488 episodes
- Topics covered in this episode:
dust - a better du
Hermes Agent: The AI agent that grows with you
llm-coding-agent 0.1a0
Extras
Joke
Watch on YouTube
About the show
Sponsored by us! Support our work through:
Our courses at Talk Python
Consulting from Six Feet Up
Connect with the hosts
Michael: Mastodon / BlueSky / X / LinkedIn
Calvin: Mastodon / BlueSky / X / LinkedIn
Show: Mastodon / BlueSky / X
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesday at 7am PT. Older video versions available there too.
Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
Michael #1: dust - a better du
du + Rust = dust - a fast, visual, intuitive disk-usage CLI
Run dust and immediately see the biggest directories and files without piping through sort, head, or awk
Smart recursive output focuses on what matters instead of dumping every folder
Colored bars show relative size and parent/child hierarchy, making “where did the space go?” obvious
Perfect for Python projects bloated by .venv, caches, Docker volumes, downloaded datasets, and local AI models
Install via brew, cargo install du-dust, conda-forge, Scoop, Snap, deb-get, or GitHub releases
Calvin #2: A Way better ARchive format for Python packaging
war - new archive format spec from Astral (same team as uv/ruff), v0.0.2, still no binary encoding defined yet
Header-Index-Store layout: header IDs the file, index maps names to store offsets, store holds compressed data
Index uses a finite-state transducer (FST) to dedupe common path prefixes across entry names
Supports three entry types (file, directory, link) and three compression modes (store/DEFLATE/zstd), plus an "executable" metadata flag
Unpacking is atomic - writes to a temp dir, then renames into place, so a failed extract never leaves a half-unpacked directory
Strict name-segment rules (no NUL/control chars, no leading/trailing whitespace, blocks Windows-reserved names like CON/PRN) to avoid path traversal and cross-platform footguns
Michael #3: Hermes Agent: The AI agent that grows with you
Hermes Agent is an open-source, Python-built AI agent framework from Nous Research - think ChatGPT-style assistant, but connected to your tools, files, shell, browser, calendar, memory, and messaging apps
I’m using it in Discord as a long-running agent conversation, not just a one-off chatbot session
Hermes can connect through a gateway to platforms like Discord, Telegram, Slack, WhatsApp, email, webhooks, and more - so the same assistant can follow you across surfaces
In my setup, I can send Hermes voice/text from Discord, keep project context across turns as threads, and ask it to actually do things: read GitHub repos, run commands, edit files, schedule calendar events, generate drafts, and verify results
A fun workflow: I can trigger one-shot actions from an Apple Watch shortcut - dictate a request, send it to Hermes, and have the agent execute it asynchronously
Hermes has persistent memory, so it can remember durable preferences and facts - for example, how I like my research formatted
It also has “skills,” which are reusable procedures the agent can load later, so Hermes can self-improve over time instead of rediscovering the same workflow repeatedly
It supports scheduled jobs / cron-style automations, so it can proactively watch for releases, send summaries, run checks, or remind you about things
It’s provider-agnostic: OpenRouter, Anthropic, Google, xAI, local models, Nous Portal, and others
The big idea: Hermes turns an LLM from “a chat box I visit” into “an agent I can reach from anywhere that knows my workflows and can take real actions and learns over time.”
Calvin #4: llm-coding-agent 0.1a0
Simon Willison built a Claude/Codex-style coding agent on top of his llm library, using an alpha of the llm package plus his python-lib-template-repo
Built almost entirely via prompted TDD - asked an agent to write a spec.md, then commit + implement with red/green tests, occasionally hitting a real OpenAI key to sanity-check
Shipped to PyPI as an alpha: uvx --prerelease=allow --with llm-coding-agent llm code
Tool set mirrors familiar coding-agent primitives: read_file, edit_file (exact string replace + diff), write_file, list_files, search_files, execute_command
Also exposes a Python API - CodingAgent(model="gpt-5.5", root=..., approve=True).run(...) - which Simon didn't ask for but got anyway
Demo: llm code --yolo told GPT-5.5 to build a SwiftUI CLI clock; model correctly noted SwiftUI isn't really CLI-friendly and still produced an ASCII-art time display
Extras
Calvin:
Slides, but for developers https://sli.dev/
Wanna reduce your token usage…. only issue is that its lossy https://github.com/teamchong/pxpipe
PEP 772 - Python Packaging Council inaugural election dates set, nominations open July 28, voting September 1-15
Michael:
What the pls? revisited!
Joke: Min requirements for Linux - Topics covered in this episode:
Free-threaded Python: past, present, and future
django-admin-site-search
Qwen 3.6 27B is the sweet spot for local development
A large batch of PEPs are finalized
Extras
Joke
Watch on YouTube
Show Intro
Sponsored by us! Support our work through:
Our courses at Talk Python
Consulting from Six Feet Up
Connect with the hosts
Michael: Mastodon / BlueSky / X / LinkedIn
Calvin: Mastodon / BlueSky / X / LinkedIn
Show: Mastodon / BlueSky / X
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesday at 7am PT. Older video versions available there too.
Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
Calvin #1: Free-threaded Python: past, present, and future
The GIL has prevented true multi-threaded parallelism in CPython since the beginning — multiple past attempts to remove it failed on performance grounds
Sam Gross at Meta finally solved it; his work became PEP 703 and ships as free-threaded CPython today
Python 3.13 was experimental with 20–40% single-threaded slowdown; 3.14 brought that to 0–10%
Python 3.15 (October 2026) delivers a unified ABI — one extension binary works on both GIL and free-threaded builds
Already >50% of the top PyPI binary wheels support free threading
Wouters predicts free-threaded becomes the default between 3.16–3.20 (2027–2031), with the GIL eventually disappearing next decade
Michael #2: django-admin-site-search
via Adam Parkin
A global/site search modal for the Django admin, by Ahmed Aljawahiry. Hit cmd+k anywhere in the admin and you get a command-palette-style search window, kind of like the one in VS Code.
It doesn't just search one model's list page. It searches your entire site in one box:
App labels
Model labels and field attributes
Actual model instances (your data)
Two ways to search the instances:
model_char_fields (the default): runs an __icontains across every CharField (and subclasses) on the model. Zero config, works out of the box.
admin_search_fields: defers to each ModelAdmin's existing get_search_results(), so it respects the search_fields you've already set up.
The part I like: it's permission-aware out of the box. Users only see results for the apps and models they actually have view permission on, so you're not leaking anything through search.
Results appear as you type, with throttling/debouncing so you're not hammering the server on every keystroke, and it's full keyboard nav: cmd+k to open, up/down to move, enter to go.
It's responsive, does dark and light mode, and it pulls Django's built-in admin CSS variables so it just matches whatever admin theme you're running.
Under the hood it's Alpine.js, but bundled into static so there's no external CDN dependency.
Setup is about what you'd expect: pip install django-admin-site-search, add it to INSTALLED_APPS, mix the AdminSiteSearchView into your AdminSite, and drop a few template includes into base_site.html.
Supports Python 3.8 through 3.14 and Django 3.2 through 6.0, MIT licensed, and everything is overridable if you want to skip certain models, add TextField matching, etc.
Calvin #3: Qwen 3.6 27B is the sweet spot for local development
Qwen 3.6 27B is being called the first local model that genuinely competes as a general-purpose intelligence — benchmarks put it at roughly mid-2025 frontier level (comparable to GPT-5 / Claude Sonnet 4.5)
Runs locally via llama.cpp; on an M5 MacBook Max with 8-bit quantization + multi-token prediction, it hits ~32 tokens/sec using ~42GB RAM
4-bit quantization gets it under 18GB, runnable on 32GB devices; Nvidia RTX cards run it even faster
The dense 27B is recommended over the faster MoE 35B A3B — author prefers higher quality output over raw speed
Privacy and reliability are the pitch: fine-tunable, can't be taken down, suitable for sensitive/proprietary data
Author sees this as a stepping stone — frontier open-weight models like GLM 5.2 are now locally runnable with company-grade hardware, and smarter-still local models are coming
Michael #4: A large batch of PEPs are finalized
A bunch of PEPs went from accepted to final.
668, 687, 691, 699, 701, 703, 728, 770, 773, 829
But this wasn’t them making their way into CPython. It’s an admin sorta thing. (Thanks PyCoders)
See the commit.
Extras
Calvin:
More fun bling for your terminal this time - https://charm.land/
Michael:
Follow up from pls, What the pls? Thanks Pito.
Joke: BEMoji
A production-grade utility and component framework built entirely on emoji class names
via Jeff Triplett - Topics covered in this episode:
Backup Docker volumes locally or to any S3
Pyodide 314.0 Release
nb-cli: A Command-Line Interface for AI Agents and Notebook Automation
Hindsight Agent Memory That Learns
Extras
Joke
Watch on YouTube
About the show
Sponsored by us! Support our work through:
Our courses at Talk Python
AWS Community Day Midwest tomorrow Wednesday the 24th in downtown Indianapolis, Six Feet Up is sponsoring and there are 2 Sixies presenting
Connect with the hosts
Michael: Mastodon / BlueSky / X / LinkedIn
Calvin: Mastodon / BlueSky / X / LinkedIn
Show: Mastodon / BlueSky / X
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesday at 7am PT. Older video versions available there too.
Finally, if you want an bonus digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
Michael #1: Backup Docker volumes locally or to any S3
Via Bryan Weber (thanks Bryan!), who spotted it over on Virtualization HowTo. Find Bryan at bryanwweber.com.
offen/docker-volume-backup is a lightweight companion container that backs up the volumes your apps actually depend on, then ships them somewhere safe.
It's tiny: written in Go and about 25MB compressed, roughly 1/20th the size of the shell-based image (jareware/docker-volume-backup) that inspired it.
Drop it into your docker compose file as a backup service, mount the volumes you care about as read-only, and you're off.
Push backups to a pile of destinations: a local directory, plus any S3, WebDAV, Azure Blob Storage, Dropbox, Google Drive, or SSH-compatible target. Mix and match as many as you want in one run.
Recurring cron-style backups in a Compose setup, or one-off backups straight from the Docker CLI.
Production-friendly touches worth calling out:
Rotates away old backups so you don't quietly fill the disk.
GPG encryption for your archives.
Notifications on finished and failed runs (so you find out about failures before you need the backup).
Stop a container during backup for a consistent snapshot using a simple docker-volume-backup.stop-during-backup=true label, then auto-restart it.
Run custom commands during the backup lifecycle (great for a database dump before the file copy).
Docker Swarm support, plus arm64 and arm/v7 builds. Hello, Raspberry Pi homelab.
Fun aside from Bryan: he searched our back catalog for this tool and the search came back so fast he thought it hadn't run. Love to hear it.
Calvin #2: Pyodide 314.0 Release
PEP 783 is the real news — Pyodide maintainers used to hand-build 300+ packages. Now anyone can publish Pyodide wheels to PyPI with cibuildwheel.
The version jump from 0.29 to 314.0 is intentional — it now tracks the Python version, so 314.x = Python 3.14. Binary compatibility is locked per Python cycle, meaning packages you build today won't break on the next Pyodide release.
sqlite3, ssl, and lzma are back in the default stdlib — no more await pyodide.loadPackage("sqlite3"). Bigger download, but a much smoother experience for newcomers.
bigint precision bug is fixed — values above 2^53 were silently losing precision when crossing the Python/JS boundary. The new JsBigInt type makes the roundtrip correct. Worth flagging if anyone is doing numeric work in a browser app.
Experimental TCP sockets in Node.js — you can now connect Pyodide to a real database (MySQL, PostgreSQL, Redis tested) when running server-side. Blurs the line between "Python in the browser" and "Python runtime anywhere Wasm runs."
Michael #3: nb-cli: A Command-Line Interface for AI Agents and Notebook Automation
From Piyush Jain (Jupyter and LangChain maintainer) on the Jupyter blog: nb-cli: A Command-Line Interface for AI Agents and Notebook Automation.
nb-cli is an experimental, Rust-based CLI to read, write, execute, and search Jupyter notebooks. The premise: agents are great at CLIs but terrible at hand-editing the nested JSON in an .ipynb, so let them operate on the notebook from the outside instead of running inside it.
Works with or without a Jupyter server. No server? It reads/writes .ipynb files directly and talks to kernels over ZeroMQ. Connected to a live JupyterLab, your edits show up instantly via Y.js (the same CRDT Jupyter uses).
Smart output format: instead of token-heavy JSON or ambiguous plain markdown, it uses @@cell / @@output sentinels with inline metadata. Less wasted context, unambiguous structure, and it degrades gracefully on truncation.
The payoff is composability. "Add a summary section and run it" becomes one shell pipeline instead of six agent tool calls. And nb search notebook.ipynb --with-errors returns only the failing cells, so the agent skips the cells that worked.
Claude Code tie-in: it ships as an agent skill. npx skills install jupyter-ai-contrib/nb-cli and your agent can drive notebooks via nb.
Out of jupyter-ai-contrib, which aims to become an official Jupyter AI subproject. Still early (crates.io is at v0.0.5), so kick the tires before anything load-bearing.
See also marimo-pair.
Calvin #4: Hindsight Agent Memory That Learns
AI agents forget everything between sessions — Hindsight gives them persistent memory that learns over time
Simple three-method API: retain(), recall(), reflect() — store, retrieve, and reason over memories
TEMPR retrieval runs semantic, keyword, graph, and temporal search in parallel for accurate results
Automatically consolidates related facts into durable observations instead of piling up duplicates
pip install hindsight-all runs the entire server in-process; integrates with LangChain, LlamaIndex, Pydantic AI, CrewAI, and more
Extras
Calvin:
Clanker: A Word For The Machine
**Ponytail — You know him. Long ponytail. Oval glasses. Has been at the company longer than the version control**
**Klangk: Multi-User AI Sandboxing, Collaboration and Coding Platform**
Cursor announces Origin
performative-ui to quick start your new idea
Michael:
Astral Joins OpenAI: The Interview
SpaceX to acquire Cursor
And OpenAI renews Open Source support
Portuguese subtitles are now available for Talk Python courses
DSF is hiring including Six Feet Up support
Joke: Oh Babe… - Topics covered in this episode:
pi + superpowers
Terminal: Warp.dev + OhMyZSH
{Blink,kitty} + mosh + tmux
Claude code
MacWhisper or Handy
Tailscale
Extras
Joke
Watch on YouTube
About the show
Sponsored by us! Support our work through:
Our courses at Talk Python Training
Six Feet Up is hosting a LinkedIn Live
Connect with the hosts
Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)
Calvin: @calvinhp@sixfeetup.social / @calvinhp.com (bsky)
Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky)
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesday at 7am PT. Older video versions available there too.
Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
Calvin #1: pi + superpowers
terminal-first, open-source coding agent
Session management is a first-class citizen
Extension model is what makes pi special — it's aggressively composable
Superpowers brings a structured software development methodology as loadable skills
Steps back and asks you what you're really trying to do
“hand you the keys to the car” mode vs guardrails might not be for everyone
Michael #2: Terminal: Warp.dev + OhMyZSH
If you’re using the base terminal with default settings, you have so much head-room for improvement.
I’ve been using Warp.dev since Elvis talked me into it. ;)
Remarkable terminal but the AI side of things is a bit junky, can be turned off
OhMyZSH gives better autocomplete
e.g. git branch [HTML_REMOVED] lists all branches in the local repo!
Commandbookapp.com is excellent to keep the terminal focused on terminal things and more server commands and other automation in Command Book.
Calvin #3: {Blink,kitty} + mosh + tmux
Kitty Terminal — GPU-accelerated terminal emulator for macOS, Linux, and Windows with support for graphics, ligatures, and a powerful tiling layout system built right in.
Blink Shell — The go-to terminal for iPad/iPhone power users; full SSH and Mosh client with a gorgeous interface built specifically for mobile professional workflows.
Mosh — Mobile Shell replaces SSH for remote connections, surviving network switches, sleep cycles, and flaky Wi-Fi with zero dropped sessions — essential for staying connected to long-running agentic jobs.
tmux — Terminal multiplexer that keeps sessions alive on your Linux server indefinitely; detach from a Mosh session on your Mac, reconnect from your iPad, and your agent is right where you left it.
The combo — Kitty or Blink + Mosh + tmux creates a "persistent remote brain" pattern: your beefy Linux homelab runs the compute-heavy agent sessions 24/7, and any device becomes a thin client to drop in and out at will.
Michael #4: Claude code
I prefer the IDE experience, the new PyCharm + Claude integration is really good. VS Code too. Why IDE? Because we should still be present with our code and managing context is much easier.
Use the best/latest models on high thinking. “Speed” is not your friend, it’s just shortcuts.
Create skills and agents and use them.
Curate your own rules (e.g. Talk Python’s Claude.md)
Works well on non-coding things. Just create a folder, put a ton of files in there and it’s like NotebookLM + Chat + more.
Calvin #5: MacWhisper or Handy
Transcribes your speech using your choice of Whisper or Parakeet models.
All transcription is done on your device, no data leaves your machine.
Automatic Speaker Recognition with local models.
Handy is more basic, but open source and runs on all platforms.
Michael #6: Tailscale
No need to open ports at all, Tailscale makes machines inside the same network accessible to each other
Works great for laptops, desktops, etc. But also available for servers.
Though I still use cloud firewalls for servers.
How I use it:
My dev database server, preloaded with QA data, is always running on my home mac mini m4 pro. All my apps look for that server before looking locally and tailscale makes them always accessible to each other
My local LLMs expose OpenAI API compatible APIs. Tailscale makes these accessible even while traveling or at a coffee shop.
Use my mini as an exit node. All traffic is routed outbound from my local fiber network. Great to restricted IPs like accessing my servers without caring about the local IP.
Screen share back to my home machines even while traveling.
Listen to the Talk Python episode with Alex for a deeper conversation.
Extras
Calvin:
Telescopo great Mac Markdown viewer/editor.
Michael:
One more: Typora markdown editor.
Created formal documentation for many of my open source packages using Great Docs.
Via Mark Little: Statement on the US government directive to suspend access to Fable 5 and Mythos 5
Joke: No second date - Topics covered in this episode:
Vulnerability and malware checks in uv
HTTP GET requests with the Python standard library
Millions of AI agents imperiled by critical vulnerability in open source package
alembic-git-revisions
Extras
Joke
Watch on YouTube
About the show
Goodbye and Thanks Brian
Thanks Calvin for being part of this and future episodes! Also new time for the live show. Thanks Brian for all the hard work over the years.
Calvin #1: Vulnerability and malware checks in uv
release just yesterday by Astral https://astral.sh/blog/uv-audit
uv audit scans dependencies for known vulnerabilities and abandoned packages via the OSV database — runs 4–10x faster than pip-audit
Malware check runs on every install/sync, catching actively malicious packages (credential stealers, etc.) before they execute — including ones PyPI quarantined but lockfiles can still reference
Enable malware scanning with UV_MALWARE_CHECK=1 — it's opt-in and in preview
Future roadmap includes a resolver that steers toward vulnerability-free versions and install-time warnings scoped to newly added deps only
Michael #2: HTTP GET requests with the Python standard library
If you’re doing HTTP in Python, you’re probably using one of three popular libraries: requests, httpx, or urllib3.
There have been issues with httpx lately.
Niquest is another option: Drop-in replacement for Requests. Automatic HTTP/1.1, HTTP/2, and HTTP/3. WebSocket, and SSE included.
But maybe less is more, especially in the age of agentic AI
A good candidate needs two things to be true at once, not one: the used surface is small, and the behavior behind that surface is shallow.
Calvin #3: Millions of AI agents imperiled by critical vulnerability in open source package
"BadHost" (CVE-2026-48710) is a critical vulnerability in Starlette — the ASGI framework underlying FastAPI — with 325 million weekly downloads; also affects vLLM, LiteLLM, and most MCP server tooling
The exploit is trivial: injecting a single character into an HTTP Host header bypasses path-based authentication, and can lead to credential theft, SSRF, and in some cases remote code execution
MCP servers are a prime target since they store credentials for external services (email, databases, cloud accounts) — exposed data in the wild includes biopharma clinical trial DBs, full mailboxes, HR/PII pipelines, and AWS topology
Fix is available — patch to Starlette 1.0.1 immediately; use the free scanner at mcp-scan.nemesis.services to check if your servers are still running a vulnerable version
Open source sustainability footnote: the maintainer triages near-daily security reports solo, in his free time — most are AI-generated noise, and real ones like this still compete for the same evenings and weekends
Michael #4: alembic-git-revisions
By Julien Danjou from Mergify
Automatic Alembic migration chaining based on git commit history. No more Multiple head revisions are present for given argument 'head'.
See the introductory article
Caused by two migrations landed with the same down_revision, and Alembic doesn’t know which one comes first. The fix is always the same: someone manually edits the migration file to re-chain the revisions.
The insight: git already knows the order
Extras
Calvin:
GNU make can do pattern matching in the target. Not new at all, mentioned in the 1994-era docs. just and task don’t have this super power on the target name yet.
train-%:
uv run ./train.py $* --save-hyper-params --overwrite $(TRAIN_ARGS)
Michael:
Updated my HTTP client using packages from httpx to httpx2: listmonk, umami, and memberful. For motivation, see this reddit thread.
Joke: Accurate
More News podcasts
Trending News podcasts
About Python Bytes
Python Bytes is a weekly podcast hosted by Michael Kennedy and Calvin Hendryx-Parker. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
Podcast websiteListen to Python Bytes, The News Agents and many other podcasts from around the world with the radio.net app

Get the free radio.net app
- Stations and podcasts to bookmark
- Stream via Wi-Fi or Bluetooth
- Supports Carplay & Android Auto
- Many other app features
Get the free radio.net app
- Stations and podcasts to bookmark
- Stream via Wi-Fi or Bluetooth
- Supports Carplay & Android Auto
- Many other app features


Python Bytes
Scan code,
download the app,
start listening.
download the app,
start listening.

























