Episode #14: Lots of Python style and Python 3000 is 3000 days old

Published Wed, Feb 22, 2017, recorded Tues, Feb 21, 2017.

Brian #1: Tiny Python 3.6 Notebook - Matt Harrison

Michael #2: Oh no! This package is Python 2 only - Anthony Shaw

  • You’re head down, working on a new project and one of your dependencies still doesn’t support Python 3 - argh! Here’s a quick guide on how to solve that problem, step by step.
  • Step 0: Check that nobody else has solved this
  • Step 1: Fork it
  • Step 2: Print statements
  • Step 3: Tests
    • Static Analysis: modernize
  • Step 4: Update setup.py
  • Step 5: Install it into your original project
  • Step 6: Raise a pull request
  • Step 7: 3 months later?

Brian #3: Elements of Python Style - Andrew Montalenti

  • More than PEP8, and opinionated.
  • I admire the effort, and I may at some point fork it to remove/fix the few things I disagree with and to be able to use it as a style guide for my team.
  • Great: most of it.
    • Use parens for continuation
    • Use with for files and locks
  • May need tweaking
    • Avoid custom exceptions
    • I’d prefer, “Add one custom base exception, and build specific exceptions off of that”.
    • This may be a controversial point, or I may be just confused about conventional practice here
    • As with any style guide, more detail brings more controversy.
  • Michael: I like this guidance: You can also choose to use CamelCase for things that are class-like but not quite classes -- the main benefit of CamelCase is calling attention to something as a "global noun", rather than a local label or a verb. Notice that Python names True, False, and None use CamelCase even though they are not classes.

Michael #4: Python 3 was exactly 3000 days old this past Sunday

  • Reddit post about my tweet (wow)
    • 537 upvotes, 71 comments
  • Test it yourself: background = “Python 3 was released December 3, 2008 ” + \ “Its original working name was Python 3000” release = datetime.date(year=2008, month=12, day=3) today = datetime.date(year=2017, month=2, day=19) (today - release).days # → 3000
  • Via @cclauss Christian Clauss

Brian #5: From beginner to pro: Python books, videos and resources

Michael #6: mongoaudit

  • mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing.
  • pip install mongoaudit
  • Tests things like:
    • MongoDB listens on a port different to default one
    • Server only accepts connections from whitelisted hosts / networks
    • MongoDB HTTP status interface is not accessible on port 28017
    • MongoDB is not exposing its version number
    • MongoDB version is newer than 2.4
    • TLS/SSL encryption is enabled
    • Authentication is enabled
    • SCRAM-SHA-1 authentication method is enabled
    • Server-side Javascript is forbidden
    • Roles granted to the user only permit CRUD operations
    • The user has permissions over a single database
    • Various security vulnerabilities
  • From Michael: MongoDB is awesome. But please make sure at least one of the following is true.
    • You only listen on local loopback (127.0.0.1) and run mongo on the web server
    • You run mongodb with authentication enabled (it’s off by default)
    • You run mongodb with SSL enabled (may be off by default too)

What else? Launched my course at https://bit.ly/python-rest-course


Want to go deeper? Check our projects