Read more of this story at Slashdot.

Welcome to December and another release of SQL Server Management Studio (SSMS)! Today we released SSMS 22.1, which has a few improvements related to GitHub Copilot, as well as several fixes for both GitHub Copilot and SSMS.

Please visit the release notes for a full list of what's changed. For those of you looking to try out GitHub Copilot, we now have a walk through available that you can access from the Copilot badge (from the dropdown select GitHub Copilot Walkthrough).  And for those of you are already using GitHub Copilot, we fixed that pesky issue of Run ValidateGeneratedTSQL showing up repeatedly, among a few other things.

While you're here, I'd like to take a moment to clear up some misconceptions about GitHub Copilot that I’ve seen floating around in blog posts and on social media. I'm covering these in a FAQ type format because I think it's easier (and faster) for folks to read.  If you have specific questions, feel free to add a comment. If you want to see specific features in either SSMS or GitHub Copilot in SSMS, please create feedback items on the site (if you put a request in the comment, I’ll ask you to create it as a feedback item 😊). As always, please search first!

Does GitHub Copilot use my prompts and its responses to train or retrain models?

No. Understand that not all models are hosted by Microsoft, but those that are hosted elsewhere also make the same commitment.  This is clearly stated in the GitHub doc covering model hosting and includes links to the hosting provider’s commitment statement.

Are prompts and responses encrypted?

Yes. We encourage all customers to visit the GitHub Copilot Trust Center to get answers to questions about privacy and security. 

Can I see what queries GitHub Copilot executes?

Yes.  Use Extended Events and filter on an Application Name of Microsoft SQL Server Management Studio – GitHub Copilot.

Can I use other models with GitHub Copilot?
Yes. Bring your own model (BYOM) is now available in SSMS 22.1 for personal subscriptions. You should use models that support tool calling.

Do I get the same answer from every model in GitHub Copilot?

No. The models available in GitHub Copilot in SSMS are available because they support tool calling, but they are different based on training, reasoning, temperature, and more. As such, responses to prompts can and will vary across models.  

Can I attach an execution plan for GitHub Copilot to analyze?

Yes. Either open a saved plan, or after capturing a plan in SSMS (using Query > Include Actual Execution Plan), right-click on the plan and select Show Execution Plan in New Tab. With the query editor tab as the active tab, in the chat window use # to bring up the open document list.  Select the execution plan from the list, then enter your prompt ("analyze the execution plan and make recommendations for improvements").

Can GitHub Copilot run destructive commands against my database?

Currently, no.  As of this release (22.1) GitHub Copilot in SSMS only supports Ask mode, and all queries executed against your database are SELECT statements (read-only), as noted here. 

We are planning to bring support for Agent mode to SSMS.  With Agent mode, users will be able to allow GitHub Copilot to run queries on their behalf, but it will require them to approve query execution (read/write with approval).

All queries executed by GitHub Copilot execute in the context of the user that is connected, based on their permissions. If a user has permission to run destructive queries (e.g. DELETE, UPDATE, DROP, etc.) and approves the request from GitHub Copilot to execute a destructive query, then the query will run.

We recommend the following: Ensure users have appropriate permissions (principle of least privilege).  This is a standard recommendation for any user that connects to a database.  There are database roles available that allow reading of data and prevent modification of data.

What if I don’t want to allow Agent mode?

You can leverage administrative controls for GitHub Copilot to disable Agent mode, once it’s available in SSMS.  Visual Studio, and thus SSMS, use Administrative Templates  for Group Policies.

What if I don’t want to allow my users to use GitHub Copilot in SSMS?

Again, Administrative Templates are the answer.  You can disable Copilot SKUs entirely, or for individual accounts.

• PEP 798: Unpacking in Comprehensions
• Pandas 3.0.0rc0
• typos
• A couple testing topics
• Extras
• Joke

About the show

Sponsored by us! Support our work through:

• Our courses at Talk Python Training
• The Complete pytest Course
• Patreon Supporters

Connect with the hosts

• Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)
• Brian: @brianokken@fosstodon.org / @brianokken.bsky.social
• Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky)

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Michael #1: PEP 798: Unpacking in Comprehensions

• After careful deliberation, the Python Steering Council is pleased to accept PEP 798 – Unpacking in Comprehensions.

• Examples

  [*it for it in its]  # list with the concatenation of iterables in 'its'
  {*it for it in its}  # set with the union of iterables in 'its'
  {**d for d in dicts} # dict with the combination of dicts in 'dicts'
  (*it for it in its)  # generator of the concatenation of iterables in 'its'
  

• Also: The Steering Council is happy to unanimously accept “PEP 810, Explicit lazy imports”

Brian #2: Pandas 3.0.0rc0

• Pandas 3.0.0 will be released soon, and we’re on Release candidate 0
• Here’s What’s new in Pands 3.0.0
  • Dedicated string data type by default
    • Inferred by default for string data (instead of object dtype)
    • The str dtype can only hold strings (or missing values), in contrast to object dtype. (setitem with non string fails)
    • The missing value sentinel is always NaN (np.nan) and follows the same missing value semantics as the other default dtypes.
  • Copy-on-Write
    • The result of any indexing operation (subsetting a DataFrame or Series in any way, i.e. including accessing a DataFrame column as a Series) or any method returning a new DataFrame or Series, always behaves as if it were a copy in terms of user API.
    • As a consequence, if you want to modify an object (DataFrame or Series), the only way to do this is to directly modify that object itself.
  • pd.col syntax can now be used in DataFrame.assign() and DataFrame.loc()
    • You can now do this: df.assign(c = pd.col('a') + pd.col('b'))
  • New Deprecation Policy
  • Plus more
-

Michael #3: typos

• You’ve heard about codespell … what about typos?
• VSCode extension and OpenVSX extension.
• From Sky Kasko:

Like codespell, typos checks for known misspellings instead of only allowing words from a dictionary. But typos has some extra features I really appreciate, like finding spelling mistakes inside snake_case or camelCase words. For example, if you have the line:

*connecton_string = "sqlite:///my.db"*

codespell won't find the misspelling, but typos will. It gave me the output:

*error: `connecton` should be `connection`, `connector`  
╭▸ ./main.py:1:1  │1 │ connecton_string = "sqlite:///my.db"  
╰╴━━━━━━━━━*

But the main advantage for me is that typos has an LSP that supports editor integrations like a VS Code extension. As far as I can tell, codespell doesn't support editor integration. (Note that the popular Code Spell Checker VS Code extension is an unrelated project that uses a traditional dictionary approach.)

For more on the differences between codespell and typos, here's a comparison table I found in the typos repo: https://github.com/crate-ci/typos/blob/master/docs/comparison.md

By the way, though it's not mentioned in the installation instructions, typos is published on PyPI and can be installed with uv tool install typos, for example. That said, I don't bother installing it, I just use the VS Code extension and run it as a pre-commit hook. (By the way, I'm using prek instead of pre-commit now; thanks for the tip on episode #448!) It looks like typos also publishes a GitHub action, though I haven't used it.

Brian #4: A couple testing topics

• slowlify
  • suggested by Brian Skinn
  • Simulate slow, overloaded, or resource-constrained machines to reproduce CI failures and hunt flaky tests.
  • Requires Linux with cgroups v2
• Why your mock breaks later
  • Ned Badthelder
  • Ned’s taught us before to “Mock where the object is used, not where it’s defined.”
  • To be more explicit, but probably more confusing to mock-newbies, “don’t mock things that get imported, mock the object in the file it got imported to.”
    • See? That’s probably worse. Anyway, read Ned’s post.
  • If my project myproduct has user.py that uses the system builtin open() and we want to patch it:
    • DONT DO THIS: @patch("builtins.open")
      • This patches open() for the whole system
    • DO THIS: @patch("myproduct.user.open")
      • This patches open() for just the user.py file, which is what we want
  • Apparently this issue is common and is mucking up using coverage.py

Extras

Brian:

• The Rise and Rise of FastAPI - mini documentary
• “Building on Lean” chapter of LeanTDD is out
  • The next chapter I’m working on is “Finding Waste in TDD”
  • Notes to delete before end of show:
    • I’m not on track for an end of year completion of the first pass, so pushing goal to 1/31/26
    • As requested by a reader, I’m releasing both the full-so-far versions and most-recent-chapter

Michael:

• My Vanishing Gradient’s episode is out
• Django 6 is out

Joke: tabloid - A minimal programming language inspired by clickbait headlines

Once described on Reddit as “technically challenged”, Sarah is a Principal Security Advocate working at Microsoft. She has lived all over the place but currently calls Melbourne home.

Sarah has been working in cyber security since before it was cool, has previously spoken at many security conferences including Black Hat and has co-authored a few Microsoft Press technical books. She is an active supporter of security communities across the globe and a co-host of the Microsoft Azure Security Podcast.

Sarah spends most of her spare time gaming, taking part in Melbourne's official sport of brunching, taking high tea and spending a disproportionate amount of her income on her dogs.You can find Sarah on the following sites:

• Website
• LinkedIn
• GitHub
• Bluesky
• X

PLEASE SUBSCRIBE TO THE PODCAST

• Spotify
• Apple Podcasts
• YouTube Music
• Amazon Music
• RSS Feed

You can check out more episodes of Coffee and Open Source on https://www.coffeeandopensource.com

Coffee and Open Source is hosted by Isaac Levin