Transcript #183: Need a beautiful database editor? Look to the Bees!
Return to episode page view on github00:00 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to
00:03 your earbuds. This is episode 183, recorded May 19th, 2020. I'm Michael Kennedy.
00:10 And I'm Brian Okken.
00:11 And Brian, we have a special guest, Calvin Hendricks-Parker. Welcome, Calvin.
00:15 Hey, guys. How are you doing?
00:16 Doing super well. Great to have you here.
00:19 Yeah.
00:19 Awesome. Well, I'm excited to be on. This is my first time being on one of your podcasts,
00:24 so I'm all giddy with the excitement.
00:26 I'm very giddy as well. It's great to have you here.
00:28 It's always nice to have a third person with a fresh perspective because Brian and I,
00:32 we've given our perspective 183 times and people are probably able to guess
00:36 for the most part what we're going to say, but not the jokes. The jokes are always original.
00:41 Okay. Now, before we move on, I do want to say this episode is brought to you by DigitalOcean.
00:44 Check them out at pythonbytes.fm/DigitalOcean. Get $100 credit for new users.
00:48 Tell you more about that later. Brian, why don't you kick us off with something
00:51 completely from 2001, like blogging?
00:54 Like blogging. Yeah. So one of the things that we thought maybe there weren't enough ways to blog right now, there's actually tons of ways to blog.
01:02 But this is kind of a neat thing. This is called Fast Pages and it comes from fast.ai.
01:09 And it's a blogging platform that they say it's an easy to use blogging platform with enhanced support for Jupyter Notebooks.
01:16 It's kind of put together. It's a, you know, where you write in Jupyter Notebooks and then you can also write markdown files.
01:24 And for some reason, you can also write like Word doc files. But why would you do that?
01:28 Blogging Word, baby.
01:29 Weird. It has support for it anyway. And you can, for your pages and posts and whatever, and push it up to GitHub.
01:39 It uses GitHub app actions to publish everything. It uses, I think it uses Jekyll on the backend to publish to GitHub pages.
01:47 But it's all set up so that it's really fast to start. You can do things like Altair interactive visualizations.
01:54 And you can have code that you can, code cells that you can hide and show or close by default if you want to.
02:00 You can even do metadata like the title and summary. They go in special markdown cells.
02:06 But you can even embed Twitter cards and YouTube videos and tag support and all that jazz.
02:10 It actually looks pretty slick, to tell you the truth. If you want to publish something like a blog, but you're going to use Jupyter Notebooks on a daily basis anyway, this might be a good thing to check out.
02:20 Yeah. Jupyter is nice, but it's not quite all the way there, right? It's still like the code is still shown on all the cells and they're not like collapsed like this.
02:29 This is a really nice presentation format, I think. And the fact that you're not really running on your own platform, right?
02:36 Like there's so many things where like, oh, I'm going to write my own blog and then now I have to run servers and patches.
02:41 And like, wait a minute, why am I patching servers? Like, what have I gotten myself into?
02:44 Whereas this just runs on GitHub pages. That's pretty cool. I like the Altair interactive visualizations, right?
02:51 Because it's one thing to take a screenshot or a static image and put it up there.
02:55 But if you've got live code and live interactions, that's pretty awesome, actually.
02:59 So yeah, this kind of appeals to me. I'm not switching because I just, I don't have the energy for one more thing that I'm putting a lot of focus on, like a blog.
03:06 I do blog, but not that much. But nonetheless, this looks really cool if you're, especially if you're in the Jupyter world.
03:12 But now you've got to maintain your code on your blog page to make sure it always runs?
03:16 That's right. That's right.
03:18 Oh, you write tests for it. It'll be fine.
03:20 Yeah, there we go. Okay. Yeah.
03:21 Exactly.
03:22 Yeah, no, I looked at this and I think this is a nice fresh take on like interactive code demonstrations in your blog.
03:29 And to me, it's way better than just static code there with static pictures.
03:33 Yeah. And I definitely, like I said, I think it's the best for people that are spending their day in Jupyter notebooks anyway.
03:39 Yeah.
03:40 And then it's going to be a natural place for them to be to write a blog with it.
03:44 Yeah, absolutely.
03:44 Yeah. Now, this next one that I want to cover, I'd not heard of.
03:48 And I discovered it from Mahmoud Hashemi, who didn't realize that he had shared it with me, but he had like favorited it on GitHub.
03:56 I'm like, whoa, wait, that looks cool.
03:57 What, you know, just that little activity stream of people you follow on GitHub or whatever's happening.
04:02 One of the things that I find lacking a lot of times is how you work with databases as sort of an admin side of things, right?
04:12 Like if you're using Django, there's some kind of admin back in, you can sort of point at it.
04:16 But if you're using like, you know, just SQLite and you don't have some web app to work with it, like, how do you work with it?
04:23 I know there's a command line for working with it.
04:24 You're right. DDL, data definition or description language, whatever that is.
04:28 I don't want to do that.
04:29 That doesn't sound fun at all to me.
04:31 So what I want is a nice visual thing that is like a history of my most common searches, things like that.
04:36 So there's this thing called Beekeeper Studio.
04:39 Have you guys heard of this?
04:40 I've not. No.
04:41 No, I hadn't either.
04:42 But if you go to their website, it is super polished.
04:44 It certainly passes the Michael and Brian test of many screenshots and little animations because, hey, it's a UI thing.
04:51 And what it is, is it's a really polished, free and open source SQL editor and database manager.
04:58 It checks so many boxes.
05:00 It talks to MySQL, Postgres, SQLite, Microsoft SQL server.
05:05 It runs on all the things, Windows, Linux, macOS.
05:08 It has a bunch of cool features.
05:14 You know, you know, you're going to have your database server over SSH tunnels, which is really nice because you typically don't want to have your database out in, you know, DigitalOcean or wherever.
05:22 Listen on the Internet.
05:24 That's just asking to be in the headlines of, you know, company X has lost all their data and is now, you know, you now get everyone gets free credit monitoring for a year.
05:35 Thanks.
05:36 Right.
05:36 You don't want that.
05:37 So you can have like the database lockdown, but still SSH over to the server and then just tunnel.
05:42 But this has like built in stuff for that cool tab interface.
05:45 It has autocomplete for your SQL queries, which is really nice.
05:48 So like your table schema.
05:50 So, you know, you could pull up table name dot and it'll drop down all the columns in like your where clauses or your select clause, which I think is super nice.
05:59 It has kind of an Excel view where you can just pull up the data in the table and like filter it and sort it by clicking on the columns.
06:07 So you don't have to be super good at knowing that by default as a dark theme.
06:11 That's pretty cool.
06:12 Yeah.
06:12 So, you know, it's for series programmers.
06:14 Yeah, it's legit, baby.
06:16 It is totally legit because it's default.
06:18 You have a dark theme for sure.
06:19 That's right.
06:20 That's right.
06:20 So there's just a bunch of cool things like you can save your most common queries.
06:24 There's like a favorites queries section on the left that you can just pull up your common queries and like rerun them.
06:29 If you got to do a report or something, you always have to ask about like you can run that, which I don't know.
06:34 This seems like a really nice tool.
06:36 And I'm telling you, it is worth every penny you pay for it.
06:38 Is it free?
06:40 It's free.
06:41 Yeah, it's free and open source.
06:41 I installed it and I connected it to some little SQLite toy things projects from my courses that I was working on and it came out great.
06:49 So how do we keep them in business?
06:50 Sounds like we need to keep them in business somehow.
06:52 I know we don't want this to go away.
06:54 But yeah, it's nice.
06:55 Over on GitHub, they've got quite a few stars, 1.4 thousand.
06:59 So it's pretty new.
07:01 I'm not sure how long they've been around, but I'm excited to see them here.
07:04 It's great.
07:04 Yeah, nice.
07:05 Well done, people.
07:05 All right, Calvin, what do you got for your first item here?
07:08 So my first item on the docket is the second annual Python web conference, which I'm actually one of the co-organizers of this web conference.
07:16 So I'm excited to come on here and tell you all about this amazing event that's coming up.
07:21 We did this last year and we thought it was a pretty good success.
07:25 And so we wanted to actually continue that tradition.
07:27 And it seemed to fall perfectly within all these conferences converting to virtual conferences.
07:31 We are a virtual first conference.
07:34 This was not a planned change to virtual.
07:37 We're really doing this for real as a virtual conference.
07:39 Just to be clear, you guys did this last year when it was not required to be virtual.
07:43 Right.
07:43 When it was not hip and cool to be a virtual remote conference.
07:47 We're at least a year ahead of your time.
07:50 We are.
07:50 I'd like to think I'm a trailblazer when it comes to some of these things, but I'm only taking credit for the amazing work done by the people who are certainly behind me doing all the real work.
07:58 But we're basically putting on what we're calling the most in-depth Python conference for web developers.
08:04 I don't know if you all have been to Python.
08:06 There seems to be a lack of web and production level talks going on there these days.
08:11 Well, it kind of goes back a long ways.
08:13 So we felt like this was a gap in the Python ecosystem for folks to come and talk about production use of Python on the web.
08:21 So we're going to have talks on Django, Flask, Twisted, lots of testing talks.
08:26 So maybe I'll draw certain folks from this audience in who like testing.
08:29 SQLAlchemy, containers, deployment, like tons of stuff like that.
08:33 So it's going to be a bunch of cool web talks and just kind of three tracks.
08:38 So it's actually going to be three days.
08:40 It is June 17th to the 19th.
08:43 So make sure you mark that on your calendar right now.
08:45 I would love if you went and bought a ticket right now, but go ahead and mark that on your calendar.
08:48 Save the date.
08:48 There'll be a full day of tutorials.
08:50 So there'll be six tutorials, three in the morning, three in the afternoon, two days of talks with three tracks.
08:55 We've got some awesome keynote speakers.
08:57 So Lorena Mesa from the Python's Offer Foundation is going to be one of our keynotes.
09:01 We've got Hennick, Russell Keith McGee, who gave a keynote at PyCon two years ago.
09:06 That was in 18.
09:07 Yeah, I think so.
09:08 It depends if you count this one.
09:09 Yeah.
09:10 Right.
09:10 So he'll be coming back and hopefully giving some more insights into, I'd love to see what
09:17 he thinks kind of post Black Swan era.
09:19 If you remember his talk from PyCon.
09:21 That was a super good talk.
09:22 Yeah, it was a super good talk.
09:24 And that's why I've been really, really excited.
09:25 He decided to kind of join my merry band and go on an adventure with all of us.
09:29 We'll have some fireside chats.
09:31 So during lunch, there's going to be, I don't know if you all are familiar with Carl Meyer,
09:33 but he works for Instagram.
09:35 He's in their infrastructure team.
09:37 And so he's really available to talking about best practices.
09:40 So we'll ask all kinds of deep questions.
09:42 And actually, I've just enjoyed talking to him to no end about how things actually work in
09:46 the real world for some of these kinds of things.
09:48 You know, not everyone's doing microservices to the hilt.
09:51 Like there are people who are running real things that are just Django monoliths and they still
09:55 work and they're kind of tried and true.
09:57 So there'll be a 40 presentation, 40 plus presentations, six tutorials.
10:00 Fun will be had by all.
10:02 Hopefully connections will be made.
10:03 We really work hard at making sure that these kinds of virtual events are maybe overly stimulating
10:09 so that you've got lots to do and kind of lots to interact with.
10:13 There will be, you know, kind of virtual cocktail hours afterwards, online gaming.
10:16 So we had a Mario Kart tournament at our last virtual conference.
10:19 And we're going to bring back our board game night.
10:22 And so actually, as part of the conference registration, you'll be sent a pre-swag pack
10:27 that'll include something for the board game night.
10:30 So if you actually want to play one of the games, we're going to give every player, every
10:32 person who attends what they need.
10:34 And actually, you don't need to have that to play, but we're going to have some specially
10:37 themed ones made specifically for Python web conference.
10:40 You point like your webcam at it and everyone sets it up in the initial state and like keep
10:44 syncing it.
10:45 Well, okay, so I'll kind of get a little bit of the cat out of the bag, but we're going
10:48 to play Skull.
10:48 Have you ever played Skull?
10:49 It's a bluffing game.
10:50 It's a lot of fun.
10:51 So basically, everyone has four coasters.
10:53 I mean, it looks like the coasters, you know, look kind of like, you know, just a round circular
10:56 cardboard coaster.
10:56 Three of them have flowers typically, and one has a skull on it.
11:00 So it's a bluffing game to see how many flowers you can acquire before you rented somebody's
11:04 skull or your own skull.
11:05 So we're going to do a Python themed version of that with a web slant.
11:08 So it should be pretty, pretty cool.
11:10 I'm looking forward to that.
11:11 That sounds fun.
11:12 Yep.
11:12 So the tickets are $199 and $99 for students.
11:15 Now, as a bonus, there is a perfect for every professional ticket purchased.
11:19 We're going to donate a ticket to an attendee in a developing country.
11:23 So we want to be able to get people who couldn't normally even make it to a physical conference
11:27 at this event.
11:28 You know, if you're in the middle of Africa or some far off place, and you couldn't normally
11:32 get to a conference like this, we want to make sure you can attend and actually connect
11:36 with the Python web community.
11:37 So I'm pretty excited about that.
11:38 And then I do have a discount code for the Python Bytes listeners.
11:41 There will be a 20% discount code if you just use the code PB20.
11:46 And you guys will get a 20% off discount.
11:49 Nice.
11:49 Yeah, that sounds like a fun conference.
11:50 I really like that you're taking the digitally native approach in the conference, because I
11:56 feel like there's a lot of attempts at this right now.
11:59 And we'll see what sticks.
12:02 But everyone's trying to reinvent conferences.
12:03 And this feels like a pretty good attempt at it.
12:06 I've attended a couple recently where they kind of took conference skeuomorphism to an extreme.
12:10 Like you kind of VR style walked into an expo hall and kind of clicked to go through a hall.
12:16 And you're sitting in front of a screen with like Mystery Science Theater 3000 style, like,
12:20 you know, characters sitting in front of you.
12:22 Yeah, yeah.
12:22 The silhouettes of people in front of you.
12:25 That's not the way to go.
12:26 Then that's not what this is.
12:28 Yeah, I saw I saw something where they're like, oh, we'll make it totally real.
12:31 You've got to go check in with a real person before they'll let you into the virtual conference
12:35 and stuff like that.
12:36 Yeah, no, no, no, no.
12:37 It's interesting.
12:38 Yeah.
12:38 Yeah.
12:39 So Microsoft Build is running right now.
12:41 And they're, you know, trying to figure out what they're doing there.
12:43 It didn't look super good to me this morning, the way the experience was going.
12:47 But, you know, they're doing it for a week.
12:49 So we'll or three or four days.
12:51 So I don't know, maybe that'll be an example as well.
12:53 AWS just did their summit.
12:54 I didn't hear very good things about that as well.
12:57 Well, it's a big challenge.
12:59 And there's a possibility that I might be speaking to this conference.
13:02 Oh, that's right.
13:03 How could I forget?
13:04 We do have if you go look at the speakers page, I'm super excited.
13:08 I mean, it is a who's who of Python web community.
13:11 It just kind of speaks to the volumes of like the confidence these people have that we can
13:14 pull this off, that they're here to speak for this conference.
13:17 Yeah, very cool.
13:18 All right.
13:18 Well, I definitely think it's going to be a fun event.
13:21 People can check it out.
13:21 Obviously, links in the show notes and the discount code.
13:24 Now, speaking of web and running stuff in the cloud.
13:27 DigitalOcean sponsoring the show.
13:29 Very cool place.
13:30 They just launched their virtual private cloud and their new trust platform, which makes it
13:35 easier to run secure code in the cloud with some confidence.
13:39 So VPC, it's kind of like a virtual private network, but it allows you to create multiple
13:45 private networks for your whole team.
13:47 And then you can stick your VMs where they need to go to make them to talk to different
13:51 things.
13:51 So I recently set up a whole bunch of complex firewall rules for all of our various servers
13:57 that need to talk to each other.
13:58 And it would be really nice to just click them in here.
14:00 But I set those up before this existed.
14:03 Hence, I did it that way.
14:04 So this is really a nice feature.
14:06 It can auto generate your private network IP addresses.
14:09 So you can control them or you can specify how you want them generated.
14:13 And you can even configure some of the droplets to behave as internet gateways to kind of act
14:18 as a outbound area or place for those various private clouds.
14:22 So that's cool.
14:22 And then their trust platform is like a microsite with all sorts of information about security
14:27 and running stuff in the cloud.
14:29 So check them out at pythonbytes.fm/digitalocean, $100 credit for new users.
14:34 And so go out there and build something awesome and make it a little more secure.
14:37 Wonderful.
14:37 Yeah.
14:38 You mean, I mean, secure, like real honest data, no fake data, no fake news, none of that.
14:44 No fake news.
14:45 If only there was a fake news generator.
14:46 There probably is.
14:48 So if anybody knows a fake news generator, let us know.
14:51 Be fun.
14:52 As far as fake goes, we were talking about, I have no idea how to pronounce this.
14:56 Anybody want to try?
14:58 It's M-I-M-E-S-I-S.
15:00 Mimesis.
15:00 Mimesis.
15:01 I've actually used this tool in the past.
15:03 And this is a party game I love to play.
15:05 You describe an open source project and you see how everyone will pronounce it.
15:09 Okay.
15:09 Anyway, maybe Mimesis?
15:12 Mimesis?
15:12 Anyway, I don't know.
15:13 But it's a fake data generator.
15:15 And I was reading it thinking, don't we already have fake generators?
15:18 There are a handful of other fake data generators around.
15:22 But this one looks pretty cool.
15:24 It helps generate fake data in a variety of purposes and variety of languages.
15:29 It's actually got over 33 locales.
15:32 So you can get like, you know, Russian names and Spanish names and all sorts of stuff like that.
15:38 But the localization also goes to things like you can, if you have addresses and food descriptions and people names and things like that can be localized.
15:48 And that's pretty neat.
15:49 Different phone numbers as well.
15:50 So there's a whole bunch of different locales you can do.
15:53 Supposedly, it's super fast.
15:55 They posted their benchmark of 10,000 full names of Faker versus Mimesis.
16:02 Mimesis?
16:03 And then they were like 60 times faster, which is pretty cool.
16:06 The thing I was really impressed with, it was one of the features is a data generation by schema.
16:12 So you describe kind of the shape of some data and the different types of things.
16:19 Like maybe, and we're putting in the show notes a description of a structure that has a name and an ID and a version, timestamp and owner information like email and creator name, full name, things like that.
16:32 And then you can just generate from that schema, you can create a bunch of those.
16:36 And that's pretty darn neat, I think.
16:39 I think I could use this really readily.
16:41 Yeah, we were talking about building web apps and stuff.
16:43 And one of the things that makes it really hard is you've got all this HTML and these loops in your templates and all that kind of stuff and CSS that's going to describe.
16:53 If I had data here, this is how it would look.
16:56 And often you end up with no data or like just a few letters here or there.
17:01 So having like legitimate looking data is really nice helping you design your apps.
17:06 Or if you're trying to anonymize something for some kind of data science thing, you just want to like, I want to randomly put in something here, but I want it to seem normal, but not be actually tied to the person.
17:18 This looks really cool.
17:19 Yeah, especially useful like in Django projects when you want to have a fixture to load up some personally identifying information ahead of time for the developers.
17:26 You don't want to have them grab the production data and have that liability sitting on their local disk.
17:31 Yeah, yeah, exactly.
17:32 There's interesting different classes that generate things.
17:36 So there's obviously like a person.
17:38 There's always called person, human, something like that.
17:41 Let's see.
17:41 Yeah, person.
17:43 So it has things like you might expect, like an age and an email and a name.
17:47 But it also has an avatar, which is a link to a graphic as an academic degree, like whether or not you have a bachelor's degree or master's degree.
17:56 It has like nationality, occupation, political view, all these interesting different things.
18:03 And they also take on different locales.
18:06 There's a science one.
18:08 So in the science one, you can have an atomic number, a chemical element, a DNA sequence, an RNA sequence.
18:13 There's just a bunch of funky different types of data you can generate here.
18:17 It looks pretty cool.
18:17 Yeah, I was looking through things like software development, things like operating system, random operating system, random programming language, software license, things like that.
18:29 That's pretty cool.
18:30 Right.
18:30 Like, what was it?
18:31 OS 32 or what was it called?
18:33 OS 2.
18:34 Yeah.
18:34 This is a cool find.
18:36 And I have another one that's kind of in that same space, also with a bit of a web slant called Schema Thesis.
18:44 Oh, this is cool.
18:47 So the idea is you've got an API and the API is documented with something like OpenAPI 3 or Swagger or something like that, which is a bunch of HTTP endpoints and then descriptions of the data is exchanged.
19:03 Right.
19:04 Here's the endpoint.
19:04 Here's the JSON document or God forbid, XML document.
19:10 I almost said there.
19:11 Right.
19:11 But here's the thing being exchanged.
19:13 Right.
19:14 And then you would hope that the actual service actually exchanged data that looked like it described it exchanged.
19:21 Right.
19:21 So this project basically tests for conformance with the API as you declare it in your own documentation.
19:30 That's pretty nice.
19:31 It supports those two formats that I said, Swagger and OpenAPI.
19:34 And it's built with Hypothesis, Hypothesis, JSON schema and, drum roll please, pytest.
19:41 Yay.
19:41 Yay.
19:41 So the idea is it reads your application schema and then using Hypothesis, it will generate test cases that ensure your application is compliant with its own schema.
19:50 That's pretty cool.
19:51 Yeah.
19:51 And it works in two ways.
19:52 You can write tests with pytest, obviously.
19:55 It's kind of meta.
19:56 But then write tests with pytest and write code to talk to these things.
20:01 It seems like maybe the predominant way actually to do it is through this command line interface where you can point it at a URL, at the schema definition, the documentation, and then the actual endpoints.
20:15 And it'll just go and do all that work, which is pretty cool.
20:18 Yeah, that's neat.
20:18 Yeah, you can also parallelize it.
20:20 You can pass the number of workers for concurrent test execution.
20:24 Also, if you're testing something that has an app, as in Flask or AIoHTP or something like that, instead of firing up a thing that goes through the network, that goes through the whole serialization layer and hits some running thing, it'll actually just load up your app and run it in process.
20:43 Right?
20:44 As if you were doing unit testing against your Flask or AIoHTP app.
20:48 So you can give it directly just the, basically the package or the module, and it'll just run it like without the web infrastructure in between.
20:55 Yeah, so that probably speeds things up quite a bit.
20:57 Yeah.
20:57 Yeah, at least you don't have to have a server running somewhere.
20:59 So it's probably also easier for CI, CD, because there's not a second thing to be running to then talk to.
21:05 You just run it straight out of thin air.
21:08 And then also, Calvin, you're talking about being keen on Docker.
21:11 This CLI also can run as a Docker image.
21:15 So there's like no setup other than just Docker run this.
21:18 Live in the dream.
21:19 Live in the dream, baby.
21:20 It's always going to work as long as you have Docker.
21:22 Anyway, that looks like a pretty cool thing.
21:25 And there's a little example in here.
21:28 It's not super clear to me, like how, how to put specific use cases into the code test.
21:34 So that's why I say I think the CLI is kind of the way to go.
21:36 Like there's ways to write code and it uses a primarization through hypothesis, but it's, it's a little bit generic, I guess, on what you would assert for.
21:46 Anyway, if you've got APIs and they're already documented with Swagger or OpenAPI, this seems like a cool thing to point at it just to make sure that it's hanging together.
21:54 Yeah, very nice.
21:55 I wanted to give this a try sometime.
21:57 Yeah.
21:57 More testing is always better.
21:59 Especially if it's one line.
22:00 Yeah.
22:01 I don't want to work to write that.
22:01 All right, Gavin, what's this last one here?
22:05 All right.
22:05 So the last one up here, there has been a lot of people combing public code repositories looking for secrets.
22:11 And a lot of the tools have been disregarding some common places secrets might be, be stuffed away.
22:18 So.
22:18 Right.
22:19 So they look at like JSON files.
22:20 They look at .py, .js, like it's embedded in code or maybe a .ini.
22:25 Yeah.
22:26 So they're not looking for maybe byte compiled code.
22:29 So actually there's a blog post here by Jesse Lee.
22:33 And I really enjoyed it because it's finding secrets by decompiling Python bytecode in public repositories.
22:38 I mean, it's really common for maybe people new to Python not to realize that those PYC files could contain possibly sensitive information.
22:47 So a lot of common patterns might be put your secrets into files like settings.py or config.py or secrets.py and then gitignore the PY file.
22:56 But you could be accidentally still inserting the PYC file, which is the byte compiled version of that file.
23:02 All right.
23:02 Like a dunderpy cache.
23:05 Yes.
23:05 So settings.py is probably something you could look for, huh?
23:09 Right.
23:09 So you should probably leverage whatever tools you're using to make sure you get a stock like Python gitignore file.
23:15 So if you're using like PyCharm and you have the gitignore module installed, like it'll tell you like, do you want to generate the stock gitignores for your type of project?
23:23 And it'll put a bunch of stuff like right in there for you.
23:25 You should do that for sure.
23:27 But if you don't, you might actually be vulnerable to having some of your PYC files contain API keys or using passwords because that information gets compiled into the bytecode.
23:37 What I liked about this post was they actually had a little crash course on deconstructing Python bytecode and like understanding what cached source means.
23:45 So it wasn't just like, hey, don't do this thing.
23:47 That's pretty uncool.
23:48 It really kind of gave you a quick little lesson in like what a PYC file is or what's in that PyCache directory.
23:54 You know, so this post also comes with another game you can play, which is kind of cool.
23:57 A small like capture the flag.
23:59 So there's a little lab in there for you to actually try it out and kind of play with it.
24:02 So if you're totally into like security stuff and want to like see how this stuff actually works under the covers, like the author like went just kind of above and beyond and gave you like a capture the flag game to actually go explore those PYC files and cache files that are up on GitHub or any other public repository, which is really cool.
24:18 I see.
24:18 That's cool.
24:19 So the idea is that here's some that have this problem.
24:22 Your job is to go uncover them or something like that.
24:25 Yeah, go on.
24:25 Yeah, exactly.
24:26 Here's a couple of sample repositories.
24:27 Go uncover this.
24:28 So the kind of the action items from this post specifically was like if you do have PYC files containing any secrets, you need to make sure you delete them and then go revoke and rotate those secrets.
24:38 The other thing was using a standard git ignore for checking not preventing that to happen altogether.
24:42 And ultimately, I think the best way to handle I've been preaching kind of a lot to folks who are around me recently about how to store secrets, you know, using tools like vault or one password, depending on what your situations are making it easy to get those secrets into say environment variables for me is the way to go.
24:57 Don't even have those secrets sitting on your file system in any form whatsoever.
25:01 So I typically have a little shell script that uses the command line tool for like one password or uses vault with a token to actually grab the secrets in real time, stuff them into an environment variable, either shove them into a container.
25:12 Or as I launch, I grab those out of my environment and don't even take the risk of putting that stuff on my file system.
25:17 Oh, that's a clever idea.
25:18 You know, because so often it's kind of a chicken and egg.
25:21 It's like, great.
25:21 So you don't store it in GitHub.
25:23 So now it's over in this other text file.
25:25 Right.
25:27 How much better is that, honestly?
25:29 I mean, I know it's better, but it's it's still like not that awesome.
25:33 Right.
25:33 So having it encrypted is nice.
25:35 Right.
25:35 One password and last pass and bitkeeper or key pass all have command line tools.
25:42 That you can script to get data out of them.
25:44 One password will give you back like JSON and with JQ, you can basically filter it out and grab the thing and put it into an environment variable on the fly without it ever touching your file system, which is really nice.
25:53 Okay.
25:53 That's interesting.
25:54 I didn't know about that.
25:55 I'm a big fan of one password, but I didn't know I did that.
25:58 Oh, so go check out, go grab the OP one password tool.
26:01 It's got full access.
26:03 You can just basically grab secrets.
26:04 Yeah, you can edit secrets.
26:06 I'm a huge fan of one password as well.
26:07 And last pass was nice as well.
26:09 We used to use last pass for a long time, but I store.
26:11 For example, like AWS secrets.
26:13 I'll put those up in one password in the notes field or I'll create separate special fields that have kind of key value pairs, which are environment variable name and environment variable value.
26:24 And then I just have a quick little one liner in my shell that converts those from one password JSON into export those to real variables in my shell.
26:32 So more than just the secret key, like the region and like what profile to use, which to assume to do, like anything that's a variable that I can put in my environment, I'll put into one password.
26:42 Okay.
26:42 Yeah, that's cool advice.
26:43 That is cool.
26:43 Yeah.
26:44 All right.
26:44 Well, that's it for our six items.
26:46 You guys got any extra stuff that you want to throw out there?
26:49 Ron, I see you got one here.
26:50 Yeah.
26:50 I just noticed that the PSF is looking for volunteers to help migrate issues from bugs.python.org to the GitHub issues.
26:59 So if you want to help out PSF and do something worthwhile, like this cool thing to volunteer for.
27:05 Yeah.
27:05 Yeah, that's cool.
27:06 That is cool.
27:06 How about you, Calvin?
27:07 In case you missed it, there is a Learn Python Humble Bundle that is going on right now that will benefit a couple charities, the Book Industry Charitable Foundation and the No Starch Press Foundation.
27:16 And so those are helping folks who basically need a safety net during times like this, like independent bookstore owners, comic book owners, things like that.
27:24 For $15, you get like nearly $400 worth of like amazing No Starch Press books.
27:30 At some point in time, I recommend probably almost every one of the books that is on that list to folks so they can get jumped in both feet.
27:36 How do I learn Python?
27:37 I've got three of them sitting on my desk right here because they're fun books.
27:41 You know, there's like stupid Python tricks and automate the boring stuff.
27:45 And there's really fun books in there.
27:46 So I'd recommend it to anybody who's spending time at home and doesn't know what to do with their time.
27:51 Go grab these books for $15 or pay what you want.
27:54 The money goes to a good cause and you get to learn awesome Python language.
27:58 Nice.
27:59 Yeah, that's cool.
28:00 The Mission Python book is intriguing to me.
28:03 That's definitely a cool one.
28:04 All right.
28:05 I got a few quick ones.
28:06 Python 3.9 beta 1 is out for testing.
28:10 So if you're into that, you know, go check it out.
28:13 You can run, just download and run it.
28:15 You know, play around with some of the new ideas in there.
28:18 Also, not beta, but for real, Python 3.8.3 is also available.
28:23 That's pretty cool.
28:24 And then I got a cool message this morning from Jeff Derbyshire.
28:29 And he sent over something that I thought was just kind of a cool little piece of information.
28:33 I'll link to the paper in the show notes.
28:36 So everyone's trying to help out this COVID stuff.
28:38 Some particle physicists put some free time, took some of their free time to design and build a low cost ventilator.
28:44 It's pretty cool, right?
28:46 Yeah.
28:46 And then they wrote a paper about it because they're particle physicists.
28:49 And if you look through it, it says things like the target computing platform is Raspberry Pi 4.
28:55 And it shows you know the tradeoff between computing power and power consumption and things like that, which is nice.
29:02 The target programming language is Python 3.
29:05 And the UI is PyQt 5.
29:08 And then the MVM GUI, the UI for it, is Python 3 software written with PyQt 5.
29:14 And pretty nice.
29:16 It allows you to like steer and monitor the equipment.
29:19 So anyway, here's a cool, effectively a Python ventilator created by a particle physicists that's like open source.
29:26 Yeah, well, that's awesome.
29:27 Yeah, it's pretty cool.
29:28 There's a huge number of names on this paper too.
29:30 Yeah, it's pretty awesome.
29:31 Anyway, I'll link to that.
29:32 People can check it out if they're interested.
29:35 You got to do something to keep these particle physicists off the streets.
29:37 That's right.
29:39 You don't want to just roam around any old collider.
29:41 All right.
29:42 So for the joke this week, I thought I'd grab like a couple more O'Reilly covers.
29:47 Not O'Reilly.
29:48 I know.
29:49 I mean, you already had the Humble Bundle book thing.
29:51 So we got the O'Reilly ones.
29:53 And I thought we could just each just do one.
29:54 I'll talk about the first one here.
29:56 It's a chameleon, which obviously is the lizard that can change colors to blend in.
30:01 Brian, you'll like this one.
30:02 It's called Refactoring Code Without Test.
30:04 It looks like it's working.
30:05 No code coverage, no problems.
30:07 It just blends right in.
30:08 Looks like it works on my machine.
30:10 That's right.
30:11 It was written by Sir Crash a lot.
30:12 So cool.
30:13 All right.
30:14 Brian, you want to do the next one?
30:15 Sure.
30:15 Becoming a manager and listening to people complain all day.
30:19 Jesus Christ, not another budget meeting.
30:22 So luckily I...
30:24 And the animal?
30:24 The animal's a crab, of course.
30:26 Of course.
30:27 I don't have to deal with budget meetings, luckily.
30:30 Yeah.
30:30 Yeah.
30:31 Me either.
30:31 All right, Calvin.
30:32 This one's a special web one for you.
30:35 Yeah, it is.
30:36 I'd say this is perfect for me.
30:37 So this is the Z index.
30:39 Good Lord, how many zeros?
30:41 I think it's 100 billion.
30:42 Is it 100 billion?
30:43 It's the real world CSS.
30:45 You've come this far.
30:46 No going back now.
30:48 That's so true on so many levels there, I think.
30:50 No, you're like, Z index equals one.
30:53 No.
30:53 No, keep going.
30:54 No, 100.
30:54 Fine.
30:55 Just, it's eventually not going to be behind that thing.
30:58 I love it.
30:58 All right.
31:00 And then the last one, I'm a big fan of design patterns.
31:02 So this one is avoid using dark patterns.
31:06 And it says, do or do not.
31:08 There's no try.
31:08 And of course, there's a Yoda on it.
31:10 Very good.
31:11 Very good.
31:12 So yeah, these are all fun.
31:14 These are really good covers.
31:15 Yeah.
31:16 Always a nice joke.
31:17 As well as nice being here with both you guys.
31:20 So Brian, as always, Calvin, thanks for joining us.
31:23 Yeah, it was wonderful.
31:24 Thank you very much for having me.
31:25 Thank you.
31:25 You bet.
31:26 Bye, everyone.
31:26 See y'all later.
31:26 Thank you for listening to Python Bytes.
31:29 Follow the show on Twitter via at Python Bytes.
31:31 That's Python Bytes as in B-Y-T-E-S.
31:34 And get the full show notes at pythonbytes.fm.
31:37 If you have a news item you want featured, just visit pythonbytes.fm and send it our way.
31:41 We're always on the lookout for sharing something cool.
31:44 On behalf of myself and Brian Okken, this is Michael Kennedy.
31:47 Thank you for listening and sharing this podcast with your friends and colleagues.