Python Community News

Python Community News Weekly Brief for the week of 28 October 2022.

For more news and information, visit https://pythoncommunitynews.com.

Creators & Guests

Host
Jon Banafato
Python Developer and Conference Organizer

What is Python Community News?

This is a weekly look at the news around and impacting the Python Community. Hear from experienced Conference Organizer Jon Banafato and community organizer and advocate Jay Miller about upcoming events and how the latest in Python news may affect Pythonistas around the globe.

Welcome to Python Community News.

This is the Weekly Brief for the week ending October 28th, 2022.Python 3.11 is now available. The release is the first in a series of released designed to make Python up to five times faster.

Notable Features include:

Exception groups and a new except* syntax
Support for Parsing TOML in the Standard Library
and - many additions to typing and the type library

The release is available in most downloading channels including: Python.org, the Windows Store, Homebrew, Linux Repositories, and Pyenv.

Microsoft's Dev Kit, announced under the code name Volterra is available for order today. This device was designed to create a simplified development process for ARM64 Development and enables developers to build apps using its NPU hardware to accelerate AI/ML workloads, delivering AI-enhanced features & experiences without compromising app performance.

Python 3.11 is the first version to have dedicated installations for Windows ARM and maintainers are hoping to see increased adoption among maintainers.

The device is available for $599USD on the Microsoft Online Store in Australia, Canada, China, France, Germany, Japan, the United Kingdom and the United States.

Disclaimer: Jay, one of the shows hosts, works for MicrosoftThe last day to create a pull request counting toward Hacktoberfest is October 31st. Pull requests created before the month ends will count toward the promotion and potentially qualify contributors to receive a tree planted in their name or a Hacktoberfest 2022 t-shirt.The PyCon US organizers have released new Health and Safety Guidelines for PyCon US 2023. The Conference requirements will be:

Vaccines against COVID19
Masks indoors except when eating

The conference also promises refunds to people showing COVID-like symptoms up to a week prior to the event. Last years post event survey revealed:

12 people reported directly to to organizers they had tested positive for COVID-19 either during or following the event. 16 responded through the survey they tested positive. It can not be determined if any of the 16 were also part of the 12 that contacted us directly.

PyCon US is the Python community's largest conference and will one of the most travelled events around the globe.DjangoCon US has posted its 2022 Code of Conduct transparency report. This report is published after each DjangoCon US conference, anonymously detailing code of conduct reports made to the code of conduct committee.

The Public Health Pledge website has launched, calling on conference participants to limit their participation to events that follow specific precautions related to public health and the Covid-19 pandemic. The pledge website launches following a series of events changing their Covid-19 policies shortly before they're scheduled to begin. The website states that a guide for event organizers will follow.Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.

According to the technical paper from the researchers, the possibility of getting infected with malware instead of obtaining a PoC could be as high as 10.3%, excluding proven fakes and prankware.

Soufian believes that all testers should follow these three steps:

Read carefully the code you are about to run on your or your customer's network.
If the code is too obfuscated and needs too much time to analyze manually, sandbox it in an environment (ex: an isolated Virtual Machine) and check your network for any suspicious traffic.
Use open-source intelligence tools like VirusTotal to analyze binaries.

The researchers have reported all the malicious repositories they discovered to GitHub, but it will take some time until all of them are reviewed and removed, so many still remain available to the public.

That's all for this week.

For more insight and thoughts on each of these topics, our full-length episode will be released on Saturday on the same feed, or you can watch the replay of our livestream on our Youtube Channel.

Join us for the live stream every Friday at 3PM US Pacific Time / 6PM US Eastern time.

You can also follow us on Twitter for news and updates on the show. To share topics you'd like us to cover, send it to us via GitHub Issues. For links to this and more, visit pythoncommunitynews.comYou've been listening to Jon Banafato, and this has been the Python Community News Brief.