Brought to you by Michael and Brian - take a Talk Python course or get Brian's pytest book


Transcript #224: Join us on a Python adventure back to 1977

Return to episode page view on github
Recorded on Wednesday, Mar 10, 2021.

00:00 - Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.

00:04 This is episode 224, recorded March 10th, 2021.

00:09 I'm Michael Kennedy.

00:10 - And I'm Brian Okken.

00:11 - And I am Calvin Hendricks-Parker.

00:12 - Hey, we have a special guest, Calvin.

00:14 Welcome to the show.

00:15 - Hey, thanks for having me.

00:16 - Yeah, it's fantastic to have you here.

00:18 Always great to have a fresh face.

00:20 I believe it's been about a year since you were on the show previously, is that right?

00:23 - I think almost exactly a year, yes.

00:25 - Yeah, YouTube reminded me that it was one the first videos of this whole Python Bytes that we'd put up there before we were live streaming, we'd record it and then put it up.

00:34 That was so last year.

00:36 - I know, I mean, Python Bytes, you guys have really upped your game.

00:38 I'm super proud of y'all.

00:39 - Yeah, it's so 2020.

00:41 - Yeah, yeah, yeah.

00:42 We got our broadcast studio working right here in Portland, Oregon.

00:45 Super, super nice.

00:46 Speaking of nice, I want to do a follow-up.

00:49 You know what's nice, Brian, so often our guests, they send us all these items and we'll mention something and will think this is like the first time I've heard of this and they're like, and here's the 10 other amazing things that you've never heard of.

01:01 - Yes. - Right?

01:02 And so this is a little bit of a followup along that.

01:04 Before actually, I realized before I get into that though, Calvin, maybe you want to just do a quick, who are you?

01:10 It has been a year.

01:10 - It has been a year. - Everyone's gonna remember who you are.

01:13 - Sure, sure.

01:14 I'm Calvin Hendricks Parker, I'm co-founder and CTO of Six Feet Up and also the co-founder of the IndiePi group here in Indianapolis, the Python user group.

01:21 And we are also the organizers of the Python web conference, which I'll talk about later.

01:25 So that's kind of a quick rundown of me.

01:26 - You're that company that hands out Python jersey shirts.

01:28 - Oh yeah, we do some killer swag.

01:30 - Yeah, yeah, for sure.

01:31 That's a cool conference.

01:32 Be fun to talk about that in a little bit.

01:34 So the first thing though, that I do want to talk about over here is AWS Simple.

01:39 We talked about Bodo type definitions, I think it was.

01:43 And then someone mentioned that Bodo type definitions has kind of been deprecated, ignored and so on.

01:48 And so they pointed us at this mypy live generated version that we talked about last week.

01:53 And also we got a message from James Abel, who said, "Hey, I built this cool library called AWS Simple, "and I got it all flowed together "to get all the S's to fit in there, AWS Simple." And the idea is that it's a typed wrapper around the AWS API.

02:12 And if you recall, I kind of was harsh on the Boto3 API, and I can buy that because there's just zero discoverability on how it works.

02:20 There's like inconsistencies on how you pass parameters.

02:22 Sometimes you pass them by name.

02:24 Sometimes you pass them as dictionaries with names in the dictionary.

02:27 Just a lot of stuff going on there.

02:28 And it's really not discoverable.

02:30 And so this one also is one of those libraries that's meant to help with that.

02:35 So it's a simple API for basic services like S3, DynamoDB, their hosted NoSQL database, simple notification service, simple queuing service.

02:45 I don't know if you guys have been to AWS lately, but you go to your console and it says, here's the two things you've recently visited.

02:50 See the rest.

02:50 Like it scrolls, there's a lot.

02:53 So this is clearly not everything, but it is some common ones, especially around S3, I think.

02:58 And it's also maybe the kernel of other things, right?

03:00 People often ask me, "Hey, what project could I contribute to?" Well, I feel like I would really love to have simple email service integrated with this.

03:06 Like, well, you know, it probably is easy to add like one more service.

03:10 So some of the features include a nice object-oriented API on top of Boto3 with proper type definitions and classes and static things that all the static type checkers and the editors all know about and love.

03:22 You can write really simple one-liners to do S3 read/write deletes.

03:27 It has automatic retry for S3.

03:29 It has caching.

03:30 So for example, when you get a file or upload a file, it will hash that result.

03:36 And basically, if you try to get it again, it'll say, "Let me check the e-tag." That's the way web browsers and servers exchange.

03:44 Like, here's the sort of history or the version of the file, and it'll check has this thing changed or not.

03:49 And so it'll not download the S3 file if it hasn't changed.

03:52 And you ask, it'll just use like the last version it got since it touched it, things like that.

03:56 Some DynamoDB full table scans, secondary indexes and pagination.

04:00 So there's some simple examples like my S3 access and then maybe if you could do DynamoDB, create a DynamoDB access and just put an item or get an item and off it goes.

04:12 Really, really simple, you know, as you would imagine something with a name like AWS Simple has.

04:16 But it's just one more thing around AWS APIs that I think is pretty interesting.

04:21 What do you guys think?

04:22 - I kind of expected to pull it to bury in.

04:23 They're saying AWS Simple is not simple because this is a massive undertaking to try and make something like this simple.

04:29 - Yeah, absolutely.

04:30 I totally agree with that.

04:31 I mean, it's pretty neat.

04:32 Over in their documentation, they've got a little more examples and a quick start guide and how to use it and so on.

04:38 But yeah, it's pretty easy.

04:40 You just do like S3, create bucket, S3, write string to this key, and so on.

04:44 It's quite easy.

04:45 So if you're struggling with the AWS APIs, this is a cool project.

04:50 And again, I think it's pretty limited to just a couple of the services.

04:53 So it's somewhere that if you got your favorite service and you want something like this for it, reach out James and add it.

04:59 - Yeah, and all of the services could be added and then AWS Simple could be as complex as everything else.

05:04 - Exactly.

05:05 Like I can barely install this thing anymore.

05:07 It's really legit.

05:08 - Yeah, they're trying to become the AWS APIs for humans, kind of like requests for HTTP.

05:15 - Yeah, maybe.

05:16 I mean, Boto3 was kind of like that too, right?

05:18 - Well, again, the S3 API is, they've changed names, they're inconsistent, it's really hard to parse sometimes as a human, like the uploading process of multi-part uploads.

05:27 If you're not into the web, this could be really daunting.

05:29 Sounds like this is a great way to enter this space and not have to learn all that stuff.

05:34 - I can't just do this thing.

05:35 I gotta create a waiter and I gotta wait on the thing and so on, yeah, absolutely.

05:39 Dean Langston up there in the live stream said, out there in the live stream said, "It's amazing to me how many of the most accessed APIs in the world need third-party packaging to make them useful." Yeah, I mean, if it weren't such a small little rinky-dink company, if they could hire a bunch of developers to work on this, like, "Oh wait, no, it's Amazon." No, I totally agree with you, Dean.

05:57 That's funny.

05:58 All right, yeah, so AWS Symbol, check it out if that appeals to you.

06:01 Brian, what you got for us?

06:03 - Well, I was going to, how do we do this?

06:06 Oh, yep.

06:07 - We both clicked, sorry about that.

06:08 It was a race car.

06:09 (laughing)

06:11 So I learned something new the other day and I learned something new about something old.

06:15 So I've used a coverage.py a lot over the past several years.

06:22 And I've even covered it a lot on the Testing Code Podcast a couple of times.

06:27 Covered it on the podcast.

06:29 Yep, that's a meta joke.

06:31 Anyway, there's something I missed the whole time.

06:33 So there's a source thing.

06:36 So you can tell coverage where the source code is where the source is for whatever you're covering.

06:41 Hidden in here is the source can be the sources, either directories or packages.

06:50 It's the or packages I never saw before.

06:53 >> That's cool.

06:54 >> Why this is significant, and apparently this has been here the whole time and I just missed it, is there was a workaround.

07:01 If I'm developing a package and I want to test it as an installed package, I install it and then I run the tests against the installed package.

07:12 But how do I run coverage against that? And there was an old trick to, and it I guess it still is works, is to use the paths option within coverage to say these two paths are identical. So you could say the actual source code directory is identical to the site packages directory so that it it kind of lines everything up and then it reports even though it's measuring the coverage on the installed package, it reports it as if it was sitting in the source directory.

07:42 I've been doing that in the past.

07:44 That still is a good idea so that the output is readable, but it isn't required.

07:50 You can just pass in the name of your package without the dot pi or anything, or if it's just a file, but just the name of the package and it just reports it.

07:59 Anyway, I just figured that maybe some people out there have missed that also.

08:04 It's very handy.

08:05 Well, you might wonder like, why are you testing packages?

08:08 I don't need the coverage of requests when I use it.

08:10 I just know that I use it and we're all good.

08:12 - Well, if you're developing requests, you might want to cover.

08:15 - Yes, exactly.

08:16 Or, you know, it may well be that you're building your application out of several packages that you control and you kind of want to keep them separate for reuse, but you might also want to know like, how much am I interacting with that one, right?

08:29 - Oh, that's a cool use to say really, how much am I interacting with the package?

08:34 you could run coverage on that.

08:35 - Yeah, if it's zero, take it out of your requirements.

08:39 - That would be super nice.

08:41 - Yeah, that was really cool.

08:42 - Yeah, also, I guess when one of the reasons why that might be handy is if they change, drastically change an API, like go to a new dot, you know, like a three dot something to four dot something, what does the API change?

08:56 And you could check to see if you're even using that API or that entry point that might be good.

09:01 - Oh, that's interesting.

09:02 - Yeah, yeah, that part was like a break and change, but I don't care.

09:05 - Yeah.

09:06 - Okay.

09:07 - Like, I can really see the, there's a huge use case here though, for old code bases where the developers aren't there anymore, and there's been dependencies brought in, and you don't know exactly what's being used.

09:14 So this is like super nice to be able to do that.

09:17 - Yeah, and of course, as a reminder, you can have as many of these as you want to.

09:21 So if you're wanting to measure several packages, you can add multiple source flags.

09:27 And if you're using pytest-cov, it's the cov flag.

09:31 So you, which is identical.

09:33 I'm not sure why they used coven dash coven instead of dash source, but there you go.

09:37 Interesting.

09:38 Okay.

09:38 Yeah.

09:38 Yeah.

09:39 Super cool.

09:39 Super cool.

09:40 So Calvin, I didn't know that you were an artist.

09:42 I wish, maybe more of a machine learners, artists, but machine learning artists, this, really interesting article came up on my newsfeed last week, which was finding Mona Lisa in the game of life with Jacks.

09:54 And so there's three interesting things there, like Mona Lisa game of life.

09:57 and in Jax, the author was attempting to find if he could start with a starting set of points on a game of life. If you're not familiar with Game of Life, there's whole Wikipedia articles about that. But if you could basically seed an initial game of life, and after so many generations, have it show you a picture. So he actually started with the Mona Lisa and kind of went through what it would take to go from a game of life running, all the what kind of constraints that happen in that.

10:26 But this seems like a really interesting machine learning problem.

10:29 - That's cool.

10:30 So it like, it randomly runs the game of life, but then the ML says, oh, that's starting to look like Mona Lisa, more of that.

10:38 - Well, it's more of, I'm gonna run a generation of game of life and then reset.

10:43 I'm gonna invert some pixels again and go again until I can generate what is my target picture.

10:48 And it took a lot of CPU cycles.

10:50 So you basically wrote a simple single threaded version of this in Python.

10:53 And there's Python notebooks included with the GitHub links in here, but it took days of CPU time for him to run the initial four generations to see if he could even make this be possible.

11:04 And then kind of went, and with any machine learning project, it's really important to understand like the preparation of your data before you kind of go dive in.

11:12 So what I also thought was interesting in here is he talks about the preparation of the data, kind of down here, pre-processing, using Pill to understand how to generate that target first, >> Yeah.

11:22 >> Give the Game of Life algorithms a chance of getting it correct.

11:26 Came into like really half tones would work better because there's some constraints around Game of Life that the whites can't be too contiguous because they'll kill each other and ends up being all black.

11:36 But at the end, the goal of this was how fast can we now do it?

11:41 Take the single threaded Python example which took hours or days of CPU, can we actually do it on a GPU?

11:47 There's a Jax library which is a machine learning library in Python, allows you to actually super parallelize the problem.

11:54 If you can actually slice the problem up, show this example here in pictures, which is nice for a person who doesn't do a lot of machine learning.

12:01 They actually show you what the process looks like and hyper-parallelize this.

12:05 Basically, he went from days of CPU time down to 40 seconds to get through the first.

12:12 >> What was the final time?

12:13 >> Forty seconds.

12:15 >> That's insane.

12:16 >> Yeah, it was ridiculous. It's like a thousand iterations.

12:18 So the first one was four generations, took days.

12:22 The next one where he did it with Jax was 1,000 iterations, took 40 seconds on a Google Colab GPU.

12:28 So Jax is basically a Python library.

12:30 I've got a quick start over here.

12:33 Neat library, but actually you kind of have to alter your brain a little bit to how you code so that you can code in a way that can be hyper-parallelized across all the GPUs.

12:41 I mean, for people who aren't familiar with GPUs, which you may not be, because good luck getting a GPU right now they're unobtainium at this point.

12:48 But if you did have a GPU, you can take advantage of those, how many cores are in some of these modern GPUs, like thousands in the new NVIDIA ones.

12:57 >> Every time that I try to think about and try to conceptualize how fast and how much these things can do, I'm like, whatever that is, it's probably off by 10 or many, many more factor of 10.

13:06 Just ramp that up to beyond what you can think is reasonable.

13:10 It's when you think of, we've got half a million polygons on the screen, and we're going to draw that.

13:15 Oh, we're actually gonna do that 200 times a second.

13:17 - Right, so what's interesting is if you are doing some machine learning experimentations, learning a tool like JAX may actually help you speed up your iteration so you actually can get some useful results out of it.

13:27 Because a lot of machine learning is kind of picking out what your algorithm base algorithm is gonna be, but you have to run it enough to know whether your algorithm is getting you the results you expect.

13:36 So being able to run through those algorithms quicker with a tool like JAX I think would be super beneficial.

13:41 - Yeah, absolutely.

13:42 That's super neat.

13:43 And I think the biggest takeaway here is Jack's actually.

13:46 - Yeah, that was, yeah, the end goal was like, yeah, can we talk about Jack's?

13:50 'Cause that's a really cool library.

13:51 - Well, and a cool logo, by the way.

13:53 - Yeah. - Yeah.

13:55 Yeah, I love it.

13:55 The logo is super cool, actually, I like it.

13:57 - Yeah, but definitely, and I think they have support for tensor processing units as well, so not only GPUs, but if you're doing like tensor flow stuff, tensor GPUs, or tensor processing units, so you can take advantage of those as well.

14:08 - Yeah, okay, super neat, super neat.

14:09 I wanna talk about something that's not as neat, maybe.

14:13 It'll get you excited, but in the wrong way.

14:15 This one was sent over by my friend, Mark Little, fellow Portlander, and a follow-up related one sent over by Tony.

14:22 So link into a couple of articles here.

14:24 And recall, we talked about Google coming on as the visionary sponsor.

14:29 One of their primary goals that they wanted was to improve the package security.

14:34 You think about, you know, you think about some of the things that have happened recently that are super scary.

14:39 One, the Outlook catastrophe that, you know, 60,000 companies have been like taken over.

14:44 And then the SolarWinds one as well.

14:46 And I think they're somewhat related, even though they're not the same origin or the same type of hack.

14:50 The SolarWinds one is one of these supply chain vulnerabilities and these breaches, right?

14:55 It's one thing to say, I'm going to protect against somebody breaking into my website.

14:59 I'm going to run the proper firewalls, low privileges, everything's patched, et cetera, et cetera, that might still not be enough, but that's like a good start.

15:07 But do you think about, well, next time you install the new version of package, whatever, what if it was influenced with some kind of negative package that had some vulnerability that then got into your servers and then went on, like the supply chain story around all of these package management places is, is scary.

15:26 I think that's not what happened to solar winds.

15:28 They just had the password solar winds one, two, three.

15:30 That's a different, different type of problem, but it highlights those darn interns.

15:34 Exactly.

15:35 Exactly.

15:35 But the problem that it might be untrustworthy to install all of our beautiful open source things.

15:43 I don't know. It's very scary.

15:44 Like, what do you guys think about this?

15:45 >> It seemed like this went even a level deeper.

15:47 There wasn't even scary to install the open source things.

15:50 It was dangerous to install your own private package names if someone knew about them and had put them into a public repository with a newer version.

15:58 >> Yeah. So let me read the titles here for people who are listening.

16:02 The Python Package Index nukes 3,653 malicious libraries uploaded soon after a security shortcoming is highlighted.

16:10 And the other one is poison packages, supply chain risks, users hit Python community with 4,000 fake modules.

16:18 And these are basically the same.

16:19 I don't know if like one's rounding up or whatever, but or one's counting multiple incidents.

16:23 But the idea is there's this form of type squatting that's pretty sketchy.

16:28 So we've covered this before where if you have, maybe I want to use the audio library asteroid singular, but then somebody puts asteroids plural, that is a virus.

16:39 And it could just as well have exactly the same code plus the virus.

16:42 So it looks like it works.

16:43 You wouldn't even know that it's not working, right?

16:45 And that's quite the problem.

16:46 But here the highlight is, what's it called?

16:50 Like, I think one thing was calling it Evil Twin.

16:52 Another, this is a research by Alex Pearson.

16:56 And basically there's a lot of people who are using private package repositories, right?

17:02 Like DevPi and things like that, artifactory where you have a local one, but if you ask for something public, you can just ask your local one and the local one will go out and ask the public one.

17:12 So as you were handing that Calvin, the problem is, what if I just have like data layer or e-commerce or like some random thing that might be an internal package name.

17:22 Maybe if it's what I think the real problem was, they were saying, if you don't secure your server right, you just post a higher version on the public one than on the local one.

17:33 And it'll go, oh, well, there's a newer one over there.

17:35 I better get that and we'll just go grab the virus.

17:38 - I'm also surprised that folks aren't pending the versions of their internal packages as well.

17:42 'Cause this would satisfy solving that problem is if you had, like we use pip tools, pip compile to make sure we got hashes and versions for every dependent package.

17:53 But yeah, if you didn't do that, you were absolutely susceptible to this.

17:56 - Yeah, so just people check this out.

17:59 It looks a little scary.

18:01 You guys, you too, tell me if you think I'm crazy.

18:05 I'm getting to the point where I'm really freaked out about like these kinds of things.

18:08 And especially, you know, people send us stuff.

18:11 They're like, oh, check this out, here you go.

18:12 Like, I'm not pip installing those things locally and trying them, no way, right?

18:16 I'm gonna install them in some isolated environment.

18:19 One thing I've been thinking about doing is setting up my own DevPi server, which is exactly the problem sort of that we're talking about.

18:26 So that doesn't necessarily solve it.

18:27 But what you can get with your DevPi server is you can get DevPi constrained, which will let you not blacklist stuff or exclude stuff, but you have to whitelist things.

18:35 So you're like, all right, I'm gonna try to install, set up this project.

18:38 And when it tells me I need these things and they're failing, I'll make sure they're good.

18:41 Make sure they're used a lot.

18:42 I'll put them in the whitelist and then I'll be happy to just pip install versions, no versions, whatever, right?

18:48 But sort of being more protective about this.

18:50 I don't know, maybe I'm just paranoid, but this stuff is, it's creeping me out.

18:54 - I'm still just having it let me, I'm still sinking in.

18:57 I'm not sure how I react to it.

18:59 - Yeah.

19:00 - My reaction is I think there's still more infrastructure security-wise that has to happen in the community.

19:04 And there's efforts to do signed packages, there's support in the latest version of pip for signed packages.

19:10 And there's also some good hygiene behaviors, but it's true, if you wanted to just try out a package and you just did pip install from your command line, you're typically not gonna specify a specific version and you're gonna get whatever just comes off of PyPi with it.

19:22 Yeah, we've gone around and around about it internally as well, talking about this because we wanna make sure we're not susceptible to this kind of an attack.

19:28 And I think good practices like the pip tools, you know, using that and having pin versions has pretty much given us a comfort level with we're pretty safe.

19:36 I mean, no one's a hundred percent safe.

19:38 That doesn't exist, but we're feeling pretty good because of the practices.

19:42 - Yeah, yeah.

19:43 I know that sounds good.

19:44 I mean, there's only so much you can do, but layers, layers are good, right?

19:47 Layers are good.

19:47 Anyway, this, if you are running, I want to highlight this.

19:50 The ultimate problem highlighted here is that if you have a private PyPI server, that there were ways to typo squat on your internal names, not on the public name.

20:00 And there's no way for the public stuff to go, well, you can't have that, 'cause it looks too close to this, right?

20:04 It might not exist publicly.

20:05 So just be really careful about the versions, be really careful about like whitelisting things if you're doing your own private PyPI.

20:12 - And it's important to also note, this is not a Python specific problem.

20:15 So I think some folks may have blown it up a portion, but like other packaging distribution tooling all have some similar problems.

20:22 - Yeah, and I just saw a message, he was on Twitter or somewhere.

20:25 Yeah, this, I mean, obviously NPM has this problem.

20:28 RubyGems, all these places, NuGet, whatnot.

20:30 Somebody who was involved in like diagnosing and solving these problems was like, "Please don't go post another 4,000 packages "to prove your point.

20:38 "Just, we are already aware.

20:40 "Just send us a message.

20:41 "You're causing a lot of work that is like distracting us "from addressing this problem." So, you know, we don't need more examples.

20:47 We need just maybe a notification.

20:49 - Yeah, I guess one of the other things is that it is typo squatting.

20:54 So we, in our organization, We try to minimize individuals having to install anything, really.

21:00 They, we have all of our projects have requirements files with pinned versions.

21:05 So they're not going to type the name of anything.

21:08 It's going to have to be in a requirements file first.

21:11 - Yeah. All right.

21:12 Well, check out the articles.

21:12 There's more details in both of them.

21:14 Brian, what you got for us?

21:16 - My turn again?

21:17 Okay, cool.

21:18 I wanted to talk about something new, text-based adventure games.

21:26 - Have you heard of these?

21:26 - I love, I used to play-- - I do love those.

21:28 - I used to play MUDs when I was quite younger.

21:31 Oh, those were so fun.

21:32 They were so magical, even though they were just text.

21:35 - So I actually never got into this, but I had entered adventure games, what was it called?

21:43 The Dungeons of Dagorath was a game that I had on the TRS-80, and it wasn't text-based, but the graphics were just lines.

21:52 So it was, we'll go through a cave and stuff like that.

21:56 But anyway, a little bit before that, so we're talking in early seventies.

22:01 So 75 to 77 was a game called Adventure and then there were Colossal Cave Adventure.

22:07 So you can play Colossal Cave Adventure because Brandon Rhodes has Python Adventure.

22:13 And this is just awesome.

22:15 I played this the other day.

22:17 It's so, well, I don't know, so fun maybe like overselling it but it's kind of neat.

22:23 It's a faithful port of the adventure game to Python 3 from the original 1977 Fortran code.

22:30 - Wow.

22:31 - Sounds awesome.

22:33 So if I get distracted, it's because I've actually pip installed this and I'm playing it right now.

22:38 - It's a lets you explore a colossal cave where others have found fortunes and treasure in gold.

22:42 Though it is rumored that some who enter are never seen from again, like maybe Calvin.

22:48 But one of the things that I loved is I played in both modes.

22:50 So there's two modes you can play.

22:53 In a Python console, you can just run it.

22:56 But you can also--

22:58 I'm going to show for the people watching what it looks like.

23:02 You import Adventure, and then you say Adventure.play.

23:05 And it gives you instructions, and you have to type things like east, west, get lamp, things like that.

23:12 Oh, it's even function call style.

23:14 Well, it's function call style if you do the import on the REPL.

23:18 I see.

23:19 If you go through the--

23:22 - Oh, there's traditional mode, okay, got it.

23:24 - The traditional mode is you do Python-M adventure, and then it's traditional mode.

23:29 You say get lamp with a space between the get and the lamp.

23:32 And that's how I played it.

23:34 But the fun part about this, the traditional mode, it's a 1200 baud.

23:38 So you have to wait for this to type its message to you.

23:43 - You may have to explain that to some of our listeners.

23:45 (both laughing)

23:47 - I don't know if I can, it's slow.

23:48 So it sort of ticker tapes out the message to you and you're waiting for it.

23:52 - Yeah, wow, that's impressive.

23:54 I used to be able to identify by sound the speed of the connection I would get.

23:59 I could tell you is that 9,600, is it like 32, whatever, or is it 56?

24:05 - And where the error correcting kicked in or not.

24:07 - Yes, exactly.

24:08 You hear it, (imitates beeping)

24:09 but I don't think I even remember what that sounded like.

24:12 That was some slow business.

24:14 - One of the things, so, okay, So a little bit tie into my own personal nerdiness.

24:19 I was curious how this related to Zork.

24:22 So Zork, I never played either.

24:26 It was a little bit after Adventure, but there was a TV show called Chuck that I really liked.

24:32 And one of the premises is this Chuck and his buddy used to play this game and he met this other guy by both of them being Zork nerds.

24:40 And they did their own port of Zork.

24:43 And I'm like, is that a made up thing or real?

24:45 And apparently it is real.

24:46 The Zork was a follow on to Adventure from '77 to '79.

24:51 So anyway, so I'm gonna ask Brandon.

24:55 So Brandon, can we get a port of Zork also for Python?

24:58 That'd be great.

24:59 - And we'll get our little IoT devices that we can play these Adventure games on like a little Nintendo Switch, but super old school, like low baud rate, that'd be great.

25:08 - Oh, I want this totally for my Oculus Quest so I can do a text adventure in full VR.

25:14 - Well, the 1200 baud slowdown thing is entertaining for about 10 seconds.

25:21 And then I'm like, can I get faster now?

25:24 So.

25:25 - Yeah, you had the true retro though.

25:26 That was cool.

25:27 Very nice. - That was cool.

25:28 - Awesome.

25:29 - All right.

25:29 So for those of you who are Django nuts in the audience, there is a new long-term support release coming up for Django 3.2.

25:37 - That's a big deal because long-term support ones are the ones you want.

25:41 - Oh my gosh.

25:42 And Django's community is really good that long-term support. I mean, and they have a very good security policy and release revision policy. It's very clear, very, very well documented. So the next one coming up, which is to be released here in April is going to be 3.2. This post specifically that I linked to is actually an overview of some highlights of interesting features that you may not have noticed. You can go read the main Django 3.2 release page and see kind of the overall new features are going to be coming in. But this post specifically covered some things that I thought were also interesting.

26:10 A lot of them are performance and kind of protections against hurting yourself when you're programming.

26:16 So things like covering indexes for Postgres, so you can actually avoid full table scans and do index scans and Postgres for kind of--

26:24 - Indexes are magic.

26:25 - Yeah, and so this is enabling even more of the nice magic of those indexes inside of Django.

26:31 - Yeah, I think it's really cool that it's the LTS release, 3.2 is coming out.

26:35 I think there's also some async and await stuff in here coming along, which is pretty exciting.

26:39 I know that one of the areas that's still pending to get really the async and await stuff properly, like full stack is the ORM stuff.

26:47 Yeah, because 3.2 was supposed to be...

26:49 If you wait on the database, that's the thing you need async for more than anything else.

26:52 Yeah, and that's kind of one of the notable missing items for me in 3.2.

26:56 I mean, the team is doing an amazing job of implementing all the async features for Django.

27:02 I mean, 3.0, 3.1, you started off with the routing, then you got the views.

27:07 3.2 was supposed to be, I think, the ORM included, but maybe just due to the fact that we are talking about a long-term support release, that that was maybe too risky of a feature to get included here.

27:17 But look for that coming soon, like in 3.3 or 3.4 for the ORM, which will be a big, big deal.

27:21 The other things that are included in this 3.2 release, again, focusing on security and safety and performance, time zones, it's probably one of the two hardest things in programming is the time zones and character encoding and off-by-one errors.

27:35 So there's going to be some trunk date stuff in here that actually helps you assign a default time zone in case you didn't put one.

27:41 There's going to be some cool stuff for people who like unstructured data.

27:44 The JSON object DB functions. So you'll actually be able to assign some DB functions that can produce JSON mapping type objects or key value pairs where you pass in database functions to operate on it. There's going to be some cool stuff around signals.

27:59 There's a SYN robust which didn't log exceptions but now will, so you don't have to.

28:04 - Are there themes for the admin section?

28:06 Is that coming in this one?

28:07 I know that's something they're working on.

28:09 - I don't know on the themes, but I know for the admin section, and this is a common thing I've done in the admin, is sometimes you wanna put computed fields into the admin pages for like your objects.

28:19 There's gonna be a new, what is it?

28:22 There's a new value, not a value expression, of the display decorator.

28:25 So you can actually make creating admin fields a lot cleaner.

28:28 The kind of syntax for it previously was just a little convoluted if you were not used to it.

28:33 And so as a new person, you may not have figured out how to do it very easily.

28:35 So there's a new decorator that actually makes that super, super easy to do.

28:38 There's some other performance things around the database with query sets with aliases. You can actually create reusable aliases for things that you're selecting against. So you can use them as like filters or like kind of combined statements.

28:49 So it doesn't do two sub queries instead of just one.

28:52 A lot of cool performance.

28:54 And again, these were kind of the less notable but really kind of important features that are coming into Django 3.2.

29:02 Yeah, and like so you can you can see all the other stuff.

29:04 There's there's a zillion things coming up in three to these are just some of the small ones, but there's some important ones.

29:09 That's yeah. When is this coming out?

29:11 April. So we should see it next month. Very soon.

29:13 Yeah. Awesome. That's great.

29:15 If you're on Django, that sounds really like a big deal.

29:17 It is. It is. It is. All right.

29:19 Brian, anything else that you'd like to throw out?

29:23 Those are all of our items. Anything extra?

29:25 No, I don't have anything extra this week.

29:27 How about you?

29:28 Oh, I've got a couple of things I would like to touch on.

29:30 I heard some amazing stuff.

29:32 I heard that Python open source stuff is on Mars.

29:36 >> Yeah.

29:36 >> But what I want to say is, Python is on Mars?

29:40 Because what I found is if you go look at, there's a thing called F prime that NASA open sourced.

29:46 Awesome. If you go over here and you look at it, this is the flight control thing that is for embedded flying, including that little helicopter.

29:54 Awesome. It has 16 percent Python and 44 percent C++.

29:59 But if you look at the Python bits, so much of it seems to be around the, like the training pipeline.

30:06 So my theory is, I didn't see any stuff in like the real, like running regular bits.

30:11 I'm thinking maybe it's framed with Python locally and then the models are put on the helicopter and flown with C++.

30:17 If somebody knows for sure that Python is on Mars, you know, with details, let me know.

30:23 That'd be awesome.

30:24 - Oh yeah.

30:25 - I still think it's cool that Python's involved here.

30:26 Yeah.

30:27 All right, so that's one quick one.

30:28 Number two, just released a new course.

30:30 And this one is a little different.

30:31 So it's a full web apps with FastAPI and FastAPI is awesome for building APIs, but there's like three or four features of FastAPI when put together in the right combination, make it sort of a equivalent framework to what you would get with Flask.

30:45 So if you're thinking, I would love to use this beautiful API with really nice decorators, with really nice async support, with Pydantic and all those awesome things that it has, but I wanna build a web app with it.

30:57 Well, we've launched a course on that that people can check that out.

30:59 That's really awesome.

31:00 Like basically, I've built some APIs with FastAPI and I need like four or five more pages to round out the app.

31:05 Do I have to have a Django plus FastAPI multi-deploy thing?

31:09 Like, no, actually.

31:10 And this is all about how do you do that.

31:12 So people can check that out.

31:13 That's fun.

31:14 - Super excited about that.

31:15 That's cool.

31:15 - Yeah, thanks.

31:16 Over on Talk Python, I'm giving away five tickets to PyCon.

31:19 One a week for five weeks.

31:20 So if people want to win a free ticket to PyCon, this year it's virtual, so you can attend from anywhere.

31:26 not the challenge of, well, I got the ticket, but I need the thousand dollars for the hotel, right?

31:29 Like that's not a problem this year.

31:31 So I think it's really cool.

31:32 I did run a thing on a contest on that.

31:35 The link is in the show notes.

31:36 we got a couple of questions saying, Hey, we, we heard about this live stream cause we're listening to the podcast.

31:41 How do we get to this live stream?

31:42 This is awesome.

31:43 I think it's fun, right?

31:44 I'm enjoying doing the live stream.

31:45 What do you think?

31:45 Yeah, it makes it a lot more fun.

31:47 Yeah.

31:47 We get, we get our listeners who come in and give us comments and all this stuff is great.

31:51 So if you just go to Python by set FM slash YouTube, right at the top, there'll be upcoming live streams, as you can say, click the button to remind me of it and so on.

32:00 So that's how you do that last thing I was on.

32:02 I got a chance to talk to the medical community and the medical research community around Python over on this podcast called the finding genius podcast.

32:11 And it was just a lot of fun to speak about the advantages of Python for like medical researchers and folks like that.

32:18 So I'll link to that podcast as well.

32:20 Yeah.

32:21 Calvin, anything else you want to throw out?

32:22 I know you, I do.

32:23 I wore your I wore my shirt.

32:24 I know you're fully outfitted.

32:27 So I've actually got two things.

32:28 One before I get to Python web conference, the DjangoCon Europe 2021 call for papers is open until April 1st.

32:34 So if you're interested in talking at DjangoCon Europe, it'll be a pretty worldwide conference.

32:39 It was last year is a lot of fun.

32:40 We actually did it on the same platform as we did the Python web conference, which is the other thing I wanted to mention in the extras.

32:46 So Python web conf 2021 is coming up in about, well, it'll be a week or so after you probably I hear this March 22nd through the 26th.

32:54 We've got an awesome lineup this year again, even better than last year.

32:58 Michael's obviously back and be speaking at the conference.

33:01 We've got about 60 speakers, almost 20% women.

33:05 There's 43 new speakers this year.

33:07 - It's like five, yeah, it's like four or five days or something, it's a big conference.

33:10 - Yeah, it's five days, but we're doing half days.

33:12 So you don't have to consume your whole day with being in a virtual conference.

33:15 'Cause we understand that that is just hard.

33:17 I think we're all adjusting to what virtual conferences really kind of should be.

33:21 So this is a new experiment, which got four tracks.

33:24 There's App Dev, PyData.

33:25 It's an official PyData track.

33:27 There's a Cloud track and a Culture track.

33:29 So if there's nothing you're interested in, I would be hard pressed to believe that.

33:33 There are tickets for $1.99 for professional, $1.99 for student.

33:36 And we do have our grant program back again this year.

33:39 So we are doing offering up grants for those who-- we want anybody who wants to truly attend to be able to, no matter what the financial piece may be.

33:49 So check out the grant program for everyone who buys tickets.

33:52 We offer up grants for those who can't afford tickets.

33:55 And I'm really excited about that.

33:56 You can check that out at pythonwebconf.com.

33:59 Yeah, it's gonna be a ton of fun.

34:00 It was a lot of fun last year.

34:02 We got a bunch of social events planned and some really awesome sponsors.

34:05 And I'm just super excited about being able to produce something like this for the Python community.

34:09 I feel like the web is an area that doesn't always get the attention it should in some other conferences, and we're hopefully fulfilling that.

34:16 - Yeah, super cool.

34:16 It was a good conference last year, So I'm looking forward to being part of this year.

34:19 - Well, I appreciate that, yeah.

34:20 - Yeah, Brian and I were just on a virtual conference at PyCascades, which was a lot of cool fun.

34:25 We were on that panel about podcasting.

34:27 - Yeah, that was great.

34:28 You all might know a thing or two about that.

34:30 - We've done it once or twice.

34:32 I'm not sure I would laugh at it, but maybe a joke.

34:34 We could laugh at a joke.

34:34 What do you guys think?

34:35 - Yeah. - Yeah.

34:36 - All right, so I know we got like two rounds of jokes, but let's do another round of these comments.

34:44 - I'm already laughing.

34:45 - I know, they're so good.

34:46 So I'll do the first one, Brian, you do the next one, Calvin, you do the next one, we'll just kinda, we got five or six, something like that.

34:52 So it's important to comment your code.

34:54 There's this code, I believe it's Java, and it's part of a class that says private logger, capital L class logger, variable name logger, equals logger class factory method dot get logger.

35:06 So private logger logger equals logger dot get logger.

35:09 What does the comment say?

35:10 - Logger.

35:11 - Quote, yeah, just logger.

35:12 This is a logger.

35:14 Fantastic, you've passed your code review.

35:16 Yes, I guess you have comments.

35:18 - Yeah.

35:19 - All right, Brian, what's the next one?

35:20 - Next one looks like C++ comments, but comment this block that says, this is black magic from some stack overflow link.

35:28 Don't play with magic, it can bite.

35:30 (both laughing)

35:32 - Nice.

35:33 All right, Calvin, what do we got next?

35:35 - Well, this one obviously is a Python comment in the code.

35:38 It says, "For the sins I am about to commit, "may Guido van Rossem forgive me." (Garrett laughing)

35:43 - Yes. - I love it.

35:44 - Which I would be hard pressed to know what they're getting ready to commit.

35:46 If they read this in a Python, they really should know the guidance already.

35:50 - Yeah. - Yeah, yeah.

35:51 Maybe they put a semicolon in there, I don't know.

35:53 (laughing)

35:55 The next one is, remove this if you want to be fired.

35:59 - Remove the comment or the code below it?

36:02 We don't know.

36:03 - We don't know. - We don't know this.

36:04 - We don't know.

36:05 - Next is a try except block or a catching exception with just a comment and it says, "Houston, we have a problem." There's no code there though, So you're just, yes, we do have a problem.

36:17 You're just catching a raw exception.

36:18 Don't do that.

36:19 - Exactly, exactly.

36:21 All right, what's the last one?

36:22 - All right, the last one here is a definition of int get random number.

36:28 And the body of the function is return four.

36:31 And the comment says, chosen by fair dice roll guaranteed to be random.

36:36 (both laughing)

36:38 - If you want.

36:38 - Was this a real code someplace?

36:40 I mean, come on.

36:41 - Yeah, oh, there's all sorts of good ones here.

36:43 Yeah, they're beautiful.

36:44 One of them that's not on the list, the comment is just, "I need to find a better job." (laughing)

36:50 All right, one more.

36:51 Who put this one in here?

36:53 - I put that in there.

36:55 - Okay, tell us about this one.

36:57 - I'm kind of a card nut.

36:59 So if you kind of exactly hover over just the first half of the picture, you see a guy in a Ferrari waving and says--

37:06 - Yeah, maybe roll it in the Ferrari.

37:07 - Says, "Using Linux," and then dot, dot, dot.

37:09 "In Windows with WSL," and if you scroll down, you see that the Ferrari is actually on a tow truck flatbed being driven someplace.

37:18 - And the guy's in it, yeah, like as if he's driving.

37:21 That's right.

37:22 - He's cool.

37:23 - Very cool, very cool.

37:24 - That's funny.

37:25 - I'm glad ZDax that you guys like the jokes out there and Dean as well.

37:30 - Yeah, I mean, I commented in the chat that you can increase your odds at winning the Picon tickets by laughing at the jokes.

37:38 - Yeah, absolutely.

37:38 We'll put you in there twice if you laugh last for sure.

37:41 That's how it works.

37:42 like the dad jokes of programming here.

37:44 - Oh yeah. - Of course, yeah.

37:45 - We're all dads. - That's like half our show.

37:47 That's half our show. - Yeah, we all qualify.

37:49 - For sure, for sure.

37:50 All right, well, Brian, thanks for being here as always.

37:53 And Calvin, thanks for joining us.

37:55 - My pleasure, I really enjoyed it.

37:56 - Yeah, good luck on your conference

Back to show page