Executing arbitrary Python code from a comment
The article explains how, in a CTF challenge, seemingly harmless Python code that only allows user input in a comment can actually be exploited for arbitrary code execution by constructing a valid ZIP file within the comment and leveraging Python's ability to run ZIP archives. By carefully crafting an ASCII-safe ZIP archive (with a main.py), even restrictive single-line comments can trig...
https://www.hacktron.ai/blog/posts/python-zip-confusion
The article explains how, in a CTF challenge, seemingly harmless Python code that only allows user input in a comment can actually be exploited for arbitrary code execution by constructing a valid ZIP file within the comment and leveraging Python's ability to run ZIP archives. By carefully crafting an ASCII-safe ZIP archive (with a main.py), even restrictive single-line comments can trig...
https://www.hacktron.ai/blog/posts/python-zip-confusion
Hacktron Blog
Executing arbitrary Python code from a comment
Can you execute arbitrary Python code from only a comment? We explore how Python's overzealous ZIP file detection can lead to unexpected code execution vulnerabilities when well-escaped user input is injected into comments or string literals in Python source…
Enterprise AI Tutorial – Embeddings, RAG, and Multimodal Agents Using Amazon Nova and Bedrock
Amazon Nova’s course teaches Embeddings, RAG, Multimodal Models, and Agents using tools like Bedrock, LangChain, and Titan Embeddings to build real-world AI applications. You’ll learn to automate workflows like insurance claims by integrating Bedrock Agents and Knowledge Bases for smarter, faster customer service.
https://www.youtube.com/watch?v=HaUe2AN210g
Amazon Nova’s course teaches Embeddings, RAG, Multimodal Models, and Agents using tools like Bedrock, LangChain, and Titan Embeddings to build real-world AI applications. You’ll learn to automate workflows like insurance claims by integrating Bedrock Agents and Knowledge Bases for smarter, faster customer service.
https://www.youtube.com/watch?v=HaUe2AN210g
YouTube
Enterprise AI Tutorial – Embeddings, RAG, and Multimodal Agents Using Amazon Nova and Bedrock
Learn all about Embeddings, RAG, Multimodal Models, and Agents with Amazon Nova. This course covers AI engineering, covering a ton of technologies from Amazon Tian Text Embeddings to LangChain integration with Amazon Bedrock.
You'll build an end-to-end…
You'll build an end-to-end…
Design patterns you should unlearn in Python
https://www.lihil.cc/blog/design-patterns-you-should-unlearn-in-python-part1/
https://www.lihil.cc/blog/design-patterns-you-should-unlearn-in-python-part1/
www.lihil.cc
Design Patterns You Should Unlearn in Python-Part1 | Lihil
image-1.jpg
Uvify
Turn python repositories to environments and oneliners with uv python manager, without diving into the code.
https://github.com/avilum/uvify
Turn python repositories to environments and oneliners with uv python manager, without diving into the code.
https://github.com/avilum/uvify
GitHub
GitHub - avilum/uvify: Turn python repositories to environments and oneliners with uv python manager, without diving into the code.
Turn python repositories to environments and oneliners with uv python manager, without diving into the code. - avilum/uvify
From Async/Await to Virtual Threads
Armin Ronacher revisits his earlier critique of async/await in Python, arguing for a simpler and more composable concurrency model built around structured, virtual threads that avoid colored functions and simplify cancellation and context passing. He proposes rethinking Python’s concurrency by embracing thread-first APIs with virtual thread groups, which can yield, cancel, and propagate ...
https://lucumr.pocoo.org/2025/7/26/virtual-threads/
Armin Ronacher revisits his earlier critique of async/await in Python, arguing for a simpler and more composable concurrency model built around structured, virtual threads that avoid colored functions and simplify cancellation and context passing. He proposes rethinking Python’s concurrency by embracing thread-first APIs with virtual thread groups, which can yield, cancel, and propagate ...
https://lucumr.pocoo.org/2025/7/26/virtual-threads/
Armin Ronacher's Thoughts and Writings
From Async/Await to Virtual Threads
A follow-up to how I wish async would work.
QwenLM / Qwen3
Qwen3 is the large language model series developed by Qwen team, Alibaba Cloud.
https://github.com/QwenLM/Qwen3
Qwen3 is the large language model series developed by Qwen team, Alibaba Cloud.
https://github.com/QwenLM/Qwen3
GitHub
GitHub - QwenLM/Qwen3: Qwen3 is the large language model series developed by Qwen team, Alibaba Cloud.
Qwen3 is the large language model series developed by Qwen team, Alibaba Cloud. - QwenLM/Qwen3
I built an offline, open‑source desktop Pixel Art Editor in Python
https://github.com/danterolle/tilf
https://github.com/danterolle/tilf
GitHub
GitHub - danterolle/tilf: Tilf (Tiny Elf) is a simple yet powerful pixel art editor built with PySide6. It’s designed for creating…
Tilf (Tiny Elf) is a simple yet powerful pixel art editor built with PySide6. It’s designed for creating sprites, icons, and small 2D assets with essential drawing tools, live preview, undo/redo, a...
PyPI: Preventing ZIP parser confusion attacks on Python package installers
https://blog.pypi.org/posts/2025-08-07-wheel-archive-confusion-attacks/
https://blog.pypi.org/posts/2025-08-07-wheel-archive-confusion-attacks/
blog.pypi.org
Preventing ZIP parser confusion attacks on Python package installers - The Python Package Index Blog
PyPI will begin warning and will later reject wheels that contain differentiable ZIP features or incorrect RECORD files.
Forget metaclasses; Python’s `__init_subclass__` is all you really need
https://www.reddit.com/r/Python/comments/1mevs3i/forget_metaclasses_pythons_init_subclass_is_all/
https://www.reddit.com/r/Python/comments/1mevs3i/forget_metaclasses_pythons_init_subclass_is_all/
Reddit
From the Python community on Reddit
Explore this post and more from the Python community
HRT's Python Fork: Leveraging PEP 690 for Faster Imports
https://www.hudsonrivertrading.com/hrtbeat/inside-hrts-python-fork/
https://www.hudsonrivertrading.com/hrtbeat/inside-hrts-python-fork/
Hudson River Trading
Inside HRT’s Python Fork: Leveraging PEP 690 for Faster Imports
At HRT, we’ve found that centralizing our codebase facilitates cross-team collaboration and rapid deployment of new projects. Therefore, the majority of our software development takes place in a monorepo, and our Python ecosystem is set up such that internal…
joinly
Build personalized, conversational meeting agents in minutes
https://github.com/joinly-ai/joinly
Build personalized, conversational meeting agents in minutes
https://github.com/joinly-ai/joinly
GitHub
GitHub - joinly-ai/joinly: Make your meetings accessible to AI Agents
Make your meetings accessible to AI Agents. Contribute to joinly-ai/joinly development by creating an account on GitHub.