What's up in the python and tech environment? - Issue #214

Photo by Marvin Meyer on Unsplash

Welcome to issue #214 of What’s up in the Python and tech environment?

This newsletter is mainly intended for developers and those passionate about computers.

This week, we’re going to discuss the Django developer survey, the Pixi package manager for data scientists, how to write songs with Python, Wagtail 7.4, Ollama, the Shai Hulud attack that affected Tanstack and many other npm / PyPI packages, Mythos VS curl, the cognitive debt caused by AI coding agents, and more! 🥸

---

From The Python World

The 2026 Django Survey is out. If you are a Django user, please take the time to fill it out. 😉

2026 Django Developers Survey

This article explains how Sprints work at PyCon US.

Everything You Always Wanted to Know About Sprints!

This article highlights some pitfalls when using SQLite as your production database.

Gotchas with SQLite in Production

Wagtail 7.4 is out. For recall, it is a CMS based on Django.

A customizable page explorer and other quality improvements in Wagtail 7.4

An excellent article on dataframes portability.

Portable DataFrames in Python: When to Use Ibis, Narwhals, or Fugue

A nice tutorial on Pixi, the package manager for data science.

pixi: One Package Manager for Python and C/C++ Libraries

A friendly beginner's guide to start with MongoDB in a Python project.

Connecting MongoDB to Python: Your First 10 Minutes With PyMongo

A developer shares how he composes music with Python

NumPy as Synth Engine

A tutorial to get started with Ollama, a software to run Large Language Models (LLM) locally.

How to Use Ollama to Run Large Language Models Locally

A developer shares how learning Rust makes him rethink how to work with Python.

Learning Rust Made Me a Better Python Developer

A snapshot testing library.

You may also want to look at inline-snapshots as an alternative.

syrupy

A performance regression tool with call graph visualization.

oracletrace

From The Web

A Shai Hulud attack compromises many packages in the npm and PyPI ecosystems, such as Tanstack, Mistral AI client SDK, and others.

TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack

Pnpm 11 and security features.

pnpm 11 Adds Supply Chain Protection Defaults for Minimum Release Age and Exotic Subdependencies

Another open-source drama, this time in the Go community.

fsnotify Maintainer Dispute Sparks Supply Chain Concerns

The creator of curl explains his experience with Mythos, the security AI tool by Anthropic.

Mythos finds a curl vulnerability

One developer coined the term comprehension debt, where we lost the comprehension of the code generated with AI by abusing the latter.

AddyOsmani.com - Comprehension Debt - the hidden cost of AI generated code.

This article reminds us not to abuse ARIA labels when creating a website.

ARIA Labels Are Probably Making Your Site Less Accessible. Here’s When to Use Them (And When to Delete Them).

A developer warns us about the dangers of being too connected.

The Mental Cost of Always Being On as a Developer

Yet another build engine in the JavaScript / TypeScript ecosystem.

ionify.cloud

Bonus

To start the week well, I am sharing the following picture with you.

Security? Never heard of her.

This is all for this week. I hope you enjoy it, and if so, please share it on your social media.

Take care of yourself and see you soon! 🙂