comes back to a very common sort of question, you know, optimist versus
pessimist. But we have a third category, a stack overflowist. Okay. So here's a glass. It's exactly
50% full of water. I mean, you can debate it's full of, it's a hundred percent full, but whatever,
like that's, that's not the debate. That's a chemistry joke. This one is the optimist,
pessimist versus stack overflowist. The first one is the optimist says the glass is half full.
The pessimist says the glass is half empty.
The stack overflowist says the glass is a stupid question.
And so I've in the show notes, I entitled the joke.
That's a stupid cup, stupid glass.
I like it.
Pretty good, right?
Yeah.
And then like, of course, I'm the nerd in me is looking at this going, well, visually it's halfway up.
But since the cup is wider at the top, it's got more air than it does water.
I would say pessimist wins.
Skygurus comes in second.
Optimist, no, no, no.
That's a stupid cup.
Okay.
That's a stupid cup.
All right.
You ready for the last thing?
This is pretty awesome.
This is pretty wild. We live in incredible times. So I've started
doing this thing over at TalkPython. This is only tangentially the actual topic. It is,
but it isn't. I've started doing this thing called episode deep dive. So I wrote up on
the TalkPython blog, introducing episode deep dives at TalkPython. And so if you go to any-
And I'm embarrassed to say it took me a while to understand the snorkel reference.
Deep dive.
Yeah, well, you got to pick something from your awesome icons.
And I'd already used up some other stuff.
So it's a snorkel is the icon to click the button.
I like it.
Yeah.
So now for every episode that I publish, I'm putting together what's called a deep dive.
And actually, it's ironic that the older ones are better because the more of them
I've done, the better I've caught at, you know, figure them out. Let's yeah, it's so weird. So
here, let's see space science. Does this have a deep dive? It does. Okay. So space science,
this one is, uh, I interviewed Thomas Albon, Albin about his YouTube channel and his work.
Um, I think it was a European space or European space agency and so on. But instead of just having the show notes, now it has this
thing called the deep dive, which comes into their background. It says, hey, if you're new to Python,
these are the types of things you want to like research a little bit to understand this topic
really well. Like this one's about visualization. So it talks about Matplotlib and pandas and spicy
pie and vis-vis. And then it goes into all the takeaways and links
and documents and tools and excellent stuff to just make it way more useful. Right. Okay. So
yeah, thanks. We might start doing that here. I'm trying to decide because we're shown us are
pretty close to this, but they're not exactly, we can play with it, but you know, we've looked
at a little, right. Is it a ton of work though? I don't have them all done. I'm back. I don't know.
I'm back to like 2022 and I've got to go back to 2016. So there you go. But many of
the new ones are done, which is awesome. So here's the thing that, here's the thing I'm going to
close out the show with that I think is crazy. And I think people will enjoy, this is kind of a
separate topic, but it just, that was a lead in because you'll see in a second why. Notebook LM,
have you played with Notebook LM?
No.
So Notebook LM is originally came out,
it's from Google and it came out
as a way to help people understand documents
like researchers, professors, and so on.
So what you do is you give Notebook LM a PDF
or a couple of PDFs
and then you can ask it questions
like what do the researchers think about this?
And it's based on all of their thing.
But the most insane thing, and this is what we're going to close out the show with, is
you can push a button.
Literally, you don't have to give it prompts or anything.
You just push a button and say, create a talk show like, similar to what we're doing here,
talk show like podcast episode of this paper.
It is so insane.
So if I was researching, I don't know if I was researching
something between fast API and Django and somebody written up a really detailed report,
I could upload that and I could just say, Hey, I want to have a couple of people talk to me
about the trade-offs and it brings in other world knowledge, right? It's not just the words in there.
Like it's kind of like chat GPT in that it knows everything. And then it also just talks about this and it is insane. So going back to what the heck with these deep
dives, if you scroll down a little bit, there's a listen to a conversation about our deep dives.
So those of you watching just the live stream, I'm not going to play this here because it's 13
minutes and 54 seconds, but you can go to this link here and just click the play button if you want to hear it.
Okay?
Okay.
For everyone else, Brian,
I'm going to put it as the closeout to the show.
So there's nothing else,
but I'm going to play this
because it is an insane view into what is possible.
So what I did is I took this deep dive conversation,
blog post, the deep dive blog post,
gave it to Notebook LM,
and I said, I want to hear people talk about it.
So I'm going to drop that in and people can hear about it now. I think your mind's going to be
blown, but if you don't want to listen to it, you can just, you know, this is the end of the show.
That's funny because you sent this to me and I started listening and I totally thought you just
like, like somebody else was doing a podcast about your deep dives.
It's, it's crazy if you haven't heard it and it has interruptions like, oh yeah, uh-huh. And it's
got that kind of artificial back and forth, but it's done in a really nice way. It's not just
speech to text. It is something entirely unworldly. It is weird. And I thought it'd be fun to close
out the show just to give people a weird glimpse into this world. And it'll talk about the deep
dives if you care. Cool. All right. Well, with that, later everyone. Later. You ever listen to a podcast and it's packed with like all this
insightful info, but then like a week later, you're like, wait, what was that again? It's like trying
to, I don't know, grasp smoke or something. Yeah, exactly. Try to remember those key takeaways.
You're not alone if you're like that. Not at all. A lot of us struggle with that kind of thing.
Making podcast knowledge stick. So that's what we're going to deep dive into today. We're looking at what Talk
Python is calling episode deep dives. Okay. This could be the solution for that podcast,
information overload. Interesting. I'm intrigued by how Talk Python is, you know, going beyond just
the audio. They're realizing that people consume information in different ways.
Right.
And so they're providing tools to deal with that.
It's not about ditching the podcast. It's about having something to go along with it.
Like imagine you're panning for gold, right? You're swirling the pan around
and you see those little flecks of gold.
Yeah.
A deep dive is like having a tool that magically extracts those golden nuggets.
Ah.
Saves you a ton of time and effort.
I like that analogy.
It definitely captures that essence of efficiency.
But how are these deep dives?
Like, are they really that much different from just detailed show notes?
Oh, that's a good question.
Think of it like this.
Typical show notes give you, like, the bullet points.
Right.
The bare minimum.
Yeah.
Deep dives are like, it's like getting the director's cut of the episode.
Oh.
With all the behind the scenes insights.
It's just staying up.
Deleted scenes.
Yeah.
Bonus features.
So you get guest backgrounds, key quotes, code examples, links to resources, all that
stuff.
It's just a much richer experience.
So all that richness, that must lead to a lot of practical benefits.
I mean, let's be honest, re-listening to a whole episode to find one specific thing, that can be a real lot of practical benefits. I mean, let's be honest,
re-listening to a whole episode to find one specific thing,
that can be a real time suck.
Yeah, for sure.
The deep dive, you can just quickly skim and locate what you need.
Oh, it's such a time saver.
Yeah.
Doesn't this risk kind of discouraging people from actively listening during the podcast itself?
Yeah.
Because they're like, oh, I don't really need to pay attention.
Yeah.
There's going to be a summary waiting for me later.
That's a good point.
That's a valid concern.
But think of it like taking notes during a lecture.
Taking notes doesn't replace listening, right?
It just enhances it.
Right.
It forces you to engage more actively.
Makes sense.
Knowing you're creating that reference for later.
Yeah. Deep dives creating that reference for later. Yeah.
Deep dives can serve a similar function.
They can prompt more focused listening.
Okay.
Yeah, I see that.
It's about being more intentional with how you absorb the information.
Yeah.
So we've established that deep dives go beyond typical show notes.
And they can actually improve how we engage with a podcast.
But what about people who, you know, maybe they're visual learners or they just prefer reading?
Can these deep dives cater to different learning styles?
Oh, absolutely.
Podcasts are fantastic for auditory learners.
Right.
But not everybody learns the same way.
Some people just, you know, they prefer reading.
Some people have a hard time focusing solely on audio.
Yeah, that's true.
Deep dives give you that alternative pathway.
It makes it accessible to more people. I like that. Yeah. So how are these deep dives structured? Is it just like
a wall of text summarizing the whole thing? Oh, no, no, no, not at all. They're really well
designed, very scannable, digestible. Each one starts with what they call a guest spotlight
section. It's like a mini biography of the guest. Gives you insight into their
background, their expertise. That adds context to their perspective. So you're not just hearing
opinions, you're understanding where they're coming from. I like that. It's like getting
to peek behind the curtain a little bit. Yeah. So we've got the guest spotlight setting the stage.
What comes after that? So then the content is broken up. It follows the flow of the conversation.
They've got clear headings and
subheadings, you know, guiding you through the topics. And of course, it's got all the links to
libraries, code examples, resources, all that. So it's really structured in a way that respects
your time, lets you prioritize the information that matters most to you. I'm still a little
skeptical, though. Can we look at a specific example to see how it all plays out? Absolutely. Let's look at the deep dive for the episode, Secure Coding for Python with SheHacks
Purple. Okay. Sounds intriguing. This episode was all about threat modeling for Python developers,
right? Exactly. And even if you haven't listened to the whole episode, the deep dive gives you a
ton of insight. It starts with a background on Tanya Janka. She's the guest, also known as She
Hacks Purple. It highlights her journey, you know, from software developer to penetration tester,
and then how she eventually landed in application security. So you get a sense of her expertise
and how her experience informs her view on secure coding. But why She Hacks Purple?
The deep dive explains that, too. It comes from her role blending offensive and defensive security, which is often called like purple teaming.
OK, makes sense.
So now we're starting to understand who we're dealing with.
But let's go beyond the introduction.
What were some of the key takeaways from the actual secure coding discussion?
Well, one central concept was threat modeling, which they described as like a structured brainstorming session where
the developers, a security person, and a product owner all come together to, as Tanya put it,
brainstorm evil. They ask four key questions. Based on the work of Adam Shostak, who's, you know,
kind of a big name in security. Hold on. Four questions to brainstorm evil. I like that.
What are they? Well, the first one is, what are we building?
Okay.
That involves sketching out an architectural diagram to understand the components of the
system.
And then it's what can go wrong.
Oh, okay.
And that's where they put on their black hats and brainstorm potential risks and vulnerabilities.
Okay.
So far, so good.
What about the next two?
The third question is, what are we going to do about it?
Makes sense.
And that's where they shift gears and start discussing mitigation strategies. And then
the final question is, did we do a good job?
Okay.
That involves validating the process, making sure those mitigations are actually effective.
So it's a comprehensive process that goes beyond just identifying threats. It's about
proactively addressing them. Are we getting a little too deep into the weeds here though? Yeah, you're right. We are getting a little ahead of ourselves. The
point is, the deep dive breaks this concept down in a really clear and concise way, even if you're
not familiar with threat modeling at all. And it does this for all the key topics from the episode.
Okay, I see the value there. It's like having a condensed version of the conversation.
Yeah.
Highlighting the most important points. But let's pull back for a second. Back to the deep dives themselves. We've seen how they're structured, the benefits they offer. We've even gotten a glimpse of what they actually look like. But what about availability? Are these deep dives available for every single TalkPython episode?
That's where it gets interesting. They are available for all TalkPython episodes from number 440 onwards, which is November 30th, 2023. Oh, okay. So fairly recent episodes are covered.
Yeah. What about the older ones? Are they just out of luck? No, no, no, not at all. Michael
Kennedy and the TalkPython team are actually working on updating older episodes with deep
dives. That's great. It's a big job, but they're steadily making progress. What if there's a
specific older episode that I really want to deep dive for?
Can I do anything about that?
You absolutely can.
Michael is really receptive to feedback.
So if there's an episode you really want, you can reach out to him directly through his website, hemkennedy.codes.
So it's kind of a community effort then.
Listeners can help decide which episodes get the deep dive treatment sooner.
I like that. But some people might argue that, you know, just reading a summary isn't really enough,
especially for these, you know, complex technical topics.
What are your thoughts on that?
I mean, that's fair.
Deep dives aren't meant to replace listening to the episode.
They're designed to work together.
Think of it like this.
You watch a fascinating documentary.
You're captivated.
You love it.
But later on, some of the details get a little documentary. You're captivated. You love it. But later on, some of the
details get a little fuzzy. Yeah, that happened. Would you rather struggle to remember or have a
nice concise recap? Oh, a recap is nice. Yeah, to refresh your memory. Deep dives provide that extra
layer. They help solidify that knowledge. Yeah, it's like having a study guide for your favorite
podcasts. You get the big picture from listening, and then the deep dive helps you focus on the important
details. Let's zoom out for a second. Away from TalkPython, what do you think this trend
towards more structured and interactive podcast content, what do you think it says about how
we're consuming information these days? It's really fascinating, isn't it?
We're moving beyond passive consumption.
For sure.
People are demanding more.
They want to engage with the content.
Right.
Dissect it, make it their own.
Podcasts are evolving from just entertainment to really powerful learning platforms.
I like that.
The lines are blurring between education and entertainment, which I think is really exciting. But are we risking losing something in this shift,
you know, by focusing on efficiency and structure? Could it make podcasts feel less,
less human? Oh, that is a really thoughtful question. We definitely need to retain that
human element, that personal connection. That's what draws people to podcasts in the first place. The host's voice, you know, the curiosity in their questions, those unscripted moments,
all of that is essential. It's that personal touch that makes you feel like you're part of
a conversation, not just listening to a lecture. Can these structured summaries, like deep dives,
can they coexist with that human element? I think they can. And they might even enhance it.
Oh, interesting.
By providing the tools to understand and retain the information, it deepens their connection to the content and to the creators.
So instead of replacing the human element, it's more about creating a richer experience.
Exactly.
That caters to different learning styles.
It's about empowering the listeners to engage on their own terms
in a way that resonates with them.
And that, in turn,
creates a more vibrant
and engaged community
around the podcast.
Okay, I'm seeing deep dives
in a whole new light.
It's not just about summarizing.
It's about fostering
deeper engagement,
making information more accessible,
and ultimately empowering listeners
to get more out of their podcast experience.
It's recognizing that learning is a journey.
And podcasts are an incredible vehicle for that journey.
But like any journey, having the right tools and resources makes all the difference.
So if these deep dives are the tools, what kind of impact can they have on the journey itself?
What does this mean for the future of podcasts as a learning medium?
It feels like we're on the cusp of something big.
Yeah, podcasts have definitely transformed how we listen to things.
For sure.
But now it's like we're moving beyond just listening to actually learning from podcasts.
Yeah.
Like podcasts in the future, where they all come with these detailed summaries
and maybe interactive
exercises even community forums whoa built right in that would be pretty cool it would really make
knowledge accessible to like everybody exactly it's like no longer would these valuable insights
be trapped in an audio stream lost forever as soon as the episode ends they'd be like
readily available searchable you could share them. And it would really help people learn, too. Oh, yeah, for sure. What about the impact on the creators, the podcasters themselves?
Oh, that's a great point. This kind of engagement, you know, it could really strengthen the bond
between podcasters and their audience. It's like building a community.
Yeah. Instead of just having a bunch of listeners.
Exactly. It could take podcasting to a whole new level.
This is really eye-opening. What started as a deep dive into episode deep dives, Yeah. Instead of just having a bunch of listeners. Exactly. It could take podcasting to a whole new level.
This is really eye-opening.
Yeah.
What started as a deep dive into episode deep dives has turned into this like exploration of the future of podcasts.
Yeah.
And I'm excited about it.
Me too.
It's clear that podcasting is still young.
It's got so much potential.
And innovations like deep dives are just the beginning.
So if you're listening to this.
Yeah. And you want to see how deep dives are just the beginning. So if you're listening to this. Yeah.
And you want to see how deep dives work.
I really encourage you to check out TalkPython.fm and explore for yourself.
Yeah.
You might be surprised at how much more you get out of your podcasts.
It could even inspire you to think about how you learn and connect with information in new ways.
It's all about embracing this evolution.
Absolutely.
How we learn. How we connect with information. Because knowledge all about embracing this evolution. Absolutely. How we learn,
how we connect with information. Because knowledge is most powerful when we share it,
when we explore it, and when we put it into action. So on that note, we'll wrap up this deep dive.
Hopefully this has given you some new ideas. Yeah. And inspired you to look at the world of podcasts with a fresh perspective. Happy listening. I think we are. Yeah.
Podcasts have come a long way.
They really have.
But now it's like we're talking about not just passive listening anymore.
It's active learning.
Right.
Right.
It's exciting.
Yeah.
And think about the impact this could have on, you know, on creators, on podcasters.
Oh, yeah, for sure.
This deeper level of engagement, I think it could lead to like a much stronger connection between the people making the podcasts and the people listening.
Yeah. It's like you're building a community, not just broadcasting to an audience.
Exactly. Yeah. It's turning podcasting into this collaborative learning experience.
I love that. This has been really eye opening. I mean, we started by diving into episode deep dives.
Yeah.
But it's turned into this whole exploration of the future of podcasts.
It has. And I'm feeling pretty optimistic about it.
Me too. It's clear that podcasting is still in its early stages.
And there's so much potential. And I think things like deep dives are just paving the way.
They're leading the charge. So to all our listeners out there, if you want to see how deep dives work in practice, head over to TalkPython.fm.
Yeah.
Explore a little bit.
You might be surprised at how much more you can get out of your podcast listening.
It might even inspire you to think about how you can incorporate some of these ideas into your own work or learning or whatever you're doing.
Yeah, for sure.
It's all about embracing this evolution.
Yeah.
How we learn, how we connect with information.
Exactly.
And on that note, we'll wrap up this deep dive.
We hope you enjoyed it.
We hope it gave you some new ideas and inspired you to explore the world of podcasts with a fresh perspective.
Absolutely.
Happy listening, everyone.