June meeting
Date: Monday, June 8th @ 7pm
Princeton Python Monthly: June 2026, AI series kick-off
Happy June!
Our next meeting is this Monday!
This meeting's opener will begin a series on AI fundamentals. These AI openers will be a bit longer, and will focus on critical concepts from the AI/LLM world.
The openers will still be code-centered, exploring each concept with a code demo. For the June meeting, we'll sample multiple concepts as the series kick-off,
then go deeper on individual concepts in future meeting openers. Openers will continue to demo new python language features as well.
After the code opener, we hear everyone's introductions/updates;
and finally our links, Python news and the usual mix of the latest tools, testing, and tutorials at https://www.princetonpy.org/next-meeting/.
And as always, your questions/ideas/doings are welcome--so join us!
Note our unchanging meeting url--use the Jitsi meeting link on our home page.
But first, check out AI Study Group this Sunday!
[plus 4th Wednesdays in-person at fubar labs]
events
sun07jun 2p AI Study Group [first sundays]
mon08jun 7p princetonpy meeting [second mondays]
info
The gathering links: https://www.princetonpy.org/next-meeting/
Fubar Labs calendar: https://fubarlabs.org/calendar/
links:
- An alternative to what seems to be the default search experience now, a big AI blurb you have to scroll past while it's loading up a prompt response just to see results:
- DuckDuckGo "No-AI" version
- Plugged before but worth mentioning:
- fish shell
- Mike started using this and likes it
- some great "out-of-the-box" features you usually have to piece together on your own
- A couple of Linux distros Mike installed on old laptops
- maybe placebo but things seem to be running smoother and less hot, is Ubuntu (and friends) just really bloated now?
- Void Linux
- this ones reminds me of Arch Linux
- Devuan Linux
- a fork of Debian without SystemD
- it's more preconfigured and easy to install than Void
- Simon Willison / Understanding GPT tokenizers
article: https://simonwillison.net/2023/Jun/8/gpt-tokenizers/
notebook: https://observablehq.com/@simonw/gpt-tokenizer - openai Tokenizer
https://platform.openai.com/tokenizer
A helpful rule of thumb is that one token generally corresponds to ~4 characters of text for common English text. This translates to roughly ¾ of a word (so 100 tokens ~= 75 words). - models arent just incrementing, theyre generalizing
eg deprecated models at ollama
https://docs.ollama.com/cloud#upcoming-deprecations
'multi-modal'
but not updated--qwen3.6 is out
https://ollama.com/library/qwen3.6 - quantization-aware training
available in gemma4
Google DeepMind has released new quantization-aware trained (QAT) weights for Gemma 4 that reduce the memory footprint while accelerating model output.
Unlike traditional quantization methods that degrade quality, QAT integrates quantization directly into the training process. The result is nearly the same quality at a fraction of memory usage.
https://ollama.com/library/gemma4/tags
tho not new
jul2024 https://pytorch.org/blog/quantization-aware-training/ - cognitum seed
https://www.cognitum.one/seed
faq / What sensors can I attach?
Anything that exposes data over a USB serial, I²C, SPI, or GPIO interface. The Seed is sensor-agnostic — it learns whatever signal you wire to it. - Fake Claude Code Installer Caught Stealing Developer Credentials
malware campaign targeting developers through sponsored search results linking to a fake Claude Code installation page at events.msft23.com.
The downloaded PowerShell script steals credentials from Chromium browsers, bypasses Google's encryption protections via process hollowing, and exfiltrates passwords, cookies, and payment data to mt7263.com. Experts warn a single compromised workstation can expose an entire organization.
https://hackread.com/fake-claude-code-installer-devs-browser-credential-stealer/ - npm Worm Hits 518M-Download Packages with Self-Destructing Malware
Threat actor TeamPCP's "Mini Shai-Hulud" campaign has compromised 170+ npm and PyPI packages — including TanStack, Mistral AI, OpenSearch, and Guardrails AI — across 518 million cumulative downloads. The injected malware steals credentials from cloud, crypto, and CI systems, persists inside Claude Code and VS Code, and exfiltrates data to 400+ attacker-controlled GitHub repositories.
A dead-man's switch wipes the developer's machine if the attacker's npm token is revoked. The TanStack compromise (CVE-2026-45321, CVSS 9.6) is the first npm worm to produce valid SLSA Build Level 3 provenance attestations. The Mistral AI package carries a 1-in-6 chance of full system wipe when deployed in Israel or Iran.
https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html
**affected over 170 packages spanning both the npm and PyPI registries. - RubyGems Pauses New Signups Amid Major Malicious Package Attack
https://thehackernews.com/2026/05/rubygems-suspends-new-signups-after.html