Python Bytes - #464 Malicious Package? No Build For You!
Episode Date: January 5, 2026Topics covered in this episode: ty: An extremely fast Python type checker and LSP Python Supply Chain Security Made Easy typing_extensions MI6 chief: We'll be as fluent in Python as we are in Russi...an Extras Joke Watch on YouTube About the show Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: ty: An extremely fast Python type checker and LSP Charlie Marsh announced the Beta release of ty on Dec 16 “designed as an alternative to tools like mypy, Pyright, and Pylance.” Extremely fast even from first run Successive runs are incremental, only rerunning necessary computations as a user edits a file or function. This allows live updates. Includes nice visual diagnostics much like color enhanced tracebacks Extensive configuration control Nice for if you want to gradually fix warnings from ty for a project Also released a nice VSCode (or Cursor) extension Check the docs. There are lots of features. Also a note about disabling the default language server (or disabling ty’s language server) so you don’t have 2 running Michael #2: Python Supply Chain Security Made Easy We know about supply chain security issues, but what can you do? Typosquatting (not great) Github/PyPI account take-overs (very bad) Enter pip-audit. Run it in two ways: Against your installed dependencies in current venv As a proper unit test (so when running pytest or CI/CD). Let others find out first, wait a week on all dependency updates: uv pip compile requirements.piptools --upgrade --output-file requirements.txt --exclude-newer "1 week" Follow up article: DevOps Python Supply Chain Security Create a dedicated Docker image for testing dependencies with pip-audit in isolation before installing them into your venv. Run pip-compile / uv lock --upgrade to generate the new lock file Test in a ephemeral pip-audit optimized Docker container Only then if things pass, uv pip install / uv sync Add a dedicated Docker image build step that fails the docker build step if a vulnerable package is found. Brian #3: typing_extensions Kind of a followup on the deprecation warning topic we were talking about in December. prioinv on Mastodon notified us that the project typing-extensions includes it as part of the backport set. The warnings.deprecated decorator is new to Python 3.13, but with typing-extensions, you can use it in previous versions. But typing_extesions is way cooler than just that. The module serves 2 purposes: Enable use of new type system features on older Python versions. Enable experimentation with type system features proposed in new PEPs before they are accepted and added to the <code>typing</code> module. So cool. There’s a lot of features here. I’m hoping it allows someone to use the latest typing syntax across multiple Python versions. I’m “tentatively” excited. But I’m bracing for someone to tell me why it’s not a silver bullet. Michael #4: MI6 chief: We'll be as fluent in Python as we are in Russian "Advances in artificial intelligence, biotechnology and quantum computing are not only revolutionizing economies but rewriting the reality of conflict, as they 'converge' to create science fiction-like tools,” said new MI6 chief Blaise Metreweli. She focused mainly on threats from Russia, the country is "testing us in the grey zone with tactics that are just below the threshold of war.” This demands what she called "mastery of technology" across the service, with officers required to become "as comfortable with lines of code as we are with human sources, as fluent in Python as we are in multiple other languages." Recruitment will target linguists, data scientists, engineers, and technologists alike. Extras Brian: Next chapter of Lean TDD being released today, Finding Waste in TDD Still going to attempt a Jan 31 deadline for first draft of book. That really doesn’t seem like enough time, but I’m optimistic. SteamDeck is not helping me find time to write But I very much appreciate the gift from my fam Send me game suggestions on Mastodon or Bluesky. I’d love to hear what you all are playing. Michael: Astral has announced the Beta release of ty, which they say they are "ready to recommend to motivated users for production use." Blog post Release page Reuven Lerner has a video series on Pandas 3 Joke: Error Handling in the age of AI Play on the inversion of JavaScript the Good Parts
Transcript
Discussion (0)
Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
This is episode 464, recorded January 5th, 2026.
Brian, it's 2026. Amazing.
It is amazing.
I'm Michael Kennedy.
I'm Brian Ackin.
We're here to bring you another year of awesome Python news, and we got a bunch of good ones queued up here.
I've got a pretty interesting spy story to tell people, Brian.
That's going to be very fun.
Cool.
Yes.
If you're listening and you're not subscribed to the newsletter, you definitely should.
It's super high quality.
We put a lot of extra details, extra information, not just a emailing version of the show notes.
Follow us on the socials.
You'll find them on probably in the newsletter.
I believe they're right there at the top, but also in the show notes.
And yeah, with that, Brian, how would you like to kick things off for the new year?
Thai.
I think I'm pronouncing a tie.
I don't know how it's supposed to.
I've asked Charlie Marsh.
No, it's TY.
T.Y.
It's TY.
Okay.
I believe because it's UV,
TY.
So now I'm starting to doubt myself.
But when I interviewed him about TY, I asked, I'm pretty sure it's TY.
Oh, that makes sense.
UV and TY?
Mm-hmm.
Okay.
T-Y.
Okay.
It's an extreme, it says it's an extremely fast Python type checker and LSP,
which is what a language server protocol?
I don't know what LSP stands for.
Do you?
Language server protocol.
Yeah.
LSP.
Something.
Yep.
Anyway, it's, okay, so Ty's been out for a while, but the news as of December 16th is that it's, it's in beta.
People have been playing with it for a while anyway, but I thought, so we're going to link to the Charlie Marsh's announcement of it.
And this was going to actually, to be clear, this was going to be an extra, but I was playing with it this weekend and I'm kind of in love.
I really like T.Y.
So really fast type checker and language server.
And luckily, this is not one where you, it's so fast that you say,
did it actually run?
Because it actually prints something out.
When you run like tie check, it'll say, yeah, even if it doesn't find anything,
it says like all done or.
So thank you.
Thank you to you, Astral, to actually letting us know that it's finished.
But it is super fast.
So type checking, I've used my pie before, or I think that's pronounced my pie.
And in Pyrite, I tried that in Pylance.
So actually, I remember Pianlance has been a while, but I have tried Pyrite and
my pie because people have submitted issues with some of my projects to say,
hey, these thorough problems with my Pai, can we fix this?
So we've had some fixes on like Pye test check has been one project that we've
made some changes. However, okay, so installed
Ty, Y, this, just the other day, and yes,
it is super fast. I didn't, I'm using, expecting,
they have a graph that shows, oh, what are they
typing, oh, they checked home assistant project,
which is a pretty big project. And my pie takes 45 seconds
to run and TY takes two seconds.
And I didn't have anything that large.
It just ran instantly and spit out a ton of stuff.
So I tried, actually went back and tried a couple other projects.
So here's another project running in it.
Let's see, in the Torch project.
Oh, Recomput.
I'm getting ahead of myself.
So it's really fast, but that's not the coolest part.
The coolest part is it's really fast just the first time.
And then it's even faster when you run it again because they're doing
they're doing regenerative stuff.
So when you, after, what did they write down?
It was designed from the ground up to be incremental.
To have incrementality, I don't think that's a word, guys.
But to incrementally, just check the things you changed to make it faster.
And the reason why is to try to get it running within your editor as well.
So yeah, so it's pretty fun.
I actually ran it, so like I said, I ran it on some small projects, and a couple things, I'm like, why is it bugging me about this?
But I just tried to fix the suggestions, and I found that actually it was making easier to read code, even though I didn't, some of the things I didn't quite get.
Like, here's one that tripped me up.
So if you, if you declare, if you've got a function with input parameter and you declare the input type, I always think of that as like the input type, I expect the user to call.
this function with. But once I'm in the function, I can, I can, like, change the type.
If I, it came in as a list of strings and I wanted to turn it into just a concatenated full
string. That's, that was actually the example I had. And it said, yeah, that's the wrong type. You said
list of strings, but then you assigned it a string. And I'm like, well, okay, could I, if, would it be
more clear if I add a new variable? And I actually just tried to clean it up. And I'm like,
yeah, this is easier to read, actually. It'll be better to maintain. So I'm trying to,
embrace the error messages as something that might make it easier to read even and not become
combative. But I tried to installing, there's an extension that they released also to the
TY extension for BS code. And this does a ton of stuff in lay typants, go to definition
information. There's, I'm pointing this out because I know people will try it out, but you'll have to
be sure to read the documentation because there's a warning in there to say it's a language
server also so you need to you need to either turn off the default language server or turn off
t wise language server but having to it at the same time don't work great so i'm i'm super happy with the
project so far but yeah that's cool i definitely want to give the extension a try i've been using
pyrite as well and it's also sorry power fly all the pies power fly and it has the same deal for you got to
go disable a bunch of stuff in the the visual studio editors and you know like cursor and others and it's
It's annoying that you gotta do.
I feel like that is a fault of Visual Studio code.
Why would it let you run two language servers
for the same language?
That should be like, which one do you want to use?
Just tell me, right?
I detected that too are running.
It's kind of the nature of Visual Studio being
just composed out of a bunch of disjointed things, right?
But once you get it set up, it's super nice.
I totally agree.
One thing I wanted to bring up that I haven't yet also
is when I ran it on a pie test check,
it ran it like and actually i've known that the pitech check is kind of a fun plug in but it it um it has
some like i'm hacking python with this i'm like overloading a bunch of stuff and and a package
that's also a context manager and stuff like that um i do plan on like i've it's noting a whole
bunch of errors and i do want to fix all those that just have a lot of other stuff going on and um and
so um i'm not like a really i didn't intend for this to be an apology what i'm meaning is
is when I go to check these,
TyWI has a whole bunch of settings.
You can turn off any check.
So that's what I think I'll do.
I'll probably like any of them that are failing,
I'll probably turn them off and then fix them one at a time and go through.
And I like that they just said,
you know what?
People might want to like turn any of these off.
So we'll just give you access to all of them.
Yeah, that's very cool.
I'd like to throw out one more thing about the fast.
Like, well, my editor's fast enough.
I don't really care, right?
or what's it matter if it takes 20 seconds for Pyrite to run?
One of the things that you can do with these
that I don't think a lot of people are doing,
but you can tell, you can set up rules
and tell your agentic coding tools.
Like, whenever you make a change,
please run T.Y or Pyrfly or whatever,
against my code base and verify that you haven't made
any typing mistakes.
Everything's hanging together, right?
And those tools will do that like over and over
and it can just make it super slow, right?
So you're not sitting there waiting for the thing to run and run, you know, just reanalyze or analyze.
Just tell it to use TY and it'll just be nearly instant.
Nope, it's fine.
Oh, I got to fix something.
Right.
So one more use case here.
Yeah.
And like we said, since it's incremental, it'll be like milliseconds to rerun it.
Yeah, exactly.
Exactly.
Super cool.
All right.
I have a scary story for you, Brian.
Okay.
So I want to talk about a pair of articles I wrote.
and I think they're very, very constructive, very helpful for people to use.
So increasingly in open source, we're dealing with issues around supply chain problems, right?
This first surfaced most prominently with typo squatting, and I'm sure people have heard
of that word by now, but it's like Django without the J or whatever.
And if people don't really know, they type, you know, PIP install dango or whatever,
it might go and find nothing and say that scenario or it might find something that someone put up there
to look like Django but also bring down some kind of malicious badness right and that's a problem
you can fix it by being careful the PIPI folks are doing a lot of work to fight that and to like preserve
misspellings of common common things but it's still it's an issue right I mean it's gone so far that
there are people trying to pull trying to see what agent coding LMs would recommend because sometimes
they would make up package names and then they would go put stuff there so that when it the next time
it recommends that non-existing thing it actually exists as a virus right so you got to be careful but
way more serious than that is there's been there was some announcements that some folks had been
fished who worked on some project and their pi pi credentials were hacked and their projects were
replaced with look-alike projects but that also had bad things in it right and that's way worse so
So if I use some library, and it uses a library, which itself uses a less known library way down
the chain, and that third level gets hacked, and I PIP install the new version of my library,
I'm toast, right?
And it's not because I misspelled something, and nobody misspelled anything.
It's because somewhere along the way somebody's computer got taken over in some way, off it goes.
This is bad.
So I thought, I was thinking about this over winter break.
I'm like, well, what can we do about it?
So I wrote two articles with concrete advice.
First one, Python supply chain made easy, right?
And what are you going to do?
I gave out some examples.
So here's the thing.
We have this tool called PIP audit, right?
Pip audit is cool.
It audits Python environments.
It's officially part of the PIPA.
It's under their GitHub organization, even though it's Trellibits and Google have also had
influence on it.
It audits Python environments, requirement files, and dependency trees for known security
vulnerabilities, and it can even fix them.
care about fixing them because it may be too late.
I just want that to not happen.
So what I was thinking is like, well, how do we,
how do we use that tool?
And how do we use UV?
So one thing you can do is with PIP audit
is you can just say this virtual environment,
everything installed in here, how's it looking?
Is it bad or is it not bad, right?
And you can just UV tool install it
so because it doesn't have to be installed
in your local environment, not necessarily, right?
You just have that active when you run it.
So that's pretty cool.
But what if people don't run it?
you know like this is always the problem is like i set up this thing this um this way to lent code
or format it to make sure we always do it right but then there's those people that just don't run it
right so one thing you can do this nice is i created a unit test pie test test which will run
pip audit on wherever pie test is running so like your application is being tested it will also
run pip audit against that so that's cool it just does a sub process figures out which version
a Python it is, and then it just runs PIPBot.
For this to work, you've got to actually have it installed as part of the virtual environment,
but that's all good, right?
So then it will just look at all the stuff you've got installed,
and your test will fail, which means your CI will fail if some kind of vulnerable thing gets in there.
That's pretty cool.
Yeah, pretty nice.
So people can just grab this test and drop it in, and there's really not much to it.
And you run it, it's cool.
Also, you could, I mean, you could set it up as a Git commit hook, but it's a little bit slow.
So next thing you can do is very often something like this will happen.
A couple days later, people are like, why is my CPU at 100%?
And why is it this project I'm working on?
You know, it'll get discovered, right?
And these things get yanked pretty quickly.
That's kind of the positive side is they don't typically last.
So the other thing you can do was with UV, as you can say, UVPIP compile or UV sync
dash, upgrade, I think is the command for the UV lock file version. But regardless, you can always
pass a exclude newer than just dash-d-exclude-nure some time frame. So I chose one week. And what that
means is if when I say update my requirements in the pinned lock file, it will basically pretend
anything released in the last week doesn't exist and only update them to a week ago. That way,
because the problem is
PIP audit can know that there's a bad one
but if it was released 10 minutes ago,
PIP audit, no one's going to have reported it
and formalized it, right?
There's this window in the really early days
of a package being updated that no one's
going to catch it and get it into the ecosystem
in time, right? And so just
having a little bit of time, like
let other people try this project for a week.
If no one freaks out and says,
oh my gosh, it's taken over the world,
it's more likely to be okay, right?
Yeah, sure.
I mean, look, it's not a complete defense.
It's not like, well, if it's a week or older, it's never going to be a problem.
But almost all of these that are big problems are discovered within a week.
Or, you know, put a month, whatever you want, put a year.
Like, whatever you feel is like enough that it's very unlikely you're going to get tied up in it, right?
We can put whatever number you want.
But the point is you can put a delay.
So whenever you say update my dependencies, it says, but not the very, very, very new ones.
And I've been doing that for a while and it's been fine.
Okay.
I mean, like a week and a half.
But I thought, okay, well, what about, this is all well and good if you have CI, but what
about production?
What if you're doing like DevOps with Docker or stuff?
Also, if you run your PIP audit and it tells you that you have a virus, you've pip
installed into your dev machine, too late, once you've installed a virus, like it could have
downloaded stuff off the internet, it could put root kits, like, you're done, right?
That machine probably needs formatted.
It's very bad.
So is there a way that we could do this before we put it into our computer?
with PIP audit, right?
You can, under some circumstances, give it like a requirements file,
but I think a better way is to just install stuff into a virtual environment.
So I did a follow-up thing here that says,
here's how you create a Docker instance that can copy whatever lock file you have
into your temporary Docker container, run, install the requirements with UV,
run PIP audit on it, and then give you an answer back.
That way, even if it does find something,
then it finds them over there, not in your computer,
but in an isolated Docker environment, which should be safe, right?
So it talks to that, which is pretty cool.
I'll give you a little Docker file that works nice and easy.
You can do whatever you want, creating alias
so that it will run with nice reporting.
You can skip things you don't care about.
Like this PDF library on Windows, if you give it a SVG file,
image file, it has a vulnerability.
I'm like, well, one, I'm not running on Windows.
I'm not giving it user input.
Like, I don't care about, like, I just, that's not a problem to me, you know.
There's certain things you might want to just ignore.
And then finally, you can put, I'll show you how to use, like, super good build time caching
to actually run as part of your Docker build PIP audit so that you can't even build a container that has a vulnerability.
Like, it will fail the Docker build if it has a problem, according to PIP audit.
I mean, for some definition of problem.
Yeah.
So that whole series I wrote over winter break, and I think it'll help people.
super easy to adopt. There's not much to it.
If you're using Docker, it's got good things for that.
If you're not, it also has things.
You can adopt.
I'm curious with the, yeah, on this topic, like, of dependencies and stuff and possible
vulnerabilities, I was trying to remember the name of the word, but basically, if you
take some other project and just copy its source into yours, I remember what that's called?
Vendering.
That's it.
I'm just wondering if that's going to happen more because more, more often.
often for production projects because it's you could have a have something automatically or have
an agent or something checked to see if there's any updates in the project and copy them in and test them
yeah I think that's going to happen a lot especially for small libraries like oh this one just
adds color to your output you're like hmm do I really need like how often is that going to change
probably never yeah do I need to be subjected to a supply chain story or could I just copy it in
Or with the agentic coding things, you're like,
I really just need these two functions.
Can I just ask it to write these functions?
And if they're working, like, I don't need a library at all.
You know, I agree 100%.
I think so.
Okay.
I'm going to actually talk about main updates as well in a different sense, I guess.
So I want to talk about typing extensions.
And again, this comes out of a suggestion from a listener.
I was, it was going to be just an extra, but I started using it and it's pretty cool.
So we've been to, in December we were talking about, or I was talking about at least deprecation
warnings and the topic of how do you deal with that of deprecated items.
And one recommendation is, was the deprecated, using the deprecated decorator.
So you could say warnings import from warnings import deprecated at.
decorate a deprecated function.
However, we were reminded that that's Python 313 only.
Somebody named PryoInv on Mastodon notified us and said,
hey, there's the typing extensions, and they have them.
And so I was checking this out.
So the typing extensions, let's see, deprecated,
we could just say get it from typing extensions,
and now we've got it on earlier versions of Python.
I haven't, like, I don't know if,
This is a, okay, I'll save my comments, a couple of comments for the end.
But I'm pretty excited about this.
So I'm hoping that I can, I can just use like modern typing for different projects.
And like, why is this important?
It's important because me as a developer, I can kind of remember how to do typing in one version of Python.
But if I, if I'm trying to remember, well, what typing decorators and all that stuff do I use for, for,
312 versus 313 versus 314 and that's hard to keep a track so i'm i'm excited to start using
typing extensions and hopefully this secures the trying to keep track of it all so of it so um there's a
whole bunch of stuff in here we've got uh it's got typing primitives protocols decorators functions
enums pure aliases uh all sorts of stuff that and it tells you when when things were added and all that
So anyway, kind of fun.
Okay, yeah, that's very nice.
So hopefully I can get away with just using the deprecated wrapper,
even in 312.
So, because I mean, like, come on, everybody's got like a project that uses the newest,
because it's my side project, it's using the newest version.
Or I've got a library that I'm supporting that's supporting everything back to
312 maybe or 38 or 39 or whatever, and then a work project that's using 313,
stuff like that. Yeah, I got a message from somebody saying, what am I open source little smaller libraries?
They can't get it to work. They can't get it to install or something. And I'm like, hmm, can't really see what the problem.
Oh, you're using 3-9 and it's using some feature of 3-10 and it says it needs 3-10.
They're like, why doesn't this work? I'm like, you literally, it sounds new, but that is no longer supported at all.
Right. It's easy for these to sound like, ah, 3-9 is not that old, but.
You know, it's out of even the bug fixes and security fixes.
Yeah, so people remember to do a min version in your PiProject.com.
If you're doing a library that other people install so that it just doesn't even update to that version.
Exactly.
That's what I did.
But there was not a fallback's older version they could use, right?
Because it uses like type types that are not available, like the lowercase D dict of string string or something like that, right?
Oh, yeah.
Right.
Like, who wants to go back to importing uppercase dict?
I don't want to do that.
Exactly.
I'm like, I will do it when he needs support you.
But like, if it's literally out of support, I'm sorry, this is not on me to like make my library work on, you know, as far back as history goes.
All right.
Let's talk about my spy story.
Okay.
So this is a real short one.
My first one was really long.
This one's really short.
New MI6 chief Blaze Metroelli outlined her vision for a technologically, technology, augmented intelligence.
augmented intelligence gathering in her first public speech on December 15th,
warning that the UK operates in a space between peace and war.
I mean, MI6, come on, James Bond, pretty cool.
At the tame side heads quarters, she said previously the UK,
she was previously in charge of Q, which is kind of cool.
Anyway, said the headline is, we will need our MI6 spies agents to be as fluent in Python
on as they are in Russian.
It's kind of interesting, right?
Yeah, like, look, we live in this super technological world
and so much of this is becoming cyber more and more.
One of the main bits is, while mentioning China,
Mitterwelly focused mainly on the threats from Russia.
She said the country is, Russia is,
testing us in the gray zone with tactics
that are just below the threshold of war.
Pretty much attacks, cyber attacks, critical infrastructure,
drones, propaganda, all the stuff
without having some kind of programming skill
will super help. So anyway, I just thought
I thought this was an interesting headline
and worth a little shout out.
Also, I didn't know Q was real.
I thought... I didn't either. I was twice. It's like,
oh, it's so cool. I knew MI6
was a real thing, but Q, that's awesome.
I know. It's definitely
cool. Cool. All right. Anyway,
everyone needs to know Python these days.
Jake Vanderpluss in 2017
on the Pycon keynote said,
Python is a, gosh, what term, basically like a quilt of all these different uses, use cases of people doing interesting things.
Well, here's one more patch in the quilt.
Yeah, even if you got a cooler language, we'll just incorporate it into Python.
We are the Borg.
Exactly.
There's something to do that.
All right.
What are you going to lean into next here?
So we're into extras now.
So I said that I was going to take some time off from writing in December.
And I had a wonderful break with my family.
And now I'm back to writing again.
I wanted to announce that the next chapter was the next chapter is going to be finding waste in T-T, tester of development.
And I was, I don't know why I was stressed out about it.
But yesterday I just sat down and wrote, I think, a first draft.
I need to clean it up a little bit.
but I want to get this released today.
So hopefully by the time you listen to this, if you're not watching it live, it'll be around.
And I'll, yeah, so the next one will be there.
I'm still got a goal of finishing this, at least the first draft by the end of January.
It's a tight deadline.
I only have half the chapters written so far.
But I think that we can get there.
I think the later chapters are possibly shorter.
And I'm going to try to read that.
release it as an audio book too so i can't make them too long or else they'll kill me okay so that's
that's going on uh one of the things keeping me uh uh updated and on track hopefully is uh is it watches
so uh slight change of topic but i um i am back to sporting a non smart watch um i'm doing what
i've got a right now i'm wearing a uh victorinox watch and uh i picked it up at an estate sale
for 40 bucks and it was a steal it was great great watch um but i've and then uh since i'm now
looking for watches my i picked up a couple more estate sales in the last last week too so um that's
fun something getting in the way of writing though is uh my christmas present i got from my family
so um they uh they got me a steam deck and um uh i'm having a blast with it uh i like i like not
having a console, like just sitting on the couch or sitting back in a chair and playing
video games.
I'm having fun with that again.
So I'd loved, and I've been like looking through the store and everything, I'd love to have anybody
let me know.
So let me know on Blue Sky or Mastodon, if there's a particular game, I should check out.
I haven't been into the gaming scene since the early 90s.
I've got some good recommendations for you.
I don't know for sure that they'll run on the Steam deck, but they do run on winning.
Windows Steam.
Okay.
Force now.
Small lands.
S-M-A-L-L-A-N-D-S.
Small lands, you're like a little tiny creature running around this forest exploring it.
And ladybugs come by and they're like hip height.
It's a really cool experience and the graphics and it's incredible.
The music.
It's peaceful.
Cool.
Give that one and go.
All right.
Thanks.
But anyway, reach out.
I'm Mast-Donna Blue Sky.
Let me know what you were playing.
Michael, do you have any extras?
I got actually two follow-ups now you've mentioned these things.
They were not originally there, but I've been dreaming of the steam machine,
which is like a six inch by six inch by six inch cube that is kind of like a local,
you put it by your TV or something.
I'm not sure if it makes sense for me to get it,
but it looks like a really neat machine.
I've been thinking about that just got it now, so that's cool.
But back to watches, I used to have a Pebble Round 2,
which is a really cool little round.
watch that had a traditional watch look but it was a smart watch this predates apple watch i think and it was
so good i loved it so much it was incredibly thin the e-ink display just looked like a real watch face
and i had so many people come up to me and say wow that is a cool watch what kind of watch is that
and these would be like older people or people that were not techie and they didn't realize even
that it was a smart watch they was and that's a cool and i'm like actually that's a smart watch like what is it
oh my gosh incredible why am i saying this it's coming back they're remaking it pebble's coming
back and is open source and so if you're a fan of pebble there's a couple of pebble things coming
back so yay for watches although i'm still sticking in my apple watch because i love all the
like health analytics it gathers about me all right here's my actual extras
better not follow up impromptu follows so reuben learner just posted a 12 video
series on what's coming up in pandus three so getting ready for pandus three sure
short-focused video series. So, like I said, 12 videos. Come check it out if you're looking forward
to what's coming up in Pandas. And I just released, as in two hours ago, a really awesome
Talk Python episode called Web Frameworks in production by their creators. So I have folks from
the Django team, folks from the Light Star team, from Flask and Court and Fast API, all of the
people who create all of those coming on to talk about how you should run their Web Framework
in production. I thought that was just super, super fun, cool conversation.
I'm looking forward to watching that.
Yeah, somebody in the audience said that I basically put the Python Avengers team together
when it comes to Web Frameworks.
It was really incredible.
Quite the crew there.
Okay.
That's it for my extras.
How are you, I feel about a joke.
Oh, a joke would be great.
This one has to have the stage set just a little bit, okay?
So by telling another joke.
So there's this funny joke meme that went around like 15 years ago.
There's JavaScript, the definitive guide, which is like this.
600-page tome of a huge book. And then Douglas Crawford published a follow-up book called
JavaScript, The Good Parts. And it's like 100 pages. I don't know how it is, but it's much,
much smaller than the definitive guide. Like, this is the slice that you should only pay attention
to and the rest is wrong. Isn't this funny? Yeah. Oh, yeah. I remember that. Yeah, yeah. It's kind
of old. But here's the new joke. Error handling. It's this huge, huge book. And then
And there's a little tiny one, error handling before AI.
It's just like how much you got to deal with and like keep track of it.
Like, what is all this stuff going on?
Why is this all year?
It's the opposite.
It's the inverse of going from a huge thing to like a focus good one.
It's like, we had this focused little bit of error handling.
Now we got this mega thing we've got to deal with.
Yeah.
There's a joke.
Yeah.
I'm looking forward to people.
People are already starting to actually care about their making their tests readable
because they're having to figure out what's wrong now.
Mm-hmm, mm-hmm.
Me too.
Well, happy 2026 to everybody, Brian.
Good to see you.
Nice.
Looking forward to another year of good stuff.
Yeah, we should have little poppers.
Yeah, little, yeah, those things.
Shoot out the little confetti or whatever.
But no, we're just going to say goodbye.
Goodbye.
Bye to you next week.
See you later.