I'm trying to reach out to Charlie Marsh @crmarsh.com because of the upcoming EuroPython conference.

Do I know anyone here who can help me get to him?

Thanks 🙏

Hours, of course! Where was my head?!… 🤷🏻‍♂️

How to Safely Update Your Dependencies With all the supply chain attacks happening lately (litellm being the most recent example) keeping dependencies up to date without risk has been on my mind. Below is everything I do to keep my personal projects secure, what we do at Fencer to keep our own codebase secure, and what we recommend to the startups we work with. Be hesitant about what you add The best way to reduce the risk of installing a compromised dependency is to avoid relying on it in the first place. Before adding a new dependency, I first make sure that implementing it ourselves would be too much work (or tokens!).

With all the supply chain attacks going around, we have to be very careful about how we update our dependencies. I've written a full blog post about it, but here is the TLDR:

1. Pin to hashes, not just versions
2. Automate the updates
3. Use dependency cooldowns

blog.pecar.me/how-to-safe...

I think you missed the word “days” in “(…) detected and yanked within a few, but you (…)” - hmmm? :)

Core Dispatch #2 Welcome back to Core Dispatch! This edition covers April 4–16, 2026, and there's a lot going on. As expected, new releases are out for 3.13, 3.14, and 3.15.…

The SC accepted a PEP that establishes a new Packaging Council, the incremental GC is being reverted, Łukasz Langa is stepping down as Developer in Residence, Rust for CPython has a new progress update, four new PEPs — all this and more in this edition of Core Dispatch.

coredispatch.xyz/editions/2

The Anthropologist Predicting Society's Collapse - Jitske Kramer YouTube video by Anthony Scaramucci

Ignorem a capa e o título chama-clique. É uma entrevista inspiradora e otimista com uma antropóloga holandesa falando sobre o momento atual no mundo e o que precisamos fazer para superá-lo de forma construtiva e solidária.

Para qualquer país e toda a humanidade:

www.youtube.com/watch?v=Vhgi...

DuckLake v1.0 We are happy to release DuckLake v1.0, a production-ready lakehouse format specification. Its reference implementation, the ducklake DuckDB extension, is available as of today in DuckDB v1.5.2.

We are happy to release DuckLake v1.0, a production-ready lakehouse format specification. Its reference implementation, the ducklake DuckDB extension, is available as of today in DuckDB v1.5.2.

For more details, read the announcement blog post:
ducklake.select/2026/04/13/d...

a screenshot of a terminal running mopup to upgrade python 3.13.12 to 3.13.13 and 3.14 from 3.14.3 to 3.14.4

oh hey it's time to use https://pypi.org/project/MOPUp/ again

Refusal to Review I wrote the below email, when invited to review a paper that was partially processed by ChatGPT. As I imagine the email could be useful inspiration for others, I decided to make it available. Feel …

“Feel free to adapt and reuse. No attribution needed (…) If you make an adaption that you also want to share, I’d love to know about it, too.”

irisvanrooijcogsci.com/2026/04/08/r...

Losing the World's Respect The Iran War looks like a tipping point

There's that third of people (or 27% if you follow the Alan Keyes Factor) that don't mind Trump's cruelty even a little bit. What will make them turn away from Trump is *losing*.

We must *never* forget it, or forgive it. We know what they do with power.

paulkrugman.substack.com/p/losing-the...

Excellent news.

France Launches Government Linux Desktop Plan as Windows Exit Begins www.numerique.gouv.fr/sinformer/es...

Bye bye spyware and AI batshit crazy Windows 11.

If you’re at PyCon Lithuania 🇱🇹 #PyConLT, join me to learn about the paradox of itertools.tee in the Diamond room at 11am.

See you there!

The first Earthset of the 21st century

from Artemis II

Read The Docs Theme for Jekyll & GitHub Pages - Read The Docs Jekyll Theme Port of the Read the Docs theme to Jekyll to use with GitHub Pages.

I love using GitHub Pages for my projects' docs 📚
So I've dusted off my Jekyll Read the Docs theme port, and added a bunch of useful stuff: admonitions, Mermaid diagrams, better GH Pages integration and more ✨

Hopefully others find it useful too!
carlosperate.github.io/jekyll-theme...

Capa de livro com o título Curso Básico de Linguística Gerativa

Capa de livro com o título Sintaxe Gerativa

Você usa IA para gerar textos ou para generar textos?

Então porquê você chama de “IA Generativa” e não “IA GERATIVA”?

A palavra gerativa não é novidade. Existe há décadas na linguística, onde o pessoal sabe alguma coisa sobre palavras.

Mas estamos condenados a usar uma palavra mais comprida…

Another Python Lisbon Meetup in the books! Looking forward to the next one on May 7 👀

“All war is a symptom of man's failure as a thinking animal.”

— John Steinbeck

Incident Report: LiteLLM/Telnyx supply-chain attacks, with guidance - The Python Package Index Blog Python Package Index shares insights and provides guidance following LiteLLM/Telnyx supply-chain attacks

PSF Security developers have published incident reports on the LiteLLM & Telnyx #supplychain attacks. Read what happened, who's affected, and what developers & maintainers can do to prepare and protect themselves from future incidents. #security #python

Build a MIDI visualizer with NeoPixel LEDs and the PropMaker Feather RP2040 learn.adafruit.com/midi-neopixel-visualizer #3dprinting #adafruit youtu.be/Psfpvt8TXec

Accountability brings consequences.

And consequences are the only language corruption understands.

Money and political power do not outrank the Constitution.

They just need a wake up call and it’s coming at the midterms.👇

heads up: FreeBSD forums hacked. Be caeeful with your email or DMs coming from FreeBSD forum or freebsd{.}org for some time now.

https:// forums {.} freebsd {.} org/

#07 - PyLM Meetup at Técnico 🎓🐍, Thu, Apr 2, 2026, 7:00 PM | Meetup **Agenda:** * 25-minute talk: **Speed Up Your Startup Times with Lazy Imports** by [Anže Pečar](https://pecar.me/) * One or more lightning talks ⚡ * Socializing! **Join t

I'll be giving a talk about lazy imports at the next Python Lisbon Meetup!

See you there? 😀

www.meetup.com/python-lisb...

PEP 803: Stable ABI for Free-Threaded Builds (packaging thread) Hi @encukou , On behalf of the Steering Council, I am happy to share that PEP 803 has been approved. Congratulations, and thank you for your work on this PEP. We are particularly pleased to see this...

Happy to share that PEP 803 has been accepted.

A meaningful step toward Stable ABI for free threading in Python 3.15, with clear importance for C extension support.

discuss.python.org/t/pep-803-st...

pip supports this option, too via --min-release-age. Relative dependency cooldowns (e.g. "7 days" or "P7D") are coming in pip v26.1 which can be configured globally in your pip.conf

Relative “Dependency Cooldowns” in pip v26.0 with crontab WARNING: Most of this blog post is a hack, everyone should probably just wait for relative dependency cooldowns to come to a future version of pip. pip v26.0 added support for th...

A related blog post for those using pip, from @sethmlarson.dev:

sethmlarson.dev/pip-relative...

Our programme team wrapped up multiple rounds of reviews and sent out the CFP results for #EuroPython2026 last night! 🥳🇵🇱

🚨 Speakers!! Check your inbox and confirm your participation soon! 📥

We’re so excited to welcome you all to Kraków and can’t wait to see this year’s programme come alive 🤗

Guido van Rossum has decided to start a new project: interviewing "key Python developers from the first 25 years".

Here is the one he did with @snarky.ca, posted early this month (h/t @pycoders.com's latest newsletter).

#Python

[1/2]

gvanrossum.github.io/interviews/B...

Why pylock.toml includes digital attestations A Python project got hacked where malicious releases were directly uploaded to PyPI. I said on Mastodon that had the project used trusted publishing with digital attestations, then people using a pylo...

I said digital attestations and `pylock.toml` would have helped with the litellm attack. People asked for more details, so I wrote a blog post explaining why it would have helped.

snarky.ca/why-pylock-t...

With recent Python supply chain attacks (Trivy/LiteLLM), it’s worth mentioning uv’s `exclude-newer = "x days"` config.

It forces uv to only installs packages published more than x days ago, reducing risks since problematic packages should be yanked by then.

docs.astral.sh/uv/referenc...

Thoughts on slowing the fuck down Thoughts on slowing the fuck down

A voice of reason. mariozechner.at/posts/2026-0...