WEBVTT 00:00:00.001 --> 00:00:04.920 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds. 00:00:04.920 --> 00:00:10.900 This is episode 293, recorded July 11th, 2022. 00:00:10.900 --> 00:00:12.240 And I am Brian Okken. 00:00:12.240 --> 00:00:13.420 Hey, I'm Michael Kennedy. 00:00:13.420 --> 00:00:14.860 And I'm Ashley Anderson. 00:00:14.860 --> 00:00:16.160 Well, welcome, Ashley. 00:00:16.160 --> 00:00:19.680 Before we jump in, tell us a little bit about who you are. 00:00:19.680 --> 00:00:21.140 Yeah, I'm a software developer. 00:00:21.140 --> 00:00:26.420 I work for a relatively small but sometimes growing startup out here. 00:00:26.420 --> 00:00:28.020 We make a portable MRI machine. 00:00:28.260 --> 00:00:32.020 So I'm one of these software developers that came from an academic background. 00:00:32.020 --> 00:00:34.980 I studied biomedical engineering and medical physics. 00:00:34.980 --> 00:00:38.420 And then this is kind of my first full-time software gig. 00:00:38.420 --> 00:00:41.980 But I think in research, like everyone's doing software these days. 00:00:41.980 --> 00:00:43.580 So a lot of people are kind of making that jump. 00:00:43.580 --> 00:00:45.100 And this was a perfect opportunity for it. 00:00:45.100 --> 00:00:46.120 A portable MRI. 00:00:46.120 --> 00:00:47.680 That's got to be fascinating. 00:00:47.680 --> 00:00:48.720 Cool. 00:00:48.720 --> 00:00:49.320 Very cool. 00:00:49.320 --> 00:00:54.980 How do you find the transition from this more researchy side over to this maybe more formal dev role? 00:00:54.980 --> 00:00:58.060 Yeah, it's like just such a better fit for me. 00:00:58.220 --> 00:00:58.860 I think. 00:00:58.860 --> 00:01:07.140 Like in my research labs and stuff, I was often like way more interested in helping build tools and stuff to help accelerate other people's work. 00:01:07.140 --> 00:01:11.900 Rather than, you know, diving into the research myself, I often found that to be very frustrating. 00:01:11.900 --> 00:01:14.060 And maybe I wasn't the best at it or something like that. 00:01:14.060 --> 00:01:16.160 So this has just been a much better fit for me. 00:01:16.160 --> 00:01:16.560 Yeah. 00:01:16.560 --> 00:01:16.880 Cool. 00:01:17.220 --> 00:01:19.640 Well, let's jump into your first topic. 00:01:19.640 --> 00:01:20.560 What do you got for us? 00:01:20.560 --> 00:01:21.360 Sure. 00:01:21.360 --> 00:01:21.540 Yeah. 00:01:21.540 --> 00:01:25.980 The first thing I wanted to talk about was, I think this is kind of the big news since Friday. 00:01:27.020 --> 00:01:34.060 The PSF and the PyPI announced that they're giving away 4,000 of these two-factor hardware keys. 00:01:34.060 --> 00:01:38.600 That's maybe kind of gotten washed out in this, but it's kind of a cool effort. 00:01:38.720 --> 00:01:40.600 I saw this from Dustin Ingram's Twitter. 00:01:40.600 --> 00:01:50.820 And I know he's been involved in a lot of the, or been interested in kind of outlining a lot of the security concerns about supply chain vulnerabilities and stuff in the past. 00:01:51.480 --> 00:01:57.100 I thought this was a really interesting idea for helping with supply chain vulnerabilities, or at least kind of taking a step in that direction. 00:01:57.100 --> 00:02:02.720 And I think it's just the PyPI, you know, sort of first step in this direction. 00:02:02.720 --> 00:02:09.920 They announced some other stuff in the past about maybe having private packages or organizations on there and namespace packages and stuff. 00:02:09.920 --> 00:02:12.780 But this was a pretty cool thing to do. 00:02:12.780 --> 00:02:17.240 It looks like they're going to roll out two-factor as a requirement, probably eventually for everybody. 00:02:17.740 --> 00:02:21.420 The way they're starting it now is kind of for some of the most popular packages. 00:02:21.420 --> 00:02:26.660 And for people who have those popular packages, I'm not one of them. 00:02:26.660 --> 00:02:30.760 They're offering codes to get some of these hardware keys to help that. 00:02:30.760 --> 00:02:31.400 Interesting. 00:02:31.400 --> 00:02:32.000 Yeah. 00:02:32.000 --> 00:02:36.520 There's been a bit of a backlash to this, actually, which on two levels. 00:02:36.520 --> 00:02:41.660 Some people just expressing a little bit of frustration and others more so. 00:02:41.660 --> 00:02:43.260 See item two coming up. 00:02:43.260 --> 00:02:54.120 One thing I think is interesting about this, this whole side of things is like the original thing that you brought up, Ashley, is people, I think, are focusing on their hardware keys. 00:02:54.120 --> 00:02:58.740 And while that's a cool idea, I think the bigger story is just 2FA. 00:02:58.740 --> 00:03:00.020 Forget hardware keys. 00:03:00.020 --> 00:03:02.580 Like hardware keys are one way to do 2FA. 00:03:02.580 --> 00:03:03.360 Right. 00:03:03.440 --> 00:03:07.960 But if you look at the actual giveaway, I think it's limited to certain locations. 00:03:07.960 --> 00:03:08.640 Right. 00:03:08.640 --> 00:03:10.820 Like I can't remember what all the locations were. 00:03:10.820 --> 00:03:16.600 I feel like it's kind of North America, Europe and Australia or something in that general realm. 00:03:16.740 --> 00:03:23.380 And you could entirely have a popular, what is now known as a critical Python package and not live in those locations. 00:03:23.380 --> 00:03:23.700 Right. 00:03:23.700 --> 00:03:24.520 Yeah, for sure. 00:03:24.520 --> 00:03:29.360 I mean, I suspect a lot of them, a lot of the maintainers of those packages are not in some of those locations. 00:03:29.360 --> 00:03:33.720 I think those are probably dictated by like export rules on certain cryptography. 00:03:33.720 --> 00:03:35.420 But I hadn't thought about that. 00:03:35.420 --> 00:03:38.240 I thought it was just a shipping thing, but you're probably right about that, actually. 00:03:38.240 --> 00:03:38.840 Yeah. 00:03:38.840 --> 00:03:39.700 Oh, yeah. 00:03:40.220 --> 00:03:45.200 So there's a little bit of a pushback and like, hey, I'm doing this for free. 00:03:45.200 --> 00:03:48.740 Why are you making me do this extra work setting up these keys? 00:03:48.740 --> 00:03:58.120 And that's kind of why I said I feel like it's kind of the headline has missed the point here because to say, oh, I've got to get this hardware key and set it up is not technically true. 00:03:58.120 --> 00:04:00.960 You just have to use 2FA of some form. 00:04:00.960 --> 00:04:01.420 Right. 00:04:01.420 --> 00:04:06.400 It could be with like the standard 2FA you have with your phone or maybe even SMS would work. 00:04:06.520 --> 00:04:10.560 Although SMS is a sketchy but better than nothing form of 2FA. 00:04:10.560 --> 00:04:12.620 Like if I'm going to go and get a bank account. 00:04:12.620 --> 00:04:13.020 Some people suggest. 00:04:13.020 --> 00:04:13.720 If I'm going to. 00:04:13.720 --> 00:04:14.220 Some people. 00:04:14.220 --> 00:04:14.580 Yeah, go ahead. 00:04:14.580 --> 00:04:14.960 Sorry. 00:04:14.960 --> 00:04:19.700 Some people say that SMS really is like a pretty insecure version of 2FA. 00:04:19.700 --> 00:04:21.360 So I think having. 00:04:21.360 --> 00:04:21.640 They do. 00:04:21.640 --> 00:04:22.580 Some type of keys. 00:04:22.580 --> 00:04:23.180 And they say like. 00:04:23.180 --> 00:04:23.440 Yeah. 00:04:23.440 --> 00:04:24.000 Yeah. 00:04:24.000 --> 00:04:25.340 It would be better. 00:04:25.340 --> 00:04:29.540 But like at the same time, if you don't have any 2FA, there's still another step. 00:04:29.540 --> 00:04:36.500 They've got to hack your SMS somehow to get through the SMS stuff, which is better than just like they just guess your password. 00:04:36.500 --> 00:04:37.720 Or do they get it from a password breach? 00:04:37.720 --> 00:04:43.640 So it's even for all the criticisms of SMS as a 2FA, it's still not a negative. 00:04:43.640 --> 00:04:46.360 It's just not nearly as good as the other option. 00:04:46.360 --> 00:04:51.400 I'm just chuckling because I just got an email last week about from. 00:04:51.400 --> 00:04:53.680 Was it on the 8th of July? 00:04:53.680 --> 00:04:57.200 Saying, hey, you're a critical. 00:04:57.200 --> 00:04:59.940 You're a maintainer of a critical project. 00:04:59.940 --> 00:05:02.900 And they want me to set up 2FA. 00:05:02.900 --> 00:05:04.540 And I just haven't read it yet. 00:05:04.540 --> 00:05:05.260 So I like. 00:05:05.260 --> 00:05:07.460 This is news to me. 00:05:07.460 --> 00:05:12.360 And it's what it's a pie test plugin I've got that supposedly is a critical project. 00:05:12.360 --> 00:05:12.940 Go figure. 00:05:12.940 --> 00:05:13.660 Oh, that's awesome. 00:05:13.660 --> 00:05:14.360 The definition. 00:05:14.360 --> 00:05:15.420 People are wondering. 00:05:15.680 --> 00:05:19.320 I saw Will McGugan asking on Twitter, like, does anybody know what this means? 00:05:19.320 --> 00:05:20.540 Where did I got this to? 00:05:20.540 --> 00:05:27.220 The definition from what I understand is you are in the top 1% of downloads for a moving 00:05:27.220 --> 00:05:28.480 six month window. 00:05:28.480 --> 00:05:33.220 So in the last six months, your project is in the top 1% of most used, most downloaded. 00:05:33.220 --> 00:05:33.860 Wow. 00:05:33.860 --> 00:05:34.840 So congratulations. 00:05:34.840 --> 00:05:35.540 That's awesome. 00:05:35.540 --> 00:05:35.920 That's awesome, Brian. 00:05:35.920 --> 00:05:39.920 Cool. 00:05:40.220 --> 00:05:42.040 I guess I'll read the email more closely now. 00:05:42.040 --> 00:05:43.160 Yeah, perhaps. 00:05:43.160 --> 00:05:43.600 Get this set up. 00:05:43.600 --> 00:05:47.380 Ashley, do you know what happens if you just are like Brian? 00:05:47.380 --> 00:05:47.940 Like, I don't. 00:05:47.940 --> 00:05:48.540 Spam. 00:05:48.540 --> 00:05:49.460 Doesn't matter to me. 00:05:49.460 --> 00:05:50.240 Just ignore it. 00:05:50.240 --> 00:05:51.400 That's a good question. 00:05:51.400 --> 00:05:55.340 I guess eventually they'll probably not let you upload if you don't enable it. 00:05:55.340 --> 00:06:00.100 Like, next time you go to log in or upload a package, it'll just say, hey, you have to 00:06:00.100 --> 00:06:00.720 turn on 2FA. 00:06:00.720 --> 00:06:02.380 Because like you said, you don't have to have the key. 00:06:02.380 --> 00:06:04.120 You just have to have 2FA on. 00:06:04.240 --> 00:06:09.660 So I clicked on the manage and it says, I've got a little big banner up. 00:06:09.660 --> 00:06:11.800 I'll just pop to it right now. 00:06:11.800 --> 00:06:14.140 Oh, where's it on here? 00:06:14.140 --> 00:06:15.500 We'll go ahead and show this. 00:06:15.500 --> 00:06:20.900 I get, this project is included in the two-factor mandate for critical projects. 00:06:20.900 --> 00:06:26.500 In the future, you will be unable to perform this action without enabling two-factor. 00:06:26.500 --> 00:06:28.740 So I think you're right. 00:06:28.740 --> 00:06:33.560 I think it's just going to kick me out of being able to do anything with the project. 00:06:33.560 --> 00:06:35.260 if I don't enable this. 00:06:35.260 --> 00:06:35.680 Yeah. 00:06:35.680 --> 00:06:36.060 Interesting. 00:06:36.060 --> 00:06:37.140 Interesting. 00:06:37.140 --> 00:06:38.120 This is cool, Brian. 00:06:38.120 --> 00:06:40.540 One, I think Teddy's right out there. 00:06:40.540 --> 00:06:41.300 Like, congrats. 00:06:41.300 --> 00:06:42.260 Brian's on fire. 00:06:42.260 --> 00:06:44.840 High test check, by the way. 00:06:44.840 --> 00:06:46.680 People listening is the plugin. 00:06:46.680 --> 00:06:48.540 But it's cool to see it live, to see what's happening. 00:06:48.540 --> 00:06:50.560 So this apparently is what maintainers get. 00:06:50.560 --> 00:06:52.180 And I'm with you, Ashna. 00:06:52.180 --> 00:06:56.220 I think what's going to happen is you just, you won't be able to upload with Twine anymore. 00:06:56.220 --> 00:06:57.740 You won't be able to log in. 00:06:57.740 --> 00:06:59.020 You won't be able to make changes. 00:06:59.020 --> 00:07:01.480 It'll just force you down a 2FA path. 00:07:01.480 --> 00:07:09.220 Yeah, I read that you still can upload because, like, people want to do, I know there were some people initially concerned about, like, how do I do automatic uploads from my CI system or whatever? 00:07:09.220 --> 00:07:10.740 And you can do it if you get a token. 00:07:10.740 --> 00:07:15.680 But you have to, like, you know, generate one of those tokens with your 2FA-enabled account to do that. 00:07:15.940 --> 00:07:16.160 Right. 00:07:16.160 --> 00:07:18.720 That happens with all the 2FA accounts, right? 00:07:18.720 --> 00:07:22.900 You can no longer use your GitHub password for, like, on the CLI. 00:07:22.900 --> 00:07:30.460 Like, once you set up GitHub 2FA, then all of a sudden you've got to go create an app, give it a name, and get, like, an API token for it and stuff like that, right? 00:07:30.460 --> 00:07:30.940 Mm-hmm. 00:07:31.200 --> 00:07:31.880 I think that's okay. 00:07:31.880 --> 00:07:32.520 Yeah. 00:07:32.520 --> 00:07:35.060 So, Brian, let's ask you, like, how do you feel about that? 00:07:35.060 --> 00:07:36.620 Does this seem like a big burden to you? 00:07:36.620 --> 00:07:37.460 Are you okay with this? 00:07:37.460 --> 00:07:37.600 Or? 00:07:37.600 --> 00:07:43.580 You know, I was, I'm okay with it because I think it's securing the supply chain. 00:07:43.680 --> 00:07:54.120 I mean, I've already enabled the two-factor authentication on GitHub, and I've got, you know, a bunch of banking stuff that I have on, you know, multi-factor authentication and stuff. 00:07:54.120 --> 00:08:01.240 So, I'm waiting for 12-factor authentication, but that might be a bit extreme. 00:08:01.240 --> 00:08:02.260 All right. 00:08:02.260 --> 00:08:09.640 Now, you put your small pinky toe onto the key reader over there, and then you hold down this key with your other finger, and then you put your face up. 00:08:09.640 --> 00:08:10.580 Yeah. 00:08:11.040 --> 00:08:18.280 An optic scan, a blood scan, you got to, you know, deposit a urine scan, and all sorts of stuff you got to do. 00:08:18.280 --> 00:08:19.060 Good night. 00:08:19.060 --> 00:08:19.400 No. 00:08:19.400 --> 00:08:21.620 I'm drawing the line there. 00:08:21.620 --> 00:08:22.360 I'm not doing it. 00:08:22.360 --> 00:08:26.880 So, no, but I'm fine with it. 00:08:26.880 --> 00:08:29.220 I don't know the details yet, though. 00:08:29.220 --> 00:08:32.500 If I got to get a hardware key, though, I'm going to be a little upset. 00:08:32.500 --> 00:08:33.860 I think, I don't know. 00:08:33.860 --> 00:08:40.740 Well, there might be one for free, but yeah, even getting one for free, I feel like I'd be like, if I'm not a hardware key guy, I don't know. 00:08:40.860 --> 00:08:40.980 Yeah. 00:08:40.980 --> 00:08:42.300 Well, what if I lose it? 00:08:42.300 --> 00:08:43.240 So. 00:08:43.240 --> 00:08:43.700 Yes. 00:08:43.700 --> 00:08:47.440 First of all, let me preface this statement with, please don't email me. 00:08:47.440 --> 00:08:51.180 It's, it's, if we disagree on this, it's fine. 00:08:51.180 --> 00:08:52.040 Just don't email me. 00:08:53.040 --> 00:08:54.320 We can just agree to disagree. 00:08:54.320 --> 00:08:59.720 But I am personally not a fan of 2FA hardware keys because what if you lose it? 00:08:59.720 --> 00:09:01.360 It's really bad. 00:09:01.360 --> 00:09:11.220 If you, I now, all of a sudden, if I'm, what if I'm traveling and like the website is down and I've got to log into the ISP, the cloud system to make a change. 00:09:11.220 --> 00:09:14.220 Did I, what if I forgot to bring the key or what if I do bring it? 00:09:14.220 --> 00:09:14.760 Then I lose it. 00:09:14.760 --> 00:09:19.200 Like just the act of having a physical key that has to always be with you. 00:09:19.200 --> 00:09:20.960 Like, do you take it with you when you go swimming? 00:09:20.960 --> 00:09:25.960 I mean, I mean, that's a little extreme, but like, if you're going to go to the beach and you might need it, what are you going to do? 00:09:26.000 --> 00:09:28.800 And then if I only have my phone, I can't plug the key into the phone. 00:09:28.800 --> 00:09:29.140 I don't know. 00:09:29.140 --> 00:09:38.200 It just, it seems like I certainly know why you would have it at like, if I worked at a bank and I needed to get on the VPN and I needed to have that permanently stuck in my computer. 00:09:38.200 --> 00:09:38.820 Fine. 00:09:38.820 --> 00:09:47.260 But as a broad based solution, I feel like things like Authy, Google, Google authenticator, the Microsoft, whatever it's called, all those things. 00:09:47.260 --> 00:09:55.880 I think they still provide a pretty strong level of security while being able to travel with you and being able to synchronize across devices that you might not always have them with you. 00:09:55.880 --> 00:09:56.820 So yeah. 00:09:56.820 --> 00:10:00.760 When people say it's always such a hassle to get these keys, like you could just set up Authy. 00:10:00.760 --> 00:10:01.820 You know what I mean? 00:10:01.820 --> 00:10:02.440 Yeah. 00:10:02.440 --> 00:10:03.000 Yeah. 00:10:03.000 --> 00:10:04.040 I use Authy too. 00:10:04.040 --> 00:10:06.580 I'm also, I'm a little freaked out by the hardware keys. 00:10:06.580 --> 00:10:08.480 I did find it interesting in the giveaway. 00:10:08.480 --> 00:10:14.060 Actually, I think they give you a coupon to get two so that like you could get two in case you lose one. 00:10:14.060 --> 00:10:17.480 But that to me just is exactly why I don't want one. 00:10:17.480 --> 00:10:19.540 Exactly. 00:10:19.540 --> 00:10:20.140 Well, okay. 00:10:20.140 --> 00:10:24.260 So I've got one plugged into my computer and I put what one into the closet. 00:10:24.800 --> 00:10:27.140 If the house burns down, what am I going to do? 00:10:27.140 --> 00:10:32.880 I mean, I'll probably, I'll grab my phone and run maybe if I can get to it, but I'm not going to go rooting around for a hardware key. 00:10:32.880 --> 00:10:33.680 I'm just going to get out. 00:10:33.680 --> 00:10:34.200 You know what I mean? 00:10:34.200 --> 00:10:41.220 There's, there's just all these like sort of weird edge cases that to me, I'm just like, I don't really want to hand on one of these hardware keys. 00:10:41.220 --> 00:10:41.700 Yeah. 00:10:41.700 --> 00:10:46.120 Brian's going to have to go to the bank and his safe deposit box just to upload a new pie test check. 00:10:46.120 --> 00:10:48.280 Yeah, exactly. 00:10:48.280 --> 00:10:48.680 All right. 00:10:48.680 --> 00:10:51.200 I turned both keys to the right on three, two, one. 00:10:51.200 --> 00:10:51.440 Chink. 00:10:51.440 --> 00:10:51.820 Okay. 00:10:51.820 --> 00:10:54.140 V1, two, 1.2 is out. 00:10:54.140 --> 00:10:54.560 Yeah. 00:10:54.560 --> 00:10:54.920 Okay. 00:10:54.920 --> 00:10:59.320 But I would just point out the article here from Armin. 00:10:59.320 --> 00:10:59.640 Yeah. 00:10:59.640 --> 00:10:59.820 Yeah. 00:10:59.820 --> 00:11:00.160 Please do. 00:11:00.160 --> 00:11:02.180 Which was super interesting, I think. 00:11:02.240 --> 00:11:08.660 And it was, this kind of gets into, it'll probably lead us into the next topic here of why there was a little bit of controversy around this. 00:11:08.660 --> 00:11:12.060 And I think it wasn't so much that people are resistant to two factor. 00:11:12.060 --> 00:11:15.280 It's more this designation of packages as critical. 00:11:15.280 --> 00:11:22.000 And I don't know if that's just because like critical is a bit of a loaded term or it ended up feeling a little bit like a popularity contest. 00:11:22.000 --> 00:11:32.860 But yeah, I think it's pretty clear to me that PyPI wants to, you know, which is an open source project itself, right, wants to eventually probably roll this out to everybody and maybe doesn't have the capacity for that right now or something. 00:11:32.860 --> 00:11:34.400 Yeah, I totally agree. 00:11:34.400 --> 00:11:36.980 And Armin Peik is quite interesting. 00:11:36.980 --> 00:11:39.620 And he comes down a little bit, you know, on the middle. 00:11:39.620 --> 00:11:43.880 Like I see the value, but also I see why people are a little bit frustrated with this. 00:11:43.880 --> 00:11:56.580 He does talk about this thing that the Rust community has, you know, hat tip towards topic four as well, called CargoVet, which is the idea of vetted packages and unvetted packages. 00:11:56.580 --> 00:12:05.140 So if you, when you pip install something, you could say something like, do I only want to allow like the higher vetted packages? 00:12:05.140 --> 00:12:08.900 PyPI doesn't have this at the moment, but other package indexes do. 00:12:08.900 --> 00:12:13.940 To me, again, coming back to the hardware thing, I feel like people saw this and they thought, I've got to go to this hardware key. 00:12:13.940 --> 00:12:16.300 Like this seems like, I can't believe you're forcing this on me. 00:12:16.300 --> 00:12:24.500 If you're a software developer in 2022 and you don't have any form of 2FA setup, that's, I feel like those are the people who got really frustrated. 00:12:24.500 --> 00:12:31.520 But at the same time, like, what are you doing on the internet in 2022 without at least a few things on 2FA? 00:12:31.520 --> 00:12:36.840 My Authy account has something like 46 different 2FAs in there. 00:12:36.840 --> 00:12:39.060 My 1Password has like a thousand accounts. 00:12:39.060 --> 00:12:39.900 I don't know. 00:12:39.900 --> 00:12:45.160 It doesn't seem like a huge burden to hold up your phone, scan a QR code and carry on. 00:12:45.160 --> 00:12:53.960 But if you're not in the 2FA space, and especially if you perceive that to mean I got to get into the hardware 2FA space, I can see why people would see this as frustrating. 00:12:54.300 --> 00:13:02.940 And with that, maybe it's time to just move to the next topic, number two, which is IPI move to require 2FA for critical projects, which is this here. 00:13:02.940 --> 00:13:07.120 But what's really interesting is there's sort of talking about the challenges. 00:13:07.680 --> 00:13:14.740 And one of the things that happened is there's this project called Atomic Writes, which was designated as critical. 00:13:14.740 --> 00:13:19.520 Atomics Writes, what it actually does is pretty straightforward. 00:13:19.940 --> 00:13:25.260 Let's use a context manager to write to files atomically. 00:13:25.260 --> 00:13:26.960 So you can write to the file, write to the file. 00:13:26.960 --> 00:13:34.260 If there's some kind of crash or mistake or bug or something, it won't actually change the file. 00:13:34.400 --> 00:13:38.640 So normally you would just do like while true, start writing. 00:13:38.640 --> 00:13:41.740 And if something crashes, like you'll have a half written file. 00:13:41.740 --> 00:13:42.920 So this is kind of cool. 00:13:42.920 --> 00:13:46.020 It says what you're going to do is use a context manager, open a file. 00:13:46.020 --> 00:13:47.500 We're going to write to a temp file. 00:13:47.500 --> 00:13:56.060 And then when you exit the context manager successfully, we're going to apply all those changes by doing an overwrite move type of operation at the OS level. 00:13:56.060 --> 00:14:00.160 I don't know how truly atomic it is, but it sure is better than writing line by line. 00:14:00.460 --> 00:14:04.580 And certainly it has the data safety aspect, which is pretty cool. 00:14:04.580 --> 00:14:09.700 Anyway, apparently people use this as in 127,839 packages. 00:14:09.700 --> 00:14:12.840 Maybe that number was higher not long ago. 00:14:12.840 --> 00:14:16.060 Packages, projects on GitHub use this. 00:14:16.060 --> 00:14:19.780 I guess not packages, but projects, many of which were packages themselves. 00:14:19.780 --> 00:14:28.740 So this guy, Markus Unterwalitze said, you know what? 00:14:28.740 --> 00:14:30.160 This is really frustrating to me. 00:14:30.160 --> 00:14:31.580 I don't want to set up 2FA. 00:14:31.580 --> 00:14:35.600 So I'm just going to unpublish this, take it down. 00:14:35.600 --> 00:14:39.580 And so don't know exactly what the chain of events was. 00:14:39.580 --> 00:14:50.300 I think something happened to the GitHub repository getting deleted, which then triggered, maybe also somehow triggered a delete of all of the historical IPI packages. 00:14:50.300 --> 00:14:55.660 Whatever the steps were, it erased all the historical IPI packages. 00:14:56.240 --> 00:15:05.000 So imagine your project has a dependency on atomic writes and your requirements.txt or pyproject.toml or whatever says equal, equal. 00:15:05.000 --> 00:15:06.560 What version are we on? 00:15:06.560 --> 00:15:07.720 We'll get some releases here. 00:15:07.720 --> 00:15:10.460 There's no releases anymore, so I can't tell you. 00:15:10.520 --> 00:15:15.100 But if you had like some concrete number there, it would say, pip would say, can't find that. 00:15:15.100 --> 00:15:15.540 Sorry. 00:15:15.540 --> 00:15:18.440 And so all sorts of started breaking. 00:15:18.440 --> 00:15:26.240 Continuous deployment, continuous integration, a bunch of PyPI, pytest packages, tests and automation and stuff. 00:15:26.240 --> 00:15:29.460 Brian, maybe you saw some people going, what's going on with this thing? 00:15:29.460 --> 00:15:31.480 I didn't really notice it. 00:15:32.360 --> 00:15:36.660 Well, you'd only notice if you depended upon this, had set up automation, right? 00:15:36.660 --> 00:15:40.240 Like basically check out your code, install the dependencies, run pytest. 00:15:40.240 --> 00:15:42.300 But people are like, these tests used to pass. 00:15:42.300 --> 00:15:43.560 Why are they no longer passing? 00:15:43.560 --> 00:15:50.100 And it's because pip couldn't install this project that Marcus got a little frustrated with and deleted out of PyPI. 00:15:50.100 --> 00:15:52.240 So that's interesting, right? 00:15:52.240 --> 00:15:53.440 Like, should he have done that? 00:15:53.440 --> 00:15:53.940 I don't know. 00:15:54.460 --> 00:15:57.640 Here's his sort of comment saying, here's what you got. 00:15:57.640 --> 00:16:07.480 And it says, PyPI just told me to enable 2FA to keep uploading this package because I thought it was annoying and entitled to guarantee the software compliance for a handful of companies. 00:16:07.480 --> 00:16:15.680 Basically, his take was, you're making me secure the supply chain so that large banks and other companies that care about it will feel better. 00:16:15.680 --> 00:16:17.760 And you're making me do extra work. 00:16:17.760 --> 00:16:25.020 Again, that I think the confusion about hardware, moving to hardware 2FA versus just scanning a QR code with your phone. 00:16:25.020 --> 00:16:27.380 Anyway, you're making me do extra work. 00:16:27.380 --> 00:16:28.560 And so I deleted the packages. 00:16:28.560 --> 00:16:31.540 Apparently, I deleted all the old versions. 00:16:31.540 --> 00:16:32.160 Sorry. 00:16:32.160 --> 00:16:38.540 Those have been restored by directly working with, I believe, Dustin Ingram from PyPI. 00:16:38.540 --> 00:16:42.920 So if you go down here somewhere, it says, no, sorry, Donald Stuff is the one who. 00:16:43.340 --> 00:16:46.780 But yeah, it shows you, I guess, unintended consequences. 00:16:46.780 --> 00:16:49.480 Hey, we're going to make atomic rights a little safer. 00:16:49.480 --> 00:16:51.720 Maintainer of atomic rights doesn't like that. 00:16:51.720 --> 00:16:53.380 Deletes it, makes everything break. 00:16:53.380 --> 00:16:54.680 Ashley, what's your take on this? 00:16:54.680 --> 00:16:55.320 You've been tracking it. 00:16:55.320 --> 00:16:56.720 Yeah. 00:16:56.720 --> 00:16:58.040 I mean, I find it really interesting. 00:16:58.040 --> 00:17:04.860 Like, it gets to the whole, you know, what is the sustainability of this giant open source ecosystem that we have? 00:17:04.860 --> 00:17:15.740 I know, I think in the show notes, you refer to this as Python's left pad incident or something like that, which is sort of a throwback to a very similar thing that happened in npm recently. 00:17:15.740 --> 00:17:27.940 And I think there was another one recently, like the start of the Ukraine war, basically, where someone, I think, pulled their package and put in something that was like protest wear or something like that. 00:17:28.580 --> 00:17:37.260 It tried to delete all the data off the hard drives if it detected you were in certain countries or something, which is a pretty, pretty rough hammer to use. 00:17:37.260 --> 00:17:38.140 Yeah, pretty extreme measure. 00:17:38.140 --> 00:17:39.580 Right. 00:17:39.920 --> 00:17:47.300 What if you were working to collect data about trying to help Ukraine, but you happen to be in this other country? 00:17:47.300 --> 00:17:52.240 I mean, it's just, yeah, it's just overstepping, I think, a little bit on intended consequences. 00:17:52.240 --> 00:17:52.680 Yeah. 00:17:52.680 --> 00:17:56.540 But this is like, I mean, we're working in industry and having to pin our packages and stuff. 00:17:56.540 --> 00:18:00.760 This is something that, you know, we kind of already protect for by mirroring. 00:18:00.760 --> 00:18:04.660 You know, I think most people with, I'm going to use critical, not in the way that's being used here. 00:18:04.660 --> 00:18:14.080 But like when you have a project and you're using all these dependencies, it's kind of also on you to know that like, well, the supply chain, I mean, PyPI doesn't have a permanent retention policy. 00:18:14.080 --> 00:18:21.560 Maybe it should, but that is going to lead to, you know, potentially much even even bigger hosting costs and everything for what's already a really expensive project. 00:18:22.020 --> 00:18:26.380 We run into the same thing with like packages from Ubuntu and stuff like that as well. 00:18:26.380 --> 00:18:35.120 Not that they get pulled in this way, but they'll bump versions on us that, you know, and especially in a regulated industry, we can't just update dependencies whenever they come out. 00:18:35.120 --> 00:18:40.620 So, you know, it wouldn't surprise me to see IPI become immutable once it goes up there. 00:18:40.620 --> 00:18:41.780 Like you can't change it. 00:18:41.780 --> 00:18:41.980 Yeah. 00:18:41.980 --> 00:18:42.800 Or more so. 00:18:42.800 --> 00:18:43.180 Right. 00:18:43.180 --> 00:18:43.540 Yeah. 00:18:43.540 --> 00:18:43.860 Yeah. 00:18:43.860 --> 00:18:45.920 I would expect it to be more of a request thing. 00:18:45.920 --> 00:18:48.400 You put it in a request and say, hey, I want to, this is mine. 00:18:48.400 --> 00:18:49.320 I want to take it down. 00:18:49.320 --> 00:18:54.260 And some review happens or something because people depend on it. 00:18:54.260 --> 00:18:57.260 And I get, I get, I kind of get both sides of it. 00:18:57.260 --> 00:18:59.100 I get that it's my thing. 00:18:59.100 --> 00:19:00.980 I should have complete control over it. 00:19:00.980 --> 00:19:04.340 But I also don't have, I don't have complete control over GitHub. 00:19:04.340 --> 00:19:09.440 I don't have complete control over PyPI or the PSF. 00:19:09.440 --> 00:19:10.840 And I use those services. 00:19:10.840 --> 00:19:14.900 They can like the PSF, for instance, I got it. 00:19:14.900 --> 00:19:18.160 They like purge all of your accounts, like once a year or something like that. 00:19:18.160 --> 00:19:21.140 And you have to re, you have to re log in or recreate your account. 00:19:21.140 --> 00:19:28.520 And, and, you know, get projects and services change their policies every once in a while. 00:19:28.520 --> 00:19:33.380 And, and this is a change in policy that for some projects we're going to require 2FA. 00:19:33.380 --> 00:19:34.460 They can do that. 00:19:34.460 --> 00:19:37.420 And if I want to continue to use it, I have to. 00:19:37.720 --> 00:19:42.060 Now, if I don't want to continue to use it, that that's a, I get, I guess that's where 00:19:42.060 --> 00:19:46.420 we're getting the question in is what ramifications are there? 00:19:46.420 --> 00:19:50.880 Can somebody take their, take their stuff off of PyPI or not? 00:19:50.880 --> 00:19:51.900 Don't know. 00:19:51.900 --> 00:19:52.200 Yeah. 00:19:52.200 --> 00:19:52.380 So. 00:19:52.380 --> 00:19:52.860 Yep. 00:19:52.860 --> 00:19:57.140 I think that if you read a lot of the conversations here, maybe we'll just close up this whole 00:19:57.140 --> 00:19:58.060 section on that. 00:19:58.060 --> 00:20:00.420 It comes down to two different beliefs. 00:20:00.420 --> 00:20:02.580 One, I should, it's my code. 00:20:02.580 --> 00:20:03.120 I wrote it. 00:20:03.120 --> 00:20:04.120 I can do whatever I want. 00:20:04.120 --> 00:20:04.760 I own it. 00:20:04.760 --> 00:20:06.520 If I don't like it, I can just delete it. 00:20:06.800 --> 00:20:08.260 If I want to stop, I can stop. 00:20:08.260 --> 00:20:12.800 The other one says, once you put it out there on GitHub and you've put it out to the world 00:20:12.800 --> 00:20:18.120 as here's a library that you can use and depend upon, and you publish it to the index with a 00:20:18.120 --> 00:20:24.200 clear intention of sharing it, you have a minuscule responsibility not to keep working on it, but 00:20:24.200 --> 00:20:27.980 to not destroy it for other people who are building on what you previously did. 00:20:27.980 --> 00:20:28.420 Yeah. 00:20:28.420 --> 00:20:32.200 I think there's a difference there too, between like writing and publishing the code and publishing 00:20:32.200 --> 00:20:36.480 a package or distributing a package that's intended to be, you know, conveniently downloaded 00:20:36.480 --> 00:20:40.780 in CI and stuff like that, where you're kind of making a little bit more of a promise there. 00:20:40.780 --> 00:20:45.160 But also, I mean, going back to Marcus's post here, it sounds like he, his intention wasn't 00:20:45.160 --> 00:20:48.740 to break, you know, people's existing workflows and stuff like that. 00:20:48.740 --> 00:20:51.840 It was really, he just didn't want to be the maintainer of a critical package. 00:20:53.380 --> 00:20:53.780 Exactly. 00:20:53.780 --> 00:20:55.020 He's like, I deleted it. 00:20:55.020 --> 00:20:55.640 That fixed it. 00:20:55.640 --> 00:20:56.120 Yeah. 00:20:56.120 --> 00:21:01.140 And then became, I think this, you know, the sort of poster of this controversy. 00:21:01.140 --> 00:21:01.720 So yeah. 00:21:01.720 --> 00:21:02.300 Yeah. 00:21:02.300 --> 00:21:02.780 Yeah. 00:21:02.780 --> 00:21:03.000 Yeah. 00:21:03.000 --> 00:21:07.740 If you read Marcus's Twitter, you can go back and sort of, you kind of get a sense that he's 00:21:07.740 --> 00:21:12.240 the kind of person that would not want to take that kind of stuff being put upon him or 00:21:12.240 --> 00:21:12.480 whatever. 00:21:12.480 --> 00:21:14.640 Let's wrap it up with Teddy's comment out in the audience. 00:21:14.640 --> 00:21:17.280 Feels, feels like a small step to enable 2FA. 00:21:17.280 --> 00:21:18.760 I wonder why it creates so much debate. 00:21:18.760 --> 00:21:22.240 Feels a bit political, especially today where 2FA is required almost everywhere. 00:21:22.540 --> 00:21:22.700 Yeah. 00:21:22.700 --> 00:21:24.380 I'm, I agree. 00:21:24.380 --> 00:21:27.620 I think, again, I think people saw the, here's your hard work key. 00:21:27.620 --> 00:21:28.880 Like, I don't want a hard work key. 00:21:28.880 --> 00:21:29.620 There's so much work. 00:21:29.620 --> 00:21:31.260 Let's, let's move on, Brian. 00:21:31.260 --> 00:21:33.760 That was a, that was a good one, but let's fast. 00:21:33.760 --> 00:21:34.420 Let's get out of there. 00:21:34.420 --> 00:21:34.900 Yeah. 00:21:34.900 --> 00:21:36.340 Fast, a harsh transition. 00:21:36.340 --> 00:21:36.660 Yeah. 00:21:36.660 --> 00:21:39.460 Let's just talk about fast, FastAPI, you know? 00:21:39.460 --> 00:21:42.360 Anyway, don't transition from that. 00:21:42.360 --> 00:21:43.220 So that's good. 00:21:43.220 --> 00:21:46.200 FastAPI filter came up. 00:21:46.200 --> 00:21:51.300 It was suggested by Arthur Root, Arthur Rio, who is also the creator of it. 00:21:51.540 --> 00:21:52.960 And it looks pretty cool. 00:21:52.960 --> 00:21:59.860 So it's, he, he said in a tweet, I love using, I loved using Django filter with Django rest 00:21:59.860 --> 00:22:00.240 framework. 00:22:00.240 --> 00:22:02.920 And I wanted an equivalent for FastAPI. 00:22:03.180 --> 00:22:07.620 So what this is, is this is a package you add to a project that uses FastAPI. 00:22:07.620 --> 00:22:14.240 And with it, you get like, when you're going through the cool debug user interface stuff, 00:22:14.240 --> 00:22:16.880 you can filter stuff. 00:22:16.880 --> 00:22:24.260 So you can, you know, it'll look at your, your schema and then you can, you know, filter different 00:22:24.260 --> 00:22:26.220 items and only, only see part of it. 00:22:26.220 --> 00:22:28.200 And it's just pretty neat. 00:22:28.540 --> 00:22:35.680 He also, it also has things like the filters support operators, like greater than greater 00:22:35.680 --> 00:22:39.700 than equal, less than not in and things like that. 00:22:39.700 --> 00:22:43.920 So it's kind of a fun way to just filter when you're looking at your data to filter it. 00:22:43.980 --> 00:22:49.540 And in his read me, he mentions that he's got a video and you kind of need a big screen 00:22:49.540 --> 00:22:55.520 for this, but, but he does have a video to, to, to show it in action, which is kind of cool. 00:22:56.040 --> 00:23:00.800 He shows filtering some of the data and then seeing the different data output. 00:23:00.800 --> 00:23:04.040 Anyway, just, just kind of a neat, nice debugging tool. 00:23:04.040 --> 00:23:05.260 If you're using FastAPI. 00:23:05.260 --> 00:23:06.380 That's really awesome. 00:23:06.380 --> 00:23:08.680 Actually, do you do anything with FastAPI? 00:23:08.680 --> 00:23:12.060 Unfortunately, no, this just makes me more jealous. 00:23:12.060 --> 00:23:16.860 I think of the people who get to use FastAPI, because it's got all these cool, I mean, you 00:23:16.860 --> 00:23:21.260 know, as a developer, I've played around with it, but like, it's got all these cool sort 00:23:21.260 --> 00:23:22.500 of debug admin interfaces. 00:23:22.500 --> 00:23:25.480 And then you see even more stuff like this kind of built on top of that. 00:23:25.480 --> 00:23:26.460 It's really awesome. 00:23:26.460 --> 00:23:27.580 Yeah, absolutely. 00:23:27.580 --> 00:23:28.160 Yeah. 00:23:28.160 --> 00:23:34.040 And, I'm, I'm planning on learning more about FastAPI on Michael's upcoming course. 00:23:34.040 --> 00:23:36.180 So, yeah. 00:23:36.180 --> 00:23:38.060 Are you going to be able to make it, Brian? 00:23:38.060 --> 00:23:40.300 I'm going to make sure I make it. 00:23:40.300 --> 00:23:40.620 Yeah. 00:23:40.620 --> 00:23:41.180 Awesome. 00:23:41.180 --> 00:23:42.140 I'm looking forward to that. 00:23:42.140 --> 00:23:45.480 So, yeah, that's the live in-person FastAPI course. 00:23:45.480 --> 00:23:47.040 I'm doing it out a month from now. 00:23:47.040 --> 00:23:48.100 So it should be fun. 00:23:49.260 --> 00:23:55.320 Before we move on, I do want to talk about our sponsor for this week, Microsoft for startups 00:23:55.320 --> 00:23:56.500 founders hub. 00:23:56.500 --> 00:24:01.400 They're doing super cool stuff as someone who has started his own small business. 00:24:01.400 --> 00:24:03.040 It is a lot of work. 00:24:03.040 --> 00:24:08.360 There's a lot of uncertainty and knowing how to get help and having support of people who 00:24:08.360 --> 00:24:10.340 have experience is really, really valuable. 00:24:10.340 --> 00:24:12.280 Starting business is hard. 00:24:12.680 --> 00:24:17.100 They say that by some estimates, 90% of all the startups will go out of business in the 00:24:17.100 --> 00:24:19.620 first year, which is tough, but that's how it is. 00:24:19.620 --> 00:24:23.940 With that in mind, Microsoft for startups set out to understand what startups need to be successful 00:24:23.940 --> 00:24:27.460 and create a digital platform to help overcome those challenges. 00:24:27.460 --> 00:24:29.960 And that's where they got their founders hub. 00:24:29.960 --> 00:24:35.620 So Microsoft for startups founders hubs provides all founders at any stage with free resources 00:24:35.620 --> 00:24:37.620 to help them solve startup challenges. 00:24:37.620 --> 00:24:44.120 You get technology benefits, access to expert guidance and skilled resources, mentorship, 00:24:44.120 --> 00:24:46.540 networking connections, and so much more. 00:24:46.540 --> 00:24:52.460 So, and unlike a lot of other similar programs in the industry, it doesn't require startups to be 00:24:52.460 --> 00:24:55.540 investor backed or third party validated to participate. 00:24:55.540 --> 00:24:57.660 Founders hub is just open to everyone. 00:24:57.660 --> 00:24:58.560 So what do you get? 00:24:58.560 --> 00:25:02.940 You get, you can speed up your development with free access to GitHub and Microsoft cloud 00:25:02.940 --> 00:25:06.440 resources that have a bunch of credits that unlock over time. 00:25:06.440 --> 00:25:08.860 So you can grow without worrying about paying for stuff. 00:25:08.860 --> 00:25:10.920 They also help startups innovate. 00:25:10.920 --> 00:25:16.600 They're partnering with companies like open AI, AI research and deployment company to get extra 00:25:16.600 --> 00:25:17.960 benefits through their partners as well. 00:25:17.960 --> 00:25:22.780 it's so with the founders hub, it's not really about who, you know, you have this access 00:25:22.780 --> 00:25:24.240 to this mentorship network. 00:25:24.420 --> 00:25:29.540 So you get access to a pool of hundreds of mentors across a range of disciplines, areas 00:25:29.540 --> 00:25:34.900 like idea validation, fundraising, management, and coaching sales and marketing, and specific 00:25:34.900 --> 00:25:36.060 technical stress points. 00:25:36.060 --> 00:25:40.300 I think that might be the most valuable, honestly, is, Hey, I need to talk to this person or somebody. 00:25:40.300 --> 00:25:41.340 Is this a good idea? 00:25:41.340 --> 00:25:42.160 Is this how I should be doing? 00:25:42.160 --> 00:25:42.560 And so on. 00:25:42.560 --> 00:25:46.900 So you can book a one-on-one meeting with mentors, any of whom are founders themselves. 00:25:46.900 --> 00:25:52.800 Make your idea a reality today with critical support that you'll get from Microsoft for startups 00:25:52.800 --> 00:25:57.960 founders hub during the program, visit pythonbytes.fm/founders hub to click the link in your 00:25:57.960 --> 00:25:59.600 show notes and yeah. 00:25:59.600 --> 00:26:01.340 Thanks Microsoft for supporting the show. 00:26:01.340 --> 00:26:01.720 Nice. 00:26:01.720 --> 00:26:02.400 Indeed. 00:26:02.400 --> 00:26:05.160 So what do you got for us next, Michael? 00:26:05.160 --> 00:26:06.480 Ashley's next. 00:26:06.480 --> 00:26:07.660 I'm letting him go next. 00:26:07.660 --> 00:26:08.280 Oh, right. 00:26:08.280 --> 00:26:08.560 Okay. 00:26:08.560 --> 00:26:09.000 Yeah. 00:26:09.000 --> 00:26:09.960 We'll scroll down to mine then. 00:26:09.960 --> 00:26:11.240 yeah. 00:26:11.240 --> 00:26:15.720 So I guess I think kind of the reason I'm here, I emailed you guys after there was some 00:26:15.720 --> 00:26:19.920 discussion on the podcast a few weeks ago about, you know, Hey, we're seeing a lot 00:26:19.920 --> 00:26:21.160 more stuff built in rust. 00:26:21.160 --> 00:26:24.960 And you, you had some good points about like why we're seeing that. 00:26:24.960 --> 00:26:29.720 but I thought super relevant to this, podcast is, this project. 00:26:29.720 --> 00:26:35.820 And in fact, this whole organization, py03 on GitHub, has a number of projects in here 00:26:35.820 --> 00:26:39.280 that are, you know, super relevant to Python developers, obviously. 00:26:39.280 --> 00:26:42.820 So the main one I think is py03, which is, is rust bindings. 00:26:43.280 --> 00:26:47.880 and basically what I emailed you guys was that my hypothesis is the tooling around building 00:26:47.880 --> 00:26:54.560 extensions for Python in rust or calling Python from rust, is getting so good and so easy 00:26:54.560 --> 00:26:58.940 that like, for me, I find this preferable to writing C extensions, for example. 00:26:58.940 --> 00:27:04.120 Now, not even necessarily because of rust, although rust is a really great language I've 00:27:04.120 --> 00:27:05.720 been getting into over the last year. 00:27:05.840 --> 00:27:09.640 but just like that, that tooling aspect of it, is really great. 00:27:09.640 --> 00:27:09.840 Great. 00:27:09.840 --> 00:27:13.960 So that the experience is, is pretty awesome based on, you know, these separate projects. 00:27:13.960 --> 00:27:16.680 So there's py03, which is the bindings. 00:27:16.680 --> 00:27:21.200 and this allows you to basically use, these type of things that it's almost like a 00:27:21.200 --> 00:27:22.100 function decorator. 00:27:22.100 --> 00:27:24.140 These are called, procedural macros. 00:27:24.140 --> 00:27:27.140 They're kind of tricky to write, but they're really easy to use. 00:27:27.140 --> 00:27:31.400 So you just put this on there, and then use this one to create a module, add your function 00:27:31.400 --> 00:27:32.040 to the module. 00:27:32.040 --> 00:27:36.520 And then if you build this file, you can import it in Python, and run this function. 00:27:36.520 --> 00:27:41.500 So, the combination of, you know, the ease of writing this, and then there's another project 00:27:41.500 --> 00:27:43.240 in here, called maturing. 00:27:43.240 --> 00:27:48.060 Before you move on real quick, maybe, for, for people listening, if you go back just 00:27:48.060 --> 00:27:50.100 real quick to that, that section you had there. 00:27:50.100 --> 00:27:50.620 Yeah. 00:27:50.620 --> 00:27:56.240 So the idea is what you do is you, you write some rust code and then you put, you call it 00:27:56.240 --> 00:27:58.760 a decorator or an attribute or what do you call that hash? 00:27:59.300 --> 00:28:00.680 It's called a macro. 00:28:00.680 --> 00:28:01.440 Yeah. 00:28:01.440 --> 00:28:03.580 A procedural macro, but you can just call it a macro. 00:28:03.580 --> 00:28:03.940 Yeah. 00:28:03.940 --> 00:28:04.500 Yeah. 00:28:04.500 --> 00:28:06.740 So you put the macro onto functions. 00:28:06.740 --> 00:28:09.700 There's one function that defines the module. 00:28:09.700 --> 00:28:14.420 And then in there, you just say, here are basically all the things I'm exporting from rust over to 00:28:14.420 --> 00:28:14.720 Python. 00:28:14.720 --> 00:28:17.120 And those are just the ones you've wrapped with the macro, right? 00:28:17.120 --> 00:28:17.860 Mm-hmm. 00:28:17.860 --> 00:28:18.040 Yep. 00:28:18.040 --> 00:28:18.500 Yeah. 00:28:18.500 --> 00:28:23.540 Assuming that writing rust for you is straightforward, this is a really simple addition. 00:28:23.540 --> 00:28:24.100 Yeah. 00:28:24.100 --> 00:28:27.160 And I think, you know, once, once you have this kind of, you know, there's a little bit of 00:28:27.160 --> 00:28:31.680 boilerplate in here, but these macros reduce the boilerplate so much that once you're in 00:28:31.680 --> 00:28:35.580 the function, in fact, I think this is like a really cool way to get started with rust because 00:28:35.580 --> 00:28:40.780 some of the really steep learning curve in rust is when you're building larger projects and 00:28:40.780 --> 00:28:45.100 you have to deal with, you know, strict typing and lifetimes and all these scary things that, 00:28:45.100 --> 00:28:45.960 you know, rust can do. 00:28:45.960 --> 00:28:49.820 But like you're, you're limited to just a function scope because that's what you're calling from, 00:28:49.820 --> 00:28:50.560 from Python. 00:28:50.560 --> 00:28:54.000 I think it's a kind of a cool way to get started and just get familiar with the syntax. 00:28:54.000 --> 00:28:54.740 Interesting. 00:28:54.740 --> 00:28:55.040 Yeah. 00:28:55.040 --> 00:28:55.420 Yeah. 00:28:55.420 --> 00:29:00.120 And yeah, I think part of the reason these tools are so great is like the whole rust community 00:29:00.120 --> 00:29:02.640 puts a lot of value on tooling. 00:29:02.640 --> 00:29:05.060 It's like a relatively young language. 00:29:05.060 --> 00:29:10.000 So from the start, I think it had this sort of, you know, attitude of, of building good 00:29:10.000 --> 00:29:13.860 ergonomics for developers, having good, you know, a single command line tool kind of that 00:29:13.860 --> 00:29:15.160 can do all these different things. 00:29:15.560 --> 00:29:19.800 And so this group that, that maintains PIO3 has also created this tool called Maturin, 00:29:19.800 --> 00:29:25.920 which feels to me a lot like Flit with, you know, like the super lightweight wheel builder. 00:29:25.920 --> 00:29:30.720 And so you see here, you just run Maturin develop with this, this project structure in here. 00:29:30.720 --> 00:29:34.460 It also has like a Maturin init, I think, which will create a new project for you. 00:29:34.460 --> 00:29:38.980 And then you see here, this develop will actually, you know, give you some output, whatever, 00:29:38.980 --> 00:29:42.180 because it builds a wheel and then installs it in your virtual environment. 00:29:42.500 --> 00:29:46.480 So then you can see here, you just call into that code and then this is, you know, calling 00:29:46.480 --> 00:29:47.500 rust code for you already. 00:29:47.500 --> 00:29:48.180 Oh, cool. 00:29:48.180 --> 00:29:49.160 That's really nice. 00:29:49.160 --> 00:29:53.980 So have you built things that you've released or are backed by rust? 00:29:53.980 --> 00:29:59.900 Not released, but like I've, I've done, you know, some hobbyist things and then also some 00:29:59.900 --> 00:30:03.120 stuff for, for work as well. 00:30:03.120 --> 00:30:08.420 Some small pieces of mostly like, you know, I work in, in, I came from a scientific background 00:30:08.420 --> 00:30:11.460 and I now work for this, you know, like I said, a portable MRI startup. 00:30:11.460 --> 00:30:15.040 So our whole thing is like Python from, from top to bottom, which is really cool. 00:30:15.040 --> 00:30:19.560 But for those performance critical numerical computing things, we use a ton of NumPy and 00:30:19.560 --> 00:30:19.840 TensorFlow. 00:30:19.840 --> 00:30:24.140 But then also, you know, some C extensions. 00:30:24.140 --> 00:30:26.560 And I've been just kind of playing around with converting those to rust. 00:30:26.560 --> 00:30:31.580 And this rust NumPy is another one of their projects here that makes it really easy to, 00:30:31.580 --> 00:30:36.460 you know, write a function that'll take a NumPy array basically and do some calculations on it. 00:30:36.460 --> 00:30:37.420 Oh, fantastic. 00:30:37.420 --> 00:30:38.780 Rust NumPy. 00:30:38.780 --> 00:30:42.920 So is it like an interoperability layer between rust and NumPy? 00:30:42.920 --> 00:30:43.460 Yeah. 00:30:43.460 --> 00:30:49.020 It pretty much just lets you like take NumPy arrays from Python into your rust functions that 00:30:49.020 --> 00:30:50.160 you're creating with PyO3. 00:30:50.160 --> 00:30:55.300 And then also, you know, create NumPy arrays and return them from those functions. 00:30:56.020 --> 00:31:02.380 And it depends heavily on ND array, which is a pure rust project here for, for, for n dimensional 00:31:02.380 --> 00:31:03.660 arrays and computation. 00:31:03.660 --> 00:31:08.440 So which probably more analogous to what actually NumPy itself is, but in the rust ecosystem. 00:31:08.440 --> 00:31:09.080 Okay. 00:31:09.080 --> 00:31:09.940 Very cool. 00:31:09.940 --> 00:31:10.440 That's pretty cool. 00:31:10.720 --> 00:31:13.240 So why rust over C? 00:31:13.840 --> 00:31:18.480 I mean, I think it's, I was mentioning to you before, like, you know, the rust community 00:31:18.480 --> 00:31:21.020 is, is really excited about rust. 00:31:21.020 --> 00:31:22.620 Like everyone who tries it likes it. 00:31:22.620 --> 00:31:26.760 I think it's, you know, topping the charts and, and all these, you know, most loved programming 00:31:26.760 --> 00:31:29.700 language surveys and stuff like that from Stack Overflow and everything. 00:31:30.480 --> 00:31:36.160 It guarantees, you know, it provides some more stronger guarantees around memory safety, 00:31:36.160 --> 00:31:38.360 and while still maintaining high performance. 00:31:38.360 --> 00:31:42.040 So that comes at a cost of a little bit of like complexity and learning curve. 00:31:42.040 --> 00:31:47.300 it also happens to, with those memory safety things like come with what they call 00:31:47.300 --> 00:31:52.380 fearless concurrency, where the typing system can prevent you from creating race conditions 00:31:52.380 --> 00:31:56.620 and actually warn you about them or, you know, fail to compile at compile time. 00:31:57.120 --> 00:32:03.220 and so I find like the trade-offs between, memory safety and performance and ease 00:32:03.220 --> 00:32:06.200 of use to be really interesting between rust and Python. 00:32:06.200 --> 00:32:11.300 They, they make completely different choices, but like both sort of with similar things in 00:32:11.300 --> 00:32:15.440 mind, like Python sacrifices some performance for ease of development, but still wants to 00:32:15.440 --> 00:32:16.520 be memory safe, right? 00:32:16.520 --> 00:32:20.340 Like if you're getting a seg fault in Python, you're, you're calling into something and doing 00:32:20.340 --> 00:32:23.060 something wrong, or it's hard to do that with pure Python code. 00:32:23.060 --> 00:32:23.300 Right. 00:32:23.300 --> 00:32:24.480 And same is true of rust. 00:32:24.540 --> 00:32:28.720 It's like if you're not writing what they call unsafe code, where you have to kind of 00:32:28.720 --> 00:32:32.300 wrap it in a block that's actually called unsafe, you shouldn't end up with those 00:32:32.300 --> 00:32:33.000 type of problems. 00:32:33.000 --> 00:32:36.000 so it's, it's kind of cool to see those two things. 00:32:36.000 --> 00:32:39.400 And then when you really do need performance, you can drop into this sort of, you know, 00:32:39.400 --> 00:32:40.180 lower level language. 00:32:40.180 --> 00:32:43.780 Maybe it's a little bit steeper learning curve, but you'll get the performance and you don't 00:32:43.780 --> 00:32:45.860 have to sacrifice that memory safety to get it. 00:32:45.860 --> 00:32:46.240 Yeah. 00:32:46.240 --> 00:32:46.900 Fantastic. 00:32:46.900 --> 00:32:49.900 Brian, you do more C stuff than I do these days. 00:32:49.900 --> 00:32:50.560 What do you think? 00:32:50.860 --> 00:32:55.360 there's, there's some bottleneck stuff that things that I use Python for that 00:32:55.360 --> 00:32:59.540 we do have, like, large amounts of data passing back and forth. 00:32:59.740 --> 00:33:04.780 And, and I don't, I mean, normally Python isn't the bottleneck, but sometimes it is. 00:33:04.780 --> 00:33:09.960 And, there are cases where I'm, I was just Googling some stuff right now, trying to 00:33:09.960 --> 00:33:13.060 figure out if I can apply rust to some of these things. 00:33:13.060 --> 00:33:18.120 Cause I actually, I think that's a, what, what, Ashley pointed out is, is fascinating 00:33:18.120 --> 00:33:24.320 is this might be a really great way to learn rust is to try to solve one of your bottleneck 00:33:24.320 --> 00:33:27.620 problems in Python with, with, with rust. 00:33:27.620 --> 00:33:34.660 And, I mean, I'm comfortable with C as well, but there's, even though I've been doing, 00:33:34.660 --> 00:33:39.460 using it for decades that I'd rather, if I can use something else, I would like to try. 00:33:39.460 --> 00:33:40.920 Something a little more modern. 00:33:40.920 --> 00:33:41.620 I totally agree. 00:33:41.980 --> 00:33:47.080 And yeah, you're right that, oh, I need to implement these three functions in rust and 00:33:47.080 --> 00:33:48.020 then plug them into Python. 00:33:48.020 --> 00:33:52.480 That's different than I need to completely learn rust so I can just do this whole project in 00:33:52.480 --> 00:33:52.760 rust. 00:33:52.760 --> 00:33:53.180 Yeah. 00:33:53.180 --> 00:33:53.540 Yeah. 00:33:53.540 --> 00:33:57.980 It's a narrow scope, kind of a cool way to, to try to learn something. 00:33:57.980 --> 00:33:58.820 So yeah. 00:33:58.820 --> 00:34:01.460 And these, these projects have like a ton of great examples. 00:34:01.460 --> 00:34:04.360 A few of them have, user guides and stuff like that. 00:34:04.360 --> 00:34:06.840 So plenty of material there to get you started. 00:34:06.840 --> 00:34:07.360 Nice. 00:34:07.360 --> 00:34:07.660 Cool. 00:34:07.660 --> 00:34:08.100 Cool. 00:34:08.100 --> 00:34:08.300 Yeah. 00:34:08.300 --> 00:34:09.060 Very, very good one. 00:34:09.060 --> 00:34:09.740 Thanks, Ashley. 00:34:09.740 --> 00:34:10.300 All right. 00:34:10.300 --> 00:34:12.540 Have you ever heard that regular expressions are easy? 00:34:12.540 --> 00:34:13.180 Yeah. 00:34:13.180 --> 00:34:14.240 Yeah. 00:34:14.240 --> 00:34:17.200 Not me, but Brian, let me, let me type something. 00:34:17.200 --> 00:34:18.020 I'm going to type this. 00:34:18.020 --> 00:34:21.900 I'm going to say, okay, I want a, a, a dot plus. 00:34:21.900 --> 00:34:24.620 And then I want, I'm going to write the word fun. 00:34:24.620 --> 00:34:28.660 I'm going to write, is it backslash D plus? 00:34:28.660 --> 00:34:32.420 I don't even know if that's a proper regular expression, but what does it, what does it do? 00:34:32.420 --> 00:34:36.100 So I want to introduce you to this site called auto regex. 00:34:36.100 --> 00:34:39.360 And this comes to us from Jason, Jason Washburn. 00:34:39.480 --> 00:34:40.860 Thank you, Jason, for sending this over. 00:34:40.860 --> 00:34:44.800 And the idea is I can put a regex in here and hit go. 00:34:44.800 --> 00:34:45.400 Wait. 00:34:45.400 --> 00:34:46.640 Oh, hold on. 00:34:46.640 --> 00:34:47.640 Let me just do this one. 00:34:47.640 --> 00:34:49.760 Do a simple one for a second. 00:34:49.760 --> 00:34:51.120 What am I missing here? 00:34:51.120 --> 00:34:52.560 I think you have that. 00:34:52.560 --> 00:34:53.260 It's backwards. 00:34:53.260 --> 00:34:54.000 You're going English. 00:34:54.000 --> 00:34:54.520 It's backwards. 00:34:54.520 --> 00:34:55.140 Yeah. 00:34:55.140 --> 00:34:55.380 Yeah. 00:34:55.380 --> 00:34:55.580 Yeah. 00:34:55.580 --> 00:34:55.600 Yeah. 00:34:55.600 --> 00:34:56.660 So why was it doing that? 00:34:56.660 --> 00:34:57.940 That was, yeah. 00:34:57.940 --> 00:34:59.440 So first of all, yeah. 00:34:59.440 --> 00:34:59.600 Okay. 00:34:59.600 --> 00:35:00.440 So let's start with that direction. 00:35:00.440 --> 00:35:01.740 That's the default direction it pulls up. 00:35:01.820 --> 00:35:07.900 So what I can do is say, I want a regex that, starts with fun, then any number, 00:35:07.900 --> 00:35:08.620 write that. 00:35:08.620 --> 00:35:09.020 Okay. 00:35:09.020 --> 00:35:12.040 And so then it says, oh, you know what? 00:35:12.040 --> 00:35:17.200 What you want is carrot fun dot star regex. 00:35:17.200 --> 00:35:18.020 Mm-hmm. 00:35:18.020 --> 00:35:18.980 Mm. 00:35:18.980 --> 00:35:19.800 Is that right? 00:35:19.800 --> 00:35:20.600 It's not quite right. 00:35:20.600 --> 00:35:24.400 Well, this, this is starts, starts with. 00:35:24.600 --> 00:35:26.680 But dot star, I think is any character, right? 00:35:26.680 --> 00:35:27.160 Yeah. 00:35:27.160 --> 00:35:30.180 Oh, then how about, yeah, it's not perfect. 00:35:30.180 --> 00:35:31.500 Then the same numbers. 00:35:31.500 --> 00:35:32.160 There you go. 00:35:32.160 --> 00:35:33.280 Oh, there you go. 00:35:33.280 --> 00:35:33.880 Yeah. 00:35:33.880 --> 00:35:35.300 You gotta, it's not perfect. 00:35:35.300 --> 00:35:39.320 You gotta understand the English, but I wrote an English sentence to it and it came up with 00:35:39.320 --> 00:35:40.180 a regular expression. 00:35:40.180 --> 00:35:44.940 It says, disclaimer, all outputs are generated by open AI's GDP three. 00:35:44.940 --> 00:35:46.380 Sometimes it makes sense. 00:35:46.380 --> 00:35:47.220 Sometimes it doesn't. 00:35:47.220 --> 00:35:48.780 But you could also do the reverse. 00:35:48.780 --> 00:35:49.300 Yeah. 00:35:49.300 --> 00:35:50.100 Let's do the reverse. 00:35:50.100 --> 00:35:50.620 All right. 00:35:50.620 --> 00:35:52.400 I'm going to make, I'll try to go back to my other one. 00:35:52.440 --> 00:35:57.900 So I'll say carrot, then dot plus, and then fun, then backslash. 00:35:57.900 --> 00:35:59.460 Let's try that. 00:35:59.460 --> 00:36:00.840 And do it in reverse. 00:36:00.840 --> 00:36:02.560 So I'm going to run it again. 00:36:02.560 --> 00:36:03.780 And you wait for a second. 00:36:03.780 --> 00:36:07.200 It says, the regular expression means the string must start with any character. 00:36:07.200 --> 00:36:10.580 Then there must be one or more characters before the substring fun. 00:36:10.580 --> 00:36:14.340 And then there may be any number of digits after the substring fun. 00:36:14.340 --> 00:36:15.260 What do you think about that? 00:36:15.260 --> 00:36:15.960 It's not quite right. 00:36:15.960 --> 00:36:17.680 I think it only matches one number. 00:36:17.680 --> 00:36:18.620 Yeah, maybe it only matches one. 00:36:18.620 --> 00:36:19.280 Yeah, yeah. 00:36:19.280 --> 00:36:19.760 But still. 00:36:19.760 --> 00:36:24.100 The trick for me, too, is that regular expressions are different depending on your platform. 00:36:24.100 --> 00:36:25.580 That's what always tricks me up. 00:36:25.580 --> 00:36:26.420 I'm like, which ones? 00:36:26.420 --> 00:36:26.680 Exactly. 00:36:26.680 --> 00:36:31.160 So this is a really cool tool to almost understand regular expressions. 00:36:31.160 --> 00:36:32.880 Yeah. 00:36:32.880 --> 00:36:34.640 So here's how I would perceive this. 00:36:34.640 --> 00:36:38.840 I would say, I wouldn't use this and just go writing all my regular expressions. 00:36:38.840 --> 00:36:43.000 But if I'm like, I really don't know how to get a regular expression to do that. 00:36:43.300 --> 00:36:43.500 Yeah. 00:36:43.500 --> 00:36:47.780 You could go write the English sentence and it might come up with either the right answer 00:36:47.780 --> 00:36:52.440 or something close enough that it's like, you know, okay, I see where it's going now. 00:36:52.440 --> 00:36:53.900 It's not quite matching, but let me. 00:36:53.900 --> 00:37:01.060 I would call this more of a guide or like a signpost along the way, not the tool to build it. 00:37:01.300 --> 00:37:05.640 I could see it being super useful with like, I think there's a site, regexer or something 00:37:05.640 --> 00:37:11.120 like that, where you can basically write a bunch of test cases and then your regex and 00:37:11.120 --> 00:37:14.220 have it run against them all in your browser and see it right there. 00:37:14.220 --> 00:37:18.340 And that's like, when I have to write regular expressions, that's how I do it. 00:37:18.340 --> 00:37:20.760 Like write a bunch of tests in here and get it to work. 00:37:20.760 --> 00:37:24.800 I maybe should be writing the tests in my own code and actually putting them in as tests, 00:37:24.800 --> 00:37:26.500 but I do it in this. 00:37:26.640 --> 00:37:29.520 But yeah, if you kind of integrate those two tools together, I could see this being 00:37:29.520 --> 00:37:29.840 useful. 00:37:29.840 --> 00:37:30.380 Okay. 00:37:30.380 --> 00:37:31.240 Yeah, for sure. 00:37:31.240 --> 00:37:36.460 We take the example one over here and we could put it into this there and see what it says. 00:37:36.460 --> 00:37:39.440 So the regex is create a group that is a word. 00:37:39.440 --> 00:37:41.780 And then you got a piece, at least some white space there. 00:37:41.780 --> 00:37:42.880 What do we get if we run that? 00:37:42.880 --> 00:37:46.560 The regular expression matches any word that begins with an uppercase letter. 00:37:46.560 --> 00:37:47.380 That's pretty cool. 00:37:47.380 --> 00:37:48.000 It does. 00:37:48.000 --> 00:37:48.440 Yeah. 00:37:48.440 --> 00:37:49.900 Anyway, fun. 00:37:49.900 --> 00:37:50.900 People can check it out. 00:37:50.900 --> 00:37:52.400 More regex fun. 00:37:52.400 --> 00:37:53.900 Thanks Jason for sending that in. 00:37:54.180 --> 00:37:58.380 And then Ashley, you also pointed out that Simon Wilson wrote an article on this. 00:37:58.380 --> 00:37:59.620 I don't know anything about this. 00:37:59.620 --> 00:38:00.560 I just saw this in the notes. 00:38:00.560 --> 00:38:04.920 Yeah, he was actually, so it's sort of related because it's GPT-3 and code. 00:38:04.920 --> 00:38:08.940 And I mean, even this first one has some regular expression stuff in it, but I guess there's 00:38:08.940 --> 00:38:10.220 a mode with GPT-3. 00:38:10.220 --> 00:38:14.100 I haven't really played with this, but you can like paste in code and then start asking it 00:38:14.100 --> 00:38:17.060 questions about it, like in a sort of conversational manner. 00:38:17.060 --> 00:38:19.400 And his blog post, I thought was really cool. 00:38:19.560 --> 00:38:23.620 One thing I did see pointed out was similar to what we were just talking about is apparently 00:38:23.620 --> 00:38:29.100 the AI model, like the chatbot can be very scarily confident in its answers. 00:38:29.100 --> 00:38:31.240 And sometimes it's very confidently wrong. 00:38:31.240 --> 00:38:35.920 Like, so you have to not be lulled into the false sense of security there. 00:38:35.920 --> 00:38:36.840 Yeah, for sure. 00:38:36.840 --> 00:38:37.160 Cool. 00:38:37.160 --> 00:38:39.680 You definitely do have to take it with a grain of salt. 00:38:39.680 --> 00:38:41.620 All right, Brian, close this out here. 00:38:42.000 --> 00:38:51.000 Okay, so Philippe sent us this next topic, and he's working for Python Anywhere. 00:38:51.000 --> 00:38:53.460 So anyway, he's one of the insiders. 00:38:53.460 --> 00:39:00.180 Anaconda acquires Python Anywhere to expand the Python team collaboration in the cloud. 00:39:00.180 --> 00:39:04.600 So not expand the team, expand Python team collaboration. 00:39:04.600 --> 00:39:12.620 So this is an interesting, we're linking to an article from Anaconda press release just saying, 00:39:12.620 --> 00:39:17.080 yeah, we bought Python Anywhere or, you know, acquired him. 00:39:17.080 --> 00:39:18.600 So it's interesting. 00:39:18.600 --> 00:39:24.780 I think I'm going to jump to another thing before I guess give my feedback. 00:39:24.780 --> 00:39:30.840 One of the things here, it says from the announcement, the acquisition comes on the heels of Anaconda's 00:39:30.840 --> 00:39:35.220 release of PyScript, an open source framework for running Python applications with HTML. 00:39:35.220 --> 00:39:36.440 We've covered that. 00:39:36.440 --> 00:39:43.140 The Python Anywhere acquisition and the development of PyScript are central to Anaconda's focus on 00:39:43.140 --> 00:39:45.880 democratizing Python and data science. 00:39:45.880 --> 00:39:50.600 So I'm going to be optimistic and not pessimistic on this. 00:39:50.600 --> 00:39:52.120 I think hopefully it's a good thing. 00:39:52.120 --> 00:39:58.760 And then on the Python Anywhere site blog, there's a FAQ about the acquisition. 00:39:59.320 --> 00:40:04.640 And it kind of goes through, like, from the customer standpoint, you know, will this affect 00:40:04.640 --> 00:40:05.480 my account? 00:40:05.480 --> 00:40:07.020 Will the billing change? 00:40:07.020 --> 00:40:10.200 Basically, they're going to keep everything the same, at least for now. 00:40:10.200 --> 00:40:15.500 And but hopefully it will expand its services and stuff and make things better. 00:40:15.500 --> 00:40:17.240 My personal take on it. 00:40:17.240 --> 00:40:23.060 So is that I'm hoping Python Anywhere is a cool idea, but I haven't seen much from them lately. 00:40:23.060 --> 00:40:27.360 So I'm hoping this will breathe some life into Python Anywhere. 00:40:27.520 --> 00:40:31.140 Yeah, I'm not saying it's dead, but I just it'd be cool to see it grow. 00:40:31.140 --> 00:40:32.420 So fun fact. 00:40:32.420 --> 00:40:38.340 Talk Python itself started out on Python Anywhere for a month or so because I'm like, I want to 00:40:38.340 --> 00:40:38.840 get this up. 00:40:38.840 --> 00:40:42.500 And it's kind of complicated to figure out all the Linux and its next stuff. 00:40:42.500 --> 00:40:44.700 And it seems real easy to just fire it up over here. 00:40:44.700 --> 00:40:46.100 And it worked great for a while. 00:40:46.100 --> 00:40:51.280 But eventually moved off as like, you know, started doing 15 terabytes of traffic a month. 00:40:52.160 --> 00:40:52.600 Yeah. 00:40:52.600 --> 00:40:53.320 Yeah. 00:40:53.320 --> 00:40:55.660 So anyway, I'd love to see that coming along. 00:40:55.660 --> 00:40:56.520 That seems great. 00:40:56.520 --> 00:40:58.600 Let me share also one more other thing. 00:40:58.600 --> 00:41:02.280 So on the screen, I have python.org and it shows you a code sample. 00:41:02.280 --> 00:41:05.620 Has anyone clicked this little thing up here on the right? 00:41:05.620 --> 00:41:07.760 This little shell looking thing? 00:41:07.760 --> 00:41:10.260 Yeah, I have before, but I don't remember what it does. 00:41:10.260 --> 00:41:10.760 What? 00:41:10.760 --> 00:41:12.580 Oh, nice. 00:41:12.580 --> 00:41:15.320 So it opens up a Python REPL. 00:41:15.320 --> 00:41:17.720 That Python REPL is running on Python Anywhere. 00:41:17.720 --> 00:41:21.940 Yeah, and one of the cool things about Python Anywhere is this ability, this ability to just 00:41:21.940 --> 00:41:23.680 like run it from any device. 00:41:23.680 --> 00:41:29.640 So you can run this from a tablet or a Chromebook or something without installing anything. 00:41:29.640 --> 00:41:31.760 And that's neat. 00:41:31.760 --> 00:41:33.460 I'd like to see that expand. 00:41:33.460 --> 00:41:34.040 Cool idea. 00:41:34.040 --> 00:41:34.940 Yeah, it sure is. 00:41:34.940 --> 00:41:36.600 And I can see how this pairs with PyScript. 00:41:36.600 --> 00:41:38.280 So this is in my browser. 00:41:38.280 --> 00:41:41.900 I can just run Python and get a view into a REPL. 00:41:41.900 --> 00:41:45.380 But with PyScript, I maybe just move the execution to the front end as well. 00:41:45.380 --> 00:41:47.080 So they're kind of related in that regard. 00:41:47.080 --> 00:41:53.560 Yeah, there's actually a few things I'd really love to see Python Anywhere change with this 00:41:53.560 --> 00:41:58.760 is the currently Python Anywhere doesn't support Python 310. 00:41:58.760 --> 00:42:01.460 Hopefully we can get that updated. 00:42:01.460 --> 00:42:07.420 And it doesn't it or you can run whiskey apps, but you cannot run ASCII right now. 00:42:07.420 --> 00:42:09.700 So no FastAPI on there. 00:42:09.820 --> 00:42:12.640 So that's hopefully that will be fixed. 00:42:12.640 --> 00:42:18.120 But and then also the free plan doesn't allow you to do Jupyter Notebooks. 00:42:18.120 --> 00:42:21.400 And with I'm guessing with Anaconda in there, that might be. 00:42:21.400 --> 00:42:22.300 It probably will. 00:42:22.300 --> 00:42:24.040 I would suspect it would. 00:42:24.040 --> 00:42:24.540 All right. 00:42:24.540 --> 00:42:25.220 How about extras? 00:42:25.220 --> 00:42:27.740 Got just a couple minutes left for those. 00:42:27.740 --> 00:42:28.840 I've got nothing. 00:42:28.840 --> 00:42:29.540 Ashley? 00:42:29.540 --> 00:42:29.860 Nothing? 00:42:30.360 --> 00:42:31.960 I had a couple in here. 00:42:31.960 --> 00:42:35.220 Not a whole lot to say about them, but that's, I guess, why they're extras. 00:42:35.220 --> 00:42:36.900 Pep691. 00:42:36.900 --> 00:42:40.720 There's a new JSON based simple API for PyPI. 00:42:40.720 --> 00:42:42.260 So more PyPI news there. 00:42:42.920 --> 00:42:47.980 This is like for tools like pip, I guess, that are sort of, you know, indexing packages 00:42:47.980 --> 00:42:49.840 and stuff like that or going on a search for packages. 00:42:49.840 --> 00:42:53.420 Like, we'll now be able to parse JSON instead of, I guess, up until now they've been parsing 00:42:53.420 --> 00:42:55.840 HTML, which was a surprise to me. 00:42:55.840 --> 00:42:56.880 You can go to somewhere. 00:42:56.880 --> 00:42:57.900 Yeah. 00:42:57.900 --> 00:43:01.520 You go somewhere on pypi.org slash something, something simple. 00:43:01.520 --> 00:43:06.540 And you just get a wall of links and you get like 350,000 links, which is not an ideal 00:43:06.540 --> 00:43:08.480 way to like, it doesn't seem like the best. 00:43:08.480 --> 00:43:08.880 Yeah. 00:43:09.520 --> 00:43:13.120 It's cool because I guess it can be like, it can serve those as static files, right? 00:43:13.120 --> 00:43:17.160 So that's why like, instead of having, you know, dynamic web app that you have to worry 00:43:17.160 --> 00:43:20.560 about loading all this stuff, it's just like an Nginx server pointed at a huge directory. 00:43:20.560 --> 00:43:25.240 But this allows those same servers, I guess, to serve JSON instead of HTML. 00:43:25.240 --> 00:43:25.880 It's neat. 00:43:25.880 --> 00:43:26.520 Yeah, great. 00:43:26.520 --> 00:43:35.220 And then rich codecs is a tool for like automatically creating these terminal screenshots from stuff 00:43:35.220 --> 00:43:36.200 in your documentation. 00:43:36.500 --> 00:43:40.680 Mostly I thought we can't have a Python bytes episode without something related to rich, 00:43:40.680 --> 00:43:41.000 right? 00:43:41.000 --> 00:43:41.280 So. 00:43:41.280 --> 00:43:42.480 That's right. 00:43:42.480 --> 00:43:42.960 That's right. 00:43:42.960 --> 00:43:43.440 Check this out. 00:43:43.440 --> 00:43:48.660 If you've got, if you're using rich or, and want to, you know, make some screenshots that 00:43:48.660 --> 00:43:49.860 stay up to date with your code. 00:43:49.860 --> 00:43:50.260 Yeah. 00:43:50.260 --> 00:43:54.160 Some color coded code blocks in your, your markdown. 00:43:54.160 --> 00:43:54.760 Yeah, for sure. 00:43:54.760 --> 00:43:55.160 Very nice. 00:43:55.160 --> 00:43:55.540 Yeah. 00:43:55.540 --> 00:43:56.080 All right. 00:43:56.080 --> 00:43:56.500 All right. 00:43:56.500 --> 00:43:58.420 I just have a quick one for an extra here. 00:43:59.280 --> 00:44:05.620 There's an article on DevJobs Scanner, the top eight most in demand programming languages. 00:44:05.620 --> 00:44:09.400 So we've got JavaScript, TypeScript, that's number one, but Python number two. 00:44:09.400 --> 00:44:13.180 I bring this up because I was doing a live stream on Talk Python and somebody came along 00:44:13.180 --> 00:44:15.440 and said, hey, should I still be learning Python? 00:44:15.440 --> 00:44:19.020 I heard that it's really hard to get a job and there's not a lot of interest in that. 00:44:19.020 --> 00:44:20.520 So yeah. 00:44:20.520 --> 00:44:22.720 Well, anyway, I'm not sure what else you choose. 00:44:22.800 --> 00:44:28.840 And again, this JavaScript stuff, it's like, it's like being a CSS, full stack CSS developer. 00:44:28.840 --> 00:44:36.400 You might have to have JavaScript skills to do Python stuff or to do ASP.NET or to do 00:44:36.400 --> 00:44:37.200 whatever else, right? 00:44:37.200 --> 00:44:41.620 Like there's a, JavaScript is unique in the sense that a lot of times it's paired with other 00:44:41.620 --> 00:44:44.300 things, whereas those other things are often more standalone. 00:44:44.300 --> 00:44:45.080 You know what I mean? 00:44:45.080 --> 00:44:50.320 So maybe the fact that JavaScript is up there because like every other language below it also 00:44:50.320 --> 00:44:54.120 needs JavaScript plus, I'm not exactly sure what the metric is here. 00:44:54.120 --> 00:44:56.480 If this is like how you, how you pull that out. 00:44:56.480 --> 00:45:00.100 But anyway, take it with a bit of grain of salt, but I think this is pretty good. 00:45:00.100 --> 00:45:00.660 All right. 00:45:00.660 --> 00:45:02.360 Are you all ready for a joke? 00:45:02.360 --> 00:45:03.920 Because Brian, you have started something. 00:45:03.920 --> 00:45:04.740 I have. 00:45:04.740 --> 00:45:05.160 Okay. 00:45:05.160 --> 00:45:05.900 You have. 00:45:05.900 --> 00:45:11.140 So remember we had the, I don't remember what the exact topic was, but we talked about, 00:45:11.140 --> 00:45:16.220 we talked about this, this, oh, this was, what is the junior dev see themselves 00:45:16.220 --> 00:45:18.600 in five years and what is the senior dev? 00:45:19.000 --> 00:45:25.320 So this woman, Neda, she has just an amazing set of jokes. 00:45:25.320 --> 00:45:29.760 And so you're going to be hearing more than one of these, but let's, let's, let's look at 00:45:29.760 --> 00:45:30.120 this one. 00:45:30.120 --> 00:45:31.280 They're so good. 00:45:31.280 --> 00:45:31.880 They're so good. 00:45:31.880 --> 00:45:33.320 I'm obviously linking to the show notes. 00:45:33.320 --> 00:45:36.280 So here's an example of people. 00:45:36.280 --> 00:45:42.300 I think what the story is here is these two women, they live in this apartment complex and 00:45:42.300 --> 00:45:45.580 they, they're in an elevator with some of their neighbors. 00:45:45.800 --> 00:45:49.940 And there's this, this older woman says, so what do you girls do for a living? 00:45:49.940 --> 00:45:52.120 One of the women says, ah, I'm an architect. 00:45:52.120 --> 00:45:54.360 Oh, and Neda, she's a programmer. 00:45:54.360 --> 00:45:56.160 And you just see the crap emoji. 00:45:56.160 --> 00:45:57.020 Like, oh no. 00:45:57.980 --> 00:46:00.780 Later on, Neda receives the knock at the door. 00:46:00.780 --> 00:46:03.580 And this old woman is like, there's a problem with my phone. 00:46:03.580 --> 00:46:07.140 And then there's like another, another guy with a beard that shows up with just showing 00:46:07.140 --> 00:46:08.100 the laptop to her. 00:46:08.100 --> 00:46:13.200 And then there's like a whole line of people with like printers and all kinds of stuff. 00:46:13.200 --> 00:46:15.480 Just basically, oh, you're our tech support now. 00:46:16.220 --> 00:46:17.780 I, I so have lived this. 00:46:17.780 --> 00:46:18.620 Yeah. 00:46:18.620 --> 00:46:19.140 Yeah. 00:46:19.140 --> 00:46:21.020 I have to actually, oh, go ahead. 00:46:21.020 --> 00:46:21.420 Sorry. 00:46:21.420 --> 00:46:22.340 Yeah. 00:46:22.340 --> 00:46:22.940 No, Ashley. 00:46:22.940 --> 00:46:24.080 Do you get this? 00:46:24.080 --> 00:46:26.660 not so much anymore, I guess. 00:46:26.660 --> 00:46:30.660 But I, this was definitely like my experience in the dorms. 00:46:30.660 --> 00:46:31.080 I remember. 00:46:31.080 --> 00:46:35.780 well, I mean, like now you could say I work on an MRI machines and nobody will ask you 00:46:35.780 --> 00:46:35.900 that. 00:46:35.900 --> 00:46:37.140 They don't want you to fix it. 00:46:37.140 --> 00:46:37.980 They don't have one. 00:46:37.980 --> 00:46:41.520 So no, they'll, they'll start, start telling you their medical problems and stuff like that. 00:46:41.520 --> 00:46:42.000 Yeah. 00:46:42.160 --> 00:46:44.820 So my first job out of college was with HP. 00:46:44.820 --> 00:46:48.560 I was working with satellite test systems. 00:46:48.560 --> 00:46:54.540 but, everybody just heard HP and wanted me to figure out how to configure their computer 00:46:54.540 --> 00:46:55.320 or their printer. 00:46:55.320 --> 00:46:57.500 can you get my printer on my network? 00:46:57.500 --> 00:46:58.160 Brian. 00:46:58.160 --> 00:46:59.740 And it's really gotten slow lately. 00:46:59.740 --> 00:47:00.780 I get a lot of pop-ups. 00:47:00.780 --> 00:47:04.740 Like, no, I don't, I don't know how to fix that. 00:47:04.740 --> 00:47:07.200 On purpose. 00:47:07.200 --> 00:47:08.640 I don't know how to fix that. 00:47:08.640 --> 00:47:10.600 Awesome. 00:47:10.980 --> 00:47:12.460 Well, that's all I got, Brian. 00:47:12.460 --> 00:47:13.120 Okay. 00:47:13.120 --> 00:47:14.020 Well, thanks. 00:47:14.020 --> 00:47:14.900 Thanks for the joke. 00:47:14.900 --> 00:47:15.760 I love that one. 00:47:15.760 --> 00:47:17.160 we could have more of these. 00:47:17.160 --> 00:47:17.360 Yeah. 00:47:17.360 --> 00:47:20.200 And, thanks Ashley for joining us. 00:47:20.200 --> 00:47:26.500 And, and I really appreciate you talking about, the rust, rust Python stuff. 00:47:26.500 --> 00:47:28.780 That's, that's, we've been curious about that. 00:47:28.780 --> 00:47:29.500 Oh, yeah. 00:47:29.500 --> 00:47:30.500 Really happy to be here. 00:47:30.500 --> 00:47:31.220 Thanks for having me on. 00:47:31.220 --> 00:47:31.760 All right. 00:47:31.760 --> 00:47:32.920 Well, bye everybody.