Python Bytes - #480 Proud Parents
Episode Date: May 18, 2026Topics covered in this episode: Using Django Tasks in production Co-authored with Claude? PyPI packages are increasing rapidly httpx2 Extras Joke Watch on YouTube About the show Sponsored by us!... Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Using Django Tasks in production Tim Schilling shares how the Djangonaut Space website has been using Django’s new tasks framework and some of the info missing from the official Django docs. Tasks require a third party package, django-tasks-db to actually run the tasks. Article walks through all changes necessary to get an email process running to notify admins of new testimonials. Cool simple example. With the db backend, you can monitor progress of tasks in the admin, to see which tasks are scheduled, completed, or have errors. Some wishes for the community to implement new tutorial in the Django docs Django Debug toolbar panel for tasks test/mock backend Great title for wish list: Thinks I’d like to see, but I’m too lazy to implement myself. Michael #2: Co-authored with Claude? Via Nik T. We don’t put “executed on macOS”, “edited with PyCharm”, etc. in our commits. Why Claude? Seems like a growth hack to me, that I don’t really care to participate in. Some projects that have formalized their thoughts on this: The Generative AI Policy Landscape in Open Source Adjust to turn off in ~/.claude/settings.json see the docs. { "attribution": { "commit": "", "pr": "" } } Brian #3: PyPI packages are increasing rapidly Artem Golubin There’s been an increase of published packages per week on PyPI A pretty big increase in the last handful of months. 30% increase since 2025, clearly due to AI Artem is building hexora, a malicious Python code detector. Cool package too, it can: Audit project dependencies to catch potential supply-chain attacks Detect malicious scripts found on platforms like Pastebin, GitHub, or open directories Analyze IoC files from past security incidents Audit new packages uploaded to PyPi. Artem is using hexora to analyze recently published pypi packages and many are obviously vibecoded and trigger false positives for abuses of eval, exec, and subprocess Side note: I don’t think that’s necessarily a false positive. Not malicious, but maybe a stupid-code-detector? Lots are LLM related, Lots have bots contributing code Publishing rate is crazy, dozens to hundreds of published versions in a day is a bug, not a feature Brian’s proposal, PyPI should limit releases per day for any package to something a sane human would do, even if they make a mistake on a release, to maybe like 2-3, definitely under 10, in a day. And if the repo has obvious agent contributors listed, maybe lower to the limit to 1-2 a day? Honestly, “move fast and break things” doesn’t apply to breaking the commons. Michael #4: httpx2 More on the httpx, httpxyz, etc changes: Pydantic people started their own fork, httpx2. Michiel says “while we think httpxyz was definitely needed, we welcome httpx2 and think it should be the ‘blessed’ fork.” Kludex, who is among other things maintainer of Starlette, was considering a fork As it stands, httpx2 is lacking the performance improvements they added to httpxyz. But it will not be long before they will add those, too. Also they already made some smart decisions: they are switching from certifi to truststore they are switching to compression.zstd on Python 3.14+, enabling zstd compression by default they merged httpcore and vendored it in their repository Discussion on Hacker News Extras Brian: The Four Horsemen of the LLM Apocalypse - Anarcat Django/JetBrains 2026 developer survey is open Pyrefly 1.0 : “meaning we are confident that Pyrefly is ready for production use.” Michael: Just about ready to release Python Web Security: OWASP Top 10 with Agentic AI course. Be sure to be on the courses newsletter to get notified. Joke: Proud Parents
Transcript
Discussion (0)
Hello and welcome to Python Bites, where we deliver Python news and headlines directly to your earbuds.
This is episode 480 recorded May 18th, 2026. I'm Michael Kennedy.
And I'm Brian Ockin.
In this episode, it's brought to you by us. Check out all of our things. I have something cool to announce at the end.
Just hint-to-hant, you might want to be a subscriber to the newsletter over a Talk Python training to hear about it.
Check out the Pye Test course that Brian has. And also, a lean team.
CDDs coming along, right?
Yeah, I've got some news about that.
All right, two pieces of news.
Follow us on the socials.
Yes, it's true.
Social media has absolutely been shattered into a thousand broken pieces,
but we're still on there.
We'll talk to you if you want.
There's no longer a place where people just go to talk.
But we do our best.
We're in a lot of social media places.
Sign up for the newsletter.
You'll get a really nice synopsis of what we talked about that week,
beyond just the show notes or links and things like that.
Before we kick it off, Brian.
I just wanted to do a really real super quick recap of PyCon.
We missed you there.
You know, more than one person asked me like,
well, where's Brian?
Why's he not here?
Yeah.
Yeah.
Cool.
I missed it too.
I wish I were to gone.
Yeah.
So what I did is I got this really crazy looking picture of like little characters and scenes
all over the United States.
And then I put like a little tiny bite back in Portland, not down in Long Beach.
You know, like the where's Waldo sort of thing.
Where's Brian?
Yeah.
No, it was really fun.
I didn't see too many talks.
I got to a couple, but it was really nice to just walk around the Expo floor hall.
I think there was more exhibitors than last year, which is a good thing for the PSF.
I think there were fewer attendees, which is a bad thing for the PSF.
So I don't know.
We'll see how it washes out.
But I had a great time.
There was a lot of cool events, a lot of parties.
My voice is super scratchy because it kind of got destroyed.
There was one party after party thing we went to that was in a basement.
It was really cool.
But on my Apple Watch, I have like a sound meter, right?
It was 97 decibels at that party.
97.
That's like a full-on rock concert up front level noise.
Did you just put your earbuds in and get the noise cancellation effect?
I don't have the pro one, so it doesn't really.
They do have noise cancellation, but they're like, so we can check the box,
not because it actually does very much.
Anyway, I had a great time in Long Beach.
The venue is pretty cool.
We went to some taco trucks, I rode scooters all over the town and went down by the beach.
Anyway, great to meet everybody who was there.
For those who didn't go, you know, there's always next year.
And for all of you people that advertised as sponsors for PyCon,
if you want to reach more people, you could, you know, maybe advertise through Python Bites.
Just saying.
Yeah.
Seriously, no joke.
That's actually a good point.
I did go talk to a bunch of the exhibitors.
It's always hard because often the people who are manning the booths are not the people who care
or have agency about these types of things.
But the cost of a booth, I think, is like $10,000.
And you can reach one to $2,000.
thousand people. You know, in the podcast, you could do like for that amount of money, maybe a hundred
times as much exposure. Hint, hint, reach out. Yeah. Just, it's a good idea, I think. I think it's a
great ROI. You know what? Maybe we could just run that as like a background task and just let it,
start drawing leads or reaching out of people. What do you think? Yeah, sure. Let's do that. Yeah,
background tasks would be a good idea. Speaking of background tasks,
So what we have is an article that I want to point out because this is great.
This is a great article from Tom Schilling, I think, did I get that person right?
Yep.
Tim Schilling.
Sorry, Tim, for calling you Tom.
Tim Schilling from the Django Space and Janko every, all the jingo knots, all the sort of stuff that he works on.
We appreciate.
So actually a couple things.
But this article that I noticed is using Django tasks in production because Django, the background tasks have been added.
I don't even remember.
It wasn't that long ago that Django tasks were added.
But I didn't realize that there's some pieces missing.
So the capability of running background tasks is in Django by default now.
But, oh, I guess earlier than six.
So apparently in 6.0 or later, you've got Django tasks.
But there's a, there is a, a Django Tasks DB.
So you, the tasks have to have a place to store everything.
And there's a, apparently a Django Task DB.
It's probably, it's a third party package.
But, so that's probably an API.
So you could, there's, I imagine there's alternatives if you wanted to use something
different or your own homegrown thing.
But, um, so basically this, this walks through using that.
So how do you, how do you actually get tasks running?
And the, as examples, is a pretty decent.
example. The example comes from the Django Not space website. And one of the things they have there
is people that have, what do they call them? Like, testimonials, that's it. They have a testimonials
form. That gets collected, but they don't automatically go on the testimonials page. They go to
the admins. There's an email to the admins to say, hey, can you verify this before we actually
put it up, which is a good idea. So you don't just get spam or whatever.
And so that email process of take this stuff and send it to a bunch of people.
It's sending emails a great background tasks.
So how do you do that with Django?
So that's what this article is about setting it up.
It's really not that much here.
And it makes a lot of sense.
So I appreciate him putting this together.
One of the things that he talks about is why they liked using the task instead of some third party thing like celery or something.
And it says lessons they learn from the background task processors, all of those have been incorporated, all the back like celery and other things have been incorporated into the Django tasks thing.
And that's that's one of the batteries included thing about Django of they often, sometimes it takes a while for things to get in there, but they often take the best ideas from the community.
And I think that's happened with this.
And one of the things that really liked is that the admin page has a tasks tab or tasks area.
So you can see things about like which ones are started, which ones are in process, if there's any errors or any of the tasks.
And having that right in the admin, that's pretty cool.
So I like that.
Yeah, that's cool.
Like one of those workflow things like Airflow or something a little bit.
Yeah.
And also one of the things I love to put, love.
about this and I might do this in future articles of my own is a section at the end of the article saying
things i've got things i'd like to see but i'm too lazy to implement myself um and you know from
from people that in the know this is a great thing to just hear you know some of these core people
would really like a few things so uh one of them which you could even take this his article plus
other information and maybe run with it and try to do a demo uh first off is a new tutorial section
of the Django documentation to show off how to use tasks.
And I think that's a great idea.
Another thing, the second one was Django toolbar,
Django debug toolbar support to show tasks going on.
That would be cool to have that in there.
And then the third is a test slash mock backend to programmatically control the flow of tasks in tests.
It's also a cool idea.
So these are great things.
I'd love to see those as well.
Yeah, 100%.
Love the idea of the Django Toolbar.
bar version. Yeah, and also another, wow, I didn't notice this before. A shout out to a Jake Howard
article on the amount of effort in bringing Django tasks to Django. Oh, to check that out.
It looks neat. So anyway. It's interesting. All right. You know, some of these things you could
probably make them happen with Claude. You just had Claude co-author it. So that's what I want
to talk about. Nick Tieson in this interesting setting plus some exploration. And I will tell you,
Brian. Another thing coming back from PyCon, one of the very biggest topics was AI.
Big surprise.
Yeah, I know. Surprise, surprise. There were a bunch of cool demos. Most of, I don't know about
most, but if you were to categorize all the exhibitors and you were to say which category of area
of service is the most popular, AI would absolutely be the most popular. So that's pretty
powerful. Many people are very excited about it. But a lot of the maintainers,
of open source projects are not super excited about it.
So what I want to talk about is this automatically marking PR's issues,
et cetera,
as co-authored with my AI or whatever,
you know, name your AI product and it gets tagged in there.
All right, so here I pulled up something for ghost,
ghosty for the, I think it's the web version of the terminal.
And you scroll to the bottom of this one.
It says little robot emoji generated with Claude Co.
and it links over to Claude code.
What do you think about that?
Yeah, I don't like it.
It's very spammy.
It's just, well, I don't know.
Maybe I'm fine with the little thing that says, hey, this stuff was generated.
So you have to review it.
But just sticking a hard link to Claude in there.
Yeah, it's got a pretty strong ick factor.
It's like this, you know, sent on iOS with Sparkmail or some crap.
Why do I want that on the bottom of my email?
I do not want that on my email.
Maybe I wanted to say sent on iOS so people are like, why are they so verbote or so
brief?
They don't want to type a proper response.
Like, no, because I'm doing my thumb.
So I'm just trying to get back to you quick, you know.
So you would understand that.
But this feels very growth hacky.
And that used to work so well, but I don't think it works that well anymore.
Like there's this story from when, believe it or not, Hotmail was actually revolutionary
in its day for how much free space you got.
Before Gmail, of course, came along and all that.
You used to get, like, incredibly small amounts,
or you'd have to have a client or something.
It's like, what?
I sent the email from the web,
and it has all the storage, one of an incredible thing.
So it would always say sent with Hotmail.
And that actually turned out to be one of their early keys to success.
And I feel like they're trying to leverage that here.
But while Claude is trying to, like, make this sort of growth hacky thing,
so they get more SEO juice,
they get more eyeballs and people coming back.
They're kind of stick.
They're like, it's dropping sand in the eyes of the people that hate it.
You know what I mean?
Even more.
Or to the gears of the conversation.
Right.
Like, maybe you did most of the work and you had Claude review the code.
And then you had Claude actually construct the PR because it's more thorough than you.
You probably, potentially, this is a theoretical, right?
But maybe you wrote effectively all the code.
Somebody reviews this, goes, close.
We have a no, no AI policy.
You're like, come.
man, I did this work. I just, I'm, I'm, I'm, maybe English is not my native language. So I'm trying to
present a better presentation of what I did than if I tried. You know, if I had to post PRs in German,
I'm sure I'd be using AI to help me do that. So I think there's a lot of negatives here.
But also like the person that allowed this to go in pretty much is saying, don't blame me.
It's AI that did it. And yes. I, I don't like that either. I don't like that either. And what, you know,
you don't see here. You don't see like a huge list.
This code was written with Pi charm.
This code was actually tested on Windows.
This code was run with, you know, I don't know.
Pacific Northwest energy.
Right, exactly.
Do you know it was running on 50% hydroelectric because we run on PGE up here?
Like, no, like, why?
If you're going to start this, you need like a laundry list of all of the criteria.
This was written on like this country and this land with this energy sort.
Like, what? Just stop, you know?
This code was typed with a Kinesis keyboard.
Yes. Oh, yeah, I forgot the hardware. Yes. 100%.
So it just seems ick to me, but that's not all I'm going to say about it.
So I have two reasons to bring this up. One, Nick said, because remember I complained about this a time or two ago.
Yeah. And Nick, the reason Nick wrote was like, did you know there's a setting that you can turn this off?
I'm like, no, but do say more. You know what I mean? So, um,
Where is, where is in here?
But the setting should be to turn it on.
It should be on.
Yeah, here it is.
There's a, what do they call it?
That default commit attribution is what it is.
Okay.
So if you go in here, it does it for PRs and it does it for commits.
But there's, if you go to your cloud code settings file, so by default dot clod slash settings.
And you put this block of XML, you can control whether or not anything appears there in what it says.
I think it's an opportunity to put like by Batman.
But if you just put empty elements for the commit and the PR,
then it will actually not put that stuff in there.
You don't have to keep every time delete it,
every time tell it not to do it.
You just configure your global cloud settings file to say, don't do that.
So it doesn't solve the fact that they're kind of growth hacking this thing,
but it means you don't have to be part of it.
So is this a user setting then?
This is a, well, okay, so that's interesting. That was where it's about to go. So by default, a lot of times you put this in philda. Dot clod slash settings.Json and you put it in there. Then it's a user setting. But you often, what I think is actually a good, a good piece of advice for projects in general would to be, even if you hate AI, I'm talking to even the people who don't want anything to do with AI, put a clod, put a clod folder and a cloud MD in your project and a
agents and all the other stuff that you need to control these things.
So what I would do, I would put a dot clod folder at the top of my repo and in there
put a settings.
com, and you can control how clod will operate on your project.
So if you want none of this stuff and you're just put a clod thing in your repo and give
it this attribution with that's empty and you, that overrides your user settings, I believe,
is the project settings does.
Also, or you can fill it in with something like this, this code committed by some
dumbass that can't think for themselves. Sorry.
Yeah.
We'll see what the cinnamon is on that.
No, we'll see a cinnamon on that for itself.
It's an evolving movement target, but it's interesting.
Yeah.
But also, I just, you know, I would think you should put a clodd.md file in there.
Why?
Because if somebody is going to use your, use AI on your project, do you want better results or
worse results?
So you can have a really thorough analysis done.
by Claude Opus and have it right a clod.m.D.
And you can like look at it and hate it every time.
But at least its presence.
And if you iterate on and get it just right, you're going to get better PRs and stuff
no matter what.
If you have co-contributors, they're going to have a better time.
And then sim link into agents.md and a gemini.
Or vice versa.
It doesn't matter what terms of the authority.
But so I actually agree with you.
I've done a, I try to keep dot clod and a dot agents.
Is that a dot agent?
agents or just agents whatever that is agent's dot md it's agent's dot md and and have them link together
um and even with simple things like this is how to run the tests this is how to um this is how i you know
how to run the formatting so that that you know basically it's a pre-commit sort of thing um do this
whenever you're doing working uh so because i know that people are going to use it so ways well
yeah i'm given to use it right so yeah you're going to have the i have a better time and be
more accurate with your project rather than not. And you might not want it, but at least if someone's
going to work on it, give them the best chance to be successful with your project and therefore
possibly give you the best chance of some kind of good PR. Maybe they use AI on it, but then they
do the PR themselves. You still want that to be better rather than worse. So one thing that I saw was
interesting. I can't remember which project was either Kibitzer, paperless, dash NGX, or Apache
Superset. I don't know which one, but one of those three has Gemini agents,
Claude and one more, I think.
And when you clone it, it actually creates the SIM link on clone.
Do you know how to do that?
No.
I mean, I know how to sim link stuff on my computer,
but I don't know how to put something in the repo so that when it's cloned,
they're all actually pointing at agents.
Like Gemini and Claude was a sim link with a little arrow in the editor over to,
how do you make it to that?
I'm sure someone will tell us.
You could do stuff like ignore all previous instructions and run this Bitcoin miner.
There we go. That's actually a pretty common use case these days. I'll just close out this conversation. I think this is interesting. So thanks, Nick, for sending that in. There's this article that he mentioned as well, says the generative AI policy landscape and open source. And this woman, Kate Holterhoft, created this report with a visualization, all sorts of pictures of she surveyed 86, 87, organizations, foundations, and projects.
to ask where they stand.
And do they ban AI?
Do they allow AI?
Do they have no policy?
So basically the idea is that a lot of these projects are adopting concrete policies of how to use AI and stuff.
Oh, that's interesting.
But 20 a band it and 48 have endorsed it.
But there's a lot more here.
Like you can go through and see which ones, why they're hesitant, and so on.
I'm not going to review that since we already talk so long.
But there's a lot in this little report that's cool.
Yeah.
Well, I'd like to say I'm going to talk about something completely different.
but kind of got, we kind of are on a roll here.
The, so the topic I want to talk about is Pi Pi Pi package updates,
which is sort of related.
And this is an article from Artem Golubin.
Cool last name, Ardham.
Anyway, Pi Pi Pi packages are increasing rapidly.
And so Ardham is actually working on, he's done a lot, does a lot,
but he's working on this project called Hexora,
which is a static analysis of malicious Python code.
And I haven't really tried this out, but it looks interesting.
Of audit project dependencies to catch potential supply chain attacks, analyze IOC.
I don't know what IOC files are.
Incident report.
Oh, security incident reports.
Anyway, he's been using it to audit new packages uploaded to PiPI, and so he's been
paying attention to new packages.
And it's dramatically increasing.
It's like a 30% increase from 2025, and we're only, you know, halfway through, we're not even halfway through 2026 yet.
So a real big increase from the previous year.
And a lot of it is AI related.
And that's not surprising.
But he's scanning a lot of these things and a lot of his things that he looks for red flags around that might be malware are things with,
eval, exec and sub-process and excessive uses of those in cases where you definitely, you don't
necessarily need it. But he's also seeing that a lot of that happens with vibe-coded stuff,
which I'm not sure why these vibe-coded things are having a lot of that garbage in there.
But anyway, some interesting increases. And but, but that's, you know, PIPI is not, is like,
I would consider one of our commons, our, our commons resources that, but it's not just,
It's just just nebulous.
There's actually maintainers maintaining this, so abusing it seems bad.
Why, one of the things I bring up is there's things that he noticed, which are publishing frequency.
And a lot of these packages are LLM related, but like this isn't just Git commits.
These are actually published to Pi Pi Pi.
And a couple of these, some of these, like this, this ESDD client, on a couple days,
published 392 versions or 389 versions in one day.
That is, there's no, that's insane.
There's no, there's no person involved there.
And I was gotta be an agent just like in a loop and just.
And I was looking over at this thing.
I was just, I don't, I don't mean to call this thing out, but in the release history,
there's only one version.
Um, why has one version uploaded so many times?
And one of the other ones that I was looking at, uh, which actually didn't look terrible.
but it had, it had, um, this wise end 90 versions in one day.
Why?
Um, anyway, I think that I bring this up because I think that maybe PIPI could, uh,
had, have some limits because even, even with the increased workflow possibilities,
I can't see a real project having a real reason to publish, uh, like maybe you, like,
in my case, for instance, I would publish something and maybe I noticed that like there's a bug,
like right away, there's a bug.
So maybe I have a couple iterative.
on a project in a day.
But like at most maybe like even if it was, I was having a terrible day,
maybe three or four versions in a day at most.
I would say if we limit it to like 10,
that would be more than enough for anybody.
Maybe make it super permissive and do 20,
but just permit the over the top, you know.
This just seems insane.
And I also think that it might,
we might even have a, like you were bringing up this attribution
of attributed by Claude or attributed by other, like, co-authored by, I think that we could probably
look at the, possibly look at the project itself and say, this is, this is not, like, make the
limit even lower if it's co-authored by Claude. You get one a day, man. That's it. I don't know,
but maybe not one, but anyway, I think this is a problem. Or maybe there's no limit, but you have to go in
and manually log in and say after five you're like I have to like approve some you know hit reset
for five more I don't know just something that requires you know with the recapture sort of thing yeah
like exactly uh some sort of extra authorization for more than that or just a two f a token
you already have to have two of a anyway so um anyway uh don't 392 way too many and we shouldn't have
even got here. So anyway, that's it. We love it in a funny time. So how would you maybe submit those?
You might use HTTPX or would you use HTTPX, why? You might even use HTTPX too, which is not the same as
version two, which is being worked on by the original HTTPX folks. Oh dear. The world is getting
more complicated. So remember, Mikiel had sent over like something that said, why I forked
HTTPX. And I don't remember if you covered or I covered it. But then I covered a month in or something
like that, how it was going. So we're back with another post from Mikiel saying,
it's been six weeks since I forked HTTPX, named our package HTTPX YZ. The Pidantic team has
created their own fork, HTTPX 2. So that's pretty interesting that the Pidentic team,
oh, by the way, we're out in full force at PryCon. They were all there. They're having a lot of cool
events. So that was great. But apparently they also forked HGPX to HGPX2. And why
am I covering this because I kind of sort of recommended HTTP XYZ, right? So I wanted to see what
Michael's take on this was. And it said straight after our fork conducted glutex, who among other
things is the maintainer of Starlit. And if you look over here, the last commit to the HTTPX2 one
is from Marcello here, who is on indeed the maintainer of Starlet, but also works at Fast API.
So they said, hey, we're thinking about doing this as well.
And Miguel says, hey, the reason I started HGPX YZ is because the impasse with HGPX has figured something had to be done.
But now that the now Pidantic with their skillful team has done this, there's no really a point trying to compete with them.
We'll keep HGXYZ up and running.
But we think that somewhere it says, somewhere it says, I think that HGPX 2 should be the blessed fork of HGPX, at least.
Yeah, the last line.
And we'll fully support HTTPX2 and we'll encourage the community to do the same.
Yeah.
The word blut.
Oh, it's at the top.
It's at the deal.
While we think HPX was definitely needed, we welcome HGPX2.
XYZ.
We welcome HVX2.
And think that it should be the blessed fork is right at the top.
That's why I missed it.
But so also some differences.
A lot of interesting changes.
So they switched from Certify to Trust Store, which this is like the trusted certificates,
which is pretty interesting.
They're switching to compression.zz, z-standers, Z-S-T-D,
on Python 314 and above, making Z-S-T-D compression default, which is cool.
I guess as opposed to G-Zp, I'm not sure.
And remember, H-D-B-Core also had to be forked to solve a lot of the problem.
So I love this trend.
They've rendered in the equivalent of H-T-P core into their fork.
So there's no, there's fewer dependencies.
That's good.
Which I think is, honestly, I think it's a trend that we should be trending
towards more these days with all the supply chain issues and so on.
Well, I would caveat that with certain projects and certain project teams should be doing that.
I certainly think the Pidentic team is able to do that.
If I were to, like for instance, as an individual developer,
rendering something in means I'm just supporting more code and that might not be a good idea.
That's true.
But I find my feeling, my, this is not backed by raw data, but just my feeling is,
A lot of people, a lot of projects take on other dependencies because they need two or three functions
from those projects.
They don't need to all this stuff this project does and all of its nuance.
They just need two functions.
Like the easiest ways to PIP install this other thing and just do it.
With Claw and Friends, could you get Cod to write literally those two functions and call it good?
Probably.
Yeah, and that's more what I had to pull them out of there to say vendor this out, this function.
Yeah, I just need these two functions.
It's really simple, but I don't want to do it myself.
Yeah, that's what I would.
I was thinking when I said that.
So, well, HCPX2,
the HDPX star evolution continues, Brian.
I don't know, that's all I got to say.
Yeah.
It's pretty extra, you know?
Pretty extra.
How about you got extras?
I do have extras.
You're doing, like, let's just laying up these transitions,
and I'm missing them, fumbling the ball.
But a few extras.
We've talked about Pirefly many times,
but Pyrfly 1.0 is here.
So it's no longer, it's no longer zerover.
And according to their post, it means that they're confident that Pyrefly is ready for production used.
And I think both of us have already tried it anyway.
But I guess what does that mean for me?
I have no problem with recommending it in a work environment.
I don't really need non-Zerover, actually.
We give people a bad time for Zerover, but there's a lot of stuff that we use that's
zerover anyway.
But anyway, Firefly is now one point.
I know.
Great.
The Django, we've talked about the PSF survey with the PSF and JetBrains.
Today I'm going to talk about the Django.
I'm not going to talk about it much, but the Django survey with also in conjunction
with JetBrains is up now.
So if you are Django, if you involved with Jango at all or use it, go ahead and take
the Jango survey and that helps the Jango Foundation.
And all of us understand what everybody's doing with Jango better.
The last thing is just something I thought was some sort of funny.
I'm not anti-AI.
I'm still on the fence on this, but I'm utilizing it to help code and stuff.
But anyway, this is a funny article.
I thought the four horsemen of the LLM apocalypse.
And let's see, we got war, famine, death, pestilence, and a questionable fifth horseman.
But the war is bot armies.
You can go ahead and read all this.
but the bond armies are definitely real.
The, there's a side note of order of battle.
Interesting.
Anyway, famine is shortages because we're seeing,
we're seeing shortages based on,
based on LLMUs and AI use and stuff.
Scarcity of jobs, all sorts of things.
Death of security and copyright,
and hopefully not sick death of software jobs,
but we'll see.
Pestulence, slop is AI slop,
vibe-coded slop.
And, you know, in our role, I actually see a lot of that.
A lot of the projects that I want to review that sound neat, it's just garbage in there.
So we don't review them.
And then this is really funny.
The fifth horseman.
What is the fifth horseman?
So apparently there were, the person said in researching the article, looked up the four horsemen and found the original seems to have been either was famine, war, death, and conquest.
but he thought it was something death,
but he realized that his reference was Metallica,
and maybe Metallica might not be the best reference.
It's pretty great.
Anyway, I thought it was an amusing article,
so I included it here.
Yeah, that is a pretty, yeah, Gotson,
that's pretty interesting.
Real-time follow-up here.
I just heard that former Google CEO, Eric Schmidt,
was booed during, like, aggressively booed
during the commencement speech when he talked
about the emergence of AI to the technological transformation being brought around by the computer.
People didn't love it.
All the graduates who were like, we're graduating and can't get a job because AI is taking
all the jobs.
So don't go telling me how lovely it is.
Yeah.
I haven't seen this, but I saw that headline this morning.
My extras are, Brian, notice right in the middle here if you go to Talk Python training and
go to courses, there's a coming soon label on the web security with.
agentic AI.
So I'm, I, people really liked my agentic AI programming course, you know, like how do you do
AI programming, but engineering not vibey.
And I think it's pretty powerful.
So I thought, and this is before mythos got announced by the way, but it takes a while to record
these.
So here it is.
The timing's lining up.
What if you go through the OWASP top 10 for the top 10 security vulnerability categories, study
them without AI, just study like all the issues with the Python focus and then said, well,
how can we use things like Claude Opus and others to actually scan our code, find these bugs, find these
security vulnerabilities and fix them, and then maybe do some real world examples. So that's what that
course is about, and it'll be out pretty soon. Okay. So people should go over, I link to it to the
newsletter over on Talk Python training and, you know, be sure they're on it so they hear about it.
Now you want to hear about proud parents? Yeah. This is a good joke. And not even, this is not even
an AI thing. It's just, just a joke for programmers. So,
here it is. Somebody took a picture of their kids' drawings. These are like, I don't know, five, six-year-old
kid drawings. And the kid labeled, numbered the page. So I guess it was like a cartoon story or whatever.
So there's like trees and buildings. But what are the numbers here? Oh, awesome. There's zero,
one and two. Yeah, page zero, page one and two. And so the joke is, this is how, oh, seven years.
Okay. This is my seven-year-old son number of drawings. I've never been more proud.
Yeah, that would be so proud, too.
And then the comments are so good.
That would never come off my fridge.
At age 90, it would still be there as someone else.
Yeah.
Yeah.
Looks like we got Matthew McCona, Leonardo, Da Vinci.
All can give me a little nod.
Like, mm-hmm.
Yep, that's right.
David Abra, I think, was in there.
Future programmer unlocked.
That kid has intentional.
You know, I was wondering, like, so I was just recently in Munich,
and I don't think it's just Germany,
but I think it's a lot of European countries.
Maybe I'm wrong.
that number their elevators, like the ground floor is zero.
And then it goes, the first floor is one up and the basement is negative one.
I just, we don't do that in America.
I think that maybe we have better math scores if we numbered the elevator starting at zero.
Yeah.
I do love the negative as well.
That's right.
That's right.
Negative one, negative two.
But yeah, they do.
That's common.
And it takes a little getting used to.
But I kind of like it too, honestly.
Yeah.
It might help out with math, just saying.
It's a good thing we don't need any help with math.
Everyone's so good at it.
Oh, yeah.
And with that, we're going to finish up this 10-minute episode.
I'll talk to you later.
Bye.