Brought to you by Michael and Brian - take a Talk Python course or get Brian's pytest book


Transcript #111: loguru: Python logging made simple

Return to episode page view on github
Recorded on Friday, Jan 4, 2019.

00:00 Hello and welcome to Python Bytes where we deliver Python news and headlines directly to your earbuds. This is episode 111 recorded January 4th 2019 I'm Michael Kennedy. I'm Brian. Okay. Hey Ryan. Can you believe it's 2019? Yeah, it's kind of hard to remember to say that Yeah, it's gonna take a while So before we get into the topics, I just want to say thank you to data dog They're sponsoring this episode check them out at Python by set of film slash data dog more about that later I never really enjoy the built-in logging in Python.

00:31 It's never seemed like super, super clear to me.

00:34 So I've ended up using other packages, something like Logbook or something like that, or maybe just a print statement.

00:40 But what you found today, Brian, is pretty sweet, actually.

00:44 Might convince me to stop using Logbook and use something else.

00:46 - You know, I was playing with this this morning.

00:48 So what we're talking about is, I think it's LogGuru.

00:52 I think that's how you pronounce it, L-O-G-U-R-U.

00:54 - All right, like Log and Guru smushed together, joined by the G. Yeah, or it could be loggeroo. I don't think so. I'm going with loggeroo.

01:03 And the tagline is Python logging made stupidly simple. And I think this is it's like a one API function for the most part. So the built in logging for Python, it does a lot. And you can have like multiple, multiple logging entry points and multiple logging output points and everything.

01:21 And LogGuru kind of took the model of everything gets logged to all the places.

01:28 And there's a default place that's standard error.

01:31 And that's better than print mucking up your standard output.

01:35 And by default, just a few lines of code, and it works just fine.

01:39 You can just say, from LogGuru, import logger, and just use the logger and say, like, debug or info or whatever.

01:47 But then if you want to do more advanced things, like one of the things I had to play with, because I couldn't believe it was this easy, was file logging and log rotation.

01:58 Let's say you're logging some stuff and you want to be able to log it into a file, and then at some point, make that a new file, like a date stamped file or time stamped or something.

02:10 It just has that really easy and then you can give it different options for if your file gets to 50 megabytes, at that point start a new file.

02:20 And there's even like compression.

02:21 So when you're rolling over to the new one, take the old one and zip it, or you can time it and just do it a new log every hour or a new log every day.

02:29 - I love the zipping aspect.

02:30 That's awesome.

02:31 It just does that automatically, or do you have to tell it to?

02:34 - You have to tell it to.

02:35 It's a fairly simple, easy thing.

02:37 And one of the bonuses of this package is the readme on GitHub is kind of a tour of all the features with examples.

02:44 So it's really easy to pop through and see what's going on.

02:49 I mean, I really spent like just a few minutes trying it out and I already love it.

02:53 So I think of this as the logging API that fits in my brain and I can do things right off the bat.

03:01 It's cool.

03:01 - Yeah, that's super cool.

03:02 Yeah, on one of my websites, I had like a bunch of logging happening and I went and checked it out, checked out the log directory and it was like five gigs of text files, but they compressed down to like 200 megs or something totally manageable.

03:15 So that's pretty awesome.

03:17 that you can have it kind of do that step for you in the background.

03:20 Couple of things strike me really as nice here.

03:22 One is the use of color.

03:25 It'll print out like here's the time, here's the log level, like info or error or whatever, the message and so on.

03:31 And it'll actually show those in different colors 'cause by default it prints just two logs to the terminal, right?

03:38 Standard out or something like that.

03:40 - Yeah, and it looks really nice.

03:41 So I tried it both on, just to make sure it was cross compatible and stuff like that.

03:45 I tried it both on a Mac and on a Windows machine.

03:48 And then I also tried it if I'm logging stuff from and running it within PyCharm, how does that look?

03:54 And all of this looks really good still.

03:56 - That's awesome.

03:57 And it also has the ability to wrap functions and catch the unhandled errors.

04:03 So the syntax is like logger.catchall or something.

04:07 It's a decorator.

04:08 If there's an error, it'll print a colorized, properly indented, formatted traceback.

04:13 - Yeah, and then it has some traceback options too.

04:16 And the traceback options are even pretty cool.

04:18 They blow it up into these little mini graph.

04:22 And you can specify how deep, just the traceback for the function that they got hit, or its parent, or how many parents.

04:30 It's pretty cool.

04:31 One of the things I like about the honesty of here is the last feature is crossed out.

04:36 The last feature says it's 10 times faster than built-in logging, and that's crossed out.

04:41 Because clearly, adding all these features isn't free.

04:44 it does cost a little bit of performance.

04:47 But there are plans for some of these, some of the things to be critical functions to be implemented and see in the future.

04:54 I think it's convenient right away.

04:56 One of the things I was always interested about is to how to figure out how to get email notification in some cases, like in particular, if you had a critical log error in a critical something, sending off an email to the right person, I wouldn't know how to do that right off the bat, but this one apparently works cleanly with the notifiers library to be able to send email.

05:21 - Oh yeah, notifiers is nice as well.

05:23 I think we've covered it before.

05:24 One other final thing here is you can actually put color into your statements as well.

05:30 So if I wanna have, like they've got a little screencast-y GIF thing on the GitHub repo you can just watch.

05:36 Like I said, there's several options available.

05:38 If you want options to be blue, you put bracket blue, like HTML tags around it and it colorizes.

05:44 So I think it's really nice for communicating back what's going on.

05:47 - Yeah, I'm sure it does a lot of cool features.

05:49 One of the things I like about the API is once you've figured out something, other people will be able to tell what you're doing because it's not confusing to read.

05:57 - Yeah, it's very cool.

05:58 This might be my new favorite logging library.

06:01 Now I have to get over the inertia of actually having my other stuff already working and wanting to switch to it.

06:06 That's gonna take a while, but this is cool.

06:07 I like it, good find.

06:08 So we had a pretty big episode back in July.

06:13 We had Brett Cannon and Carol Willing on to talk about how Guido van Rossum had stepped down as the BDFL, the overseer of the Python project, still involved as a core developer, but not making all the decisions and taking all the weight, right?

06:30 Remember that?

06:31 - Yeah.

06:32 - Well, things have more or less been on hold, stalled out, until they can somehow come up with a group of core developers can come up with a way to govern themselves.

06:41 So for example, Lucas Lange was looking at maybe moving the releases of Python from every 18 months to yearly, which has a bunch of advantages, but that's a change that has to be decided on.

06:54 They had no way to decide things.

06:55 So all sorts of stuff like that had just been put on hold.

06:59 Well, we've covered the different governance models that were being considered.

07:04 The big news this week is Python now has decided that it has a new governance model and they have decided on which one it's going to be.

07:12 Yes.

07:13 It's a, yeah.

07:14 Finally, finally things can start going.

07:16 Now don't get too excited.

07:18 Yeah.

07:19 There's a lot of holes left.

07:20 There are a lot of holes.

07:21 So what has been decided is the governance model.

07:25 They still need to decide how the new governance model actually drives Python the project itself.

07:31 So there's like a two step process.

07:33 how we're gonna make decisions, and then the first decision is how does that new organization manage Python?

07:39 So we're like halfway there, all right?

07:40 I think also there's still elections to be who's gonna be part of this thing.

07:44 So let me give you the rundown by way of Brett Cannon.

07:46 So Brett Cannon, also a core developer, has been on the show a couple times, and it's including the one that I mentioned.

07:51 And so he did a really nice write-up of what was the problem, where have we been, what were the options, and how did they decide?

07:59 So they had, we'd covered before, like we said, that there were seven governance proposals.

08:04 One from like, we'll elect a new dictator, a new BDFL, maybe without the FL for life part, down to maybe we'll have like a panel or something like that.

08:15 So there's some votes, the votes were open to all core developers, and they decided we're not gonna have other people vote who are not core developers, because this is about the core developers governing themselves, and why should other people decide how they get governed, basically, right?

08:31 They don't have as much skin in the game.

08:33 So people who are deciding their own fate voted.

08:36 And in the end, the winning one was PEP 8016, which is called the Steering Council.

08:43 So from now on, Python will be driven or controlled or led by a Steering Council, which is very similar to what Django's project organization actually looks like.

08:53 Brett said even that some of the language of the PEP here was copied and pasted directly from Django.

09:00 Yeah, so this is a council of five people who will determine how to run the Python project.

09:06 So the only thing that they can't decide, they basically have an absolute power, this group of five developers.

09:14 However, the one thing they cannot decide is how the council is elected.

09:19 So they can't go, you know, this council thing in elections, we don't like them, we're going to get rid of those, right?

09:26 Other than that, though, they basically have a BDFL like powers, right?

09:30 good it means basically that Python will not project will not be leaderless but it doesn't directly solve how to get the design and things like do we change the release cycle and things like that cool right yeah right so now we got to figure out who the council is yeah so the next step is to elect the council that'll be done Monday so three three four days from now three days and that starts on Monday and then goes to January 20th and then somewhere around there we'll we'll know. Actually, no, that's nominations. The voting starts on Monday, January 21st. So sometime in February, we'll know who, which five people are on the steering council.

10:08 - How do you feel about this? I think it's the right, well, not that nobody asked my opinion, but this seems reasonable to me.

10:14 - Yeah, I agree. You have a mic. You get a, that's the power of the mic is you get to just state your opinion, right?

10:19 - Yeah.

10:20 - No, I think this is totally reasonable. I think there's a couple of things. I thought I thought it was really interesting the discussion between having an even or an odd number of people on the council, right?

10:34 Because this way there's always going to be a majority that can never be a deadlock, all right?

10:39 Whereas if they had been even, you could have to have like a, definitely win over a majority, right?

10:45 If there were six instead of five, you always gotta get that little extra vote to go through.

10:50 But yeah, I think it's, you know, this seems totally reasonable to me.

10:53 I think there would have been a lot of value in finding the next BDFL without the FL part, right?

11:00 The next leader, dictator type.

11:02 I think that kind of might've been my favorite, but it's just such a risky proposition.

11:10 Because on one hand, if you get the right person, they can just move quick and it could be awesome.

11:14 But if you get somebody who doesn't take it in the right direction or a direction that you think is the wrong direction, like it could really go off the rails.

11:20 So this certainly seems like a safe path forward And it's definitely more community driven than it has been in the past.

11:27 Yeah, I don't know if this will slow down.

11:29 So one of the things that Brett brought up is they still haven't figured out really how to guide the language itself for language design.

11:39 And so yeah, it'll be interesting to watch how that.

11:42 Yep, and sure will.

11:44 So there's a lot of detail in Brett's article, so you should all go check it out.

11:48 But it looks like things are starting to move again, just that six short months later.

11:53 - Yeah. - Perfect.

11:54 So, one of the things you often have to do is work with files and paths and all this kind of stuff.

11:59 And I don't know, you tell me, Brian, am I living in a path?

12:01 I still, if I gotta work with files, import OS, OS.path, I still probably do that, just out of habit.

12:09 Am I doing it wrong?

12:10 - You're doing it wrong.

12:11 At least according to Trey.

12:12 And I agree now.

12:14 I am with Trey, so Trey Hunter wrote a blog post called "Why You Should Be Using Pathlib." And it's basically just a fairly convincing argument talking about some of the different benefits of pathlib over os.path and os and glob and stuff.

12:30 I actually didn't know before reading this, I didn't know that you could do glob-like stuff with the pathlib.

12:35 And recursive globbing.

12:37 Yeah, recursive. I had actually looked for that before because in some shells you can do ** to recursively look for stuff.

12:44 And you can use ** for the glob library or the glob whatever.

12:51 But it's built in, you can do our glob with PathLab.

12:55 It's pretty cool.

12:55 >> That's pretty awesome.

12:56 >> Some of the things that are nice about it, he's comparing it to OSPath and OS.Path, it's really working.

13:03 It's a string library.

13:04 It's passing and figuring out strings that represent paths.

13:08 But now we have more functional.

13:10 The PathLab uses the path object, which is a more functional thing that all of the path method, path object methods return path objects.

13:20 So you can chain them together.

13:22 So right, I love the fluent API.

13:24 Like you say path and give it like a directory.

13:28 You can say make dir and all nice options like parents equals true exists.

13:33 Okay, so it'll create like the whole directory chain.

13:35 It won't fail if it already exists like that is like that right there might convince me to like put my OS path away.

13:42 Yeah.

13:42 And also like right off the bat, he shows an example where how do you import OS path and OS?

13:49 Do you import all the little pieces from there so that you can have shorter methods?

13:56 Or do you just say OSPath and you have to say OSPath everywhere?

14:00 And it makes for kind of unwieldy code.

14:03 I copied some of the examples that he had into our show notes.

14:07 It's just really kind of a cool thing.

14:10 One of the things I didn't realize is that, like if you're opening a file, you can say like with open file name as some file object, then you work with it.

14:21 It closes automatically.

14:23 That all works with the Pathlib objects now too.

14:26 So you can use a lot of the other standard library things just with Pathlib objects.

14:31 - Right, as long as you're on Python 3.6 or above.

14:33 - Yes. - Yeah.

14:35 Now this is really cool, I like it.

14:36 I definitely like it.

14:37 - Why wouldn't you be?

14:38 - Exactly, why wouldn't you be?

14:39 I would be wrong.

14:41 Not as wrong as using legacy Python, but you know, it's okay.

14:45 I do know that some of the Linux distributions lag behind a ways and you know if you haven't upgraded that for a while that that could be a reason actually.

14:53 But yeah this definitely something people should be checking out.

14:55 I really like the fluent API the chaining.

14:58 That's cool.

14:59 Right now before we get to the next one Brian let me tell you about our sponsor Datadog.

15:03 They've sponsored many of the episodes and they're a big supporter of the show.

15:06 So we're really happy to have them back this year.

15:09 And they're a cloud scale monitoring platform that brings together metrics logs distributed traces all in one place.

15:16 Like one of the big problems you have is, well, I made a request to my web server.

15:20 The web server talked to this service.

15:22 The server talked to a database.

15:23 Like those all seem like separate things, right?

15:25 But if you want to track them all together, right, you can use Datadog for that.

15:29 So you can trace clients, including support for auto-instrumenting, like automatically tracking requests through things like Django, Flask, Postgres, and others.

15:39 So you get all the tracking across service boundaries, which is pretty sweet for troubleshooting slow requests and optimizing your Python apps.

15:47 So you can start monitoring your environment with a free trial and Datadog will send you a cool little Datadog t-shirt.

15:54 Just go to pythonbytes.fm/datadog and get started.

15:57 - Very cool.

15:58 - Yeah, for sure.

15:59 Thank you, Datadog.

15:59 Now, this next one is actually a two-in-one sort of thing because there's a new, newish, let's call it newish, library for visualizing stuff, mostly around data science and notebooks.

16:12 So we've talked about things like, people know about matplotlib and seaborn and other stuff, but maybe they haven't heard about Altair.

16:20 So Altair comes from Jake Vander Plaats and Brian Granger, who are both really big in the data science space.

16:25 And this is a really cool declarative way to visualize stuff in Python.

16:30 - Yeah.

16:31 - Have you ever looked at like matplotlib and you're like, why do I have to do all these things?

16:34 I just want a line on the screen.

16:36 You know, there's just like so many steps, it seems like, well, Altair seems to avoid that.

16:41 So basically it assumes that you're working with some sort of pandas data frame, right?

16:45 So it takes panda stuff and visualizes it really well.

16:49 So for example, if I had a panda data frame called cars, I could say chart of cars, mark points and just, you know, X encode X equals horsepower, Y equals miles per gallon, and it colors it based on the origin.

17:02 Boom, you get a nice graph, like really declarative.

17:05 You just state what like your axes are and stuff and it does it.

17:08 So that's really, really nice, right?

17:10 You said you were actually using it a little bit.

17:11 - Yeah, I'm actually, we had a project for visualizing our test result data.

17:16 And since I knew about this, and I get to make like calls like that, I said, "Hey, let's try Altair." And one of the benefits of it is this data frame model.

17:27 So the people working with it have had to learn data frames.

17:31 And the result is they're like, "Hey, wait, actually working with data frames "makes this easier because we can do a lot manipulations within the data frame model. Yeah that's pretty cool they're like wait data frames are kind of awesome we should use them. Yeah definitely. Yeah that's really cool. So that's Altair which maybe we should spend more time talking about it but the other item I want to talk about is Altair recipes from Antonio Piccolboni who actually is the creator of Altair recipes. So the idea is you can create some of these charts but not not all the kinds of charts that you might want to create are easily one-lineable in Altair.

18:10 So what he's done is he's created a bunch of helper libraries that will take the data in the similar way I described before, easily generate the other types of things that you might want, like a box plot, or histograms, or things like that.

18:27 So there's a whole bunch of different examples of different types of things.

18:30 you know, auto-correlation, box plots, heat maps, histograms, all kinds of stuff that's down to just one line again using his code.

18:41 So pretty cool.

18:43 - Yeah, very nice.

18:44 - Yeah, so basically it's like a wrapper around more additional types of graphs.

18:49 And I'm linking to a whole bunch of different examples in here, so in the little section on Altair Recipes, just click on the examples and you can go see all the different graphs and whether or not they're helpful.

19:00 Ooh, a layered histogram.

19:01 A layered histogram.

19:02 Isn't that cool?

19:03 That's really cool.

19:04 Yeah, and Antonio says, it's a fully documented, highly consistent API, 90% plus test coverage with a maintainability grade of A. So very nice stuff.

19:14 Do you know how he computes the maintainability grade?

19:16 Did you see that?

19:17 No, I don't.

19:17 I don't either, but I'm really fascinated to figure out what the maintainability grade of my other stuff is.

19:22 Maintainability grade.

19:23 Yeah, we should look into that.

19:24 Yeah, we should definitely look into that.

19:25 Antonio, send us a note about how you computed that.

19:28 That's cool.

19:28 But if you're looking for visualization, and especially if you're using Altair, check out Altair Recipes.

19:34 It's on GitHub, and it looks pretty cool.

19:35 - Very cool.

19:36 - What do you got next for us?

19:37 More testing, more coverage?

19:39 - Yeah, I've been thinking about testing, and I kind of do that a lot.

19:43 A couple of fun pytest plugins that were sent to me, and I apologize for not remembering who sent these to me, but keep them coming.

19:51 I love trying out new things.

19:53 The first one I want to show is, talk about is called pytest-picked, P-I-C-K-E-D.

20:00 And the name confused me at first, but after you start using it, it sort of makes sense.

20:06 Here's the idea, is you've got a bunch of, you're using GitHub or not necessarily GitHub, any Git repo. - Some Git repo, yeah.

20:14 - Yeah, and you're working with a test or something, and you really, you know you're gonna wanna try to run the tests that you have modified.

20:23 So Git knows this, with Git status, you can tell which files are modified.

20:27 So this plugin utilizes git status and allows you to run all of the modified test files in one test suite without having to like specify them or keyword them or anything.

20:38 - That's pretty cool.

20:39 So if I have like a thousand test files, that may be a little excessive, but let's just roll with it.

20:44 And I edit three of them since the last time I committed to git, I can go run this and it'll say, well, these are the three changed test files, therefore we're going to run just the test in those three files and pytest.

20:56 Yeah, and you can run just those three or you can run those three first and then the rest of the suite.

21:02 Ok, that's pretty sweet. You know what I would like, which is a probably a much harder problem to solve but would be awesome, is if you could combine code coverage along with this and and sort of reverse it. Say like, well these are all the source files and the test files that change but the source files that change what tests touch some line of code in the source file?

21:26 So what do I need to run to get coverage on the changes that direction?

21:30 That would be awesome.

21:31 I think there is something like that, but it was, last time I tried it, it was a little clunky to use, but I'll look it up again.

21:37 Yeah, okay, cool.

21:38 But this is really nice.

21:39 I mean, certainly if the mode that you're in is, I'm changing a bunch of the tests, and I want to just run those, this is awesome.

21:45 Yeah, well, and the mode for a lot of people developing tests or maintaining software really all together is either writing new tests.

21:55 When you're in that mode, you're definitely going to be having modified test files.

21:59 Or you're debugging something and you're like throwing some logging in or something like that in a test.

22:05 Yeah, I definitely see a good use for this.

22:07 And you have a twofer, so that's just the one.

22:09 Yeah, so the other one is a kind of a new project, but I thought it was fun.

22:13 It's called pytest Clarity, pytest-Clarity.

22:18 It's just another colorizer, so it makes the diffs.

22:21 So if you have a assert equals comparison that fails, the left and right comparison, sometimes it's a little hard to read.

22:30 And this one is a colorizer that puts the changes from the left and right right on top of each other and colorizes them differently.

22:39 So that's nice and helpful.

22:41 - Yeah, that's cool.

22:42 Definitely colors.

22:43 Color's awesome, right?

22:44 It shows you what's different, what's the same.

22:46 It's beautiful, you know, right away.

22:47 Yeah, the one thing, I mean, in conversation with the person writing this, that it defaultly turns on verbose.

22:55 And for small projects, having verbose on, which means that every test file is going to get listed, actually every test is going to get listed in the output, that's fine for small projects, but when you get into hundreds and thousands of tests, that can be unwieldy.

23:09 Yeah, I can imagine.

23:11 But you can turn that off with a -qq and the clarity still works.

23:16 So cool.

23:17 Okay.

23:18 Yeah.

23:19 Yeah.

23:20 Those are definitely nice testing additions.

23:21 Quite cool.

23:22 So the last one I want to close out with is a little bit of web security.

23:26 And we've talked about web security before on the show on various things like the Django Hunter and stuff like that, for example.

23:33 But this one has to do with headers.

23:35 Now did you know that when you have a web app, it obviously exchanges headers and cookies and stuff with the clients.

23:44 But there's a whole bunch of things that you should send across probably for to make your website more secure.

23:51 Yeah, there's like a handful of them.

23:53 And the OWASP organization has a place that talks about these are the headers you should send, for example, about caching certain pages, or if you're setting a cookie that the cookie should only be exchanged over a secure connection.

24:07 So imagine you've got like a site, maybe it's a bank, you can log into it.

24:12 If you go to https bank.com or whatever the bank website is, right, it's going to set maybe a login cookie.

24:20 But if you open up a browser and you type bank.com and just hit enter, you know, maybe that goes over HTTP and then HTTPS.

24:27 But you know, if you don't set the right headers or flags, it could pass that login cookie over HTTP the first time before it goes over to HTTPS, things like that.

24:36 So you can say only exchange these cookies over secure connections and things like little little details like this, but there's a bunch of them and they're hard to remember.

24:45 One of the guys that was actually listening to talk Python on Flask, where David Lord talked about this thing called Flask Tailsman, which is a plugin for Flask that will automatically do that kind of stuff.

24:57 It'll just take the response, set those cookies, and not the cookies, the headers that need to be set and things like that.

25:03 So it's really nice that Flask has this option.

25:07 He's like, well, but why don't the others?

25:09 security guy, a pen tester, he's like, there should be something like this for all of the frameworks.

25:15 So what he did was he created this thing, which I'll tell you the package name, and I can't believe that he got it on PyPI.

25:21 The package name is secure.

25:22 Yeah.

25:23 You'd think that would be taken by now.

25:26 But the idea is that secure headers and cookies for the Python web frameworks is pretty cool.

25:32 It supports AIO HTTP, Bottle, CherryPi, Django, Flask, Falcon, Hug, Basinite, Pyramid, Court, Responder, Sanic, Starlet, and Tornado.

25:41 And if one of those is not on your list, you can actually just sort of feed it the response anyway.

25:45 Isn't that cool?

25:46 - That's actually very cool, wow.

25:48 - So it has built-in integration to those things like Pyramid Twins or other types of stuff.

25:53 You can like plug it in so it automatically happens.

25:56 But if you don't have it automatically doing it, you can just call the various bits as well.

26:01 So it sends things like strict transport security, same origin iframes, cross-site protection, all that kind of stuff.

26:08 just does that automatically.

26:10 And you can also create secure cookies.

26:12 So you just go to the secure cookie thing and say, I'd like the secure cookie to have this name and this value and it'll set that it's over HTTPS only, that it's over HTTP rather than JavaScript only, things like this, same site origin, same site stuff.

26:28 So all these little details about getting security right are wrapped up and then packaged in a way you can use it cross framework.

26:34 - Gosh, check that out.

26:35 - Yeah, it's pretty sweet.

26:36 - Did you mention Pyramid tweens?

26:39 Is that a 12 year old using Pyramid or?

26:41 - Well, it's 11 to like early 13 year old.

26:44 No, it's like a layer that you can put in between request response.

26:49 And it's like a thing that gets called before and after responses, I believe.

26:53 - Okay, apparently not there in your Pyramid class.

26:55 - Yeah, I guess not.

26:56 And I don't think I really talked about it there, but you can basically plug it in and say, anytime you send a response, call this function.

27:04 And so you can just in that function say, upgrade the response to have the secure headers in the response without doing it all over the place, right?

27:11 You just plug in this one little bit.

27:12 - Okay, cool.

27:13 - Yeah, it's pretty cool.

27:14 So if you're doing a web map and you care about security, you know, this is definitely worth checking out.

27:20 All right, well, that's it for all of our items that we're officially covering.

27:23 I have some extras, how about you?

27:24 - I don't actually, other than I've been podcasting away and I got like seven episodes of Testing Code in December.

27:33 So--

27:34 - That's awesome, I've been listening to a lot of them.

27:35 You've got some good stuff going on lately.

27:37 - And I'm gonna keep it up.

27:38 I'm not gonna do seven in January, but there should be four.

27:40 - Yeah, awesome.

27:41 I'm really glad to see that coming along.

27:43 So I have, it's good you don't have many 'cause I have a bunch, so I'll go through them kinda quick.

27:47 But there was this pretty big bug that came out about SQLite.

27:51 SQLite is an embedded database that runs in process that happens to be shipped and included in Python.

27:57 So that got my attention.

27:59 But it's also included in the browsers for like Web SQL stuff that JavaScript can use and it can be embedded in like ElectronJS apps for the same reason, stuff like that, right?

28:09 So it's really a lot of places.

28:11 Now the problem is, it turns out that there is a bug in SQLite that with simple SQL select commands, you can do very bad things to anything that runs the SQLite that is vulnerable.

28:25 And this was just really recently.

28:28 All right, so it seemed like this could have been a really big problem in Python, since Python has SQLite, SQLite has this problem.

28:36 And it would have had to been the case that there was some SQL injection, right?

28:41 Like you took user input and you fed it to SQLite directly.

28:45 So that's already, there'd have to be kind of a problem in your code for this to happen.

28:48 But it turns out, I threw this out on Twitter, and some folks came out there and really like, you know, a lot of people shared it, a lot of people talked about it.

28:58 And somebody said, you know, actually, That's an interesting thought, M. Boris on Twitter is like, you kind of got me curious that maybe this is a problem for Python, let me check.

29:09 So he took the proof of concept exploits and ran it against SQLite and Python, and it looks like it's not a problem.

29:16 That's pretty good, right?

29:17 So if you hear that there's this big problem with SQLite, seems like it's not a problem with Python, but that's not for sure, but it seems that way.

29:24 - And also don't take user input and throw it into a query.

29:28 - Yeah, exactly, it's already, like in order for this to be a problem for your Python app, you already have to have a problem.

29:34 This just makes it worse.

29:35 So if this was gonna be a problem before, you should probably deal with that regardless.

29:41 All right, so next one, this is a follow-up on our AI in healthcare.

29:44 We talked about AI and the AI analyzing cancerous mammograms and helping doctors get much better at that.

29:53 And we were speculating, maybe I was speculating that maybe there won't be a need for doctors.

29:57 we'll just upload it to the cloud doctor and we get an answer, right?

30:01 Things like that.

30:02 - Hey Google, do I have cancer?

30:03 - Exactly.

30:04 Send us three pictures, I'll tell you.

30:07 Well, this guy named Bradley sent us feedback.

30:10 Says, "Hey, I really found this interesting.

30:11 "I'm a data scientist at the National Oncology Program "and I work directly with clinicians "and it's my strong opinion that AI cannot take the job "from the medical folks, the MDs.

30:23 "However, it will make it way more efficient for all the low-hanging fruit.

30:27 Says, you know, look, healthcare is both science and an art, and the AI is going to have a really hard time on the art side of things, also probably the human interaction side of things.

30:37 So really doesn't think that there's a big danger of that.

30:40 Well, I guess time will tell, but he's definitely got a lot more to go on than I do.

30:46 He works as a data scientist with these folks.

30:48 So that's cool.

30:49 Got some inside feedback.

30:50 Yeah, that's pretty much what we were speculating anyway.

30:53 I mean, it's not something you can break down into an algorithm.

30:55 Yeah, for sure.

30:57 Next item really quick, Python 3.7.2 is out.

31:00 So be sure to get the latest Python 3.7 if you're trying to run that.

31:05 And if you're running homebrew, you can just do brew update and brew upgrade, and you'll have Python 3.7.2, which is pretty awesome.

31:12 Neat.

31:12 Yeah.

31:13 So I'm already running that on my local machine, but not yet in production.

31:17 It's not on the right Linux version yet.

31:20 And then finally, I launched a new course, Brian.

31:22 Well, I released it.

31:23 Yeah, I'm excited about this.

31:24 - Yeah, so this is one written by Matt McKay of Full Stack Python, and it's Introduction to Ansible.

31:31 So that one's been coming along for a long time, and he finally got it out.

31:34 It's really good, and I'm learning a lot about all sorts of things, also including Ansible.

31:39 So if you're interested in Ansible, check it out over at training.docpython.fm, or just click the link.

31:45 - Nice.

31:45 - Did you come with a joke this time?

31:47 - I did not.

31:48 - Do you have a joke for us?

31:49 Well, luckily I found a joke.

31:51 And by found a joke, I mean, Yochim sent us a joke, one of our listeners, and I'll tell it to you.

31:58 OK.

31:58 OK, so-- hold on, I've got to zoom in.

32:01 Fonts are small, eyes are old.

32:03 So an engineer, a physicist, and a programmer were discussing what was the oldest profession of the three.

32:10 Engineers, look, all the matter engineered into amazing constructs like stars, galaxies, planets.

32:17 So obviously, engineering.

32:19 The physicist says, before there were planets, The matter had to be made from chaos.

32:24 Physics is responsible for all the quarks, gluons, photons, and electrons.

32:29 Not to be outdone, the programmer says, aha, but where do you think the chaos came from?

32:33 - Yeah, that's good.

32:34 - Yeah, pretty good.

32:35 So, definitely, I'm sure we've all caused a little bit of chaos out in the world with our apps.

32:41 That's a good one.

32:43 - Not to like, we should be done now.

32:45 But I just remembered another thing.

32:47 Speaking of chaos, is like, in 2019, more and more browsers were saying, "Let's just try to have all websites be secure." So I got hit by this, and pythontesting.net is not, doesn't have SSL on it, but it's just warning everybody, by the way, like Brian might steal your information.

33:08 I'm not gonna do anything with your information.

33:09 - Let me see, I pull up, oh my goodness, I gotta get out of here, man, this is not secure on it.

33:15 - Yeah, what up?

33:17 So I could just buy an SSL certificate or whatever, do the free one and jump through that hoop.

33:23 But I felt like it'd be a good time to change it anyway.

33:26 So I'm gonna start the process of turning this into a static site generated site.

33:32 >> You are, okay, awesome.

33:33 Well, that sounds really fun.

33:34 And that'll be, I know some good sites that definitely run that way.

33:38 So that'll be good.

33:39 >> Yeah, okay, that's all I got.

33:41 >> Well, even though it says not secure, I'm still gonna go there, it's okay.

33:45 >> [LAUGH] Okay.

33:47 >> All right, well, great to chat with you as always, Brian.

33:49 >> Yeah, you too.

33:50 Thanks.

33:51 Bye.

33:52 Thank you for listening to Python Bytes.

33:53 Follow the show on Twitter via @PythonBytes.

33:55 That's Python Bytes as in B-Y-T-E-S.

33:58 And get the full show notes at PythonBytes.fm.

34:02 If you have a news item you want featured, just visit PythonBytes.fm and send it our way.

34:06 We're always on the lookout for sharing something cool.

34:09 On behalf of myself and Brian Okken, this is Michael Kennedy.

34:12 Thank you for listening and sharing this podcast with your friends and colleagues.

Back to show page