What's up Python? iphone support, @sealed, PYTHON_GIL=0...
March 2024
Summary
iOS support milestone
Updates, updates, updates
Security is bumped up
@sealed decorator proposal
VSCode Python extension improves ergonomics
Let's not talk about AI for a minute
Not gonna lie, theses days what's trending in Python is AI. And most of what's AI is not stable, neither the code, nor the public attention. Just look at Github's "trending" page: it's filled with new AI projects, but the list is ever changing.
Reporting on that would be the equivalent pretending to be an oracle, believing I can triage what might be relevant for 2 days and a half. And that's before the Bitcoin halving triggers next month, when we start swimming in crypto-mania. So while I keep an eye on this for my personal benefit, I don't think I can make quality summaries about it. That would require an entire new blog.
This means I'm going to talk about, well, more conventional things.
iOS support
The mobile platform is one of the weaknesses of Python. While you can use projects like Kivy to target phones, the top of the food chain never checks if releasing a new Python version has any impact on it.
PEP 730 (iOS) and PEP 738 (Android) are first steps to fix this situation.
The Beeware project, which aims at providing a way to ship python apps on many platforms, hold a special interest in having this to work and they announced last Tuesday to have tackled down a serious milestone:
It's done! The CPython main branch will now compile for iOS without any additional patching! Docs have been updated, and the developer guide has iOS instructions.
The only step left is to deploy a buildbot;
It is significant, as to achieve official CPython support and be listed on PEP 11 hall of fame (the table of all supported platforms), one must at least reach Tier 3 requirements, including:
Having a reliable buildbot.
Having one core developer signed up to support the platform.
As a reminder, Tier 3 is the lowest level of support, it doesn't block a release if building fail, but it does mean it's on the radar, and serves as a foundation to build stronger support and gather data on how popular it is. It’s the level of support of FreeBSD and Raspy builds.
Updates, updates, updates
Python 3.10.14, 3.9.19, and 3.8.19 are now available, but apart for sysadmins and security researchers, there is not a huge crowd to follow bugfix releases much. What you all want to know is where is 3.13 at, because that's where the juicy stuff happens, like the experimental JIT everybody awaits like Lisan al Gaib.
The alpha 5 (over 6) is out, which does contain said JIT and colorized stack traces in the REPL. But more interestingly, it merges the first attempt at disabling the GIL, which you can test with PYTHON_GIL=0 or -X gil=0.
Of course you would have to compile it correctly, use unstable software and go with low expectations.
Still nice, though, isn't it?
Security is bumped up
Focus on security continues for Pypi.
Because the PSF is now a Common Vulnerabilities and Exposures Numbering Authority, those new releases came combined with the CVE they fix, so you don't have to hunt problems and solutions if it's your job to keep your infra secured.
The malware reporting policy has also changed. It used to be done by email, now there is a form on Pypi itself, accessible only to logged in users, and soon an API for which you can signal your interest.
Given malware upload campaigns are a never ending issue, which once again forced a temporary shut down of the service for new project creations and user registrations 2 days ago, this is a reassuring effort.
BTW, if you want to be part of said effort, they are still hiring. This time, it's a support role, 100% remote, that will deal with things like malware/spam/abuse reports, account recovery or project name requests. Comp range is $70k−90k.
@sealed decorator proposal
You know how we all longed for having a way to check for exhaustiveness during pattern matching on an algebraic data type?
No?
Me neither.
In fact I had to Google what half of this sentence meant.
I'm kidding.
I asked ChatGPT.
Anyway, there is a draft proposal for adding a @sealed decorator to Python’ stdlib.
This is would be a typing metadata, meaning it would not have any impact on the code execution but be used by type checkers like mypy.
It's not a function decorator though, but a class decorator (on which we don't have an article yet), that you would use this way:
from dataclasses import dataclass
from typing import sealed
@sealed
class Person:
...
@dataclass
class Friend(Person):
...
@dataclass
class Foe(Person):
...
@dataclass
class Player(Person):
friends: tuple[Friend]
foes: tuple[Foes]This marks Person as "sealed", implying it is expected to be only subclassed in the same file. It tells type checkers, and any developer looking at the code, that you are not supposed to create a child class out of those outside of this module.
As a consequence, the following function would be marked as unsafe by a type checker:
def dump(person: Person) -> str:
match person:
case Friend(target, value):
...
case Player(value):
...Because now it would be able to say: "we expect a Person, which is certain to be either a Friend, a Foe or a Player, but this function only has a branch for Friend and Player".
I can see this being useful if you have private code that you want to make sure you always use correctly internally, but don't expect any body external to use it.
It's Python of course, so people can still use it how they want. But they have to accept the trade off that you explicitly said it's not supported.
VSCode Python extension improves ergonomics
March release of the official Microsoft addon is bringing better support for automatically fixing imports. It will show the most relevant possibilities first, and also help you fix spelling. For now, it's behind a settings flag you can activate using:
python.analysis.addImport.heuristics : "true"On top of that the Python REPL now marks with a red dot failed commands, and adds a REPL command history to the command panel.
Finally, they changed the annoying behavior that was preventing Jupyter to be used at its full potential, as Pylance can now see all installed packages for local notebooks, giving you full intellisense.