Episode #14: Lots of Python style and Python 3000 is 3000 days old
Brian #1: Tiny Python 3.6 Notebook - Matt Harrison
- README : https://github.com/mattharrison/Tiny-Python-3.6-Notebook/blob/master/README.md
- Full Book on GitHub : https://github.com/mattharrison/Tiny-Python-3.6-Notebook/blob/master/python.rst
- “This is not so much an instructional manual, but rather notes, tables, and examples for Python syntax.”
- Physical book is 134 pages, but looks like about 90 pages of content.
- You’re head down, working on a new project and one of your dependencies still doesn’t support Python 3 - argh! Here’s a quick guide on how to solve that problem, step by step.
- Step 0: Check that nobody else has solved this
- Step 1: Fork it
- Step 2: Print statements
- Step 3: Tests
- Static Analysis: modernize
- Step 4: Update setup.py
- Step 5: Install it into your original project
- Step 6: Raise a pull request
- Step 7: 3 months later?
Brian #3: Elements of Python Style - Andrew Montalenti
- More than PEP8, and opinionated.
- I admire the effort, and I may at some point fork it to remove/fix the few things I disagree with and to be able to use it as a style guide for my team.
- Great: most of it.
- Use parens for continuation
- Use with for files and locks
- May need tweaking
- Avoid custom exceptions
- I’d prefer, “Add one custom base exception, and build specific exceptions off of that”.
- This may be a controversial point, or I may be just confused about conventional practice here
- As with any style guide, more detail brings more controversy.
- Michael: I like this guidance: You can also choose to use CamelCase for things that are class-like but not quite classes -- the main benefit of CamelCase is calling attention to something as a "global noun", rather than a local label or a verb. Notice that Python names True, False, and None use CamelCase even though they are not classes.
- Reddit post about my tweet (wow)
- 537 upvotes, 71 comments
- Test it yourself: background = “Python 3 was released December 3, 2008 ” + \ “Its original working name was Python 3000” release = datetime.date(year=2008, month=12, day=3) today = datetime.date(year=2017, month=2, day=19) (today - release).days # → 3000
- Via @cclauss Christian Clauss
Brian #5: From beginner to pro: Python books, videos and resources
- Bob Belderbos and Julian Sequeira
- Reddit thread: https://redd.it/5sjt3l
- Post: http://pybit.es/python-resources.html
- “a list of useful Python resources to boost up your skills”
- Some very nice podcasts listed in “other resources”
Michael #6: mongoaudit
- mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing.
- pip install mongoaudit
- Tests things like:
- MongoDB listens on a port different to default one
- Server only accepts connections from whitelisted hosts / networks
- MongoDB HTTP status interface is not accessible on port 28017
- MongoDB is not exposing its version number
- MongoDB version is newer than 2.4
- TLS/SSL encryption is enabled
- Authentication is enabled
- SCRAM-SHA-1 authentication method is enabled
- Roles granted to the user only permit CRUD operations
- The user has permissions over a single database
- Various security vulnerabilities
- From Michael: MongoDB is awesome. But please make sure at least one of the following is true.
- You only listen on local loopback (127.0.0.1) and run mongo on the web server
- You run mongodb with authentication enabled (it’s off by default)
- You run mongodb with SSL enabled (may be off by default too)
What else? Launched my course at https://bit.ly/python-rest-course