Hey, everybody. Welcome, all of you YouTube fans and everybody. So anyway, it's good to be back. I know we were here last week, but it was also spring break for us. So let's do this. Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds. This is episode 475, recorded March 30th, 2026. And I'm Brian
Akin. And I'm Michael Kennedy. And this episode, as is regular lately, is brought to you by us. All of the stuff, the books, courses, head on over to Python Bytes. Wait, yeah, Python Bytes.fm. We have links to everything, but there's also talkpython.com. That's right. Talk.com will get you there. It'll just redirect to .fm. It's all good. Okay. Talkpython.fm. Right. Okay. And Talk Python training, of course. I've I've watched and done so many courses on there. It's a great resource. And if you'd
like to learn pytest, there's a course there, but there's also pythontest.com. And thank you to our Patreon supporters, as usual. And also, thanks to everybody to subscribe to the newsletter, because it's fun to put together. And we got a lot of background information, so we'd like to send out all of the links to everything we talk about on there. And you can reach us to send us topics that you'd like us to talk about, or topics you'd like
us to stop talking about. Whatever. The contact stuff is on pythonbytes.fm, but we're on Mastodon and Bluesky. And yeah. And there's also a contact form there that you can get. And if you're listening to this, thank you. And also, if you'd like to watch the show live, or at least watch it the recording later, you can go on to pythonbytes.fm/live and either be part of the audience or watch it later. Like a ghost.
Like a ghost. Let's lock the ghost. How about that? So there's this interesting article at CERT.AT. I'm guessing that is the way. And this one is super relevant to us. This is a security place, security website. Lock the ghost. In the software world, remove is not always equal to gone. Completely gone. This is crystal clear. There's always a good reason for that. But even
the best reasons do not, does not have to be intuitive or expected by the users. Let's take a short trip through how Python package index handles removals and how we can lock the ghost in a uv lock file forever. Forever. So this is a security thing. And it's specifically, uniquely an issue for uv and the uv lock file in particular. So if you're using uv, like I do with like UV pip compile, uv, and then requirements.txt, that kind of thing, doesn't apply. uv.lock file.
We're both huge fans of uv. And one of the reasons we are fans is because of the performance. Right? It's so fast and it bundles so many tools together. Some of these are making really interesting trade-offs. Often, those trade-offs are certainly fine. You know, like a short caching period. So if you ask it to install something and it did it 10 seconds ago, it's not going to go and ask the APIs for it again and that sort of thing. Or uv Python install, which is awesome.
It gets you Python in a couple of seconds instead of forever with a bunch of buttons. You know, next, next, next, confirm, agree, confirm, next, next, yes. You know, like that installer experience. So those are all good. But I guess this is a bit of a negative consequence of having some of these optimizations. So I pulled out some, I'm going to read my notes here. So the essence is in the UV
lock file. It points directly to the final file on the CDN, I'm guessing, or even the storage. But, you know, even if you remove something from the storage, it doesn't necessarily remove it from the CDN fastly and so on. Right? So however it is, it points to the very final file. Hmm. In when something is yanked or removed from PyPI, it goes out of the listing. You can't find it.
You ask pip to install it. It's not there. But the underlying file is still hanging around. So if you have a direct URL to the result file, instead of following the redirects or whatever, that file doesn't necessarily get removed. That's what that opening was about. Right? So that's basically the problem. If the file is still there, the file is still there, even if it gets yanked. Right? So
there's a couple of interesting knock on effects. So uv lock uniquely preserves this, these ghost packages, they call them in this file. So instead of removing them, they just link directly to them as an optimization, I presume. However, no other thing like hatch or PDM or whatever links to them. Right? So they don't do that. Right? This is specifically about uv. So it creates an interesting supply chain problem. I mean, that's just like the security problem du jour or the year, right?
Whatever. Yeah. Year and fridges. The problem, all these things are getting some level of takeover. And then, you know, that's flowing into packages and other libraries that are built into code. And then, obviously, that amplifies them massively. So in this case, an attacker could upload a malicious package and then immediately remove it, but still have the uv lock file point at it. Okay? Yeah. So if you immediately remove it, you might outrun the scanners. The automated scanners to go,
let me scan the new inbound PyPI packages. Because that package doesn't exist anymore. We don't need to scan it. But you could craft a specific uv lock file that still points to the ghosted remnant. You know what I mean? Yeah. But aren't the lock files on the client side? So it'd be just people that created the client lock files during the... Yes, that seems possible. But imagine this. I create molting claw or whatever, like the world's third most popular GitHub project out there.
Put it up. Get it working normally. And then after it gets really popular, I update a lock file, not even the input, not the pyproject.tom or nothing. I just link, I just update the lock file itself to point at this ghosted malicious file. So anybody who installs it, well, they uv sync. That installs everything in the
lock file. And off it goes. So it's not that you, you ran and installed the thing. It's that somebody could craft a lock file such that if you sync that project, then it's installed onto your machine and off to its regular badness, you know, with it set up.py or whatever. So beware, folks. Beware. I'm not sure exactly what the solution here is, but it's something that could happen. And maybe the the astral team, I'm sure the astral team has already heard about this. This was from last week.
Okay. Interesting. Well, we'll wait to hear back. Yeah. I haven't heard anything. I mean, I guess if I go to the end, there's not like an update. How should I live? This is how should I live to someone up? I presented that removed packages could still be done. But I don't know. Yeah. Well, I mean, there's a lot. It's a security is a big thing.
Anyway, supply chain security is extra bad because it's not even necessarily the things that you're using. It could be the things that you're using, what they're using, you know, right. And something could change there. Like I'm not checking on, I don't know, care debt, for example, just pick something out of thin air because I'm not using it directly. I'm not tracking its releases. I happen
to maybe be using something that uses care debt that then, you know, if something happened to that package, I'm not saying it has, right. Just like thinking of like really popular third party, third level dependencies. Yeah. And yeah, there's, there's, anyway, we'll get into there's, we've got more security topics coming up. So that's, we're not gonna, we're not gonna run out, are we? No. So the next step, I want to talk about a little bit more security, but this is how to,
how to rein in your AI a little bit. So this really, what am I going to talk about? This is suggested by Martin Hecker. I think it's Hecker. It's German name. H-A-E-C-K-E-R. Anyway, thanks, Martin. Anyway, for context in this, this seems so long ago, June of 2025, it was less than a year ago. Simon Wilson wrote a blog post about the trifecta of, of AI agents of lethal, the lethal trifecta, which is giving them access to private data, exposure to untrusted content and ability
to externally communicate. That's pretty much what coding agents are like now, especially if you run it in YOLO mode or dangerous mode, because, and it seems like people wouldn't do that, right? But it's so much faster. so you, to, if you don't, if you have, your agents on like ask mode, it just like, Hey, can I run this command? Yes. How can I run this other command? Yes. Um, and so you can say, just stop asking right now. I trust you, but he should you, I don't know.
So if you've got private data on your, on your device, so there's, there's something to be concerned about. So the, one of these solutions is sandboxing and, you can, or one of the solutions is create a VM and just don't put the stuff on the VM that only you only want the AI to use. That's a lot, that's a little, that's a extra, that's a little extra. And it's, for people
that are normally using, VMs might be fine or, or, either virtual machines or, those other things, containers, right? If they're normally using containers, great. But if you're, if that's not your normal workflow, it's a little, it's a, it's a tough ask. So Claude Code has sandboxing. I haven't tried it out to see how clear it is. It's a little, it apparently works great on macOS Linux and WSL two uses bubble wrap. So if you're using WSL two for, for cloud cursor or
that might, or Claude Code, that might be okay. But what, what about other agents and stuff? So, what we got a suggestion was, that Claude Code has this built in. we're not, I'm not sure how well, if it's a, if it's really restricted or if it's suggestions, anyway, I haven't tried it out. So I'd love to hear what other people think about the sandboxing stuff. Anyway,
the same kind of idea that Claude Code uses is pulled out as a, as something else you can use with different, AI agents if you want. So this is a project called fence. it's lightweight sandboxes for terminal agents, and it uses this similar sort of stuff that Claude Code does. And, this is pretty, pretty, pretty exciting to be able to like restrict what it has access to like, file permissions. You can restrict how much, what, how much your file
system it has access to. You can, restrict the network access, which, which, which websites and stuff it can, it can access and, even get repos, restrict which repos. That's all cool. And it's also really cool that this is open source. So this is go code, but it's, it's a fence project that people can contribute to. And it's very active right now. So, I, I'd be
excited to hear what other people think of fencing. If it's, if you think it's safe enough, anyway, I'm, I'm definitely going to try it out because I would, I was actually considering buying an extra computer so that I could run, run it isolated. I mean, I know that the, container is way cheaper than an extra computer, but also an extra computer is not that much either. So yeah, what do y'all think about this? What do you think, Michael?
Yeah. It's interesting. I mean, a Mac mini is very cheap, right? If you 400 bucks or something like that, it's, that's a pretty cheap computer. If you want to have a separate machine, but also a VM potentially would work if you wanted to have some isolation. I think this is a neat idea. I like that it's open source. The one thing I don't like, and I don't know that there's necessarily a great fix for that. It just given the way that it works is it seems like you can have it work on any,
any terminal command, right? So like Claude code or codex CLI or Gemini CLI, whatever, but say VS Code, um, cursor, PyCharm, if you want to run one of those, but have the agents that run in those more proper editors limited, that, that seems harder. You know, it doesn't seem like it supports that. Yeah. So that's the way I like to, I honestly, I, this might be a minority opinion, but I think Claude code and friends, the way that they work are an anti pattern for how
real software developers should be coding. And what I mean by that is Claude code and other CLI ones encourage you to just have the code just like rip by, like do this and it's just like, you see the code screaming by and it's like, okay, I'm done. And then your job is like, accept that or whatever, or you wait 10 minutes for it to do a thing. I was doing a project, two days ago, Claude code spun up five agents that all ran for 15 minutes in parallel.
And then it gave me that result. So that's a lot of code changes. And, that's a lot of my credits in addition to just time to wait 15 minutes and see how it came out. So what I much prefer is to have some kind of editor VS Code, Python, whatever, where the work is happening. And as it's making changes, I can roll up. Okay. it made this change. Let me look, actually, it's going down
the wrong path. Hey, stop, stop, stop. No, don't look. You did this wrong. Go that way. You know, you're not following the patterns of this. So with the, just like streaming by like a social media feed, it encourages you not to review it while it's working. And I think that that is not right. I know the trend is to like not review code at all, but there's the trend is also to get a bunch of like unstable software. So take your pick. Anyway, I don't like the CLI ones because of that.
Therefore I probably won't be using this, but I would like to, that's my take. Yeah. It's interesting because like, this is similar to, you know, hiring, hiring somebody to do work for you or, or having a, an intern or a new hire or something, that you don't quite trust yet. of, of saying, Hey, I want you to do this, this job, but I'd like you to, like, you know, work for like four
hours at most and then check in, right, right. Like work on it this morning and then check in with me after lunch, something like that. Yeah. Yeah. So with, you wouldn't want like four hours of, of, cursor or Claude Code to, to run, but you might go, you know, use this many tokens or something and, and then check in to make sure that you're in the right track, or something.
Yeah. Also testing helps. Testing absolutely helps. It does. It does. But the problem is sometimes the agents are like, that test doesn't seem relevant. It was also hard to make it fixed. So we took it out, you know, that's happened to me. And if you got enough, enough tests, it's like, Oh, there's some thousand, 100 something number of tests. You don't notice that the one that
you really needed is gone, you know? Yeah. Yeah. We're getting out of tangent, but I was listening to a podcast this morning or interview with somebody that had, used, like claws, which I haven't, I haven't done any claws yet or anything, but, having a thing that controls lots of agents to do things like control his house, with his pool temperature and lights and everything. And I'm like, if I want my lights on in my room, I turn the light switch on.
I haven't coded anything. In theory, I want a smart home and practice. I'm like, boy, that's not really that helpful. But these are really easy though. okay. well, let's go on to the next thing. What do you, what do you got? Indeed. Let's go on to the next thing. And this one is, this one is, is called malicious and it, it has to do with
it's also an AI one. So I know some people are overwhelmed or uninterested in the AI stuff, but I don't think this is the AI in the sense that you're thinking about. This is, this is crazy. So this is a, an open source copyright concept and it doesn't necessarily have to do with AI. It just happens to be that AI is the workhorse of it. So check this out. I, and I don't know if this is a, a real project that people are making real money. You can, there's like real pricing here.
So what is the idea? The idea is, so I don't know if this is a real project because it could be put out here to cause such a backlash that it causes a lawsuit. That's what, that's what I'm saying. But there is real pricing. So here's the thing. Remember how we had that, there was like this big debate just, I think last week about Chardet, right? Yeah. Chardet, Chardet, that the current
maintainer who is not the original copyright holder had AI recreate one, create the library based like one generate the description and the specifications. And then another one that has never seen any of the code, take that and then turn that into the new project seven Oh, and then change the license because this new bit of code is no longer the same thing, right? Basically this is that as a service.
Interesting. Yeah. So it calls a clean room as a service. Finally, liberation from open source obligations. It's pretty shady. You guys, this is, this is bad news. Our proprietary AI robots independently recreate open source projects from scratch. The receipt, the result, legally distinct code with corporate friendly licensing, no attribution, no copy left, no problem. And there's pricing for this. I know it's really crazy. So the pricing is transparent paper kilobyte pricing.
So it's focused on JavaScript at the moment. Every package is priced by its unpacked size on npm. How about that? So for example, left pad, left pad, if you wanted a copyright, not copy left, left pad, it would cost 50 cents. If you want to express the node JS powered web framework, 73 cents. You want um, moment. I don't know what moment is. Apparently it's pretty big. It costs $42. What do you think about this Brian? This is nuts, huh? Is this, it's this real? I mean, like it could be.
That's like, like I said, I don't know if this is real or not, but I think it is, it is a real copyright conversation and it is a real. It's called Malice. I know. I don't know. Yeah. I think we need, we need to create a competing one. That's called spite. Spite and Malice. Anyway, amazing. Liberate open sources to H2. Like how, how not so is this?
Like I said, I think it could be something that's just trying to get attention to this problem and like cause some kind of final legal decision to come down about it. Or it could be something people are just paying money. Well, yeah, we'll take it. Yeah. I honestly don't know. You know what, what, what's creepy is like a decent, like an evil, but decent business model might be to do something like this and just keep track of all the companies that have paid you to
steal from open source. and then, you know, and then like, you know, sue them or, or like, you know, anyway. Yeah. Well, I leave this here for people to riminate about, but I do think it's pretty wild. I think it's pretty wild. I also, I guess it's good to talk about it because people are going to do this anyway, right? People are going to try to do clean room solutions and yeah, around stuff. Clean room solutions have worked. I mean, there was, Miguel de Caza. I don't know how
that, I'm not sure how to spell it. The guy created mono, the, which was the open, open source version of .net when .net was, or yeah, of .net and C# when it was still completely commercial and just made sure that whoever they hired to work on it had never looked at the source code or work, you know, and they rebuilt it. And ultimately the outcome was that
Microsoft bought them because they thought that open source was better later instead of, instead of a virus or whatever they called it. So, I mean, that's a, that's a historical precedent for this clean room concept. But if you just, the difference is that took multiple people six months to a year, whereas this is like an afternoon. You know what I mean? If you turn Claude code loose on it.
It's just the world right now. Yeah. Yeah. This is the world right now. But anyway, I honestly don't know how I feel about this. I mean, it seems like a really crappy thing to do at the same time. It seems like you should be able to look, you know, in the Google, Google versus I think Oracle case. So the case about Java and I think it was Java and Android, the Supreme court, whatever the highest court it went
to ruled that APIs, the signature of the APIs are not copyrightable. Right? So that's, that's part of the precedence, but this is, this is the internals. But if you take something and scrape out, these are all the APIs and here's a description of what it does, you know, and you feed that to an AI, that's pretty close to doing what Google did, but they had a team of hundreds of people or something. You know what I mean? Like, I don't know. I, like I said, I don't know how to feel
about this. I'm just going to put this out there for people's awareness and move on to your next topic, Brian. Well, I want to talk about, just change it up a little bit and talk about security. So, so this one comes from us, from Matthias, showroom, I think anyway,
uh, thanks Matthias. I sent us, sent it in through email, which yeah, we've very easy to find email. So the article, this is kind of fun because in the email he said, you know what, I've been, I wanted to suggest this, but also, this topic, but also I'm trying to get better about writing blog posts and, and I appreciate that because we, we like blog posts.
I like to read blogs. So there's a, he's got an article called harden your GitHub action workflows with Zizmor dependency pinning and dependency cooldown. So there's three topics to, so you've got, um, and actually this came up because he was looking at an article like, please let me get this. Okay. Like, from step security saying an AI powered bot actively exploited GitHub actions,
uh, micro involving Microsoft data dog CNF projections, lots of things. So this sort of, you have to, basically making sure you get have actions are secure. Also not just your, whatever thing you're building, but your, your actions might have a problem. So, we had actually covered Zizmor, but I went, I went and looked and see, to see when it was. So it was,
um, episode 408, November, 2024. We covered Zizmor and, and then look at the, look at the repo. So Zizmor repo, it's Zizmor is a static analysis tool for GitHub actions. I thought it was pretty cool. So we covered it and it's got a bunch of sponsors now and look at the star count. Hmm. We covered it in, in November, 2024. And right after that, it kind of took off. Wow. That thing totally hockey sticked. How about that?
Well, maybe it's because of us, who knows? Probably not. But anyway, so that's pretty cool. I'm sure at least one of those stars is from us. At least one of the stars. Yeah. Like the one I put on there maybe. anyway, so the, so what, what can you do? So there's a supply chain issues, doing static analysis of
your GitHub actions, definitely, something to do. And this is not, what I'd like to put out is this is not just, it is business critical stuff. It's really anything that you're putting out on, on, on GitHub and especially things that you're releasing, through PI PI, because even your little like left pad thing might get exploited, whatever you might not think about it, but
somebody else could take advantage of it. So it's just to lock stuff down. So we've got, so we've got the static analysis. The other, the other thing he brought up is dependency pinning.
So, and this is related to the light LLM, exploit, from last week, which I don't think we covered, but hopefully everybody heard about this. so there's one of the, and this, this one is creepy because apparently the, the, even if you pinned the dependency in it with version numbers, that wasn't enough because a malicious, a malicious package got over, overrode the, the, um, the binary with the same version number. So you, you really should be checking the SHA key.
Is that Shah or SHA? I don't know how to pronounce it. I think typically said Shah, but if you call, you talk about the, hashing algorithm, I think people say SHA, SHA. So it could go either way, right? So, but some of those, some of those are a little bit, a little bit hard to, I mean, it's hard to do deal with. It's not really hard, but it's, it's less of a, it's more of a pain than
just typing out the version. So there's a, there's a tool apparently called renovate that helps, for, helps for that, that part of it. and you know, uv pins, you, like I was going to say uv locks, but now we have a problem with the uv locks on, so, Jack Kerr- Whack-a-mole. It's like whack-a-mole. It's definitely whack-a-mole. So, so using things
to, to check, to tech, check those shahs also, and then dependency cooldowns. I think you brought this up either last week or recently. Yeah. to be able to say, hey, I'm going to update everything, but don't update if, if, if anything's like newer than seven days or something like that. Yeah. I would like to point out that I do not do this. I do not. When I say it, I say one
week. Oh, you do, you just, that's an improper fraction right there is what that is. No, I'm just kidding. I literally have mine says one week that says seven days, but whatever. Same idea. It's, I think it's a very, it solves the problem that I talked about and it solves the problem. because after seven days, that thing's not going to exist on the package manifest, right. And it solves the problem here. It's a, it's a super simple thing and it's not perfect,
but it's a layer of defense. Yeah. So I do, this is a, I don't think this is too much. So I think that I'm going to, I'm going to, I've got a project that I'm a little, yeah, I'm going to try this out. I'm going to try these things. And it's, my guess is it's going to take me longer to figure out what to do than to actually implement everything. So yeah, that's how a lot of stuff is like. I changed,
I had to change one line, but it took me two days of research to figure out what the right choice to that one line was. I mean, and let's, let's get real. I'm just going to point an agent at this article and say, could you do all this stuff for my friend? This seems like a problem. Read it, fix it, research it, fix it. Yep. Exactly. Maybe get a, you can get a non GPL version if you put, pay a few, few cents and send it to malicious. All right. So a real time follow up. I just want to,
I forgot to credit Paul Bauer who sent in the thing about malicious. So thanks for that. And you mentioned left pad. I was curious, is there a Python left pad? Yes. In fact, there is a Python left pad. Really? Yes. Inspired by the famous left pad package on npm that broke the internet. It's a joke. I mean, but it works. You can pip install it. It's called it a port of the infamous left pad npm package. Interesting. Okay. Yeah.
okay. I think we're on to extras. I just said, I have one. Do you have, do you have some extras? Yeah, I'll go ahead and go first. Since I have my, screen. Yeah. All right. So I want to talk about a new SAS that I released Brian, that people have seen me, see me using, but they don't know that that's what I had anything to do with me called interview queue.
So this is a Python built platform for doing podcasts. So if people are out there, there are content creators that are podcasters that are, they do interviews, whatever, give this thing a look. The whole idea is from starting out with like bracelet about an idea all the way until you push something out as a final bit of audio file or video or whatever. It, it's there
to like make every step a little bit easier and guide that. So I knew I was going to talk about that this week. So last week I pressed a stopwatch, start, stop when I, from the time I had downloaded the audio files from our interview last week until I had shipped it with chapters, with album art, all that kind of stuff, edited final, like raw video down, right. Audio downloaded to final audio and the podcast feed, 18 seconds, 51, 18 minutes, 51 seconds. Oh, wow.
Wow. So super excited about this. Mostly I built it for myself, but I thought, you know, I'll put in some extra effort, keep fine. I actually, I had to rewrite it three times because I'm like, yeah, this is the right UI metaphor for how this works. And I tried it on a few podcast episodes. I'm like, Nope, no, it's not. This is horrible. I can't be, it's just so disorienting.
Do it again. I think it's really nailed now. So people are doing podcasts or interviews. I know that's not most people listening, but it's a really cool Python app. It's, it's a mega app. It's like 75,000 lines of Python or something. It does a bunch of stuff. Okay. Nice. Yeah. Thanks. Good dog fooding. Yes. Dog fooding. And I built for myself. One of the things that I learned as part of that is so that gives people 250 megs of free storage unlimited. It does free
transcripts. It does all that kind of stuff. One of the things that makes that work is you need to be able to store stuff. That's not too expensive. So if you store something on S3 or something like that, Azure blob storage, probably the same price. They all seem to copy each other, except for digitalization, which is a little bit cheaper at seven. I know it's, it's at one cent per gigabyte
per month for a regular S3 storage. But they just came out with a thing called spaces, which is their S3 cold storage. So you can put something up and say, I'm not going to access it very much. And if I do access it, it costs a little tiny bit more. Like instead of it costs a cent per gigabyte when you access it. So, which is, you know, more than their, their default pricing or
whatever. But if you don't access it, it's 0.007 cents per gigabyte per month. Think how cheap that is. That is awesome. And you don't have to have like, oh, we have Glacier, which is its own storage system. And then if we want to, we can move it back into S3 and out of us, like it's literally the same API as S3. You just use Bodo to talk to it. But if you, your access pattern is very infrequently, which, you know, it is, you record a podcast, maybe you touch it once or twice.
There's like a little cool trick with disk cache. So most of the time, when it's sort of in an active mode, it doesn't even go to the internet and just works with like a local volume at Hetzner. And then if it needs to go back, it's, it's still pretty cheap. Isn't that cool? What, so what would you put in the cloud that you don't access very often?
Backup files, like, so for example, let's say you want to store the, for, let's go back to interview queue as something concrete, right? Just so it's concrete. One of the things that we'll do is that we'll generate transcripts for you. So it could take that, that VTT or SRT file or whatever, like a text file, put it into this cold storage, also put like a 30 day local cache where it works
with it. But after that, it just, you know, it runs out of space, it throws it away. So maybe it's in this little local cache for like the two days that you're editing the podcast. But how often do you go back to a podcast you did last year and then pull up the transcript segment and want to look at
it? Most people who would use a service like this would just go like, well, once I've produced it and downloaded the final transcript, like they don't go back and mess with it again. Right. So it's that kind of thing. It's like when you're creating something or you're actively editing it, then you want those files there, you want that access, but then pretty soon it's going to fall into like, I just want it historically kept for me. I think there's a lot of access patterns for that. All right.
Back to fire and forget. So I talked about this last week, this fire and forget pattern and how this was pretty sketch that I thought I still believe that to be true. I have two things on it. One, I'm sorry, I don't remember who sent me this message. I can't, I'm sorry, I can't remember who sent me this, but thank you for sending me. They said, actually, I said, starting in Python 312,
this has been a problem. What they said is starting in Python 312, what happened is the documentation pointed out that this was a problem. Whereas previously it was a silent sort of unknown issue. So they think that it has been there since three, four, three, whenever, whenever create tasks got defined and asyncio got defined, you know, the year before async and await, which I think that's three,
five. Anyway, for a long, long time that it has been there, but in 312, the documents were, documentation was updated. Say, Hey, this is a problem. Be aware of it. So it could be that this has always been a problem. And it's just that, you know, the, the, for people who don't know, if you just go and say, Hey, I want to fire something off in the background to let it run on the event loop, asyncio dot create task. And you give it the async function.
That's not enough. That is not enough to keep it from getting garbage collected potentially because the loop itself doesn't hang onto it. Okay. So that's the, that's the issue, right? They think that that's been the case forever and they just document it in 312. So thanks for pointing that out. I don't know that should be true. I looked into it and didn't find a great answer.
The next thing though, is, another person pointed out, Richard pointed out that Will McGugan wrote an article called the Heisen bug lurking in your async code. What does it talk about? Well, if you do create task, guess what? It could be garbage collected. It may disappear without warning during garbage collection. And so that's all well and good. Thanks Will for writing that. So I did
another post that sort of talked about that. But what's interesting is luckily, Will added numbers and concrete search values. So if I go here, there are wait for it, 586,000 separate code files that
have this pattern because people would tell me it's not a problem, Michael. You, this is some weird edge case that only you care about me and the 586,000 other people. All right. Look at this. The very first hit is like, boom, they're not putting it into like, so not every one of these 586,000 actually, like,
this is actually a documentation line here. This one, they are holding the task. But even on the first page, which is like a very small amount of those half a million, there's five instances where they're
doing the thing that you said you're not supposed to do. So, all right. That's it for my extras. But I thought that would be a fun follow up on two accounts. Yeah. I just have one extra. And that is, is that GitHub is, well, I went to GitHub this morning and noticed that on April 24th, they're going to, GitHub Copilot is going to start recording interaction data for their AI model training unless you opt out. So a company is actually asking before they spy on you. So that's nice.
But they're going to spy on you. Yeah. Well, you can opt, apparently you can opt out. Yes. I've already opted out. Have you? Yeah. I was gonna, and I'm like, do I really care how, how they, my GitHub interactions or? And honestly, it's kind of a no op for me or, you know, tree falls in the forest. No one dares to hear it. Like actually the tree does still fall.
That's a pretty human centric perspective of the world, but this is GitHub Copilot interaction, not your repository data, right? That's what it says on April 24th. We'll start using GitHub Copilot interaction data for AI model training, unless you say no, I don't use GitHub Copilot. So maybe they can have all my interactions or none of them. They'll be the same.
When I first saw that, I thought, oh, they're going to start there. They're asking for permission to use my code in my repository and my issues and stuff for training. But that doesn't sound like what it is. What are they? Okay. The GitHub Copilot interactions with. Yeah. So the one, probably the ones I'm responsible for, like when am I using GitHub Copilot? Okay.
Yeah. And like, if you go to the GitHub homepage, there's a ask Copilot sort of thing. And there's other, you know, there's other areas where if you do a search, I think some Copilot stuff in the PR, you might be, especially if you're a paid user of Copilot, that's a very, that's a much bigger thing. Yeah. One of the interesting things is you can ask, where'd it go? Yeah. I think you can ask, you can ask an agent to like, oh yeah, here, here we go. If I'm looking at an issue,
you can assign it to an agent to have them fix it. Yeah. I haven't tried this. I might try this on this one. I've, I've already been having mine do that, but not through Copilot. In Claude code, I just say, hey Claude, issue 199 of this repository. I would like to work on that. Can you get, can you plan that out with me and have a conversation? It just goes, logs into GitHub, using the GH CLI, pulls it down, understands it, and then,
then keeps working with it. So it's not exclusive to, to GitHub and Copilot if you have the GH CLI installed, which is very cool. Okay. Yeah. That looks more scary to me before. And now I'm like, actually, I don't care. I don't care. So, should we talk about something funny? We shall make a joke. So I, for an interview queue, my press mark is asked. There we go.
So I can't tell for sure if we did this before, but if so, it's been long enough that I think it'll be fun. Okay. All right. So Will Smith and iRobot, I think that's a good sort of future, but looking back to like now type of thing, right? So Will Smith talking to one of these robots, can LL, can an LLM write maintainable code? The LLM, the robot stares back with its like mechanical eyes. Can you? Oh snap. Oh snap. Yeah.
I mean, it's a funny joke. I think it's a funny joke just because of the time and so on. And there's a lot of variations that you could have on it. I haven't read the comments. We have to read the comments, but there are certainly coworkers I've had in the past who I would take Claude Code over that coworker for working on my code together. Yeah, definitely. Yeah. Yeah.
Not saying the clock code is perfect. I just want to let it run loose, but I've had some people are like pretty bad, especially people taking some of my training classes and like, how did you get into this? I mean, this company? I had some, I'll tell you, I don't want people to feel like I'm making fun of people over like being too picky or elitist. This is a person who worked at a, either a bank,
let's say a bank, like something like a bank, like a big enterprise company. And this was when I was teaching C# way back in the day and we would do like an hour's worth of presentation and demos. And then it was okay. Now you guys for the next hour, work on this thing. That's like a derivative version of what we've been talking about. Right. And this person who has been employed at this company
for six months as a software developer, professionally at a bank, read the instructions, said, Michael, I need help. I said, Oh, no problem. What's going on here? Like, well, I can't get this to work. And they had variable name equals some sentence, no quotes around it. I said, Oh, you got a couple problems here. That's a string. So you need to put quotes around the string. What are you talking about?
I don't know what to tell you. Like you need to put the quote character, the beginning and end. So like the compiler knows that this is actually a string bit, not just other keywords and stuff. Like, see the thing left of the enter shift, press that and put it at the beginning. It was like a challenge to get those quotes in there. And then it still wouldn't work. I'm like, Oh, you could,
you have to declare the variable as a string. Like, so you have to say string space, email equals whatever, or whatever it was. Right. What do you mean? Six months as a professional developer in this language, this is not like where they're starting this language. I'm like, okay, I will take clock code all day. I will take this robot thing all day over that as a coworker. Seriously. So I don't think
I'm being harsh to say that that's, that's out of bounds of like, you shouldn't be, you should have gotten past that step after six months, eight hours a day. So lesson out there. If you know what quotes are, you might be able to get a job. You know how to make a string in a programming language. Okay. While we're on the tangent, I'll just get one more tangent. So I had an interview once, somebody came in and it was, it was a contract position, but, but still I usually start
with a real low ball question just to, just to make sure. So, and I usually say something like, okay, I just want to write a function that in Python, write a function in Python that takes, takes a user input string or takes a string and, or actually, what is it? Write a function that takes two numbers and adds them and returns the answer. This was a long, it took a while to get to the point
where I could say, let's actually, let's stop. And I, and I don't want to try to be cold. So I usually like ask about their background and whatever, and, and fill out the hour. But it was clear that this wasn't going to work because they, this first, they started out with like print statements to the standard out and, and using the input command to get user data. And I'm like, no, it's a function.
It just has parameters. That's it. Oops. So yeah. Anyway, lots, lots of different backgrounds that get into software. So yeah, yeah, yeah, definitely some that I would, I would take an agent over. So, but that's funny. Let's look at the comments real quick. Okay. John says, man, this is going to slay on LinkedIn. Oh my gosh. Yeah. Right. Everyone acting like they're Linus Torvalds.
Yeah. So would you, LinkedIn's weird. I, I, every time I peek my head into LinkedIn, I like try to back out because I think it's all just full of bots. I don't think there's any people there left. So. Yeah. Well, you haven't embraced your a hundred day ones attitude. Guess not. Anyway, a good episode. Fun talking with you. Thanks to everybody that, that showed up to listen and we'll see you all next week. Bye everyone. Bye.