• 0 Posts
  • 66 Comments
Joined 1 year ago
cake
Cake day: November 7th, 2023

help-circle


  • I moved all our projects (and devs) from poetry to uv. Reasons were poetry’s non standard pyproject.toml syntax and speed, plus some weird quirks, e. g. if poetry asks for input and is not run with the verbose flag, devs often don’t notice and believe it is stuck (even though it’s in the default project README).

    Personally, I update uv on my local machine as soon as a new release is available so I can track any breaking changes. Couple of months in, I can say there were some hiccups in the beginning, but currently, it’s smooth sailing, and the speed gain really affects productivity as well, mostly due to being able to not break away from a mental “flow” state while staring at updates, becoming suspicious something might be wrong. Don’t get me wrong, apart from the custom syntax (poetry partially predates the pyproject PEP), poetry worked great for us for years, but uv feels nicer.

    Recently, “uv build” was introduced, which simplified things. I wish there was an command to update the lock file while also updating the dependency specs in the project file. I ran some command today and by accident discovered that custom dependency groups (apart from e. g. “dev”) have made it to uv, too.

    “uv pip” does some things differently, in particular when resolving packages (it’s possible to switch to pip’s behavior now), but I do agree with the decisions, in particular the changes to prevent “dependency confusion” attacks.

    As for the original question: Python really has a bit of a history of project management and build tools, I do feel however that the community and maintainers are finally getting somewhere.

    cargo is a bit of an “unfair” comparison since its development happened much more aligned with Rust and its whole ecosystem and not as an afterthought by third party developers, but I agree: cargo is definitely a great benchmark how project and dependency management plus building should look like, along with rustup, it really makes the developer experience quite pleasant.

    The need for virtual environments exists so that different projects can use different versions of dependencies and those dependencies can be installed in a project specific location vs a global, system location. Since Python is interpreted, these dependencies need to stick around for the lifetime of the program so they can be imported at runtime. poetry managed those in a separate folder in e. g. the user’s cache directory, whereas uv for example stores the virtual environment in the project folder, which I strongly prefer.

    cargo will download the matching dependencies (along with doing some caching) and link the correct version to the project, so a conceptual virtual environment doesn’t need to exist for Rust. By default, rust links everything apart from the C runtime statically, so the dependencies are no longer neesed after the build - except you probably want to rebuild the project later, so there is some caching.

    Finally, I’d also recommend to go and try setting up a project using astral’s uv. It handles sane pyproject.toml files, will create/initialize new projects from a template, manages virtual environments and has CLI to build e. g. wheels or source distribution (you will need to specify which build backend to use. I use hatchling), but thats just a decision you make and express as one line in the project file. Note: hatchling is the build backend, hatch is pypa’s project management, pretty much an alternative to poetry or uv.

    uv will also install complete Python distributions (e. g. Python 3.12) if you need a different interpreter version for compatibility reasons

    If you use workspaces in cargo, uv also does those.

    uv init, uv add, uv lock --upgrade, uv sync, uv build and how uv handles tools you might want to install and run should really go a long way and probably provide an experience somewhat similar to cargo.



  • I agree. When I was talking about “processed food”, I was talking about food that has been processed too much, i. e. cooked to oblivion, loaded up with preservatives, artificial flavor, colors etc. to maximize profit by making it last longer, be more attractive / “tasteful” to the point of addiction (think chips) no matter the nutritional value.

    Food is of course processed even in the home kitchen, and there are processing methods that are totally fine (let’s say freezing, canning) and that have a long cultural tradition without adverse effects.

    However, I think it’s hard to dispute that industrially processed (fast) food, convenience food, snacks, super high calorie foods etc. are a real problem. I honestly also blame e. g. the expectation society has with respect to its workers who can’t necessarily afford (money, time) to regularly prep healthy food at home, given the schedule imposed on them.



  • Yeah, thanks, that comic was a little too black and white in 50% of the panels - acknowledging women’s rights and their role in society and abolishing child labor doesn’t mean that we did not process the shit out of food and invented the unholiest abominations as substitute for actual nourishment, or that it’s suddenly healthy to live in a concrete block after spending 10 hours in cloned cubicle #7.







  • It’s not like Bluetooth started demanding location permissions, the conceptual model of the permission was revised: having access Bluetooth means an app could determine your location via a form of lateration.

    In earlier versions of smartphone operating systems, this was not transparent to users lacking the technical background, so Bluetooth also requiring location access is actually an attempt at making users aware of that. I’m not an iOS developer, so I can’t comment on iPhones, but on Android versions prior to 11, having access to Bluetooth meant an app would be able to determine your location.

    Today, you can require the permission ACCESS_FINE_LOCATION, which expresses that your app might use Bluetooth to obtain location information on Android. Also, if you’re just scanning for nearby devices to connect your app to, but don’t want users to be confused why your smart fridge app needs to know your precise location, you can declare a permission flag (neverForLocation) and Android will strip beacon information from the scan results, better asserting your intentions.

    So, overall: no, there is nothing nefarious going on, it was always possible to determine your location via Bluetooth, and the update to the permission model was an honest improvement that actually benefits you as user.

    Now, there are still plenty of shady apps around, and apps that are poorly written - don’t use those.


  • scrion@lemmy.worldtoScience Memes@mander.xyzHoney
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    21 days ago

    honey bees are bad for pollinators

    Hm? What do you mean?

    From this paper:

    A. mellifera appears to be the most important, single species of pollinator across the natural systems studied, owing to its wide distribution, generalist foraging behaviour and competence as a pollinator.

    This is a genuine question btw.