Summary

• Cloudflare workers now support Python through pyodide

• Wasmer releases a Python to Wasm compiler, 3 times faster than alternatives

• Pydantic's author reveals his new observability service with deep Python integration

• The Python community not affected by XZ so far

• Guido is 5 letters, 41 accross

  Subscribe

Cloudflare Python workers

After two decades spent in the Python world, I kinda usually see where things are heading. But boy, didn't I see this one coming.

Cloudflare, the giant service that caches and offers DDOS protection for half the web, released a version of its workers service for Python.

Cloudflare workers are a so-called serverless edge cloud computing platform. And if this soup of buzz words triggered your BS bingo frenzy, you are not alone.

Translation: they host your code and manage transparently the server, while replicating and load balancing the service automatically. This means theoretically that your code executes closer to the user because Cloudflare is everywhere, with potentially lower latency, while you pay only for what you use.

This also means you are locked in a proprietary platform and rely on their other external services for data persistence, as "server less" implies your endpoints are stateless.

Still, this is good news. The JS workers were quite popular because the free plan comes with 100 000 requests per day, provided each one runs in less than 10 ms.

It's not bad if you want to play with an idea or deploy a PoC but don't want to go full hosting yet. It's especially nice since it can make requests to the internet, and run Cron jobs. Maybe you have a little static web site that need just a nudge of logic from time to time. Maybe you have a bookmarklet that could benefit from a proxy to make requests.

The Python versions runs using pyodide, so expect it to be 5 times slower than regular Python and to not have access to all the C extensions.

I haven't given a try to the service yet, but it's on my todo-list.

py2wasm: A Python to Wasm compiler

wasmer.io, a Saas company that aims at providing a universal app platform through web assembly, released pywasm, a Python to Wasm compiler.

While it was already possible to do so using the aforementioned pyodide, wasmer takes an innovative approach by compiling first the code with the wonderful nuitka, which gives a performance boosts by itself, then turn the result into web assembly.

The result is claimed to be three time faster than pyodide, which means it's only twice slower than CPython. Not bad.

Pydantic on a roll

Samuel Colvin is a busy bee.

This april, he dropped the v2.7.0 of the excellent validation library pydantic, apparently squeezing even more perfs, thanks notably to jiter, a fast rust based JSON parser.

But above all, he released his new observability service dedicated to Python: pydantic logfire.

Based on the OpenTelemetry standard, it features logs, traces and metrics capture, either manually with logging and spanning calls, or automatically with instrumentation built in for django, fast api, flask and many other popular modules.

Be warned that using telemetry, and particularly the heavy hitter OT, is a trade off: you will gain good insight to your running system, in exchange for a performance penalty.

Given the track record of the author, that the service is free while in beta, and based on standard and open source components to avoid lock in, I'm going to give a try to this one.

The Python community not affected by XZ so far

The FOSS world was a bit on edge last month, dealing with the fallout of the XZ backdoor.

As we covered previously, the PSF hired Seth Michael Larson to help with all things security. Good timing. And so he did a report on the matter for our ecosystem.

Bottom line, despite the fact CPython bundles xz to power the lzma module, no version is known to contain the malicious 5.6.0 or 5.6.1.

Pypi itself, running on Debian Bookworm, is not affected, and neither are the official Python Docker images.

Finally, a scan was made on the service and no module distributed seems to be cause for alarm, although the method is not bullet proof.

Guido in the NY times crossword

Sure, it's useless news. But it's fun news.