WEBVTT 00:00:00.001 --> 00:00:03.900 Hey there, thanks for listening. Before we jump into this episode, I just want to remind you 00:00:03.900 --> 00:00:09.780 that this episode is brought to you by us over at Talk Python Training and Brian through his pytest 00:00:09.780 --> 00:00:15.060 book. So if you want to get hands-on and learn something with Python, be sure to consider our 00:00:15.060 --> 00:00:22.240 courses over at Talk Python Training. Visit them via pythonbytes.fm/courses. And if you're 00:00:22.240 --> 00:00:27.840 looking to do testing and get better with pytest, check out Brian's book at pythonbytes.fm slash 00:00:27.840 --> 00:00:33.240 pytest. Enjoy the episode. Hello and welcome to Python Bytes, where we deliver Python news and 00:00:33.240 --> 00:00:41.080 headlines directly to your earbuds. This is episode 264, recorded December 22nd, 2021. I'm 00:00:41.080 --> 00:00:46.680 Michael Kennedy. And I'm Brian Okken. And I am Kim van Veek. Kim, welcome. You've been on Talk Python 00:00:46.680 --> 00:00:51.000 before, but not here. Yeah, that's right. I've done a couple of TalkBythons with you, including the one 00:00:51.000 --> 00:00:56.200 where you bravely submitted yourself to questions from your audience. The other one, I've taught them 00:00:56.200 --> 00:00:58.920 some small tools. So that was very good fun. I'm very much looking forward to this one as well. 00:00:58.920 --> 00:01:03.920 You know, both episodes you were on were super popular. One was about little automation tools 00:01:03.920 --> 00:01:08.340 and just cool stuff that people can pick up and use easily there. And that was great. And the Ask Me 00:01:08.340 --> 00:01:12.000 Anything was surprisingly one of the more popular episodes as well. So thank you for being part of 00:01:12.000 --> 00:01:18.780 that. And you've been part of the audience. For sure, you've offered comments and feedback as we do the 00:01:18.780 --> 00:01:25.320 live show. And so yeah, to be honest. Yeah. Yeah. But now here you are on stage. Thank you for being 00:01:25.320 --> 00:01:27.540 here. Tell people a bit about yourself before we get started. 00:01:27.540 --> 00:01:33.660 Sure. I am a DevOps engineer at the moment. And also move engineering based in South Africa, 00:01:33.660 --> 00:01:40.020 working with a home loan provider, a mortgage provider in the American sense. I've been probably 00:01:40.020 --> 00:01:45.180 doing Python for close on 20 years. So the fact that I've shaved means you can't see the gray beard, 00:01:45.180 --> 00:01:49.760 but I've been around for a while. That's a great beard. We're going to come back for some good 00:01:49.760 --> 00:01:54.140 jokes at the end about this as well. Not your beard, but just beards in general. 00:01:54.140 --> 00:02:00.020 Oh, great. Awesome. That sounds like really fun stuff. So yeah, thanks. Thanks for being here. 00:02:00.020 --> 00:02:05.440 Now, before we actually get into the main content of the show, Brian, I want to do something just a 00:02:05.440 --> 00:02:12.340 little bit meta. So I went and pulled up or created a question error for people. When we first created 00:02:12.340 --> 00:02:16.040 Python bytes, we're like, all right, it's 20 minutes. The time of this episode is going to 00:02:16.040 --> 00:02:19.880 be 20 minutes. So we're just going to like knock it out you and me real quick. And I think it's grown 00:02:19.880 --> 00:02:25.120 a little bit. We've done, we cover a little bit more detail. We've added a joke. We've added a 00:02:25.120 --> 00:02:31.300 few like little extra things. we brought on guests like Kim and is that, is that still in line 00:02:31.300 --> 00:02:36.140 with what people want when they signed up? So I put together a questionnaire here that just 00:02:36.140 --> 00:02:40.920 asked three simple questions. And I'd really appreciate if listeners could go to the show notes and just 00:02:40.920 --> 00:02:45.240 click, on the link that says this three questionnaire, three question, Google form, 00:02:45.240 --> 00:02:48.720 or, you know, find it on our Twitter account or wherever, but should be in your podcast player 00:02:48.720 --> 00:02:52.540 show notes right near the top. And they can just click that and fill it out and give us some quick 00:02:52.540 --> 00:02:58.180 feedback on idea of having a guest on the link, the show and so on. So anything you want to add 00:02:58.180 --> 00:03:00.860 about that, Brian, just, you know, encourage people to give us feedback so we know. 00:03:00.860 --> 00:03:05.400 Yeah. I'd love to hear feedback because sometimes we feel a little guilty that we're running long, 00:03:05.480 --> 00:03:10.940 but I enjoy the, a little bit more in-depth conversation. We still don't go super deep, 00:03:10.940 --> 00:03:17.440 but I think it's a good, well, I, I, I'm, I'm, I'm flavoring the survey though. So 00:03:17.440 --> 00:03:20.740 forget what I said now. I'd love to hear feedback of what people think. 00:03:20.740 --> 00:03:24.640 Yeah, absolutely. Yeah. So people can give us feedback there. We'd really appreciate it. 00:03:24.640 --> 00:03:29.320 The way people seem to be feeling so far as they, they kind of liked the link. They definitely like 00:03:29.320 --> 00:03:33.880 the guest format. so you're welcome here, Kim, this according to listeners, fantastic. 00:03:33.880 --> 00:03:38.440 Thank you. but yeah, I think, I think people are generally liking, but still like, let's just 00:03:38.440 --> 00:03:42.700 hear from everyone because I'm happy if, if a bunch of the people not in it, you're like, no, 00:03:42.700 --> 00:03:47.680 we really want no more than 20 minutes. And my going on about this is actually making it still longer 00:03:47.680 --> 00:03:53.460 than, then it'd be great to know. Right. So, so we'll go from there. And with that, you know, 00:03:53.460 --> 00:03:59.160 let's, let's play a game. Jump in the first topic. Yeah. I want to talk about Jupyter games and this, 00:03:59.160 --> 00:04:06.740 the idea around, this is, I Python canvas or I pie canvas with box 2d. I'll get a little bit 00:04:06.740 --> 00:04:13.900 more into it, but the gist is, making, making video games and small video games is one of the 00:04:13.900 --> 00:04:19.400 ways that a lot of us, started programming. I know that was the, that was the case for me. 00:04:19.400 --> 00:04:25.680 and there, there were not difficult games, but it was difficult enough. these 2d sort of 2d 00:04:25.680 --> 00:04:31.060 engines and this, some of that's lacking. And I haven't seen that in Jupyter before. And Jupyter 00:04:31.060 --> 00:04:37.040 is an excellent platform for, for a lot of things, especially teaching with, with people 00:04:37.040 --> 00:04:41.260 that don't have computers, if they use an iPad or something like that. So often they can still get 00:04:41.260 --> 00:04:48.720 access to, Jupyter through hosted systems. so this is, Jupyter, this article talks about, 00:04:48.720 --> 00:04:58.620 uh, writing, 2d games and mostly it's a 2d physics engine around, a library called box 2d, 00:04:58.620 --> 00:05:04.040 which is a, a C C++ type engine, but it's something that you can access through Python. 00:05:04.040 --> 00:05:08.580 And the author, yeah, the author, those kinds of physics stuff, you know, when people think of games, 00:05:08.580 --> 00:05:14.260 they think of, Oh, here's what I got to do to get the picture on the screen. Oh, that's just to start. 00:05:14.260 --> 00:05:18.700 Like you need physics, you need collisions. There's like so much stuff that also gets done. 00:05:18.700 --> 00:05:23.640 So this is really cool. Yeah. Things like physics and gravity and collision detection and, 00:05:23.640 --> 00:05:29.320 and, like the examples on this page are great, but the person that wrote it is, 00:05:29.320 --> 00:05:36.940 Torsten beer. And he's one of the, I think he's, he's got a library called PI B2d, which is, 00:05:36.940 --> 00:05:45.260 one of two different, Python accesses to this, this, this box 2d system, but it's pretty 00:05:45.260 --> 00:05:51.020 cool. The, one of the things I like about this article is that talk, it has like lots of pretty 00:05:51.020 --> 00:05:57.520 examples, but game physics engines are, even if they're built for games, they can also be used for 00:05:57.520 --> 00:06:05.120 things like, like, an engine simulation or even like airflow simulations. So there's a lot of 00:06:05.120 --> 00:06:11.720 cool uses for this too, that are outside of games. but the one thing, incredible things is how 00:06:11.720 --> 00:06:18.700 small the programs can be. So, the, this, this article has a, a contained, like an attached 00:06:18.700 --> 00:06:26.100 notebook hosted notebook that, has things like angry shapes, which is like angry birds and a rocket 00:06:26.100 --> 00:06:31.420 game. And there's a color mixing game, which I was just fascinated by. There's like a bunch of colors 00:06:31.420 --> 00:06:36.680 drop into it. It isn't on the, it isn't listed on the, article, but if you go to the example, 00:06:36.680 --> 00:06:43.980 it's kind of color mixing thing. and it's, it's only like 70 lines of code. And, and with that, 00:06:43.980 --> 00:06:50.160 you can have some, some amazing, physics examples. And I'm pretty excited about this actually. So 00:06:50.160 --> 00:06:55.240 I'd like to do, you know, I think this makes a lot of sense in the notebook form, 00:06:55.240 --> 00:07:00.100 because you're trying to visualize certain things and sometimes graphs are fine, but other times 00:07:00.100 --> 00:07:06.440 they just don't capture like flow and that kind of stuff. And it seems like game animation would be 00:07:06.440 --> 00:07:10.300 great. Kim, what do you think? I was also going to say, if you can get something very impressive 00:07:10.300 --> 00:07:15.020 done in 70 lines of code as a learning tool, that's brilliant because that's effectively a screen of 00:07:15.020 --> 00:07:19.560 code. Yeah. Otherwise, you'd be looking at, if you're looking at hundreds and hundreds of lines, 00:07:19.560 --> 00:07:23.680 you know, if you're a seasoned developer, that's perfectly reasonable, but to a new person that 00:07:23.680 --> 00:07:27.840 must look overwhelming. Yeah. Yeah. If you can fit a single screen and say, here is it, 00:07:27.840 --> 00:07:32.020 this is everything you need to make this thing work. And it's quite a powerful tool. And it looks 00:07:32.020 --> 00:07:36.200 like a lot of fun, actually. It does look fun. Yeah. And so there's some interesting, 00:07:36.200 --> 00:07:41.680 the article talks about some interesting, hoops. He had to jump through using, IPy events and I, 00:07:41.680 --> 00:07:49.520 IPy widgets and canvas to be able to draw things and get, events from people. But, 00:07:49.520 --> 00:07:54.420 it's just some fun stuff. Here's like the, I'm sure we're showing on the screen, the, 00:07:54.420 --> 00:08:01.620 thing like angry birds. and to be honest, like the play ability of it isn't maybe like, 00:08:01.620 --> 00:08:06.280 it's not on the level of what, you know, playing an Xbox or something like that. Obviously you 00:08:06.280 --> 00:08:12.180 probably won't hook up a controller and do it. Yeah. But, that you can do something like this 00:08:12.180 --> 00:08:16.940 so quickly is pretty amazing. So I, and also on the other hand, if you write, once you write it 00:08:16.940 --> 00:08:21.020 yourself, the playability actually doesn't matter that much. I think it's looking at interacting 00:08:21.020 --> 00:08:26.220 with the thing you wrote. I think that, yeah. Yeah. I love it. This is really cool. Nice find, 00:08:26.220 --> 00:08:32.720 Brian. All right. Let me tell you about some really interesting cybersecurity side of things. 00:08:32.720 --> 00:08:38.320 So I'm going to first tell you about this thing called a thinkst canary, but that's not actually 00:08:38.320 --> 00:08:43.340 what I want to talk about. It's just to set the stage. Okay. So here's, a challenge, 00:08:43.340 --> 00:08:48.540 something that always stresses me out is what if somebody was to break into your app, 00:08:48.540 --> 00:08:54.300 into your systems, into your cloud infrastructure or whatever, how would you know, right? Like what, 00:08:54.300 --> 00:08:58.160 what would be the indicator, right? If long, if they don't trash it, they don't, you know, 00:08:58.160 --> 00:09:04.320 lock it with a crypto lockers or anything like that ransomware, then they, they could just cruise 00:09:04.320 --> 00:09:10.340 around there. Right. So this company thinks canary, created this, I think you can put it in 00:09:10.340 --> 00:09:15.140 the cloud as like a hosted container type thing, or you can get like a little raspberry pie, like 00:09:15.140 --> 00:09:19.120 things and put them physically on your network. If you had a physical network and you could say, 00:09:19.120 --> 00:09:24.880 you act like a SQL server, you act like an exchange server. You, if somebody tries to search the network 00:09:24.880 --> 00:09:29.100 and says, show me all the active directories, you'd be that maybe we're not even using active directory 00:09:29.100 --> 00:09:33.620 because we're not on windows. But if somebody breaks in, they may well start looking for those 00:09:33.620 --> 00:09:37.940 types of things. And what they'll do is they'll trigger alarms. If somebody tries to interact with 00:09:37.940 --> 00:09:42.100 them and normal things shouldn't, because only if you're like trolling around looking for them, 00:09:42.100 --> 00:09:47.180 should it be discovered? Right. So that's what this is. And with this whole log for shell stuff 00:09:47.180 --> 00:09:52.340 that's going on, it's just such a nightmare of like, well, we installed this app that did 00:09:52.340 --> 00:09:57.560 invoice management for us. Did it have a log for shell vulnerability? I don't know. Maybe they said 00:09:57.560 --> 00:10:02.120 they fixed it. And, but if somebody gets in, it's not just, we have to patch the log for shell 00:10:02.120 --> 00:10:07.840 or the log for j version. We've also got to then know what else has been run because they could have 00:10:07.840 --> 00:10:13.120 installed whatever. Right. Yeah. So the thing I actually want to recommend to Python people is this 00:10:13.120 --> 00:10:18.920 thing called canary tokens. So check this out. This is fantastic. So what you can do is you can get 00:10:18.920 --> 00:10:24.600 different things that will then trigger alarms like emails or other sorts of stuff to you. So I can 00:10:24.600 --> 00:10:30.860 come over here and I can say, I would like to get a URL. And if anybody visits that URL, send me an 00:10:30.860 --> 00:10:35.260 email and say, you know, whatever message I put in here. So I could come in and say, here's a URL and 00:10:35.260 --> 00:10:44.460 send me at Michael at talk Python for my email and say, this is hidden in the admin section unused or 00:10:44.460 --> 00:10:49.020 something like that. If somebody sends me an email, if I get that email, somebody's gone in and click 00:10:49.020 --> 00:10:53.280 that link in the admin section of my site. And if I didn't, it gives you like IP address and all that 00:10:53.280 --> 00:10:59.220 sort of stuff of what comes back. So if I didn't do it, or it looks like an unknown IP, that should be 00:10:59.220 --> 00:11:05.780 highly concerning. Right. So what else that URL is interesting. I can get a DNS token. Somebody requests, 00:11:05.780 --> 00:11:13.840 like does a DNS look up on rollouts.pythonbytes.fm. I can get an alert to that. That'd be pretty 00:11:13.840 --> 00:11:20.360 interesting. A unique email address. If somebody ever tries to contact that, a Word document. So 00:11:20.360 --> 00:11:24.140 you get like a Word document and put it in say like SharePoint or something dreadful like that. 00:11:24.140 --> 00:11:30.880 And if it gets opened, you'll get an email that somebody got that. Let's see, you've got VPN 00:11:30.880 --> 00:11:36.720 wire guards file, you can create a custom EXE. And if somebody runs your EXE or a SQL server instance, 00:11:36.720 --> 00:11:44.600 or you can even do like directly a log for shell link that will run. So if you are trying to like 00:11:44.600 --> 00:11:48.380 figure out, just put stuff in there to let you know if somebody gets into a part they're not supposed to 00:11:48.380 --> 00:11:52.820 be in, like, this is really cool. There's no, it's free. It doesn't cost anything. It doesn't require 00:11:52.820 --> 00:11:57.620 any setup. Like put a Word document in a folder. If it gets opened, let us know. What do you think? 00:11:57.620 --> 00:12:02.760 Well, I was going to say, I've been looking for ways to do exactly this kind of thing because 00:12:02.760 --> 00:12:08.620 you know, it's hardly unique in being concerned that log for shell has got impacts that I don't, 00:12:08.620 --> 00:12:13.060 that I can't see on our systems. Just because your public facing systems happen not to have used log 00:12:13.060 --> 00:12:16.880 for shell things doesn't mean that you're necessarily safe. All it means is that, you know, 00:12:16.880 --> 00:12:20.840 if some other, by some other means, somebody's got into one of your internal systems, 00:12:20.840 --> 00:12:27.000 wouldn't necessarily know that. So I'm very much interested in this. I knew about canaries 00:12:27.000 --> 00:12:33.440 already. I think happened to sponsor the local South African PyCon ZA conference. But canary 00:12:33.440 --> 00:12:38.760 tokens are a very funky additional add-on to that. Exactly. I knew about the canaries as well. I'm 00:12:38.760 --> 00:12:41.980 like, ah, but that doesn't really apply to the world that I live in. I'm not like an enterprise. 00:12:41.980 --> 00:12:46.040 But like this, these make a lot of sense. And they're free, which I think is cool. Yeah. 00:12:46.040 --> 00:12:52.960 Here's what it looks like if you get a notice. It says, this is the email I got. Your canary token 00:12:52.960 --> 00:12:58.920 was triggered. The channel was HTTP. The token was that. This is a test, the IP address of the person. 00:12:58.920 --> 00:13:03.720 So this was one of those URLs. If somebody interacts with this URL, let me know. Here's their user agent. 00:13:03.720 --> 00:13:08.100 Here's the message. There's the IP and so on. So you would just get a notice like that that says 00:13:08.100 --> 00:13:12.240 somebody clicked on something they shouldn't have had access to. Yeah. So anyway, pretty neat. 00:13:12.780 --> 00:13:18.740 Brian? Yeah. I'm not sure. Yeah. It's actually pretty cool. Some of the things I didn't think 00:13:18.740 --> 00:13:25.420 you could, I wouldn't even expect, like somebody cloning your website. I didn't know that was a 00:13:25.420 --> 00:13:31.280 thing. I'm scared now, to be honest. I didn't realize that was something I should be worrying about. 00:13:31.280 --> 00:13:37.600 Get an alert when a MySQL dump is loaded. Like, okay. Like how does that happen? I don't know, 00:13:37.660 --> 00:13:42.960 but that's pretty awesome that it's possible and also frightening. Yeah. Yeah. And Sam out in the 00:13:42.960 --> 00:13:48.780 audience says, ironically, the log for shell might have its own vulnerabilities. You know, that thing's 00:13:48.780 --> 00:13:53.020 been patched a couple of times. It's going to be a big, big problem. Anyway, canary tokens. I think 00:13:53.020 --> 00:13:58.640 this is broadly useful for Python people. You could put the URL stuff inside of your app. You could put an 00:13:58.640 --> 00:14:05.240 email inside of locations. There's lots of stuff that I, like this, the database restore type things and so 00:14:05.240 --> 00:14:10.740 on this, this looks useful. Yeah. So I'm still a little lost. You throw this, like for instance, 00:14:10.740 --> 00:14:15.080 like you said, in the admin section that you shouldn't be using and you just know about it. 00:14:15.080 --> 00:14:19.940 So you don't click it or something. Yeah. So imagine this, imagine you've got in your admin section, 00:14:19.940 --> 00:14:24.380 you've got a, like a search for user button. And then next to it, you could just put a, 00:14:24.380 --> 00:14:31.520 an export all data. Yeah. And then put one of these URLs at the end point at, and nobody who works, 00:14:31.520 --> 00:14:34.520 you just tell everyone never click the export all data. It doesn't do anything. 00:14:34.520 --> 00:14:37.260 But if someone were to break in, what's the first thing they're going to want? Oh, 00:14:37.260 --> 00:14:40.100 let's get the export all data. Boom. They'll go click it and you'll know. 00:14:40.100 --> 00:14:46.260 They're still in, it's bad, but at least they're not in and just have an unlimited time to be in, 00:14:46.260 --> 00:14:50.440 you know? Yeah. You can put some other stuff too. Like let's say you've got a Django website and you 00:14:50.440 --> 00:14:57.420 stick, you load a, like a PHP admin page or something like that. Just at the same URL in case 00:14:57.420 --> 00:15:02.160 somebody's trying to grab that or something. Yep. Yeah. A lot of, a lot of interesting little 00:15:02.160 --> 00:15:06.680 breadcrumbs you can leave in there. Okay. Kim, that brings us to yours. 00:15:06.680 --> 00:15:13.360 Sure. The first topic I was going to talk about are actually two similar, but not quite the same 00:15:13.360 --> 00:15:21.100 pieces of software by Pi Auto GUI and Pi Win Auto are both toolkits for automating GUIs, 00:15:21.100 --> 00:15:25.000 effectively, well, automating GUIs for interacting programmatically with GUIs. 00:15:25.340 --> 00:15:29.000 Pi Win Auto. Which is normally really hard, right? Hey, before you go on, before you go on, 00:15:29.000 --> 00:15:30.720 could you give that like three control pluses? 00:15:30.720 --> 00:15:34.240 Sure. Sorry. I just see now it's a little bit on the small side. 00:15:34.240 --> 00:15:36.180 Thanks. How's that? A little more. 00:15:36.180 --> 00:15:38.680 Space to play with. There you go. Fair enough. 00:15:38.680 --> 00:15:43.080 Well, let me just, while I remember, do it to this one as well. They both happen to be read the docs 00:15:43.080 --> 00:15:47.120 documents. So you're quite right. The programmatically controlling a GUI, 00:15:47.200 --> 00:15:53.500 it can be quite a pain, particularly for GUIs that aren't particularly easy to understand. 00:15:53.500 --> 00:15:58.500 And the reason I bring tools like this up is that there's quite a lot of use cases. I can 00:15:58.500 --> 00:16:02.240 think of two examples at the top of my own career, and I'm sure there's hundreds more, 00:16:02.240 --> 00:16:05.940 where this kind of thing is useful and you might not know it's something you can do. 00:16:05.940 --> 00:16:11.880 And the kind of examples I'm thinking of are particularly in, I'm sure, much enterprise and 00:16:11.880 --> 00:16:17.340 in industrial software, when you get a piece of equipment, you frequently get a GUI tool that 00:16:17.340 --> 00:16:22.700 accompanies it. Probably no API, right? Well, no API whatsoever. There's a tool you fire up and you 00:16:22.700 --> 00:16:26.860 set all the settings, but because the company that supplied you the piece of equipment, they don't 00:16:26.860 --> 00:16:32.180 write software. It's not their thing. They either outsource the tool or the intern writes it. And it 00:16:32.180 --> 00:16:38.640 has 50 checkboxes and laid out in grid form, and you need to set it up every single time you want to 00:16:38.640 --> 00:16:42.040 use that piece of software. There's no ability to remember what you set. There's nothing to do. 00:16:42.040 --> 00:16:46.220 And I've worked with a couple of those systems, and I see, Brian, I think you probably have as well, 00:16:46.220 --> 00:16:50.660 where basically there's a piece of paper next to the computer the software is on with a screen print 00:16:50.660 --> 00:16:54.620 of what the settings should be so that the poor sucker has to come down and use it, knows which 00:16:54.620 --> 00:16:58.220 of the 50 tick boxes to check. And then they have to check that the pattern effectively matches on 00:16:58.220 --> 00:17:04.900 screen, and then they hit run. And something like PyAuto GUI or PyAuto are both useful so that you can 00:17:04.900 --> 00:17:09.840 effectively script the startup of that app. And you can say to, you write a small piece of Python that fires 00:17:09.840 --> 00:17:16.200 this tool up, identifies all the checkboxes, ticks the ones you programmed in, and then either leaves it for the 00:17:16.200 --> 00:17:20.380 human to push go or whatever it is the app does, or for that matter, pushes go itself and then closes the app and 00:17:20.380 --> 00:17:25.940 records that it did that. So that kind of use case is very powerful. And I think there are lots of cases, 00:17:25.940 --> 00:17:31.680 particularly in enterprise software, or internal software that, you know, somebody wrote for the company that does 00:17:31.680 --> 00:17:35.680 something very useful, but it's been around for 20 years. And the guy who wrote it is not around. 00:17:35.680 --> 00:17:41.320 Nobody wants to touch it because the source is terrifying. So nobody's going to sit down and change it. 00:17:41.320 --> 00:17:43.820 How do you even get that Visual Basic 6 or Visual Basic 5 installing it? 00:17:43.820 --> 00:17:49.880 Well, exactly. How do you even compile it now? Exactly. So to be able to wrap it is a very powerful 00:17:49.880 --> 00:17:54.520 thing to be able to do. And the other kind of use case that's somewhat related, it also comes to mind, 00:17:54.620 --> 00:18:00.040 is I've spent a large amount of my career doing industrial automation, factory-based type work. 00:18:00.040 --> 00:18:05.120 And there, the faster you can go and the fewer bits of, the fewer steps you need a human to repeatedly 00:18:05.120 --> 00:18:09.900 do, the better for you in many ways, that the human's time is best spent actually manipulating 00:18:09.900 --> 00:18:13.780 objects and checking things rather than opening pieces of software and clicking boxes and closing 00:18:13.780 --> 00:18:20.100 them again. So yeah, quite frequently, we've had cases on the production line where the vendor of the 00:18:20.100 --> 00:18:24.500 chip we're using has supplied this tool that does some security related thing. And it's a GUI tool. 00:18:24.500 --> 00:18:28.620 And every single time you would have to open it up, you'd have to stick, click the same two boxes. 00:18:28.620 --> 00:18:32.940 They'd have to say, yes, secure this chip, close it again, repeat, wait for another one to arrive at 00:18:32.940 --> 00:18:37.720 your, at your workstation. And if you can automate it again with a wrapping tool, nobody need even be 00:18:37.720 --> 00:18:42.600 involved at all. Part of your production process is you wrap it, you fire up the tool, you click the two 00:18:42.600 --> 00:18:48.260 buttons programmatically, you hit go and you close it again and repeat. And again, I personally have 00:18:48.260 --> 00:18:52.560 encountered situations where that's useful and I'd like to, I would imagine I'm far from alone in it. 00:18:52.560 --> 00:18:57.800 So I just thought I'd mention these things do exist. I suspect lots of people do use them, 00:18:57.800 --> 00:19:01.860 but for people who don't know that they're very useful things to be able to do. You can wrapping, 00:19:01.860 --> 00:19:07.040 wrapping GUIs is, it's a bit tedious upfront because often these tools aren't very well written. 00:19:07.040 --> 00:19:13.400 So you'll have checkbox one, checkbox four, checkbox 27, checkbox 295, and no obvious naming 00:19:13.400 --> 00:19:18.120 consistency with what they do or how they work. But once you've figured it out, let the computer worry, 00:19:18.200 --> 00:19:20.400 let the script worry about what those checkboxes do. 00:19:20.400 --> 00:19:25.940 I've seen the backside of that code where you're like looking at some event handler and it's like, 00:19:25.940 --> 00:19:33.700 if checkbox 24.checked, then do this. Like what in the world? Like who didn't want to name this? 00:19:33.700 --> 00:19:36.000 Because they got a program against those names. That's insane. 00:19:36.000 --> 00:19:38.800 Well, they just do one at a time when you're working on it. 00:19:38.800 --> 00:19:39.480 Well, exactly it. Yeah. 00:19:39.480 --> 00:19:44.060 Yeah. So you're working on one feature and you go, oh, I need a checkbox. Oh, the default is 00:19:44.060 --> 00:19:49.760 checkbox 24. Then you look for the, you do the callback handling and you just, you just did it. 00:19:49.760 --> 00:19:50.900 So, you know, it's 24. 00:19:50.900 --> 00:19:53.820 Exactly. You don't want to bother changing it. That's cool. 00:19:53.820 --> 00:19:56.100 Brian, does this automation have a place in your world? 00:19:56.700 --> 00:20:02.260 Yeah. So there's, there's like, like, like Kim said, there's places where tools that, that don't 00:20:02.260 --> 00:20:07.540 necessarily have a user interface. The, the thing that this doesn't, I don't think these do like web 00:20:07.540 --> 00:20:10.020 stuff, the web automations, other tools. 00:20:10.020 --> 00:20:14.120 Well, I presume you could automate a browser, but I mean, by the time you're doing that, you might as 00:20:14.120 --> 00:20:16.800 well be using the tools designed for it. Yeah. 00:20:16.800 --> 00:20:22.360 Yeah. Selenium or something. What I, what I'd really hope is anybody that has any sort of tool 00:20:22.360 --> 00:20:28.100 that they're writing in, in on a web. So web frameworks often get internal tools get written 00:20:28.100 --> 00:20:34.460 with web frameworks and, and then people forget to throw IDs and things. So the best way to automate 00:20:34.460 --> 00:20:39.420 a web stuff is to have an ID that you can grab onto, but often they're just these, these nested 00:20:39.420 --> 00:20:45.160 div nightmares. But anyway, yeah, there's a couple of tools that we've used by win auto 00:20:45.160 --> 00:20:47.000 for that are, it's pretty nice. 00:20:47.000 --> 00:20:51.300 Yeah. Very nice. Yeah. It seems like if you're building a GUI app, you could test it with this 00:20:51.300 --> 00:20:56.520 right. Sort of full on integration tests from the outside. And also I was talking to somebody 00:20:56.520 --> 00:21:01.660 and they were like, well, this app that I work on, it doesn't have like a concept of a back button. 00:21:01.660 --> 00:21:05.760 So you drive, drive into the menu, hit a thing, go, and then it'll take you back home. 00:21:05.760 --> 00:21:08.940 It's like 10 steps. Right. I could definitely see. 00:21:09.360 --> 00:21:13.240 A little toolbar thing. You press a couple of buttons, like get me to this scenario and I'll 00:21:13.240 --> 00:21:17.740 put the last thing in, get me to that scenario. Like do the nine steps. I'll do the 10th. 00:21:17.740 --> 00:21:23.280 Exactly. Yeah. Yeah. In many ways, the way I've mainly encountered, it has been that the first 00:21:23.280 --> 00:21:27.740 scenario I laid out, not so much actually automating the full running of the tool, but setting the tool 00:21:27.740 --> 00:21:32.480 up so that it is in the right state for what the company needs without having somebody have to either 00:21:32.480 --> 00:21:36.420 consult a document and risk getting it wrong or not know which of the settings they should have, 00:21:36.420 --> 00:21:39.300 because that piece of paper isn't with the computer anymore or that kind of thing. 00:21:39.300 --> 00:21:43.180 It shouldn't happen, but it does. And it's much easier to have this kind of, to have the computer 00:21:43.180 --> 00:21:47.680 worry about what the settings should be. Ideally, the program should remember that, but if they 00:21:47.680 --> 00:21:49.680 don't, they don't. It's not much you can do to change that after the fact. 00:21:49.680 --> 00:21:53.180 It's like external intelligence for a bad app. That's right. 00:21:53.180 --> 00:22:01.500 Well, there's also like API stuff that people forget about. Like, I've got a device that I need to 00:22:01.500 --> 00:22:07.980 automate connecting it to Windows and getting the device set up or something every time I plug one in. 00:22:07.980 --> 00:22:13.060 And just automating that that works sometimes too. So anyway. 00:22:13.060 --> 00:22:15.820 Oh yeah. Absolutely. All right, Brian, over to you. 00:22:15.820 --> 00:22:16.940 Thanks. 00:22:16.940 --> 00:22:24.180 This, I saw this, Brett Cannon wrote an article called a reverse chronological, 00:22:24.180 --> 00:22:30.500 a reverse chronology of some Python features. And I really love this article. It's pretty simple. 00:22:30.980 --> 00:22:35.420 one of the things I like about it is just because we cover so much and we've been covering Python 00:22:35.420 --> 00:22:42.280 releases for quite a while. I kind of forget which releases got, I got which feature in. So a, 00:22:42.280 --> 00:22:48.020 a really brief, you know, rundown of some of the different features is, is nice. Like, 00:22:48.020 --> 00:22:52.960 like last week we were talking and saying, well, well, you're on, if you're on three, seven, 00:22:52.960 --> 00:22:56.840 why would you want to move forward? And I, you know, I can't remember which features in which, 00:22:56.840 --> 00:23:02.360 so having a quick bullet list, like, like in three 10, we got the match statement. 00:23:02.360 --> 00:23:06.380 Of course, we've talked about that recently, but also better, better error messages. 00:23:06.380 --> 00:23:13.880 And I'm going to pause a little bit. Brett brings up in the introduction discussion that if 00:23:13.880 --> 00:23:18.300 you're kind of one of those people that think Python's kind of getting bloated and they're 00:23:18.300 --> 00:23:22.620 throwing too much stuff in it. And I wish that we had the good old days where you could just think 00:23:22.620 --> 00:23:28.280 about all Python in your own head. well, you kind of throw everything out. If you, 00:23:28.280 --> 00:23:33.760 if he said he recommends going down this list and picking the first feature that you don't think you 00:23:33.760 --> 00:23:39.680 could live without. And, and everything before that led to that. So you can't throw that stuff 00:23:39.680 --> 00:23:45.160 out either. It all kind of goes together. And one of the examples is the match statement 00:23:45.160 --> 00:23:52.000 or the, what are they pattern matching that, that was sort of controversial, but the, 00:23:52.000 --> 00:23:58.300 the, the code to get that to work involved or the process involved, even like making a new, 00:23:58.300 --> 00:24:05.880 uh, parser for Python, or using a new parser for Python. And, but with that new parser, then 00:24:05.880 --> 00:24:12.620 things like better error messages are possible. So, if you like better error messages, which I do, 00:24:12.620 --> 00:24:18.240 that means three 10 and everything below kind of has to stay. but anyway, it's kind of funny. 00:24:18.240 --> 00:24:24.660 The moving on, I, like, I forgot what the dictionary support for, for like, or like 00:24:24.660 --> 00:24:31.460 the, the or and or equal, that came in in three nine. so if somebody's thinking, 00:24:31.460 --> 00:24:35.040 well, why should I upgrade? this is a good list to take a look at. 00:24:35.040 --> 00:24:39.560 Nice. All right. I did the little exercise. I've decided three, seven, three, seven for you. 00:24:39.560 --> 00:24:42.280 So what was the thing in three seven that you can't live without? 00:24:42.620 --> 00:24:48.700 So the dictionary preserving order stuff is really nice for like reading and writing files 00:24:48.700 --> 00:24:53.160 and making sure that they don't, diff hard. You know what I mean? Like if you try to like, 00:24:53.160 --> 00:24:56.880 so they're in the order, you put them there, all the other stuff I'm not hating on it. Like I like 00:24:56.880 --> 00:25:01.960 the walrus operator. I like some of the other things. I like the lowercase list bracket int 00:25:01.960 --> 00:25:05.960 rather than importing types. All those are great. I'm not knocking them. I just saying like, where would 00:25:05.960 --> 00:25:11.100 I go? Oh, this, it starts to hurt where it really starts to hurt for me at three, seven and below. 00:25:11.100 --> 00:25:17.000 Well, I was, I was trying to Jupyter, like Jupyter, an interactive Jupyter system the other day, 00:25:17.000 --> 00:25:21.580 looking at some data science stuff and it was already set up. And I tried to throw in this, 00:25:21.580 --> 00:25:28.900 the, the F string value equal thing to be able to quickly debug a item and it didn't work too soon. 00:25:28.900 --> 00:25:33.240 What the heck? And it turned out it was using three, seven and not three, eight. 00:25:33.240 --> 00:25:38.460 and apparently I'm very used to that. and I don't think I could live without it. but, 00:25:38.460 --> 00:25:44.080 and then, reminder also that, three 11 when it comes out in a year, it's, 00:25:44.080 --> 00:25:47.820 there's going to have a lot of speed ups. So yeah, if that comes up with a lot of the performance 00:25:47.820 --> 00:25:54.180 stuff, then like, that's my new number. If you forced me to roll back, I would refuse to go 00:25:54.180 --> 00:25:59.640 further than 3.6 because I must have those f-strings. Yeah. Yeah. Cause I basically it's so much, 00:25:59.640 --> 00:26:04.140 much that just make your code so much more attractive. That said, while I don't necessarily 00:26:04.140 --> 00:26:08.760 use everything that comes in the new versions, I don't particularly have any problem with them being 00:26:08.760 --> 00:26:13.620 there. I'm quite happy to just use the parser Python I want. And, what really happens to me is that I 00:26:13.620 --> 00:26:18.420 don't necessarily know I can do something until two versions later. I probably only started doing 00:26:18.420 --> 00:26:22.900 that value equals on 3.9, for example. Yeah. And mainly cause that's probably the first time I 00:26:22.900 --> 00:26:27.420 needed it more than anything else. Not, I don't particularly rush forward and use the new features 00:26:27.420 --> 00:26:30.720 when they're available, but I'm glad they're there when I do ultimately want them. Yeah. 00:26:30.720 --> 00:26:35.460 Three, six is an interesting example you bring up because, it's got f-strings. It's got a whole 00:26:35.460 --> 00:26:41.460 bunch of other stuff too, but really we can stop with f-strings. pretty much. Yeah. Yeah. Yeah. 00:26:41.460 --> 00:26:47.940 And then the debugging stuff, Sam and audience says, yes, F curly bracket name equals is 00:26:47.940 --> 00:26:51.860 indispensable for a debug. Oh yeah. I'm, I'm with him. As I say, I hadn't used it when it first became 00:26:51.860 --> 00:26:58.100 available, but I would really not want to not have it available now. Yeah. I'm a caveman print debugger. 00:26:58.100 --> 00:27:03.700 So yeah. Kim, I like your, your take on it. Like it's not going to hurt me if I don't care about it. 00:27:03.700 --> 00:27:09.140 I think one of the powers of Python is that you can be very successful with Python with a partial, 00:27:09.140 --> 00:27:14.580 quite partial understanding of what it even is. You don't need to know what a generator is, 00:27:14.580 --> 00:27:19.380 what a yield is like, what an expression is, what a class is, maybe not even how to create a function. 00:27:19.380 --> 00:27:23.540 Just, just write the code top to bottom and it'll probably still do something for you. 00:27:23.540 --> 00:27:27.060 And so you can sort of bring these in when it makes sense. 00:27:27.060 --> 00:27:32.180 Yeah. I would definitely still not teach match statements to beginners. It's unnecessary. 00:27:32.180 --> 00:27:36.660 No, so yeah, totally agree. Whereas I would use if strings, for example, 00:27:36.660 --> 00:27:40.260 for a beginner because it's just so much more readable than the other stuff is. But yeah, 00:27:40.260 --> 00:27:43.140 you're right. You don't have to magically, you don't have to use it all because it's there. 00:27:43.140 --> 00:27:47.460 Yeah. I'm sure there's people out there who feel like it's, I got to use it. It's here. 00:27:47.460 --> 00:27:50.660 But no, I agree with you. All right. How about we talk? 00:27:50.660 --> 00:27:52.980 I don't think I've ever written a wall-less operator, for example. Sorry. 00:27:52.980 --> 00:27:54.100 You're saying. Yeah. I actually, 00:27:54.100 --> 00:27:56.100 I actually took down a Talk Python 00:27:56.100 --> 00:28:00.980 website or the training website, one of them with the walrus operator, because I put the walrus operator 00:28:00.980 --> 00:28:07.220 in a utility script that's not actually used by the site, but the site scans all the files trying to 00:28:07.220 --> 00:28:12.980 figure out where the handlers, the view methods are. And it killed it because I forgot that this is way 00:28:12.980 --> 00:28:18.260 back when it was still running 37. So that was my first really, oh my gosh. But yeah, now I use it. 00:28:18.260 --> 00:28:22.980 It's good. All right. So I want to talk about something that I've actually personally been working on 00:28:22.980 --> 00:28:29.300 lately. This is a follow-up to a Talk Python episode I did where I interviewed Mike Baer, 00:28:29.300 --> 00:28:35.220 came on and did a great job, talked about SQLAlchemy 2 and so on. And I mentioned that, 00:28:35.220 --> 00:28:43.060 you know, just the way that Python's GC is set up is it's somewhat hostile to things like ORMs, 00:28:43.060 --> 00:28:49.380 where they have to create a bunch of objects and return them to you in one batch. And what do I mean 00:28:49.380 --> 00:28:54.100 by that? Well, if I'm going to do a query and it's going to return a thousand records, 00:28:54.100 --> 00:28:59.140 like the best case scenario is it has to create a thousand classes, SQLAlchemy models, and give 00:28:59.140 --> 00:29:04.180 them back, right? If I'm asking for them as a list. Well, the way the GC and Python works, 00:29:04.180 --> 00:29:09.780 not the reference counting, but the garbage collector is after 700 allocations of container types, 00:29:09.780 --> 00:29:16.100 classes, dictionaries, lists, et cetera, that do not get cleaned up 700 surviving over the cleanups 00:29:16.100 --> 00:29:20.340 over a period of time. That's going to trigger a garbage collection. And so I said, ah, you know, 00:29:20.340 --> 00:29:23.700 like, is there something you could do? Is there something we could like kind of think about with 00:29:23.700 --> 00:29:29.860 ORMs? This is not at all specific to SQLAlchemy. This is happens. I have an example here called 00:29:29.860 --> 00:29:35.940 Pythons GC and ORMs as a app and a little conversation on GitHub. And I said, is there something we maybe can 00:29:35.940 --> 00:29:40.260 do? Or have you guys thought about it? Because I don't really sure what the answer is. And said, 00:29:40.260 --> 00:29:46.180 not, not so much sure, but here, check this out. So I created this app. It creates a thousand records 00:29:46.180 --> 00:29:51.540 in both a SQLite database and a MongoDB database. So we have like two really different examples. 00:29:51.540 --> 00:29:55.060 And then you run a query that returns 20,000 records. It's probably a lot. 00:29:55.060 --> 00:29:58.180 Yeah. Just an estimate. You've been in next 100,000 records. 00:29:58.180 --> 00:30:03.060 Yeah. If I didn't say that a hundred thousand records in the database and it gets 20,000 of them back. 00:30:03.060 --> 00:30:09.140 Okay. It's probably a little extra, but for example, if you go to, you go over to the talk Python 00:30:09.140 --> 00:30:17.460 training site over here, we've got a site map. And in this site map, there are many, many holding down 00:30:17.460 --> 00:30:23.300 the page down arrow and you barely see it. We've got to get like 5,000 records, 6,000 records just to 00:30:23.300 --> 00:30:28.900 to like list out the number of the pages that contain transcripts for the site map. Right? 00:30:28.900 --> 00:30:33.700 So it's not entirely unreasonable. You would get a bunch of records back and then do something like 00:30:33.700 --> 00:30:39.620 render a page with it. Right? Well, under this scenario, if you just run straight Python, 00:30:39.620 --> 00:30:48.580 that single query results in a hundred, 1859 garbage collection runs just to get one answer back. 00:30:48.580 --> 00:30:53.460 Is that insane? None of which is garbage. Yeah. No, it's not garbage yet because it's just being 00:30:53.460 --> 00:30:58.740 realized from the database, right? Like it, it hasn't even come into existence all the way yet. 00:30:58.740 --> 00:31:04.260 And it's just like garbage, garbage, garbage, garbage, garbage, garbage. And it takes 900 milliseconds. 00:31:04.260 --> 00:31:09.140 If you go and you tweak it in a way that I described here, which you may or may not want to do, but if you 00:31:09.140 --> 00:31:18.900 did, if you tweak the garbage collector, it will go from 1,800 collections to 29, 64 times less. The speed 00:31:18.900 --> 00:31:26.980 of the program is 23% faster. Okay. But it also uses less memory. Okay. Less garbage collection. 00:31:26.980 --> 00:31:36.660 Less, lots less garbage collection. And it's not just 1,800 versus 29. Python has this 100 to 10 to 1 00:31:36.660 --> 00:31:42.900 ratio of Gen 0, Gen 1, and Gen 2 collections. And Gen 0 collections are pretty cheap because it just 00:31:42.900 --> 00:31:48.100 touches new memory and looks at it. Gen 1 looks at like stuff that's only been inspected once. And Gen 2 00:31:48.100 --> 00:31:54.020 inspects the entire memory space for it to see, right? So this one, this one will also trigger, 00:31:54.020 --> 00:32:04.580 how does that? 185. Yeah. 185 Gen 1. So 18 Gen 2s, right? So it's not just, oh, there's fewer. 00:32:04.580 --> 00:32:09.940 There's also like this, this other 29 here, this is zero Gen 2 collections, very likely, right? So 00:32:09.940 --> 00:32:16.900 it's not just the number. They're also like cheaper than doing that. So this is pretty interesting. What 00:32:16.900 --> 00:32:22.340 do you got to do? You just say you run less frequently on allocations and then leave everything 00:32:22.340 --> 00:32:26.660 else alone. Does it make a lot of sense for absolutely everything? Probably not. There's 00:32:26.660 --> 00:32:32.420 probably some scenario with lots of cycles that this is a problem. But anyway, this, this is an 00:32:32.420 --> 00:32:38.100 interesting thing to sort of consider if you are doing some kind of API or a website or something 00:32:38.100 --> 00:32:44.820 that queries a lot of data over 700 records, basically, you're going to absolutely encourage GC when 00:32:44.820 --> 00:32:50.660 you know it's not garbage, right? So I don't know. I thought this was interesting. I'll put it out there 00:32:50.660 --> 00:32:56.100 for people to play with and get some feedback. It should be fun to hear about it. I think this is very 00:32:56.100 --> 00:33:02.820 interesting. And I, I'm going to, I mean, I plan on playing with the garbage collection myself. So I'm glad you 00:33:02.820 --> 00:33:14.260 have this little sample app thing up to, to start playing with it. One of the things that you can do that a lot of people don't mess with too much is, is not, not slowing down the frequency, 00:33:14.260 --> 00:33:34.460 frequency, but you can disable it and enable it. And I'm not sure. I'd like to play with that a little bit more to see if you can kind of kick it off or something like that, because you can disable and you can call GC collect if you need to. So like it's, it's there. I'm not sure if it makes sense to do it, but the switches are there. 00:33:34.460 --> 00:33:51.720 Yeah. I mean, there's, I mean, there's times where, I mean, you're not going to get real time with Python, but you can, you can get, there's times where you know that you're not doing anything else. So garbage collection is fine. And there's times where you're doing an event and you really want to get done with this as fast as possible. So it might make sense to turn off GC. 00:33:52.460 --> 00:34:04.980 And for people who are not super focused on this, turning off garbage collection or altering garbage collection only affects a very small portion of Python's memory because the primary way is reference counting. 00:34:04.980 --> 00:34:20.760 So reference counting things stop referring to it. It goes away only in the case where there are cycles. Does GC even apply? Right. So that's actually, unless you've got really interesting algorithms that are super focused on that kind of stuff, you know, you probably don't even have cycles or very rarely do you. 00:34:20.760 --> 00:34:28.380 Yeah. Interesting. It's the one size fits all solution, but where it does fit, it's a pretty simple thing to do that really makes a heck of a difference. 00:34:28.380 --> 00:34:41.640 Yeah. It's, it's, it's quite interesting. So my, using was, well, maybe someday Python will have an adaptive GC where it runs a certain number of times and says, oh, I ran, but I didn't actually find any garbage, any cycles. 00:34:41.640 --> 00:34:57.240 So let me back off that threshold by a factor or two. And then I didn't find any garbage again. So I'll back it off. And then I'll look, I found a bunch. So now we got to start doing this more frequently. And I could see like an adaptive garbage collector turning these numbers. But until then I just cranked it up. Yeah. 00:34:57.580 --> 00:35:01.500 Interesting. All right. Yeah. Kim, you want to take us out of here for our main topics? 00:35:01.500 --> 00:35:07.800 Sure. the other topic I was going to talk about is a tool called Docker slim, which basically. 00:35:07.800 --> 00:35:10.020 It already sounds good. I don't know what it does, but. 00:35:10.020 --> 00:35:11.860 The opposite of Docker slim. 00:35:11.860 --> 00:35:15.040 I want my docker to be slim. Let's do it. 00:35:15.040 --> 00:35:27.560 It's effectively, as far as I can tell, well, not quite magic, but it certainly seems like it. I use Docker quite extensively at work and because I used a fair amount of it at work, I started using it for a lot of personal stuff. 00:35:27.560 --> 00:35:33.260 as well. And the websites I deploy in my own right and little things running my own systems are all in Docker containers. 00:35:33.260 --> 00:35:43.880 And unless you, you take a lot of care about it, your Docker images can end up quite large. If you start with just a Python in an Ubuntu base, for example, you're probably looking at about a gig of Docker image. 00:35:44.240 --> 00:35:45.980 before you get anything done. 00:35:45.980 --> 00:35:52.200 Now the way Docker works, unless you have just one of those things, if you've got more than one, you start to benefit from shared layers. 00:35:52.200 --> 00:36:03.080 So you're not having a gig and another gig and another gig, et cetera, but still it all kind of adds up. Docker slim is a tool to basically look at your existing images, do some analysis and give you back a much smaller. 00:36:03.080 --> 00:36:05.720 And in many ways, much more secure image. 00:36:05.720 --> 00:36:12.500 I have run this, I read, earlier today, just to kind of check that I wasn't misremembering from the last time I used it. 00:36:12.500 --> 00:36:19.040 And I fed it an image I had, which was an incredibly simple, small little floss API app I had written. 00:36:19.040 --> 00:36:20.640 And it would had one job. 00:36:20.640 --> 00:36:26.360 It basically, whenever you sent anything to an endpoint, it printed out what that was, forget exactly why I needed that. 00:36:26.360 --> 00:36:32.900 I think I was having trouble figuring out some suppliers that it wasn't documented how some suppliers web book was going to work. 00:36:32.900 --> 00:36:35.660 So basically I set this up and I said, talk to me and then looked at what it said. 00:36:35.660 --> 00:36:36.860 Exactly. 00:36:36.860 --> 00:36:37.760 Side note. 00:36:37.760 --> 00:36:44.120 That's way better than trusting their outdated, crappy, inconsistent documentation is just, all right, why don't you just call it? 00:36:44.120 --> 00:36:46.500 We'll just print out the JSON document. 00:36:46.500 --> 00:36:46.700 Exactly. 00:36:46.700 --> 00:36:46.920 Yeah. 00:36:46.920 --> 00:36:47.880 And then we'll go from there. 00:36:47.880 --> 00:36:48.380 Yep. 00:36:48.380 --> 00:36:56.120 So yeah, as a, as a side note, that was quite an easy thing to do, but, that was, I just put that into a, an ability based container running, 00:36:56.480 --> 00:36:59.840 I forget exactly what, presumably I was using FastAPI. 00:36:59.840 --> 00:37:03.240 So it would have been Python and Ubuntu and FastAPI and et cetera. 00:37:03.240 --> 00:37:05.440 And that was about a gig of, of image. 00:37:05.440 --> 00:37:08.240 I fed that to Docker slim and I ended up at 48 mix. 00:37:08.240 --> 00:37:10.040 and it still worked. 00:37:10.040 --> 00:37:11.540 It did everything it was supposed to do. 00:37:11.540 --> 00:37:13.520 Granted, I fed the simplest thing I had. 00:37:13.520 --> 00:37:15.380 I mean, at one end point and so forth. 00:37:15.380 --> 00:37:17.960 I had, there's a lot of dependencies. 00:37:17.960 --> 00:37:18.740 There's Python. 00:37:18.740 --> 00:37:19.100 Exactly. 00:37:19.100 --> 00:37:20.220 There's flask. 00:37:20.220 --> 00:37:22.560 Maybe there's even micro whiskey or something running there. 00:37:22.560 --> 00:37:23.040 Who knows? 00:37:23.040 --> 00:37:23.720 But yeah. 00:37:23.720 --> 00:37:24.680 Well, exactly. 00:37:24.800 --> 00:37:33.760 what it has done is it's closed down all sorts of other angles of attack mixed sound a bit dramatic, but all sorts of ways that you could interface with the container that you don't necessarily need. 00:37:33.760 --> 00:37:38.000 It no longer has, for example, a, bash is no longer available in it. 00:37:38.040 --> 00:37:44.120 You can't run it in interactive mode and talk to it, which is not necessarily a 100% positive thing. 00:37:44.120 --> 00:37:50.800 It makes debugging a bit harder, but they do have some solutions for how you can do that with side containers and talk to it in other ways and the like. 00:37:51.160 --> 00:38:00.720 And they, if I, if I go through the documentation, effectively they're doing all the security stuff and the app honoring stuff and all sorts of things that I know are important, but I don't know enough about to do right. 00:38:01.120 --> 00:38:02.840 I don't trust myself to do those things correctly. 00:38:02.840 --> 00:38:07.800 I can basically follow someone's suggestions, but I have absolutely no way of knowing if the suggestions I'm following are valid. 00:38:07.800 --> 00:38:10.880 I'm not immersed enough in this world to know what the best thing is to do. 00:38:10.880 --> 00:38:15.000 So I'm much happier to have somebody come along and say, we've written this tool, we get the stuff. 00:38:15.000 --> 00:38:18.320 we'll do the best we can to make it more secure. 00:38:18.320 --> 00:38:21.960 Even if it isn't a hundred percent secure, it's far better than I was going to achieve my own. 00:38:21.960 --> 00:38:29.440 And, it's, it's, I haven't used it enough to get a 100% recommendation that this will fit every use case. 00:38:29.440 --> 00:38:32.520 I'm sure like every tool is there's things that does well, there's things that doesn't do well. 00:38:32.520 --> 00:38:37.680 There's some use cases where it's maybe not so suited, but just from a little bit of experimentation with it, 00:38:37.720 --> 00:38:43.480 it looks like something I'm going to be inserting into my tool chain where I can, because the smaller the images are, the better, really. 00:38:43.480 --> 00:38:49.760 Especially if we're all working from home, we're putting these things down from servers that aren't actually in the building that you're in anymore. 00:38:49.760 --> 00:38:57.020 And if you're doing a continuous deployment, which means pushing those actual images, then you want to build that quicker. 00:38:57.020 --> 00:38:57.200 Well, exactly, yes. 00:38:57.200 --> 00:38:57.500 Yeah. 00:38:57.500 --> 00:38:58.200 Yeah, cool. 00:38:58.200 --> 00:38:58.840 Very nice. 00:38:58.840 --> 00:38:59.240 Yeah. 00:38:59.240 --> 00:39:05.920 One of the things that Docker's used for the, I think a lot of web people don't think about, is, cross compiling. 00:39:06.140 --> 00:39:14.700 That's, one of the places where Docker shows up and it's one of the places I use it is to compile on a machine that I don't have access to. 00:39:14.700 --> 00:39:21.660 So I can have a Docker image, like I can have a windows machine with a Linux Docker image or something, and I can do compiling in there. 00:39:21.660 --> 00:39:27.000 So slimming that down speeds up my compiles, or I conceptually would. 00:39:27.180 --> 00:39:31.580 So I think this is something that definitely to try if you're using, using that. 00:39:31.580 --> 00:39:32.080 Exactly. 00:39:32.080 --> 00:39:38.900 You've reminded me of, in a similar vein, Docker is the basis of, continuous integration systems. 00:39:38.900 --> 00:39:44.580 the, the ultimate end result is built inside a Docker container with all the bits we need. 00:39:44.580 --> 00:39:47.200 That can take quite a while because it can be quite large. 00:39:47.200 --> 00:39:50.400 If you can slim that down as well, you know, the faster you'll see, I, is the better for you, really. 00:39:50.740 --> 00:39:51.560 Yeah, always. 00:39:51.560 --> 00:39:52.420 Yeah, absolutely. 00:39:52.420 --> 00:39:53.140 All right. 00:39:53.140 --> 00:39:56.200 Well, Brian, I think that might be it time for some extras. 00:39:56.200 --> 00:39:57.420 Oh, I do want to do a quick followup. 00:39:57.420 --> 00:39:59.580 I thought these were extras, but they're actually not. 00:39:59.580 --> 00:40:03.980 They're, things that, that I do want to point out really quick. 00:40:03.980 --> 00:40:05.820 I actually gave a talk on this whole memory thing. 00:40:05.820 --> 00:40:10.680 If that GC conversation sounds interesting to you over at the Python web conferences here. 00:40:10.680 --> 00:40:15.380 So people can check that out and also have a talk Python class that like dives into a whole bunch of this stuff. 00:40:15.380 --> 00:40:15.960 Nice. 00:40:16.300 --> 00:40:18.400 I meant to include that in the before thing. 00:40:18.400 --> 00:40:19.360 Now we're at the extras. 00:40:19.360 --> 00:40:20.080 Let's talk about that. 00:40:20.080 --> 00:40:20.640 What do you got? 00:40:20.640 --> 00:40:28.660 the only thing, one of the things I want to shout out is to everybody that supported, the pytest book. 00:40:28.660 --> 00:40:31.880 So, I pragmatic, pragmatic. 00:40:31.880 --> 00:40:44.540 If you just go to the main page, there is a, best sellers link, that has had, Python testing with pytest on it for many weeks now in the top six. 00:40:44.740 --> 00:40:50.400 And I just wanted to thank everybody that supported the book and, and helped, the success of this. 00:40:50.400 --> 00:40:59.600 Also the feedback that I got, of the technical reviewers and plus many other people going through and submitting a RADA is going to make this a really solid book. 00:40:59.600 --> 00:41:02.680 And I'm really, just happy to be part of a community to put this together. 00:41:02.680 --> 00:41:03.300 So thanks. 00:41:03.300 --> 00:41:03.840 Yeah. 00:41:03.840 --> 00:41:04.340 Congratulations. 00:41:04.340 --> 00:41:04.920 That's awesome. 00:41:04.920 --> 00:41:06.720 Kim, you got anything extra you want to throw out there? 00:41:06.720 --> 00:41:08.420 A couple of small things. 00:41:08.420 --> 00:41:13.720 As I was hoping to mention, if we had the time, I see we've actually got mess with DNS up on screen. 00:41:13.720 --> 00:41:15.120 This is a good place to start. 00:41:15.120 --> 00:41:22.220 I started to mention this little website, mess with DNS.net, which Julia Evans, who, on Twitter is balk. 00:41:22.220 --> 00:41:26.280 and you produces a variety of excellent webzines and so forth. 00:41:26.280 --> 00:41:30.600 I think you've actually, you've discussed her get, learning webzines before. 00:41:30.660 --> 00:41:31.080 Oh, blank. 00:41:31.080 --> 00:41:31.500 Get. 00:41:31.500 --> 00:41:32.580 That's the one. 00:41:32.580 --> 00:41:32.800 Yeah. 00:41:32.800 --> 00:41:36.400 and I think there's an HR friendly one whose name I can't remember. 00:41:36.400 --> 00:41:37.160 Oh, shucks. 00:41:37.160 --> 00:41:37.440 Get. 00:41:37.440 --> 00:41:38.380 The memorable one. 00:41:38.380 --> 00:41:38.800 Yeah, exactly. 00:41:38.800 --> 00:41:40.460 Oh, something like that. 00:41:40.460 --> 00:41:42.540 She released, something I got, yeah. 00:41:42.540 --> 00:41:49.120 She released mess with DNS.net recently as effectively a way to play with DNS without breaking your actual website. 00:41:49.120 --> 00:41:55.320 which isn't something I'd ever thought to, to look for, but now that it's around, it's actually a brilliant idea. 00:41:55.700 --> 00:42:06.400 There are some hard to understand things based into DNS and what isn't a record in a CNAME and what, you know, if your TTL is a three digit number versus a five digit number, what's the difference? 00:42:06.400 --> 00:42:07.900 Or for that matter, what does TTL mean? 00:42:07.900 --> 00:42:15.180 And it's not necessarily an explainer for all these things, but it is a way to make these settings and see what they do without actually breaking a real website. 00:42:15.180 --> 00:42:20.100 So effectively she's spun up a sub domain, with a signed name. 00:42:20.100 --> 00:42:23.140 This one I happen to be on is goblin61, mess with DNS.com. 00:42:23.460 --> 00:42:26.680 The worst you can do is break goblin61.mess with DNS.com. 00:42:26.680 --> 00:42:28.860 And that will then just go away when the next person comes along. 00:42:28.860 --> 00:42:31.620 so it's actually a really smart, really clever idea. 00:42:31.620 --> 00:42:33.540 typical to Julia's thoroughness. 00:42:33.540 --> 00:42:36.180 She's got a series of experimental suggestions on the side. 00:42:36.180 --> 00:42:37.620 Here are some things you can try. 00:42:37.620 --> 00:42:38.580 Here are some tutorials. 00:42:38.580 --> 00:42:39.780 How about making a CNAME? 00:42:39.780 --> 00:42:41.700 Or here are some weird things you can try. 00:42:41.700 --> 00:42:47.700 What happens if you've got a very long TTL or you convince three different DNS servers that your sub domain has three different IPs. 00:42:47.700 --> 00:42:49.740 Why you would do that is a mystery to me. 00:42:49.740 --> 00:42:55.260 But you know, what would happen if you did is something you can explore with this site without actually breaking your real website. 00:42:55.260 --> 00:42:56.940 And this seems like a very useful learning tool. 00:42:56.940 --> 00:42:58.080 Yeah, absolutely. 00:42:58.080 --> 00:42:58.560 Cool. 00:42:58.560 --> 00:42:58.920 I love it. 00:42:58.920 --> 00:42:59.760 That's fantastic. 00:43:00.500 --> 00:43:07.580 There were one other, two other small things I just wanted to mention one just because I use it all the time and I don't know how common knowledge it is. 00:43:07.580 --> 00:43:09.500 It is possible in Python. 00:43:09.500 --> 00:43:13.580 And I don't have a web page to open for this to run a small little web server. 00:43:13.880 --> 00:43:16.940 If you do Python dash M, what's it? 00:43:16.940 --> 00:43:19.940 HTTP dot serve or dot server. 00:43:19.940 --> 00:43:21.680 I've gone blank on which it is now, to be honest. 00:43:21.680 --> 00:43:22.400 . 00:43:22.400 --> 00:43:22.400 . 00:43:22.400 --> 00:43:22.400 . 00:43:22.400 --> 00:43:22.400 . 00:43:22.400 --> 00:43:22.400 . 00:43:22.400 --> 00:43:22.400 . 00:43:22.400 --> 00:43:22.400 . 00:43:22.400 --> 00:43:22.400 . 00:43:22.400 --> 00:43:22.400 . 00:43:22.400 --> 00:43:22.400 . 00:43:22.400 --> 00:43:22.400 . 00:43:22.400 --> 00:43:23.400 . 00:43:23.400 --> 00:43:23.400 Yeah. 00:43:23.400 --> 00:43:23.400 Yeah. 00:43:23.400 --> 00:43:23.900 Yeah. 00:43:23.900 --> 00:43:25.440 I'm reading your notes. 00:43:25.440 --> 00:43:26.180 I don't actually. 00:43:26.180 --> 00:43:28.280 I'm just going back to the notes to have a look myself. 00:43:28.280 --> 00:43:28.780 Yeah. 00:43:28.780 --> 00:43:35.960 That effectively fires up a web server in the directory you opened it in and serves up the files that are there or the sub directories that are in there. 00:43:35.960 --> 00:43:41.360 And there's no security, there's no attractiveness, there's no styling, there's no anything of the sort, you wouldn't serve this to the public. 00:43:41.360 --> 00:43:57.320 But if you wanted to get a file off the machine, and I do this quite a lot to get files onto my phone, for example, firing up a web server there and then and just pointing by the script or your own, you know, just to send your browser to your local host with the port you gave it and just download the files from there. 00:43:57.320 --> 00:43:58.960 It's a useful thing to be able to do. 00:43:58.960 --> 00:44:00.520 Yeah, that's a cool trick. 00:44:00.520 --> 00:44:00.720 . 00:44:00.720 --> 00:44:02.680 It's like a directory browsing, basically. 00:44:02.680 --> 00:44:02.960 Yeah. 00:44:02.960 --> 00:44:03.700 Exactly. 00:44:03.980 --> 00:44:08.980 And then the final little extra I just wanted to talk about, and this is a little more tongue in cheek, somewhat. 00:44:08.980 --> 00:44:16.100 In both last week's Python Bytes and on recent talk Python episodes, you have been speaking a little bit about different ways of doing Git. 00:44:16.100 --> 00:44:19.340 You were discussing doing all your Git on the CLI. 00:44:19.340 --> 00:44:27.780 And I think one of your audience members at the last Python Bytes suggested the way they do Git is just mash all the buttons they can find in VS Code. 00:44:27.780 --> 00:44:32.000 There is, I just want to put out there, there is a middle ground that you could be looking at. 00:44:32.000 --> 00:44:41.000 There's a tool called Magit, M-A-G-I-T, which is effectively, if you're an Emacs user and you don't know Magit, you should change that immediately. 00:44:41.000 --> 00:44:47.360 Magit is effectively a brilliant way of doing, to me, a brilliant, indispensable way of doing Git inside Emacs. 00:44:47.360 --> 00:44:48.360 And then you should learn Emacs. 00:44:48.360 --> 00:44:56.360 Granted, it doesn't mean you need to learn Emacs, but in just a couple of short years after that, you should be an expert at, you should find Magit indispensable. 00:44:56.360 --> 00:44:57.360 It'll take you a couple of years to learn Emacs. 00:44:57.360 --> 00:44:58.360 I'm not disputing that. 00:44:58.360 --> 00:45:04.360 But once you've got the Emacs down, Magit really is an excellent option to look at doing your Git with. 00:45:04.360 --> 00:45:06.360 So if you're tired of doing it on the CLI, just set some years aside. 00:45:06.360 --> 00:45:06.360 Learn yourself some Emacs. 00:45:06.360 --> 00:45:11.360 Turn to Magit and then wonder how you ever did anything else. 00:45:11.360 --> 00:45:13.360 Set some years aside. 00:45:13.360 --> 00:45:20.360 I don't think that's fair to Emacs, but just a little bit too much. 00:45:20.360 --> 00:45:25.360 I'll concede Emacs as a much longer learning curve than VI, but it's not Gears. 00:45:25.360 --> 00:45:28.360 And I say this, I mean, yeah. 00:45:28.360 --> 00:45:29.360 Yeah. 00:45:29.360 --> 00:45:33.360 And Mario and the audience are taking credit for the VS Code button matching. 00:45:33.360 --> 00:45:34.360 Right. 00:45:34.360 --> 00:45:35.360 Right on. 00:45:35.360 --> 00:45:36.360 Cool. 00:45:36.360 --> 00:45:37.360 Yeah. 00:45:37.360 --> 00:45:38.360 That's a great recommendation. 00:45:38.360 --> 00:45:39.360 All right. 00:45:39.360 --> 00:45:40.360 Is that it for your extras? 00:45:40.360 --> 00:45:41.360 Go ahead. 00:45:41.360 --> 00:45:44.360 In terms of being unfair to Emacs, I've been using it for more than 20 years and I find 00:45:44.360 --> 00:45:48.360 it almost impossible to use anything else, but I'm sure it didn't take me years to learn. 00:45:48.360 --> 00:45:49.360 It's just been a long time. 00:45:49.360 --> 00:45:50.360 That's right. 00:45:50.360 --> 00:45:51.360 Yeah. 00:45:51.360 --> 00:45:52.360 Well, all right. 00:45:52.360 --> 00:45:53.360 I got a few throughout the room. 00:45:53.360 --> 00:45:54.360 Actually just one. 00:45:54.360 --> 00:46:00.360 I made a comment, I think on the last show, Brian, about using emojis in my code. 00:46:00.360 --> 00:46:01.360 Yeah. 00:46:01.360 --> 00:46:02.360 So I wanted to bring that example up. 00:46:02.360 --> 00:46:05.360 So here's like a little CMS thing that I got going on. 00:46:05.360 --> 00:46:10.360 And if you return a collection, like themes are represented by these little tags in the CMS. 00:46:10.360 --> 00:46:13.360 And if you return a collection, the comment has a list of emojis. 00:46:13.360 --> 00:46:18.360 And if you return, if they're just like processing a single thing, you get that emoji. 00:46:18.360 --> 00:46:22.360 For pages, you get a list of page emojis and so on. 00:46:22.360 --> 00:46:24.360 Anyway, that's what I had in mind when I talked about that. 00:46:24.360 --> 00:46:25.360 That's pretty cool. 00:46:25.360 --> 00:46:26.360 Yeah. 00:46:26.360 --> 00:46:27.360 You can sort of just scan through. 00:46:27.360 --> 00:46:28.360 Oh, look, there's a list of these. 00:46:28.360 --> 00:46:29.360 This must be do a bunch of stuff. 00:46:29.360 --> 00:46:30.360 Or I don't know. 00:46:30.360 --> 00:46:32.360 I could probably come up with something like a modifying. 00:46:32.360 --> 00:46:36.360 I'm going to change a theme versus read a theme or something like that. 00:46:36.360 --> 00:46:37.360 Yeah. 00:46:37.360 --> 00:46:38.360 Anyway. 00:46:38.360 --> 00:46:39.360 Well, that brings us to the laughs. 00:46:39.360 --> 00:46:44.360 And I hope you all enjoy schadenfreude because it's bad this time. 00:46:44.360 --> 00:46:47.360 Thank you, Log4J. 00:46:47.360 --> 00:46:48.360 Okay. 00:46:48.360 --> 00:46:49.360 So let's see. 00:46:49.360 --> 00:46:51.360 First of all, this is not schadenfreude. 00:46:51.360 --> 00:46:52.360 This is just something about the cookies. 00:46:52.360 --> 00:46:55.360 My daughter yesterday gave me this candle. 00:46:55.360 --> 00:46:56.360 It has a website. 00:46:56.360 --> 00:46:58.360 We use cookies to improve our performance. 00:46:58.360 --> 00:46:59.360 And then me, same. 00:46:59.360 --> 00:47:00.360 I just eat cookies. 00:47:00.360 --> 00:47:03.360 I thought that was really just funny for like a tech candle. 00:47:03.360 --> 00:47:06.360 It should be a 10 of cookies though. 00:47:06.360 --> 00:47:07.360 I know it should. 00:47:07.360 --> 00:47:09.360 It absolutely should. 00:47:09.360 --> 00:47:11.360 At least it should smell like cookies. 00:47:11.360 --> 00:47:12.360 It says scented. 00:47:12.360 --> 00:47:14.360 I have no idea what scent it is, but it better smell like. 00:47:14.360 --> 00:47:15.360 Does it smell like websites? 00:47:15.360 --> 00:47:16.360 Maybe. 00:47:16.360 --> 00:47:17.360 Maybe. 00:47:17.360 --> 00:47:19.360 And then I just want to point out more practically. 00:47:19.360 --> 00:47:21.360 I have this add on you can get for all the browsers. 00:47:21.360 --> 00:47:22.360 I don't care about cookies. 00:47:22.360 --> 00:47:26.360 And if it sees one of those cookie warnings, it'll try to click it and just accept it. 00:47:26.360 --> 00:47:28.360 Oh, this is indispensable. 00:47:28.360 --> 00:47:29.360 Brilliant. 00:47:29.360 --> 00:47:30.360 Absolutely. 00:47:30.360 --> 00:47:35.360 And then Brian skin starts us off with the log for J stuff. 00:47:35.360 --> 00:47:40.360 So if you remember, if you're aware log for J a lot, the problem with log for J is if 00:47:40.360 --> 00:47:47.360 you try to log a piece of text, even as an argument, if that text has J and D I 00:47:47.360 --> 00:47:55.360 colon L a D P L a L D a P colon slash slash to some Java library, instead of logging it, 00:47:55.360 --> 00:47:57.360 it will execute that Java stuff. 00:47:57.360 --> 00:48:01.360 Even if it's remotely on the internet, it'll output the result of that. 00:48:01.360 --> 00:48:02.360 Like you're hacked or whatever. 00:48:02.360 --> 00:48:03.360 Right. 00:48:03.360 --> 00:48:06.360 And so we've all heard of the little Bobby tables, right? 00:48:06.360 --> 00:48:08.360 Here's the modern day one. 00:48:08.360 --> 00:48:10.360 Hi, this is your son's school. 00:48:10.360 --> 00:48:12.360 We're having computer trouble. 00:48:12.360 --> 00:48:13.360 Oh dear. 00:48:13.360 --> 00:48:14.360 I'm going to break something. 00:48:14.360 --> 00:48:21.360 Well, in a way, did you really name your son, you know, dollar curly J and D I colon L D a 00:48:21.360 --> 00:48:23.360 P colon slash slash evil corp. 00:48:23.360 --> 00:48:25.360 Parenthesis, parenthesis, Bobby. 00:48:25.360 --> 00:48:26.360 Oh yes. 00:48:26.360 --> 00:48:27.360 Little Bobby Jindy. 00:48:27.360 --> 00:48:28.360 We call him. 00:48:28.360 --> 00:48:31.360 Well, we've got our servers crypto lock. 00:48:31.360 --> 00:48:32.360 I locked. 00:48:32.360 --> 00:48:33.360 I hope you're happy. 00:48:33.360 --> 00:48:36.360 I hope you've learned to synthesize your log for J inputs. 00:48:36.360 --> 00:48:37.360 Isn't that fantastic. 00:48:37.360 --> 00:48:38.360 Yeah. 00:48:38.360 --> 00:48:39.360 I have a feeling. 00:48:39.360 --> 00:48:43.360 I mean, this is going to go on. 00:48:43.360 --> 00:48:44.360 It'll be the next. 00:48:44.360 --> 00:48:45.360 It isn't log for J. 00:48:45.360 --> 00:48:46.360 It'll be something else next year. 00:48:46.360 --> 00:48:47.360 Yeah. 00:48:47.360 --> 00:48:50.360 And well, I mean, it's been, it's been there for 10 years. 00:48:50.360 --> 00:48:51.360 Exactly. 00:48:51.360 --> 00:48:52.360 Yeah. 00:48:52.360 --> 00:48:53.360 It's not a new thing. 00:48:53.360 --> 00:48:54.360 Unfortunately, it's not even a vulnerability. 00:48:54.360 --> 00:48:57.360 It's just, wait, you can actually do that on purpose. 00:48:57.360 --> 00:48:58.360 It's a feature. 00:48:58.360 --> 00:49:04.360 And Brian helpfully suggests this actually came from log for J memes.com. 00:49:04.360 --> 00:49:06.360 So we got to go there for a second. 00:49:06.360 --> 00:49:07.360 Well, of course that exists. 00:49:07.360 --> 00:49:08.360 Of course. 00:49:08.360 --> 00:49:09.360 And oh my gosh. 00:49:09.360 --> 00:49:10.360 Like, look at this picture. 00:49:10.360 --> 00:49:13.360 So Brian, we described this person for me on the screen. 00:49:13.360 --> 00:49:15.360 There's a person in a saying next to him. 00:49:15.360 --> 00:49:16.360 Old white guy. 00:49:16.360 --> 00:49:21.360 like to me, he looks like a perfect sort of grandpa sort of character, right? 00:49:21.360 --> 00:49:26.360 Getting up there, probably 70, you know, nothing wrong with a guy, but it says upgrading 00:49:26.360 --> 00:49:27.360 log for J three times. 00:49:27.360 --> 00:49:28.360 It wasn't that stressful. 00:49:28.360 --> 00:49:30.360 Dave, 28 years old. 00:49:30.360 --> 00:49:34.360 What else have we got in here? 00:49:34.360 --> 00:49:38.360 We've got, I wish that was outrageously funny and not just kind of true-ish, but yeah, I 00:49:38.360 --> 00:49:42.360 know here's like a 1940s looking picture, like a dad and some kids hanging around. 00:49:42.360 --> 00:49:45.360 Daddy, what did you do during the great war? 00:49:45.360 --> 00:49:47.360 the log for shell incident. 00:49:47.360 --> 00:49:48.360 let's see. 00:49:48.360 --> 00:49:50.360 There's a few of you go in here. 00:49:50.360 --> 00:49:54.360 Like there's the, how many days since such and such accident? 00:49:54.360 --> 00:49:57.360 Zero days without log for J CVE. 00:49:57.360 --> 00:50:00.360 And there's like Homer running around with like a nuclear glowing stick. 00:50:00.360 --> 00:50:03.360 you can just spend, you can spend some time in this place. 00:50:03.360 --> 00:50:05.360 It's, it's probably unhealthy. 00:50:05.360 --> 00:50:07.360 There's like a grim Reaper. 00:50:07.360 --> 00:50:09.360 Just going through taking out technology. 00:50:09.360 --> 00:50:11.360 And it has a log for J on the grim Reaper. 00:50:11.360 --> 00:50:12.360 You know? 00:50:12.360 --> 00:50:17.360 let me see if I can find one more that there's, there's some really good ones. 00:50:17.360 --> 00:50:19.360 this one is probably good. 00:50:19.360 --> 00:50:21.360 There's a picture of a guy in a tuxedo. 00:50:21.360 --> 00:50:24.360 It says vendor, not vulnerable to log for J, but there's a mirror and you see the back 00:50:24.360 --> 00:50:25.360 of him. 00:50:25.360 --> 00:50:27.360 His clothes are just all gone. 00:50:27.360 --> 00:50:28.360 It says use it. 00:50:28.360 --> 00:50:29.360 Yeah. 00:50:29.360 --> 00:50:30.360 Yeah. 00:50:30.360 --> 00:50:31.360 That one's pretty gross. 00:50:31.360 --> 00:50:32.360 I want to get that. 00:50:32.360 --> 00:50:36.360 But yeah, there, these are, these are just fantastic here. 00:50:36.360 --> 00:50:39.360 so anyway, people can check out the memes. 00:50:39.360 --> 00:50:41.360 Thanks Brian for sending that in Brian skin. 00:50:41.360 --> 00:50:42.360 Yeah. 00:50:42.360 --> 00:50:43.360 I am reminded. 00:50:43.360 --> 00:50:44.360 I did see one the other day. 00:50:44.360 --> 00:50:47.360 I don't know that I could put it up now, but it's effectively that I just seen it in 00:50:47.360 --> 00:50:50.360 various other means, a chap receiving an award from probably his manager. 00:50:50.360 --> 00:50:54.360 So, you know, me receiving an award from the manager for not being vulnerable to the log 00:50:54.360 --> 00:50:58.360 for J vulnerabilities and the inside thinking let's mainly cause I chose not to log in. 00:50:58.360 --> 00:50:59.360 Yeah. 00:50:59.360 --> 00:51:01.360 I completely forgot to log anything. 00:51:01.360 --> 00:51:02.360 Exactly. 00:51:02.360 --> 00:51:03.360 Oh, that's really good. 00:51:03.360 --> 00:51:04.360 Yeah. 00:51:04.360 --> 00:51:05.360 That's a tweet today. 00:51:05.360 --> 00:51:09.760 Java runs on billions of devices is not a statement of pride, but a statement of pure 00:51:09.760 --> 00:51:10.360 terror. 00:51:10.360 --> 00:51:11.360 Yeah. 00:51:11.360 --> 00:51:13.360 All right. 00:51:13.360 --> 00:51:19.160 Well, I don't want to hit on, Java too hard, but the log for J I just cannot believe 00:51:19.160 --> 00:51:24.360 somebody thought it's, it's a fantastic idea to execute remote code that you cannot escape 00:51:24.360 --> 00:51:26.360 from a logging system. 00:51:26.360 --> 00:51:27.360 Yeah. 00:51:27.360 --> 00:51:28.360 In a logging system. 00:51:28.360 --> 00:51:29.360 It's just, what did you think you would get? 00:51:29.360 --> 00:51:30.360 So here we are. 00:51:30.360 --> 00:51:31.360 Yeah. 00:51:31.360 --> 00:51:33.360 With log for J memes.com. 00:51:33.360 --> 00:51:34.360 If you want to scroll through it. 00:51:34.360 --> 00:51:40.360 Let's back up and say somebody thought writing an application in Java was a good idea. 00:51:40.360 --> 00:51:41.360 No, sorry. 00:51:41.360 --> 00:51:46.360 I'll get hate mail for that one. 00:51:46.360 --> 00:51:47.360 So. 00:51:47.360 --> 00:51:48.360 Yeah. 00:51:48.360 --> 00:51:49.360 Don't mail Brian. 00:51:49.360 --> 00:51:50.360 Don't email Brian. 00:51:50.360 --> 00:51:51.360 He knows. 00:51:51.360 --> 00:51:52.360 All right. 00:51:52.360 --> 00:51:54.360 Well, so Brian, that's it for the year, isn't it? 00:51:54.360 --> 00:51:55.360 It is. 00:51:55.360 --> 00:51:56.360 It's the last episode. 00:51:56.360 --> 00:51:57.360 We're going to take a little bit of time off. 00:51:57.360 --> 00:51:58.360 Yeah. 00:51:58.360 --> 00:51:59.360 Some well-deserved time off. 00:51:59.360 --> 00:52:00.360 Yeah, absolutely. 00:52:00.360 --> 00:52:03.360 So thank you everyone for listening. 00:52:03.360 --> 00:52:04.360 Kim. 00:52:04.360 --> 00:52:05.360 Thanks for coming to join us this time. 00:52:05.360 --> 00:52:06.360 Brian, as always. 00:52:06.360 --> 00:52:07.360 Thank you. 00:52:07.360 --> 00:52:08.360 And we'll see everybody next year. 00:52:08.360 --> 00:52:09.360 Yeah. 00:52:09.360 --> 00:52:10.360 See you next year. 00:52:10.360 --> 00:52:11.360 Thank you for having me, guys. 00:52:11.360 --> 00:52:12.360 That was, that was brilliant. 00:52:12.360 --> 00:52:13.360 Yeah, you're welcome. 00:52:13.360 --> 00:52:16.360 If you're out there and you still haven't filled out that form and given us our feedback, 00:52:16.360 --> 00:52:17.360 let us know. 00:52:17.360 --> 00:52:20.360 The Google form link is at the top of the show notes. 00:52:20.360 --> 00:52:21.360 All right. 00:52:21.360 --> 00:52:22.360 Bye. 00:52:22.360 --> 00:52:23.360 Cheers. 00:52:23.360 --> 00:52:24.360 Thanks for listening to Python Bytes. 00:52:24.360 --> 00:52:27.360 Follow the show on Twitter via @pythonbytes. 00:52:27.360 --> 00:52:30.360 That's Python Bytes as in B-Y-T-E-S. 00:52:30.360 --> 00:52:33.360 Get the full show notes over at pythonbytes.fm. 00:52:33.360 --> 00:52:38.360 If you have a news item we should cover, just visit pythonbytes.fm and click submit in the 00:52:38.360 --> 00:52:39.360 nav bar. 00:52:39.360 --> 00:52:41.360 We're always on the lookout for sharing something cool. 00:52:41.360 --> 00:52:46.360 If you want to join us for the live recording, just visit the website and click live stream 00:52:46.360 --> 00:52:49.360 to get notified of when our next episode goes live. 00:52:49.360 --> 00:52:54.360 That's usually happening at noon Pacific on Wednesdays over at YouTube. 00:52:54.360 --> 00:52:57.360 On behalf of myself and Brian Okken, this is Michael Kennedy. 00:52:57.360 --> 00:53:01.360 Thank you for listening and sharing this podcast with your friends and colleagues.