Transcript #183: Need a beautiful database editor? Look to the Bees!
Return to episode page view on github00:00 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
00:04 This is episode 183, recorded May 19th, 2020.
00:09 I'm Michael Kennedy.
00:10 And I'm Brian Okken.
00:11 And Brian, we have a special guest, Calvin Hendricks-Parker.
00:14 Welcome, Calvin.
00:15 Hey, guys. How are you doing?
00:16 Doing super well.
00:18 Great to have you here.
00:19 Awesome. Well, I'm excited to be on.
00:21 This is my first time being on one of your podcasts.
00:24 So I'm all giddy with excitement.
00:26 I'm very giddy as well. It's great to have you here.
00:29 It's always nice to have a third person with a fresh perspective, because Brian and I, we've given our perspective 183 times, and people are probably able to guess, for the most part, what we're going to say.
00:39 But not the jokes. The jokes are always original.
00:41 Okay, now before we move on, I do want to say this episode is brought to you by DigitalOcean.
00:44 Check them out at pythonbytes.fm/digitalocean.
00:47 Get $100 credit from new users. Tell you more about that later.
00:49 Brian, why don't you kick us off with something completely from 2001, like blogging.
00:54 Like blogging.
00:56 One of the things that we thought maybe there weren't enough ways to blog right now, there's actually tons of ways to blog.
01:02 But this is kind of a neat thing. This is called Fast Pages.
01:06 And it comes from Fast.ai.
01:09 And it's a blogging platform that they say it's an easy to use blogging platform with enhanced support for Jupyter notebooks.
01:16 It's kind of put together, it's a, you know, where you write in Jupyter notebooks, and then you can also write markdown files.
01:24 And for some reason, you can also write like Word doc files.
01:27 But why would you do that?
01:28 I blog in Word, baby.
01:29 Weird has support for it anyway.
01:33 And you can for your pages and posts and whatever and push it up to GitHub uses GitHub app actions to publish everything it use.
01:43 I think it uses Jekyll on the back end to publish to GitHub pages, but it's all set up so that it's really fast to start.
01:50 You can do things like alter interactive visualizations, and you can have code cells that you can hide and show or close by default if you want to.
02:01 You can even do metadata like the title and summary.
02:04 They go in special markdown cells.
02:06 But you can even embed Twitter cards and YouTube videos and tag support and all that jazz.
02:11 It actually looks pretty slick, to tell you the truth.
02:13 If you want to publish something like a blog but you're going to use Jupyter Notebooks on a daily basis anyway, this might be a good thing to check out.
02:20 Yeah, Jupyter is nice, but it's not quite all the way there, right?
02:24 It's still like, the code is still shown on all the cells, and they're not like collapsed like this.
02:29 This is a really nice presentation format, I think.
02:32 And the fact that you're not really running on your own platform, right?
02:36 Like, there's so many things where like, "Oh, I'm going to write my own blog, and then now I have to run servers and patches." And like, "Wait a minute, why am I patching servers?
02:43 Like, what have I gotten myself into?" Whereas this just runs on GitHub pages.
02:46 That's pretty cool.
02:47 I like the Altair interactive visualizations, right?
02:51 Because it's one thing to take a screenshot or static image and put it up there.
02:55 But if you've got live code and live interactions, that's pretty awesome, actually.
02:59 So yeah, this kind of appeals to me.
03:00 I'm not switching because I just, I don't have the energy for one more thing that I put in a lot of focus on, like a blog.
03:06 I do blog, but not that much.
03:08 But nonetheless, this looks really cool if you're, especially if you're in the Jupyter world.
03:12 But now you got to maintain your code on your blog page to make sure it always runs.
03:16 That's right.
03:18 You write tests for it. It'll be fine.
03:20 There we go. Okay. Yeah. Exactly.
03:22 I looked at this and I think this is a nice fresh take on like interactive code demonstrations in your blog. And to me it's way better than just static code there with static pictures. Yeah. And definitely, like I said, I think it's the best for people that are spending their day in Jupyter notebooks anyway. Then it's going to be a natural place for them to be to write a blog with it. Yeah. Absolutely.
03:44 Yeah, now this next one that I want to cover, I'd not heard of, and I discovered it from Mahmoud Hashemi, who didn't realize that he had shared it with me, but he had like favorited it on GitHub.
03:56 I'm like, whoa, wait, that looks cool.
03:57 You know, just that little activity stream of people you follow on GitHub, or whatever's happening.
04:01 So one of the things that I find lacking a lot of times is how you work with databases as sort of an admin side of things, right?
04:12 Like if you're using Django, there's some kind of admin back end, you can sort of point at it.
04:16 But if you're using like, you know, just SQL lite and you don't have some web app to work with it, like how do you work with it?
04:23 I know there's a command line for working with it.
04:24 You're right.
04:25 DDL data definition or description language, whatever that is.
04:28 I don't want to do that.
04:29 That doesn't sound fun at all to me.
04:31 So what I want is a nice visual thing.
04:33 There's like a history of my most common searches, things like that.
04:36 So there's this thing called beekeeper studio.
04:39 Have you guys heard of this?
04:40 I've not.
04:40 No, no.
04:41 I hadn't either, but if you go to their website, it is super polished.
04:44 It certainly passes the Michael and Brian test of many screenshots and little animations, because, hey, it's a UI thing.
04:51 And what it is, is it's a really polished, free and open source, SQL editor and database manager.
04:58 It checks so many boxes.
05:00 It talks to MySQL, Postgres, SQLite, Microsoft SQL Server.
05:05 It runs on all the things, Windows, Linux, macOS.
05:08 It has a bunch of cool features like it has built-in support for connecting to your database server over SSH tunnels, which is really nice because you typically don't want to have your database out in, you know, digital ocean or wherever.
05:23 Listen on the internet.
05:24 That's just asking to be in the headlines of, you know, company X has lost all their data and is now, you know, you now get, everyone gets free credit monitoring for a year.
05:35 Thanks, right? You don't want that.
05:37 So you can have like the database locked down, but still SSH over to the server and then just tunnel.
05:42 But this has like built in stuff for that.
05:43 Cool tabbed interface.
05:45 It has auto-complete for your SQL queries, which is really nice.
05:48 So like your table schema, so you know, you can pull up table name dot and it'll drop down all the columns in like your where clauses or your select clause, which I think is super nice.
06:00 It has kind of an Excel view where you can just pull up the data in the table and like filter it and sort it by clicking on the column.
06:07 So you don't have to be super good at knowing that.
06:10 By default as a dark theme, that's pretty cool.
06:12 - Yeah, so you know it's for series programmers.
06:14 - Yeah, it's legit, baby.
06:16 It is totally legit 'cause it's default.
06:18 - You had me in dark theme for sure.
06:20 - That's right, that's right.
06:21 So there's just a bunch of cool things.
06:22 Like you can save your most common queries and there's like a favorites queries section on the left that you can just pull up your common queries and like rerun them if you gotta do a report or something you always have to ask about.
06:32 Like you can run that, which I don't know.
06:34 This seems like a really nice tool and I'm telling you it is worth every penny you pay for it.
06:39 - Is it free?
06:40 - It's free, yeah, it's free no-foot source.
06:42 I installed it and I connected it to some little SQLite toy things projects from my courses that I was working on and it came out great.
06:49 - So how do we keep them in business?
06:50 It sounds like we need to keep them in business somehow.
06:52 - I know, we don't want this to go away.
06:54 But yeah, it's nice over on GitHub.
06:56 They've got quite a few stars, 1.4 thousand.
06:59 So it's pretty new.
07:01 I'm not sure how long they've been around, but I'm excited to see him here. It's great.
07:04 - Yeah, nice. - Well done, people.
07:06 All right, Calvin, what do you got for your first item here?
07:08 - So my first item on the docket is the second annual Python web conference, which I'm actually one of the co-organizers of this web conference, so I'm excited to come on here and tell you all about this amazing event that's coming up.
07:21 We did this last year, and we thought it was a pretty good success, and so we wanted to actually continue that tradition, and it seemed to fall perfectly within all these conferences converting to virtual conferences.
07:32 we are a virtual first conference.
07:34 This was not a planned change to virtual.
07:37 We're really doing this for real as a virtual conference.
07:39 - Just to be clear, you guys did this last year when it was not required to be virtual, right?
07:43 - Right, when it was not hip and cool to be a virtual remote conference.
07:48 - We're at least a year ahead of your time.
07:50 - We are.
07:51 I'd like to think I'm a trailblazer when it comes to some of these things, but I'm only taking credit for the amazing work done by the people who are certainly behind me at doing all the real work.
07:58 But we're basically putting on what we're calling the most in-depth Python conference for web developers.
08:04 I don't know, if you all have been to PyCon, there seems to be a lack of web and production level talks going on there these days.
08:11 Well, I don't know, it kind of goes back a long ways.
08:13 And so we felt like this was a gap in the Python ecosystem for folks to come and talk about production use of Python in on the web.
08:21 Now, so we're gonna have talks on Django, Flask, Twisted, lots of testing talks.
08:26 So maybe I'll draw certain folks from this audience in who like testing.
08:30 SQLAlchemy, containers, deployment, like tons of stuff like that.
08:33 So it's going to be a bunch of cool web talks and just kind of three tracks.
08:39 So it's actually going to be three days.
08:40 That is June 17th to the 19th.
08:43 So make sure you mark that on your calendar right now.
08:45 I would love if you went and bought a ticket right now, but go ahead and mark that on your calendar, save the date.
08:49 There'll be a full day of tutorials.
08:50 So there'll be six tutorials, three in the morning, three in the afternoon, two days of talks with three tracks.
08:55 We've got some awesome keynote speakers.
08:57 So Lorena Mesa from the Python Software Foundation is gonna be one of our keynotes.
09:01 We've got Henek, Russell Keith-McGee, who gave a keynote at PyCon two years ago.
09:06 - 2018, yeah, I think so.
09:08 It depends if you count this one, yeah.
09:10 - Right.
09:11 So he'll be coming back and hopefully giving some more insights into, hopefully, I'd love to see what he thinks kind of post-Black Swan era, if you remember his talk from PyCon.
09:21 - Yeah, that was a super good talk, yeah.
09:23 - It was a super good talk, and that's why I'm really, really excited he decided to kind of join my merry band and go on an adventure with all of us.
09:29 We'll have some fireside chats. So during lunch, there's going to be, I don't know if you all are familiar with Carl Meyer, but he's, he works for Instagram. He's in their infrastructure team. And so he's really available to talking about like best practices. So we'll ask all kinds of deep questions. And actually, I've just enjoyed talking to him to no end about how things actually work in the real world. For some of these kinds of things. You know, not everyone's doing microservices to the hilt. Like there are people who are running real things that are just Django monoliths, and they still work. And they're kind of tried and true. So there'll be a 40 presentation 40 plus presentations.
09:59 six tutorials, fun will be had by all, hopefully connections will be made. We really work hard at making sure that these kinds of virtual events are maybe overly stimulating so that you've got lots to do and kind of lots to interact with. There will be, you know, kind of virtual cocktail hours afterwards, online gaming. So we had a Mario Kart tournament at our last virtual conference, and we're going to bring back our board game night. And so actually, as part of the conference registration, you'll be sent a pre swag pack that will include something for the board game night.
10:30 So if you actually want to play one of the games, we're going to give every player every person who attends what they need. And actually, you don't need to have that to play. But we're gonna have some especially themed ones made specifically for Python web conference. You point like your webcam at it, and everyone sets it up in the initial state and like keep sinking it. Okay, so I'll kind of get a little bit of the cat out of the bag, but we're gonna play skull. Have you ever played skull? It's a bluffing game. It's a lot of fun. So basically, everyone has four coasters. I I mean, looks like the coasters, you know, look kind of like, you know, just a round circular cardboard coaster.
10:56 Three of them have flowers typically and one has a skull on it.
10:59 So it's a bluffing game to see how many flowers you can acquire before you run into somebody's skull or your own skull.
11:05 So we're going to do a Python themed version of that with a web slant.
11:09 So it should be pretty, pretty cool.
11:10 I'm looking forward to that.
11:11 That sounds fun.
11:12 Yep. So the tickets are $199 and $99 for students.
11:15 Now, as a bonus, there is a perfect for every professional ticket purchased.
11:19 we're going to donate a ticket to an attendee in a developing country.
11:23 So we want to be able to get people who couldn't normally even make it to a physical conference at this event.
11:28 If you're in the middle of Africa or some far off place and you couldn't normally get to a conference like this, we want to make sure you can attend and actually connect with the Python web community.
11:37 So I'm pretty excited about that.
11:38 And then I do have a discount code for the Python Bytes listeners.
11:41 There will be a 20% discount code if you just use the code PB20.
11:46 And you guys will get a 20% off discount.
11:49 Yeah, this sounds like a fun conference.
11:51 I really like that you're taking the digitally native approach in the conference because I feel like there's a lot of attempts at this right now and we'll see what sticks, but everyone's trying to reinvent conferences and this feels like a pretty good attempt at it.
12:07 I've attended a couple recently where they kind of took conference skeuomorphism to an extreme.
12:11 Like you kind of VR style walked into an expo hall and kind of clicked to go through a hall and you're sitting in front of a screen with like Mystery Science Theater 3000 style like, you know, characters sitting in front of you.
12:22 Yeah, yeah.
12:23 The silhouettes of people for you.
12:25 That's not the way to go.
12:26 Then that's not what this is.
12:27 Yeah, I saw I saw something where they're like, Oh, we'll make it totally real.
12:31 You've got to go check in with a real person before they'll let you into the virtual conference and stuff like that.
12:36 Yeah, no, no, no, no, no, no, no.
12:38 Yeah, yeah.
12:39 So Microsoft Build is running right now.
12:41 And they're, you know, trying to figure out what they're doing there.
12:44 It didn't look super good to me this morning, the way the experience was going, but we're doing it for a week, or three or four days, so I don't know, maybe that'll be an example as well.
12:53 - AWS just did their summit, and I didn't hear very good things about that as well.
12:58 - Well, it's a big challenge.
12:59 And there's a possibility that I might be speaking at this conference.
13:02 - Oh, that's right, how could I forget?
13:04 We do have, if you go look at the speakers page, I'm super excited.
13:08 I mean, it is a who's who of Python web community.
13:11 It just kind of speaks to the volumes like the confidence these people have that we can pull this off, that they're here to speak for this conference.
13:17 Yeah, very cool.
13:18 All right, well, I definitely think it's going to be a fun event.
13:21 People can check it out.
13:22 Obviously, links in the show notes and the discount code.
13:24 Now, speaking of web and running stuff in the cloud, DigitalOcean, sponsoring the show, very cool place.
13:30 They just launched their virtual private cloud and their new trust platform, which makes it easier to run secure code in the cloud with some confidence.
13:39 So VPC, it's kind of like a virtual private network, but it allows you to create multiple private networks for your whole team.
13:47 Then you can stick your VMs where they need to go to make them to talk to different things.
13:51 So I recently set up a whole bunch of complex firewall rules for all of our various servers that need to talk to each other.
13:58 And it would be really nice to just click them in here.
14:00 But I set those up before this existed.
14:03 Hence, I did it that way.
14:04 So this is really a nice feature.
14:06 it can auto generate your private network IP addresses.
14:10 So you can control them or you can specify how you want them generated.
14:13 And you can even configure some of the droplets to behave as internet gateways to kind of act as a outbound area or place for those various private clouds.
14:22 So that's cool. And then their trust platform is like a micro site with all sorts of information about security and running stuff in the cloud.
14:28 So check them out at pythonbytes.fm/digitalocean $100 credit for new users. And so go out there and build something awesome and Make it a little more secure.
14:37 Wonderful.
14:37 Yeah.
14:38 You mean, I mean secure like real honest data, no fake data, no fake news, none of that.
14:44 No fake news.
14:45 If only there was a fake news generator.
14:47 There probably is.
14:49 So if anybody knows a fake news generator, let us know.
14:51 It'd be fun.
14:52 As far as fake goes, we were talking about, I have no idea how to pronounce this.
14:56 Anybody want to try?
14:57 It's M-I-M-E-S-I-S.
15:00 Mimesis?
15:00 Mimesis?
15:01 I've actually used this tool in the past.
15:03 And this is a party game I love to play.
15:05 is you describe an open source project and you see how everyone will pronounce it.
15:09 Okay, anyway, maybe mimesis, mimesis?
15:13 I don't know. But it's a fake data generator. And I was reading it and thinking, don't we already have fake generators? There are a handful of other fake data generators around. But this one looks pretty cool. It helps generate fake data in a variety of purposes and a variety of languages.
15:30 It's actually got over 33 locales. So you can get like Russian names and Spanish names and all sorts of stuff like that.
15:38 But the localization also goes to things like you can, if you have addresses and food descriptions and people names and things like that can be localized and that's pretty neat, different phone numbers as well.
15:51 So there's a whole bunch of different locales you can do.
15:54 Supposedly it's super fast.
15:55 They posted their benchmark of 10,000 full names of Faker versus Memesis.
16:03 And then they were like 60 times faster, which is pretty cool.
16:07 The thing I was really impressed with, it was one of the features is a data generation by schema.
16:13 So you describe what kind of the shape of some data and the different types of things, like maybe, and we're putting in the show notes, a description of a structure that has a name and an ID and a version, timestamp and owner information, like email and creator name, full name, things like that.
16:32 And then you can just generate from that schema.
16:35 You can create a bunch of those.
16:37 And that's pretty darn neat, I think.
16:39 I think I could use this really readily.
16:41 - Yeah, we were just talking about building a web apps and stuff.
16:43 And one of the things that makes that really hard is you've got all this HTML and these loops in your templates and all that kind of stuff, and CSS that's going to describe.
16:53 If I had data here, this is how it would look.
16:56 And often you end up with no data or like just a few letters here or there.
17:01 So having like legitimate looking data is really nice for helping you design your apps.
17:06 Or if you're trying to anonymize something for some kind of data science thing, you just wanna like, I wanna randomly put in something here, but I want it to seem normal, but not be actually tied to the person.
17:18 This looks really cool.
17:20 - Yeah, especially useful like in Django projects when you wanna have a fixture to load up some personally identifying information ahead of time for the developers.
17:26 You don't want to have them grab the production data and have that liability sitting on their local disk.
17:31 - Yeah, yeah, exactly.
17:33 There's interesting different classes that generate things.
17:36 So there's obviously like a person, there's what's called person, human, something like that, let's see, yeah, person.
17:43 So it has things like you might expect, like an age and an email and a name, but it also has an avatar, which is a link to a graphic as an academic degree, like whether or not you have a bachelor's degree or master's degree.
17:56 It has like nationality, occupation, political view, all these interesting different things.
18:04 And they also take on different locales.
18:07 There's a science one.
18:08 So in the science one, you can have an atomic number, a chemical element, a DNA sequence, an RNA sequence.
18:13 There's just a bunch of funky different types of data you can generate here.
18:17 It's pretty cool.
18:18 - Yeah, I was looking through things like software development, things like operating system, a random operating system, random programming language, software license, things like that.
18:29 That's pretty cool.
18:30 - Right, like, what was it?
18:31 OS 32 or what was it called?
18:33 OS 2?
18:34 Yeah.
18:35 (laughing)
18:36 This is a cool find.
18:37 And I have another one that's kind of in that same space, also with a bit of a web slant called Schema Thesis.
18:45 - Oh, this is cool.
18:47 - So the idea is you've got an API and the API is documented with something like open API three or swagger or something like that, which is a bunch of HTTP endpoints and then descriptions of the data is exchanged, right?
19:04 Here's the endpoint, here's the JSON document or God forbid XML document, I almost said there, right?
19:11 But here's the thing being exchanged, right?
19:14 And then you would hope that the actual service actually exchanged data that looked like it described it exchange, right?
19:22 So this project basically tests for conformance with the API as you declare it in your own documentation.
19:30 That's pretty nice.
19:31 It supports those two formats that I said, Swagger and OpenAPI, and it's built with Hypothesis, Hypothesis, JSON Schema, and, drum roll please, pytest.
19:41 - Yay! - Yay!
19:42 So the idea is it reads your application schema, and then using Hypothesis, it will generate test cases that ensure your application is compliant with its own schema.
19:50 - That's pretty cool. - Yeah?
19:51 And it works in two ways.
19:52 You can write tests with pytest, obviously, it's kind of meta, but then write tests with pytest and write code to talk to these things.
20:01 It seems like maybe the predominant way actually to do it is through this command line interface, where you can point it at a URL, at the schema definition, the documentation, and then the actual endpoints, and it'll just go and do all that work, which is pretty cool.
20:18 - Yeah, that's neat.
20:19 - Yeah, you can also parallelize it.
20:20 you can pass the number of workers for concurrent test execution.
20:24 Also, if you're testing something that has an app, as in Flask or AIO HTTP or something like that, instead of firing up a thing that goes through the network, that goes through the whole serialization layer and hits some running thing, it'll actually just load up your app and run it in process, as if you were doing unit testing against your Flask or AIO HTTP app.
20:47 So you can give it directly just the, basically the package or the module, and it'll just run it, like, without the web infrastructure in between.
20:55 Yeah, so that probably speeds things up quite a bit.
20:57 Yeah, at least you don't have to have a server running somewhere.
20:59 So it's probably also easier for CI/CD, because there's not a second thing to be running to then talk to.
21:06 You just run it straight out of thin air.
21:08 And then also, Calvin, you're talking about being keen on Docker.
21:12 This CLI also can run as a Docker image.
21:15 So there's like no setup other than just Docker run this.
21:18 – Living the dream. – Living the dream, baby.
21:20 It's always going to work as long as you have Docker.
21:23 Anyway, that looks like a pretty cool thing.
21:26 And there's a little example in here.
21:28 It's not super clear to me how to put specific use cases into the code test.
21:34 So that's why I say I think CLI is kind of the way to go.
21:37 Like there's ways to write code and it uses a primarization through hypothesis, but it's a little bit generic, I guess, on what you would assert for.
21:46 Anyway, if you've got APIs and they're already documented with Swagger or OpenAPI, this seems like a cool thing to point at it just to make sure that it's hanging together.
21:55 Yeah, very nice. I wanted to give this a try sometime.
21:57 Yeah, more testing is always better.
21:59 Especially if it's one line. I don't want to work to write that.
22:03 Alright, Gavin, what's this last one here?
22:05 Alright, so the last one up here, there's been a lot of people combing public code repositories looking for secrets.
22:12 And a lot of the tools have been disregarding some common places secrets might be stuffed away.
22:20 So they look at JSON files, they look at .py, .js, like it's embedded in code or maybe a .ini. Yeah, so they're not looking for byte-compiled code. So actually there's a blog post here by Jesse Lee, and I really enjoyed it because it's "Finding Secrets by Decompiling compiling Python bytecode in public repositories.
22:38 I mean, it's really common for maybe people new to Python not to realize that those pyc files could contain possibly sensitive information.
22:48 So a lot of common patterns might be put your secrets into files like settings.py or config.py or secrets.py and then get ignore the py file.
22:56 But you could be accidentally still inserting the pyc file, which is the byte compiled version of that file.
23:02 - Alright, like - Yes, exactly. - settings.pyc is probably something you could look for, huh?
23:09 Right. So you should probably leverage whatever tools you're using to make sure you get a stock, like, Python gitignore file. So if you're using PyCharm and you have the gitignore module installed, it'll tell you, like, do you want to generate the stock gitignores for your type of project?
23:24 And it'll put a bunch of stuff right in there for you. You should do that, for sure. But if you don't, actually be vulnerable to having some of your PYC files contain API keys or using passwords because that information gets compiled into the bytecode. What I liked about this post was they actually had a little crash course on deconstructing Python bytecode and like understanding what cached source means. So it wasn't just like, hey, don't do this thing. That's pretty uncool. It really kind of gave you a quick little lesson in like what a PYC file is or what's in that PyCache directory. You know, so this post also comes with another game you can play, which is kind of cool, a small capture the flag. So there's a little lab in there for you to actually try it out and play with it.
24:02 So if you're totally into security stuff and want to see how this stuff actually works under the covers, the author went just above and beyond and gave you a capture the flag game to actually go explore those PYC files and cache files that are up on GitHub or any other public repository, which is really cool.
24:18 I see, that's cool. So the idea is, here's some that have this problem, your job is to go uncover them or something like that.
24:25 Yeah, exactly. Here's a couple of sample repositories. Go and cover this.
24:28 So the action items from this post specifically was like if you do have PYC files containing any secrets, you need to make sure you delete them and then go revoke and rotate those secrets.
24:38 The other thing was using a standard get ignore for checking, not preventing that to happen altogether.
24:43 And ultimately, I think the best way to handle, I've been preaching kind of a lot to folks who are around me recently about how to store secrets using tools like Vault or 1Password, depending on what your situations are, making it easy to get those secrets into, say, environment variables, for me is the way to go.
24:57 Don't even have those secrets sitting on your file system in any form whatsoever.
25:01 So I typically have a little shell script that uses the command line tool for like one password, or uses vault with a token to actually grab the secrets in real time, stuff them into an environment variable, either shove them into a container, or as I launch, I grab this out of my environment and don't even take the risk of putting that stuff on my file system.
25:17 That's a clever idea.
25:18 You know, because so often it's kind of a chicken and egg.
25:21 It's like, great, so you don't store it in GitHub.
25:24 So now it's over in this other text file.
25:26 - Right. - It's like, how much better is that Audit Slayer?
25:30 I mean, I know it's better, but it's still not that awesome, right?
25:34 So having it encrypted is nice.
25:36 - Right, 1Password and LastPass and BitKeeper, or KeePass, all have command line tools that you can script to get data out of them.
25:44 1Password will give you back JSON, and with JQ you can basically filter it out and grab the thing and put it into an environment variable on the fly without it ever touching your file system, which is really nice.
25:54 Okay, that's interesting. I didn't know about that. I'm a big fan of 1Password, but I didn't know it did that.
25:58 Oh, so go check out, go grab the OP 1Password tool.
26:02 It's got full access. You can just basically grab secrets. Yeah, you can edit secrets.
26:06 I'm a huge fan of 1Password as well. And LastPass was nice as well. We used to use LastPass for a long time. But I store, for example, like AWS secrets.
26:14 I'll put those up in 1Password in the notes field or I'll create separate special fields that have key value pairs, which are environment variable name and environment variable value.
26:24 And then I just have a quick little one-liner in my shell that converts those from one password JSON into export those to real variables in my shell.
26:32 So more than just the secret key, like the region and what profile to use, which assume to do, anything that's a variable that I can put in my environment, I'll put into one password.
26:42 - Okay. Yeah, that's cool advice. - That is cool.
26:44 Yeah. Right. Well, that's it for our six items.
26:47 You guys got any extra stuff that you want to throw out there?
26:49 Ron, I see you got one here.
26:50 Yeah, I just noticed that the PSF is looking for volunteers to help migrate issues from bugs.python.org to the GitHub issues.
27:00 So if you want to help out PSF and do something worthwhile, like this is a cool thing to volunteer for.
27:05 Yeah, that's cool.
27:06 That is cool. How about you, Calvin?
27:07 In case you missed it, there is a Learn Python Humble Bundle that is going on right now that will benefit a couple charities, the Book Industry Charitable Foundation and the NoStarch Press Foundation.
27:17 And so those are helping folks who basically need a safety net during times like this, like independent bookstore owners, comic book owners, things like that.
27:24 For $15, you get like nearly $400 worth of like amazing NoStarchPress books.
27:30 At some point in time, I recommend probably almost every one of the books that is on that list to folks just so they can get jumped in both feet. How do I learn Python?
27:38 I've got three of them sitting on my desk right here, because they're fun books.
27:41 You know, there's like stupid Python tricks and automate the boring stuff.
27:44 and there's really fun books in there. So I'd recommend it to anybody who's spending time at home and doesn't know what to do with their time.
27:51 Go grab these books for 15 bucks or pay what you want.
27:54 The money goes to a good cause and you get to learn awesome Python language.
27:58 Nice. Yeah, that's cool. The Mission Python book is intriguing to me.
28:03 That's definitely a cool one. All right, I got a few quick ones.
28:06 Python 3.9 Beta 1 is out for testing. So if you're into that, you know, go check it out.
28:13 you can run, just download and run it.
28:16 You know, play around with some of the new ideas in there.
28:18 Also, not beta, but for real, Python 3.8.3 is also available.
28:23 That's pretty cool.
28:24 And then I got a cool message this morning from Jeff Derbyshire.
28:29 And he sent over something that I thought was just kind of a cool little piece of information.
28:33 I'll link to the paper in the show notes.
28:35 So everyone's trying to help out this COVID stuff.
28:38 Some particle physicists put some free time, took some of their free time to design and build a low-cost ventilator.
28:45 It's pretty cool, right?
28:46 Yeah.
28:46 And then they wrote a paper about it because they're particle physicists.
28:49 And if you look through it, it says things like, the target computing platform is Raspberry Pi 4, as shows in the trade-off between computing power and power consumption and things like that, which is nice.
29:02 The target programming language is Python 3, and the UI is PyQt 5.
29:08 And then the MVM GUI, the UI for it, is Python 3 software written with PyQt 5.
29:15 And pretty nice, allows you to steer and monitor the equipment.
29:19 So anyway, here's a cool, effectively a Python ventilator created by a particle physicist that's open source.
29:26 - Yeah, that's awesome. - Yeah, it's kind of cool.
29:28 There's a huge number of names on this paper too.
29:30 Yeah, it's pretty awesome.
29:31 Anyway, I'll link to that, people can check it out if they're interested.
29:35 You got to do something to keep these particle physicists off the streets.
29:37 That's right. No one just roaming around any old collider.
29:41 Alright, so, for the joke this week, I thought I'd grab like a couple more O'Reilly covers. Not O'Reilly.
29:48 I know, I mean, you already had the Humble Bundle book thing.
29:51 So we got the O'Reilly ones.
29:53 And I thought we could just each just do one.
29:54 I'll talk about the first one here.
29:56 It's a chameleon, which obviously is the lizard that can change colors to blend in.
30:01 Brian, you'll like this one. It's called refactoring code without test.
30:04 It looks like it's working.
30:05 No code coverage, no problems.
30:07 It just blends right in.
30:09 Looks like it works on my machine.
30:10 That's right.
30:10 It was written by Sir Crash a lot.
30:12 So cool.
30:13 All right, Brian, you want to do the next one?
30:15 Sure.
30:15 Becoming a manager and listening to people complain all day.
30:19 Jesus Christ, not another budget meeting.
30:22 So luckily, I--
30:23 And the animal?
30:24 The animal's a crab, of course.
30:26 I don't have to deal with budget meetings, luckily.
30:30 Yeah, yeah, me either.
30:32 All right, Calvin.
30:32 This one's a special web one for you.
30:35 Yeah, it is. I'd say this is perfect for me.
30:37 So this is the z-index.
30:39 Good lord, how many zeros?
30:41 I think it's 100 billion.
30:43 Is it 100 billion? It's the real world CSS.
30:45 You've come this far, no going back now.
30:47 That's so true on so many levels there, I think.
30:49 I know, you're like, z-index equals 1.
30:53 No, 10. No, 100.
30:55 Fine, just, it's eventually not going to be behind that thing.
30:57 I love it.
30:59 Alright, and then the last one.
31:01 I'm a big fan of design patterns.
31:03 is avoid using dark patterns.
31:06 And it says do or do not, there's no try.
31:08 And of course there's a Yoda on it.
31:10 (Calvin laughs)
31:11 Very good, very good.
31:12 So yeah, these are all fun.
31:14 These are really good covers.
31:16 Yeah, always a nice joke.
31:18 As well as nice being here with both you guys.
31:20 So, right as always, Calvin, thanks for joining us.
31:23 - Yeah, it was wonderful.
31:24 Thank you very much for having me.
31:25 - Thank you. - You bet.
31:26 Bye everyone. - See y'all later.
31:27 - Thank you for listening to Python Bytes.
31:29 Follow the show on Twitter via @PythonBytes.
31:31 that's Python Bytes as in B-Y-T-E-S.
31:34 And get the full show notes at PythonBytes.fm.
31:37 If you have a news item you want featured, just visit PythonBytes.fm and send it our way.
31:41 We're always on the lookout for sharing something cool.
31:44 On behalf of myself and Brian Okken, this is Michael Kennedy.
31:48 Thank you for listening and sharing this podcast with your friends and colleagues.