<strong>Topics covered in this episode:</strong><br>
<ul>
<li><a href="https://github.com/epogrebnyak/justpath"><strong>justpath</strong></a></li>
<li><strong>xz back door</strong></li>
<li><a href="https://lpython.org">LPython</a></li>
<li><a href="https://github.com/treyhunner/dramatic"><strong>dramatic</strong></a></li>
<li><strong>Extras</strong></li>
<li><strong>Joke</strong></li>
</ul><a href='https://www.youtube.com/watch?v=eWnYlxOREu4' style='font-weight: bold;'data-umami-event="Livestream-Past" data-umami-event-episode="377">Watch on YouTube</a><br>
<p><strong>About the show</strong></p>
<p>Sponsored by ScoutAPM: <a href="https://pythonbytes.fm/scout"><strong>pythonbytes.fm/scout</strong></a></p>
<p><strong>Connect with the hosts</strong></p>
<ul>
<li>Michael: <a href="https://fosstodon.org/@mkennedy"><strong>@[email protected]</strong></a></li>
<li>Brian: <a href="https://fosstodon.org/@brianokken"><strong>@[email protected]</strong></a></li>
<li>Show: <a href="https://fosstodon.org/@pythonbytes"><strong>@[email protected]</strong></a></li>
</ul>
<p>Join us on YouTube at <a href="https://pythonbytes.fm/stream/live"><strong>pythonbytes.fm/live</strong></a> to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too.</p>
<p>Finally, if you want an artisanal, hand-crafted digest of every week of </p>
<p>the show notes in email form? Add your name and email to <a href="https://pythonbytes.fm/friends-of-the-show">our friends of the show list</a>, we'll never share it.</p>
<p><strong>Michael #1:</strong> <a href="https://github.com/epogrebnyak/justpath"><strong>justpath</strong></a></p>
<ul>
<li>Inspect and refine PATH environment variable on both Windows and Linux.</li>
<li>Raw, count, duplicates, invalids, corrections, excellent stuff.</li>
<li>Check out <a href="https://asciinema.org/a/642726">the video</a></li>
</ul>
<p><strong>Brian #2:</strong> <strong>xz back door</strong></p>
<ul>
<li>In case you kinda heard about this, but not really.</li>
<li>Very short version:
<ul>
<li>A Microsoft engineer noticed a performance problem with ssh and tracked it to a particular version update of xz.</li>
<li>Further investigations found a multi-year installation of a fairly complex back door into the xz by a new-ish contributor. But still contributing over several years. First commit in early 2022.</li>
<li>The problem is caught. But if it had succeeded, it would have been bad.</li>
<li>Part of the issue of how this happened is due to having one primary maintainer on a very widely used tool included in tons-o-Linux distributions.</li>
</ul></li>
<li>Some useful articles
<ul>
<li><a href="https://boehs.org/node/everything-i-know-about-the-xz-backdoor"><strong>Everything I Know About the XZ Backdoor</strong></a> - Evan Boehs - recommended read</li>
</ul></li>
<li>Don’t think your affected? Think again if you use homebrew, for example:
<ul>
<li><a href="https://micro.webology.dev/2024/03/29/update-and-upgrade.html"><strong>Update and upgrade Homebrew and</strong></a><a href="https://micro.webology.dev/2024/03/29/update-and-upgrade.html"> </a><a href="https://micro.webology.dev/2024/03/29/update-and-upgrade.html"><strong><code>xz</code></strong></a><a href="https://micro.webology.dev/2024/03/29/update-and-upgrade.html"> <strong>versions</strong></a></li>
</ul></li>
<li>Notes
<ul>
<li>Open source maintenance burnout is real</li>
<li>Lots of open source projects are maintained by unpaid individuals for long periods of time.</li>
<li>Multi-year sneakiness and social bullying is pretty hard to defend against.</li>
<li>Handing off projects to another primary maintainer has to be doable.
<ul>
<li>But now I think we need better tools to vet contributors. </li>
<li>Maybe? Or would that just suppress contributions?</li>
</ul></li>
</ul></li>
<li>One option to help with burnout:
<ul>
<li>JGMM, Just Give Maintainers Money: <a href="https://blog.glyph.im/2024/03/software-needs-to-be-more-expensive.html"><strong>Software Needs To Be More Expensive</strong></a> - Glyph</li>
</ul></li>
</ul>
<p><strong>Michael #3:</strong> <a href="https://lpython.org">LPython</a></p>
<ul>
<li>LPython aggressively optimizes type-annotated Python code. It has several backends, including LLVM, C, C++, and WASM. </li>
<li>LPython’s primary tenet is speed.</li>
<li>Play with the wasm version here: <a href="https://dev.lpython.org">dev.lpython.org</a></li>
<li>Still in alpha, so keep that in mind.</li>
</ul>
<p><strong>Brian #4:</strong> <a href="https://github.com/treyhunner/dramatic"><strong>dramatic</strong></a></p>
<ul>
<li>Trey Hunner</li>
<li>More drama in the software world. This time in the Python. </li>
<li>Actually, this is just a fun utility to make your Python output more dramatic.</li>
<li>More fun output with <a href="https://github.com/ChrisBuilds/terminaltexteffects">terminaltexteffects</a>
<ul>
<li>suggested by Allan</li>
</ul></li>
</ul>
<p><strong>Extras</strong> </p>
<p>Brian:</p>
<ul>
<li><a href="https://github.com/Textualize/textual/releases/tag/v0.55.0">Textual how has a new inline feature in the new release.</a></li>
</ul>
<p>Michael:</p>
<ul>
<li>My keynote talk is out: <a href="https://www.youtube.com/watch?v=coz1CGRxjQ0">The State of Python in 2024</a></li>
<li>Have you browsed your <a href="https://github.com">github feed</a> lately?</li>
<li><a href="https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.html">3.10, 3.9, 3.8 security updates</a></li>
</ul>
<p><strong>Joke:</strong> <a href="https://python-bytes-static.nyc3.digitaloceanspaces.com/definition-of-methodolgy-terms.jpg">Definition of terms</a></p>