Python Bytes podcast

#401 We must replace uWSGI with something else

9/17/2024
0:00
31:05
Rewind 15 seconds
Fast Forward 15 seconds
Topics covered in this episode:
Watch on YouTube

About the show

Sponsored by ScoutAPM: pythonbytes.fm/scout

Connect with the hosts

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Michael #1: We must replace uwsgi by something else

  • uWSGI is now in maintenance mode: https://uwsgi-docs.readthedocs.io/en/latest/
    • The project is in maintenance mode (only bugfixes and updates for new languages apis). Do not expect quick answers on github issues and/or pull requests (sorry for that) A big thanks to all of the users and contributors since 2009.
  • Reasonable options look like:

Brian #2: Let’s build and optimize a Rust extension for Python

  • Itamar Turner-Trauring
  • Example: algorithm for approximating the number of unique values in a list
  • Comparison to non-approximation
    • non-approx is faster but uses way more memory
  • Rust version
    • Use Maturin and PyO3
    • Pull in Rust dependencies (rand for random numbers)
  • Optimization
    • link-time optimization
    • faster random
    • store hashes only
  • Future optimizations
    • change algorithm maybe
    • pass numpy array instead of Python list (I’d like to see that spedup)

Michael #3: Fake recruiter coding tests target devs with malicious Python packages

  • via python weekly
  • GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews.
  • Attackers posing as employees of major financial services firms.
  • This previously happened via other means such as NPM
  • This analysis revealed that the direct parent of the detected, malicious files is a PythonPYC file, meaning that once again the team encountered malware hidden in a compiled Python file.
  • “The README files tell would-be candidates to make sure the project is running successfully on their system before making modifications.”
  • What can you do (according to Michael)?
    • Try out new packages in a docker container
    • Work on code and projects using a VM which has snapshotting (to roll back completely after you’re done)
    • Fire up a Windows desktop in the cloud for the project then destroy it

Brian #4: Monthly PSF Board Office Hours

  • “The Office Hours will be sessions where you can share with us how we can help your community, express your perspectives, and provide feedback for the PSF.”
  • “Unless we have a dedicated topic for a session, you are not limited to talking with us about the above topics, although the discussions should be focused on Python, the PSF, and our community. If you think there’s something we can help with or we should know, we welcome you to come and talk to us!”
  • Upcoming office hours
    • October 8th, 2024: 9pm UTC
    • November 12th, 2024: 2pm UTC
    • December 10th, 2024: 9pm UTC
    • January 14th, 2025: 2pm UTC
    • February 11th, 2025: 9pm UTC
    • March 11th, 2025: 1pm UTC
    • April 8th, 2025: 9pm UTC
    • May 13th, 2025: 1pm UTC (Live from PyCon US!)
    • June 10th, 2025: 9pm UTC
    • July 9th, 2025: 1pm UTC
    • August 12th, 2025: 9pm UTC

Extras

Brian:

Michael:

Joke: Election joke

More episodes from "Python Bytes"