#228: Supreme Court decides API copyright battle

Published Wed, Apr 7, 2021, recorded Wed, Apr 7, 2021

Watch the live stream:

Play on YouTube

Watch the live stream replay

About the show

Sponsored by us! Support our work through:

Special guest

Brian #1: How to make an awesome Python package in 2021

Anton Zhiyanov, @ohmypy
Also thanks John Mitchell, @JohnTellsAll for posting about it.
Great writing taking you through everything in a sane order.
- Stubbing a project
- with just .gitignore and a directory with a stub __init__.py.
- Test packaging and publishing
- use flit init to create initial pyproject.toml
- set up your ~/.pypirc file
- publish to the test repo
- Make the real thing
- make an implementation
- publish
- Extras
- Adding README.md & CHANGELOG.md and updating pyproject.toml to include README.md and a Python version selector.
- Adding linting and testing with pytest, tox, coverage, and others
- Building in the cloud with GH Actions, Codecov, Code Climate
- Adding badges
- Task automation with a Makefile
- Publishing to PyPI from a GH Action
Missing (but possibly obvious):
- GitHub project
- Checking your project name on PyPI early
Super grateful for:
- Do all of this early in the project
- Using flit publish --repository pypitest and spelling out how to set up a ~/.pypirc file.
- Start to finish workflow
- Example project with all filled out project files

Michael #2: Kubestriker Kubestriker performs numerous in depth checks on kubernetes infra to identify the security misconfigurations

Focuses on running in production and at scale.
kubestriker is Platform agnostic and works equally well across more than one platform such as self hosted kubernetes, Amazon EKS, Azure AKS, Google GKE etc.
Current Capabilities
- Scans Self Managed and cloud provider managed kubernetes infra
- Reconnaissance phase checks for various services or open ports
- Performs automated scans incase of insecure, readwrite or readonly services are enabled
- Performs both authenticated scans and unauthenticated scans
- Scans for wide range of IAM Misconfigurations in the cluster
- Scans for wide range of Misconfigured containers
- Scans for wide range of Misconfigured Pod Security Policies
- Scans for wide range of Misconfigured Network policies
- Scans the privileges of a subject in the cluster
- Run commands on the containers and streams back the output
- Provides the endpoints of the misconfigured services
- Provides possible privilege escalation details
- Elaborative report with detailed explanation

Guy #3: wasmtime

WebAssembly runtime with support for:
- Python, Rust, C, Go, .NET
- Documentation here: https://docs.wasmtime.dev/
Supports WASI (Web Assembly System Interface):
- WASI supports IO operations—it does for WebAssembly what Node.js did for JavaScript

Brian #4: Depend-a-lot-bot

Anthony Shaw, @anthonypjshaw
A bot for GitHub that automatically approves + merges PRs from dependabot and PyUp.io when they meet certain criteria:
- All the checks are passing
- The package is on a safe-list (see configuration)
Example picture shows an auto approval and merge of a tox version update, showing “This PR looks good to merge automatically because tox is on the save-list for this repository”.
Configuration in a .yml file. I learned recently that most programming jobs that can be automated eventually devolve into configuring a yml file.

Michael #5: Supreme Court sides with Google in API copyright battle with Oracle

The Supreme Court has sided with Google in its decade-long legal battle with Oracle over the copyright status of application programming interfaces.
The ruling means that Google will not owe Oracle billions of dollars in damages. It also has big implications for the broader software industry
The ruling heads off an expected wave of lawsuits over API copyrights.
The case dates back to the creation of the Android platform in the mid-2000s.
Google independently implemented the Java API methods, but to ensure compatibility, it copied Java's method names, argument types, and the class and package hierarchy.
Over a decade of litigation, Google won twice at the trial court level, but each time, the ruling was overruled by the Federal Circuit appeals court. The case finally reached the Supreme Court last year.
Writing for a six-justice majority, Justice Stephen Breyer held that Google's copying of the Java API calls was permissible under copyright's fair use doctrine.