hynek

hynek, 9 months ago to random

I find it super wild to see Googlers celebrate Chrome’s 15th birthday and bragging their part in it RIGHT after they tricked their users into the creepiest ad tracking platform with the darkest of dark patterns. I would be ashamed to be part of that. Personal values and integrity are liabilities.

hynek, 2 months ago to random

Seeing HashiCorp & Redis unravelling is painful but exactly what the end of free money does to corporate FOSS – no matter what promises were made before. Systems do what systems do. Let’s brace ourselves, this is just the beginning. https://mstdn.social/@msw/112130308202090850

hynek, 3 months ago to random

Shots fired by the flake8 maintainer.

We can have a nuanced discussion about the failures of flake8 etc, but you’ll still have to acknowledge that a VC-backed, non-Python project profited from decades of community work, & has sucked all air out of the space.

It’s not like I’m not using Ruff—but I do it begrudgingly & find the cheerleading around it baffling. It has practically destroyed a part of the ecosystem & it looks like nobody has seen the VC playbook play out.

https://youtu.be/XzW4-KEB664

hynek, 11 months ago to python

Since the rounded number of people who read my latest blog post is 0, lemme try again:

If you’re using tox to run your tests across multiple #Python versions, check out my "Two Ways to Turbo-Charge tox”. For one of my projects, it lowered the local runtime by 75% without any code changes!

https://hynek.me/articles/turbo-charge-tox/

It's also languishing on page 3 on Lobste.rs so any upvotes would be appreciated. 😇

hynek, 7 months ago to python

Lately, I’ve seen many #Python projects who use Black and/or Ruff set their target versions manually.

❌ You don't have to do that! ❌

If you use a pyproject.toml , they both interpret your project.require-python key.

If it says >=3.8, they will format/upgrade for 3.8+ etc. Hooray for standards paying off!

hynek, 5 months ago to random

Close followers might have noticed that I’ve been complaining about losing reach for text after the Twitterpocalypse, fewer speaking opportunities due to Unprecedented Times™ and their effect on conferences, and nobody “getting” svcs.

While complaining about reality is fun, I’m also aware that adjustment is necessary for survival and I’ve decided to take on a project this fall: producing a YouTube video about svcs!

It took MUCH longer than I thought but here it is: https://www.youtube.com/watch?v=d1elMD9WgpA 1/x

hynek, 3 months ago to random

Ever thought dependency injection is over-engineering that needs a framework? Or that loose coupling is an obnoxious complication for architecture astronauts? I’m offering a different perspective in my new video:

Loose Coupling & Dependency Injection the EASY Way!

Please help it get started by telling the algorithm what's what! 🙏 https://youtu.be/uWTvMCra-_Y

hynek, 1 month ago to random

Kent Beck’s pithy “for each desired change, make the change easy (warning: this may be hard), then make the easy change” is so profound & underrated.

hynek, 3 months ago to random

New video: Is uv the future of Python Packaging?

I’ve set out with a yes/no question to keep it short, but somehow ended up contextualizing Python’s packaging problems and the video ended up 18 mins long.

Enjoy, like, subscribe, etc!

https://www.youtube.com/watch?v=_FdjW47Au30

hynek, 4 months ago to random

Once again, I’m watching a discussion of ppl stipulating PyPA/Python core/Santa Claus to “just pick one packaging workflow tool and go with it” and once again I have to remind everyone that the main problem isn’t a grand conspiracy of someone not wanting to pick & make you suffer, but that due to Python complex history & broad audience, we’ve got many 90% solutions maintained by few people that solve the 90% important to them and that have no bandwidth/interest in fixing the last 10%. [1/2]

hynek, 3 months ago to random

It would be harsh to say that requests is a pile of poorly-written attractive nuisances on top of urllib3. But, unfortunately, it wouldn’t be wrong.

Many diligent devs have spent countless work hours trying to unfuck the project over the years, but there’s only so much you can do when:

“After receiving our first security disclosure, I was told that Requests wasn't a serious project but instead one person's art project and thus we shouldn't fix the vulnerability.” https://hachyderm.io/@sigmavirus24/111986425127558764

hynek, 8 months ago to random

Due to current events, let me remind y’all that not going to any talks at conferences has tangible consequences that will affect YOU too – eventually. Anyone making claims about this as anything else than a trade-off can be safely ignored: https://hynek.me/articles/hallway-track/

hynek, 11 months ago to python

After much waffling, I’ve just released a new version of a #Python package that I haven’t advertised much until now, but that’s in prod with virtually every of my work projects: https://stamina.hynek.me/

It has a single purpose: to help you write correct retry logic effortlessly.

If you’ve looked at it before: it now has proper docs, support for async, and retries of arbitrary code blocks. And if you wonder what the big deal is, check out the new tutorial: https://stamina.hynek.me/en/latest/tutorial.html

hynek, 4 months ago to random

Copilot just confidently suggested a sweet SQL injection to me.

We’ve got some wild times ahead of us, folks. 🫠

hynek, 30 days ago to python

In my quest to produce a shorter video, I’ve produced my longest so far:

tox vs Nox: What are they for & How do you choose?: https://www.youtube.com/watch?v=ImBvrDvK-1U

In which I introduce those two indispensable tools and reflect my own usage of BOTH. Enjoy! #python

hynek, 5 months ago to random

Heads up everyone using my approach to measuring Python code coverage as detailed in https://hynek.me/articles/ditch-codecov-python/ – GitHub rolled out v4 of upload-artifact that breaks a shitton of workflows including that one.

Do NOT update actions/upload-artifact for Coverage to v4. I have added a warning to the top of the blog post and I will try to come up with a new solution.

Unfortunately, that’s ANOTHER tone-deaf move by GitHub introducing community-wide breakage & I hope they’ll see reason & help migrate.

hynek, 13 days ago to random

i beg, once again, tiny js libraries to stop assuming i want to npm-install everything or expose all my visitors to some free cdn service. just give me a directory i can put on a web server, ty

hynek, 4 months ago to random

GitHub Actions ARM macOS runners available to open source! 🥳

https://github.blog/changelog/2024-01-30-github-actions-introducing-the-new-m1-macos-runner-available-to-open-source

hynek, 6 months ago to random

This is weird to talk about since it always implies a certain amount of begging. Still, yesterday, I lost another Organization-level sponsor, which left me with exactly one (shout-out to ❤️ https://filepreviews.io! ❤️) & I have, at this point, lost more than 50% of GitHub Sponsors income in the past 12 months—which feels like a sad milestone. [1]

hynek, 2 months ago to random

Nobody actually believes that the team behind the Jia Tan sock puppet has been working only on the one project in the past three years and is gonna switch careers now, right!?

hynek, 7 months ago to random

Werkzeug has a CVE that affects all versions <3.0.1: https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw

If an abandoned Flask extension pinned to Werkzeug<3, its users would—even if they regularly update all dependencies!—be SILENTLY stuck with this vulnerability FOREVER (or until an inevitable & unresolvable version conflict).

Yes, this one is harmless, but future ones might not. Yes, there COULD be nicer ways to deal with all this, but we don’t have them.

Breakage > silent CVE

Top-pinning pkg deps is just dangerous.

hynek, 2 months ago to random

The one thing that I can’t wrap my mind around is how the “AI is gonna replace programmers” crowd reconciles:

1. The objective fact that most code is garbage,
2. and the idea that a probabilistic model trained on said code will ever spit out something that is anywhere close to a capable developer. (1/3)

hynek, 1 month ago to random

It’s easy to get used to the grind of daily bad news, but just tangentially participating in an Ukrainian conference hammers home what they’re going thru every day. This is Kyiv, not some contested border town.

Hope everybody is going to be OK at https://fwdays.com/en/event/python-ds-fwdays-2024

hynek, 2 months ago to random

If you wondered why I’m mostly boosting humorous takes on xz drama it’s because I find almost all serious takes absolutely nauseating. So much serious thinking by people who have never maintained anything of substance in their whole life.