NPM is the other major source of issues (congrats for now, `cargo`!), and TIL that NPM is A) a for-profit startup (??) and B) acquired by Microsoft (????). In that light, this gift seems even more important, as it may help ensure that relative funding differences going forward don’t make PyPi an outsized target!
(Also makes me wonder if they still have a Microsoft employee running the PSF… always thought that was odd.)
AFAIU the actual PSF development team is pretty small and focused on CPython (aka language internals), so I’m curious how $750,000/year changes that in the short term…
EDIT: there’s a link below with a ton more info. This gift augments existing gifts from Amazon, Google, Microsoft, and Citi, and they soft-commit to a cause:
Planned projects include creating new tools for automated proactive review of all packages uploaded to PyPI, improving on the current process of reactive-only review. We intend to create a new dataset of known malware that will allow us to design these novel tools, relying on capability analysis.For example, Wikimedia just recently claimed that they can’t chase some political project that critics wanted them to because most of their funds are earmarked-for/invested-in specific projects. So it does happen with US-based tech non-profits to at least some extent.
> $1.5 million over two years would have been quite a lot of money for us, and easily the largest grant we’d ever received.
https://www.fordfoundation.org/learning/library/research-rep...
The hippies writing that software may not be compensated at the level you'd expect given the value they provide, but they'll never go hungry.
[1] LLVM and Linux get more cash than they can spend. GNU stuff is comparatively impoverished because everyone assumes they'd do it for free anyway. Stuff that ships on a Canonical desktop or RHEL default install gets lots of cash but community favorites like KDE need to make their own way, etc... Also just to be clear: node is filled with povertyware and you should be extremely careful what you grab from npm.
"almost" is the load bearing word here, and/or a weasel word. Define what an "economically important project" is.
> Also just to be clear: node is filled with povertyware and you should be extremely careful what you grab from npm.
Is "povertyware" what we call software written by people and released for free now?
If you missed it, they bought Bun a while back, which is what Claude Code is built in: https://bun.sh/blog/bun-joins-anthropic
We should applaud their donation today, and at another time assess the meager contributions of many companies that should be shamed.
I find these matters are often more complex than I can understand from a headline but this feels like Anthropic bailed out the PSF because PSF is making bad management decisions, and bailing them out might be a bad long-term play.
simianwords•1h ago
reactordev•59m ago
simianwords•51m ago
shadowgovt•38m ago
It's pretty great, because you can run it in debug mode where it will assert-fail if your static type assertions are violated, or in optimized mode where those checks (and the code to support multiple types in a variable) go away and instead the program just blows up like a C program with a bad cast does.
__MatrixMan__•19m ago
alex_suzuki•29m ago
danielbln•58m ago
simianwords•54m ago
maleldil•46m ago
simianwords•23m ago
solumunus•14m ago
shadowgovt•42m ago
For a lot of the business world, code flexibility is much more important than speed because speed is bottlenecked not on the architecture but on the humans in the process; your database queries going from two seconds to one second matters little if the human with their squishy eyeballs takes eight seconds to digest and understand the output anyway. But when the business's needs change, you want to change the code supporting them now, and types make it much easier to do that with confidence you aren't breaking some other piece of the problem domain's current solution you weren't thinking about right now (especially if your business is supported by a team of dozens to hundreds of engineers and they each have their own mental model of how it all works).
Besides... Regarding performance, there is a tiny hit to performance in Python for including the types (not very much at all, having more to do with space efficiency than runtime). Not only do most typed languages not suffer performance hindrance from typing, the typing actually enables their compilation-time performance optimizations. A language that knows "this variable is an int and only and int and always an int" doesn't need any runtime checks to confirm that nobody's trying to squash a string in there because the compiler already did that work by verifying every read and write of the variable to ensure the rules are followed. All that type data is tossed out when the final binary gets built.
lambdaone•57m ago
simianwords•55m ago
lambdaone•49m ago
__MatrixMan__•28m ago
pantsforbirds•51m ago
exceptione•53m ago
shadowgovt•40m ago
pansa2•52m ago
shadowgovt•47m ago
I can name an absolute handful of languages I've used that have that flexibility. Common LISP comes to mind. But in general you get one or the other option.
pansa2•28m ago
It’s also a worst-of-both-worlds arrangement, in that you have to do the extra work to satisfy the type checker but don’t get the benefits of a compiled language in terms of performance and ease-of-deployment, and only partial benefits in terms of correctness (because the type system is unsound).
AFAIK the Dart team felt this way about optional typing in Dart 1.x, which is why they changed to sound static typing for Dart 2.
embedding-shape•45m ago
That's not like a widespread/by-default/de-facto standard across the ecosystem, by a wide margin. Browse popular/trending Python repositories and GitHub sometime and I guess you can see.
Most of the AI stuff released is still basically using conda or pip for dependencies, more times than not, they don't even share/say what Python version they used. It's basically still the wild west out there.
Never had anyone "frown" towards me for not using MyPy or any typechecker either, although I get plenty of that from TS fans when I refuse to adopt TS.
pansa2•36m ago
I’ve seen it many times. Here’s one of the more extreme examples, a highly-upvoted comment that describes not using type hints as “catastrophically unprofessional”:
https://www.reddit.com/r/Python/comments/1iqytkf/python_type...
embedding-shape•32m ago
Don't read stuff on reddit and use whatever you've "learned" there elsewhere, because it's basically run by moderators who try to profit of their communities these days, hardly any humans left on the subreddits.
shadowgovt•35m ago
Python typed or untyped feels like a taste / flexibility / prototyping tradeoff; TypeScript vs. JavaScript feels like "Do you want to get work done or do you want to wrap barbed wire around your ankle and pull?" And I say this as someone who will happily grab JS sometimes (for <1,000 LOC projects that I don't plan to maintain indefinitely or share with other people).
Plus, TypeScript isn't a strict superset of JavaScript, so choice at the beginning matters; if you start in JS and decide to use TS later, you're going to have to port your code.
embedding-shape•18m ago
> TypeScript helps paper over like 90% of the holes in JavaScript
Always kind of baffles me when people say this, how are you actually programming where 90% of the errors/bugs you have are related to types and other things TS addresses? I must be doing something very different when writing JS because while those things happen sometime (once or twice a year maybe?), 90% of the issues I have while programming are domain/logic bugs, and wouldn't be solved by TS in any way.
__MatrixMan__•24m ago
If you're working on a project that doesn't use type hints, there's also plenty of frowning, but that's just because coding without a type checker is kind of painful.
embedding-shape•20m ago
Yeah, that obviously makes sense, not following the code guidelines of a project should be frowned upon.
desireco42•48m ago
minimaxir•6m ago
oefrha•46m ago