Brought to you by Michael and Brian - take a Talk Python course or get Brian's pytest book

#158: There's a bounty on your open-source bugs!

Published Wed, Nov 27, 2019, recorded Wed, Nov 20, 2019

This episode is sponsored by DigitalOcean -

Brian #1: Python already replaced Excel in banking

  • “If you wanted to prove your mettle as an entry-level banker or trader it used to be the case that you had to know all about financial modeling in Excel. Not any more. These days it's all about Python, especially on the trading floor.
  • "Python already replaced Excel," said Matthew Hampson, deputy chief digital officer at Nomura, speaking at last Friday's Quant Conference in London. "You can already walk across the trading floor and see people writing Python will become much more common in the next three to four years."

Michael #2: GitHub launches 'Security Lab' to help secure open source ecosystem

  • At the GitHub Universe developer conference, GitHub announced the launch of a new community program called Security Lab
  • GitHub says Security Lab founding members have found, reported, and helped fix more than 100 security flaws already.
  • Other organizations, as well as individual security researchers, can also join. A bug bounty program with rewards of up to $3,000 is also available, to compensate bug hunters for the time they put into searching for vulnerabilities in open source projects.
  • Bug reports must contain a CodeQL query. CodeQL is a new open source tool that GitHub released today; a semantic code analysis engine that was designed to find different versions of the same vulnerability across vasts swaths of code.
  • Starting today automated security updates are generally available and have been rolled out to every active repository with security alerts enabled.
  • Once a security flaw is fixed, the project owner can publish the security, and GitHub will warn all upstream project owners who are using vulnerable versions of the original maintainer's code.
  • But before publishing a security advisory, project owners can also request and receive a CVE number for their project's vulnerability directly from GitHub.
  • And last, but not least, GitHub also updated Token Scanning, its in-house service that can scan users' projects for API keys and tokens that have been accidentally left inside their source code.

Brian #3: now has some test challenges

Michael #4: pyhttptest - a command-line tool for HTTP tests over RESTful APIs

  • via Florian Dahlitz
  • A command-line tool for HTTP tests over RESTful APIs
  • Tired of writing test scripts against your RESTFul APIs anytime? Describe an HTTP Requests test cases in a simplest and widely used format JSON within a file. Run one command and gain a summary report.
  • Example
          "name": "TEST: List all users",
          "verb": "GET",
          "endpoint": "users",
          "host": "",
          "headers": {
            "Accept-Language": "en-US"
          "query_string": {
            "limit": 5

Brian #5: xarray

  • suggested by Guido Imperiale
  • xarray is a mature library that builds on top of numpy, pandas and dask to offer arrays that are
    • n-dimensional (numpy and dask do it, but pandas doesn't)
    • self-described and indexed (pandas does it, but numpy and dask don't)
    • out-of-memory, multi-threaded, and cloud-distributed (dask does it, but numpy and pandas don't).
  • Additionally, xarray can semi-transparently swap numpy with other backends, such as sparse , while retaining the same API.

Michael #6: Animated SVG Terminals

  • Florian Dahlitz
  • termtosvg is a Unix terminal recorder written in Python that renders your command line sessions as standalone SVG animations.
  • Features:
    • Produce lightweight and clean looking animations or still frames embeddable on a project page
    • Custom color themes, terminal UI and animation controls via user-defined SVG templates
    • Rendering of recordings in asciicast format made with asciinema
  • Examples:


  • pytest 5.3.0 released, please read changelog if you use pytest, especially if you use it with CI and depend on --junitxml, as they have changed the format to a newer version.



  • What do you get when you put root beer in a square glass? Beer.

  • Q: What do you call optimistic front-end developers?

  • A: Stack half-full developers.

  • Also, I was going to tell a version control joke, but they are only funny if you git them.

Want to go deeper? Check our projects