Home

  • __init__.py files are optional. Here's why you should still use them

    If you’ve ever googled the question “Why do Python packages have empty __init__.py files?”, you could get the idea that Python packages wouldn’t work without them. This is a common misconception—they’ve been optional since Python 3.3! Why then, do most Python projects still have them?

  • Ten Python datetime pitfalls, and what libraries are (not) doing about it

    It’s no secret that the Python datetime library has its quirks. Not only are there probably more than you think; third-party libraries don’t address most of them! I created a new library to explore what a better datetime library could look like.

  • The curious case of Pydantic and the 1970s timestamps

    When parsing Unix timestamps, Pydantic guesses whether to interpret them in seconds or milliseconds. While this is certainly convenient and works most of the time, it can drastically (and silently) distort timestamps from a few decades ago.

  • Finding broken slots in popular Python libraries (and so can you!)

    Adding __slots__ to a class in Python is a great way to reduce memory usage. But to work properly, all base classes need to implement it. This is easy to forget and there is nothing warning you that you messed up. In popular projects, a few of these mistakes have laid undetected — until now!

  • Is your Python code vulnerable to log injection?

    Following the news on log4j lately, you may wonder if Python’s logging library is safe. After all, there is a potential for injection attacks where string formatting meets user input. Thankfully, Python’s logging isn’t vulnerable to remote code execution. Nonetheless it is still important to be careful with untrusted data. This article will describe some common pitfalls, and how the popular practice of logging f-strings could — in certain situations — leave you vulnerable to other types of attacks.