Python Debugging with PyStack and PyPI Security Updates

Advanced Python Debugging with PyStack

In this episode, we dive into PyStack, a powerful tool that uses "forbidden magic" to help developers inspect stack frames of running Python processes or core dumps. This is especially useful for diagnosing hangs, deadlocks, and performance issues in production without requiring code changes.

Key Features of PyStack

• Cross-Language Support: It inspects intertwined calls across Python, C, C++, and Rust.
• Non-Invasive: It can analyze running processes in memory with minimal impact (optional pausing).
• Deadlock Detection: Easily identify if a thread is holding or waiting for the Global Interpreter Lock (GIL).
• PyTest Integration: It functions as a PyTest plugin to analyze tests that exceed a performance threshold.

"What PyStack does is it uses forbidden magic to let people inspect the stack frames of a running Python process... helping you quickly and easily learn what it's doing."

Security Enhancements for PyPI

We discuss the crucial initiative by the Python Package Index (PyPI) to mandate two-factor authentication (2FA) for all account holders by the end of 2023.

• All User Coverage: Unlike previous mandates for only the top 1% of packages, this now extends to every user who maintains a project or organization.
• Supply Chain Security: This is a direct response to rising threats against Python projects, aiming to fortify the software supply chain.

Propan: A Modern Async Message Framework

We explore Propan, a framework designed for building asynchronous services that interact with message brokers like RabbitMQ, Redis, Nats, and Kafka.

• Declarative Syntax: Uses decorators (e.g., @broker.handle) similar to FastAPI to define message handlers.
• Pydantic Integration: Leverages Pydantic base models for automatic message parsing and validation.
• Testability: Allows developers to test their application without needing to set up an external message broker.

Makefile Tips for Python Projects

Even in modern Python development, Makefiles remain highly relevant. We cover a set of best practices and templates including:
• Virtual Environment Management: Automating the creation and setup of virtual environments.
• Help Documentation: Using grep/awk to automatically generate help menus from side-comments.
• Strict Execution: Ensuring scripts fail immediately on errors and enforcing clean variable definitions.