Brought to you by Michael and Brian - take a Talk Python course or get Brian's pytest book

« Return to show page

Transcript for Episode #204:
Take the PSF survey and Will & Carlton drop by

Recorded on Wednesday, Oct 14, 2020.

00:00 Hello and welcome to Python bytes where we deliver Python news and headlines directly to your earbuds. This is Episode 204. Recorded October 14 2020. I'm Brian knockin. I'm Michael Kennedy. And we have a couple of guests will Vincent and Carlton Gibson.

00:14 Hello. Hello. Hey guys.

00:16 Thanks for having us on. It's really quick. So

00:18 before we move on to the first topic, people may already know you you guys are Django famous. I hear pockets real quick.

00:26 Yeah, we so I'm the Django fellow helped maintain the framework there. And with Well, we run Django chat podcast. So and we'll do some other things. What do you do? Well,

00:35 yeah, well, when we started the podcast, I was just a book author. But I'm a Django Software Foundation Board Member now. So I have a hand in coordinating with Carlton in official capacity. But mainly I teach Django through books and learn website. Oh, and I have a Django news newsletter, as well. So I keep piling things on. We don't have two podcasts, like both of you, but maybe we'll get there.

00:56 We haven't got time for two podcasts.

00:58 You start with one and then you just get another one. That's how it goes.

01:01 Okay, like children.

01:02 Brian's gonna start a third one. I heard I'm gonna start a remote for him.

01:05 I'm gonna start a third. Yeah, yeah, why not? I just should jump to four. I mean, binary. Right.

01:11 Exactly. Hey, Brian, we talked about Jupiter a bunch last couple of times. Like, don't let us down like, even roll on. It's a great

01:17 thing to provide a tool for people and then we get a whole bunch of people calling it getting a hold of us and saying, hey, there's there's more stuff you should know about. And this is the case this time. So Marco garelli. I think his last name is sent us a also I have to say he said he was a longtime listener, and he's a Patreon supporter. So thank you, Marco for being a Patreon. Thank you, Marco. Very cool. So he said, You guys should know about MB QA. So NB QA is quality assurance for Jupiter notebooks. So it also can run black. So you can one of the thing if you just want to run it like a black thing to run back. One of the benefits of using it to run black is that you can run it on an entire directory, not just a single notebook, but a whole directory full. There's some modifications with its its use of black so that it keeps diffs fairly minimal for the diff set. And then there's Black will take off trailing semi colons, because in Python, they don't really mean anything. And they look ugly. But in Jupiter notebooks, apparently, they mean something they mean to suppress the output of the notebook or suppress output. So that's the black version, or the NB QA version of Black will turn that leave those in place. And also supposedly supports standard magic commands. And magics are kind of a big part of Jupiter thing. So another thing I want to mention, it doesn't just run black, you can also use MBK to run, I sorted my PI and flake eight in pyland, and even pi upgrade in doc test. So that's pretty neat.

02:49 Yeah, this is really cool. I think it brings so much of the that code formatting and code analysis, clean up to notebooks, which I think had been really lacking, which is

02:59 some of the standard practice that a lot of people are using now. As well as the configuration is all in a pipe project tamo file. And you can hook it up with pre commit so that you can have all these things running. When you check stuff in

03:12 whatever. Yeah, and you can even run it against the whole directory, not just one notebook, which is sweet. I

03:16 definitely have to check this out. It looks really fun. Now, one thing I wanted to mention, I checked out the the source code for it. And it's 100% covered and covered by pi test, of course. So nice.

03:28 Nice little chip. Well, Carl thing, what do you guys think about this?

03:30 Oh, I was thinking I use all those tools, but I don't use them in the notebook format. I have to say I sort of bought away notebooks got not a big user there. So put some soup, but I recommend all of those. Yeah, yeah, absolutely

03:43 did. Oh, and I would whenever I think of Jupiter notebooks I'm always reminded of I think the finest Tech Talk I've ever seen is I don't was I hate notebooks. That Joe. Your sack? Yeah. Joe Bruce, which is, but I mean is he's not just slamming out the whole time. But it's a very educated talk. And I think sets a high bar for sort of complementing and pointing out issues on a framework or on a project that can be improved.

04:06 Yeah, well, I think that actually, a lot of the complaints are starting to get addressed with things like this, right, it's starting to get a little bit better. There's also some other cool ones called Jupiter lab dash LSP for language server, protocol, or provider or something like that, which also does a bunch of things that make it a little bit better. So yeah, it's getting pretty cool. Just one thing, the

04:29 ultimate for general web developers, if you could take a Jupiter notebook and just snap your fingers and have it be a Django site. You can't quite do that. But if I take off my technical head and just what would change things like I'm surrounded by a lot of scientists to turn a Jupiter thing into a website with standard crud. I feel like it's possible one day, but we're not quite there. That would be really fantastic. And we're going to hear like five ways we could do it that we didn't know about, and listeners which is great.

04:56 The one thing I would really love to see in Jupiter notebook and maybe someone out there knows about it as I would like to see collapsible sections. So I've got like a report and it's got like some markdown and then some code than a graph. It's generating this more like maybe a picture, and then some more markdown. And the code in there is really awesome to have. But if you're going through as report, you don't necessarily want to see the code unless you want to like dig in. So it'd be great if you could say, these columns, or the cells are collapsed. I really would love to see that. But I don't know about that yet. That's opposite direction, what you're looking for as making the notebook more of a article, less of a website. Alright, so the next thing I want to cover is the PSF yearly survey. Have you guys taken your yearly survey for 2020? I've done it. So I've done it already got my homework. Well done, Carlton, well done.

05:43 I have not but I've done it past two years, and I will and we actually in the Django world were inspired. We had our own survey this year, the first time in five years, because I don't think Python does as well, but Django doesn't track anything. So we actually don't know the new installs or usage. Right. Okay. And that's obviously helpful to fellows and technical team, of course, and I think basically, the extent to which they track that is the analytics that come out of Pip, like PIP was run on this operating system. This package was installed this many times it was this version of Python that did it. Beyond that, I don't think there's much tracking in the Python world either. The broader, broader, we have pi pi, but that's not completely accurate in terms of popularity, all the

06:23 Docker rebuild stuff that's happening all the time, like that counts, but it's not legit, and so on. So yeah, for sure. So if you haven't taken the PSF survey, I've put a link in here, it takes about 10 minutes, you should go do it. This is the fourth time they're doing this developer survey. And it's the major a major the major, I'm not sure a major source for sure about the current state of the Python community. So what editors do people use? What web frameworks are people using? Are you a data scientist? Or are you a web developer, etc, etc, you just get into Python. And if you haven't seen the analysis of this before, I linked to the 2019 results, which were put together by JetBrains. And they did a really nice job of like making a compelling story to be told out of

07:08 it. Right? Yeah, no, it's really nicely done and presented, you're like, Oh, wow. Yeah, it's super. That's why, you know, it's, it's worth putting into because it's the production value at the end is great. And so it's a valuable resource.

07:19 I felt bad for a second that we didn't have that on Django. But instead, I just went, Oh, just, yeah, we're not JetBrains. That is the gold standard. I was like, oh, it'd be nice to have that. And I was like, or I could just make it a Google forum.

07:32 Well, you guys should reach out to the JetBrains team and see if they want to partner up.

07:35 Yeah, well, they probably got the resource in place. You know, they've got the infrastructure. So maybe

07:39 now, they always didn't

07:41 praises. I don't remember that they have they have them now. Right?

07:44 Yeah. So that's cool.

07:45 Yeah. So they announced that 100 winners, completely random. If you've completed the survey will receive the amazing Python surprise gift pack, which I have no idea what it is because that would ruin the surprise.

07:56 I saw some good Python socks on Twitter today. I hope it's got Python socks in there. Oh my gosh.

08:00 I love socks. Like Like, that's half the reason I go to conferences. Let's be honest. Got my socks. I got all my different socks. I got my MongoDB socks. Yeah,

08:09 I've used to go just for t shirts. But now I kind of like the socks more

08:12 added to we've added a official Django merchandise store and there's some items on there. And that's been helpful with the virtual conferences, but we don't have socks. So that you know, there's a lot of inspiration we can take for having better official gear

08:24 out there. Absolutely. Get your sock Game on.

08:26 Yeah. And then stickers, right? It goes t shirt stock sock stickers, I think in the hierarchy of swag. That's right. That's right.

08:33 Okay. That's my game. I'm just giving on stickers. Usually, I'm an enamel pin

08:37 man myself.

08:38 Oh, enamel pins. Oh.

08:43 I should mention JetBrains, which is doing that. That survey is a big sponsor of Django. We do a couple week long thing every year. And there are major corporate sponsor of Django. So

08:53 shout out to JetBrains. Very nice. Yeah, very

08:54 nice. And one of the things I'm really excited about is we have a new sponsor, and it's another guest. Yeah, so that's pretty cool. So this episode is brought to you by tech meme ride home podcast for more than two years in nearly 700 episodes. That's amazing. The tech meme ride home has been a Silicon Valley favorite tech news podcast. The tech meme ride home is a daily podcast only 15 to 20 minutes long and every day by 5pm. Eastern. It's all the latest tech news. But it's more than just headlines. You could get a robot to redo headlines, but the tech meme, ride home is all the context around the latest news of the day. It's all the top stories, the top posts, the tweets and conversations of those stories, as well as behind the scenes analysis. It's like a TLDR as a service. The folks at Tech meme are online all day reading everything so they can catch everything up for you. Search your podcast app right now for right home and subscribe to the technium ride home podcast or just visit Python slash ride to subscribe.

09:56 Yeah, it's like Python bytes but just for general tech everyday. Though these guys don't mess around, that's incredible. Yes. All of us who are probably guests who are like, Oh my gosh, that's

10:06 brilliant. We all wince a little bit hearing 700 promise by 5pm sounds like a burnout algorithm.

10:15 It's well done. Yeah. Cool. Thank you guys for sponsoring the show. We'll what's your item? Oh, so

10:18 my item is from prototype to production in Django. So this is a common thing where you get a little familiar with Django. And you say, well, what's the there's this big chasm basically, from building a crud app locally and deploying it properly without being hackable?

10:34 What do I do I run it as root, I leave the debug setting on what else do I do?

10:40 Yeah, well,

10:43 it's sort of like you don't know what you don't know. And then the older you get, the more scared you get, because you've seen it all go bad. But we're starting out like what could go wrong?

10:50 Yeah. But that works. Yeah.

10:52 So specific to Django. I think like most web frameworks, it has to it focuses on local production. So when you run, you run a start project command, and it creates some scaffolding for you. And then specifically, it has a file, that's kind of the global config. And that's set for local development. So works great locally, but if you just dump it into production, you're going to be wildly insecure and easily hacked. And so it's a quick list of things you want to change. And Carlton, please jump in here as the Django fellow if I miss something. But debug is a setting that is you want to switch to false, that provides a very nice error message. But it also has a roadmap to hacking your site, if it's left on, right. These

11:30 are in, generate

11:32 So it's all about Basically, there's a secret key that Django that is 50 character long string randomly generated, you want that to be secret, because using the hash throughout Django, and of course, what happens is you do one git commit, and then it's out there. Yeah. So you need to change that. Really put it into an environment variable, which I'll get to in a sec. Are you familiar with should get

11:51 no, I'm not SSH, get. So this is super scary. This is a oh my gosh, it's alive right now. I can't believe it. So I think it's at SSH But there's also the open source version that you can get, you can see on GitHub, let me just just read you this title just to like point out how seriously this should be taken. should get find committed secrets and sensitive files across GitHub. Just get lab, Bitbucket and your local repos. in real time. It does this by subscribing to the like commit stream on GitHub, and instantly post the secrets like AWS secret keys and stuff. You can see if you go there, like

12:31 yeah, I see six for Django right now. And it's always got more.

12:35 Yeah, I just got two more three more. I just got five more. I mean, it's insane. Yeah, ha, if you think my pot, my repo is not so popular, it will be fine. It may not be so fine. But

12:45 this is the thing with security, right is that it doesn't matter how small you are, because the people who are attacking you, they're using automated scripts. So they're checking every pore on every addressable server with every every known weakness? Yes, not if you're being hacked, it's we're

12:58 now setting the stage how frightening This is carry on why we shouldn't put that?

13:04 Well, I think it just reinforces that the settings that py file is where most of the action is in Django, and he want to be careful with it. I mean, I remember GitHub back in the day, you could just global search for AWS keys and stripe and everything. Now at least you can't global search for that stuff. And they'll even ping you. So for me, like I have some secret. I have some projects in my books that are on GitHub. And there's a secret key there. And they bug me all the time saying, hey, you have a secret key expose? I'm like, yeah, you know, I do. I don't, it doesn't matter. So it's gotten better. But yeah, it's still all out there. So secret key, keep that secret. Allowed host is probably the last big one. These are the hosts that can come in it. Django will prompt you to change that. So if you're using Heroku. And it's my you want to set that host to be only that host not all hosts can come in databases. The next one. So by default, Django has a sequel lite database. File base, really easy to use fantastic for production, large scale, Facebook uses it, you know, it can be no I just Ed,

14:00 if your workload is read on it. So say you're running a content sign. It's just you editing it? Yeah, sequel lite will go all the way with you. But as soon as there are more than one editor, and it's incredibly

14:09 fast, it's in memory, right?

14:11 Yeah, you can have it in memory, we can have it on the file, but on read only workloads it will go, you know, right out.

14:16 Sorry, I'm in process and process not in memory. But it's not like a separate server. Right? Exactly.

14:20 It's just a file next to all your other files. And it can it can hold, you know, terabytes of data without a problem. But as soon as you've got multiple users logging in at the same time, or that kind of thing, then you need, you know, something like Postgres with MySQL can handle that kind of concurrency. Yeah, so

14:36 you probably want to get ignore your SQL lite file. But also, you definitely want to use whatever using a production locally, so Postgres, MySQL, Maria, db, and Oracle are the supported databases. What else almost done here, you configure your static media files. So static would be images, JavaScript, media refers to anything that's user uploaded, you definitely wanna be careful whenever you have anything from users. Can't trust them. You want to use Django forms, you probably want to use bleach to sanitize and you want to have that on a CDN not on your server. Two more to finish up. So the admin Django has this famous admin that's very powerful, which is that slash admin, you should change that away from dot admin. Because to Carlton's point, there are bots searching for Jango sites at slash admin, and they will come in and hack away at your site. There are a number of fun technical things you can do to honeypot it or this and that, but you should just change it away from dash admin. I'm tempted to note there's a very famous Django site that still has slash admin, but I won't mention it. Carleton and I both use it though, for our work. And then the last thing is user registration. Django comes with login, logout reset, but it doesn't have a signup. So you can roll your own or most people would use a third party package called Django Allah. That's fantastic that has social support. So Django has a very robust third party ecosystem that over time, the most popular ones, or the strongest ones are rolled into Django. But there's also separation because it's too much for Django to maintain. Django, all auth is not is a third party package. But it's, in my view, effectively part of Django for most people. So those are the big ones are the key things I mentioned their environment variables, it used to be with the settings file, that back five years ago, you'd have multiple settings files, you'd have a base settings file, Carlene still doing that. I still have multiple settings, files, go

16:21 with those folders. I mean, you have environment variables, too, but multiple setting files for the way.

16:25 He's a Django fellow, he doesn't always need to use environment variables for this, because then you have one settings file and you load it into, you know, local staging, or production is much easier space works for places, there's a number of third party packages, they'll help you with that I like environments, which will be linked there, which also has DJ database URL, which is a nice feature and environment variables for databases, just means you have single settings file, and you switch with Mark variables. There's also Django has a handy deployment checklist, which I think a lot of people don't know about. We have a link to that you can run Python check dash dash deploy, and it will check that all the things I mentioned plus a number of HTTPS things are actually configured properly. So you don't want to deploy your site, if you don't pass most of those, if not all those. Yeah. And that's also you know, there's testing, logging, performance security, you can go on and on on I wrote a whole book Django for professionals on this. But those are the highlights. And there's a check is a good doc on the Django Doc's for deployment checklist, which, you know, you should open that every time you review. Yeah, the hard thing is there's like a couple of must haves, like the ones I listed there. And then there's a lot of it depends nice to haves. And that's where it's harder to make generalizations.

17:36 This stuff is so rewarding when you get it right to see your site up and running your 99% plus uptime, and people use it. So fantastic, highly responsive. But soon as you see like something go wrong, it just your heart sinks. And so most of those things are because like you both have hinted at, there's some kind of bot that's looking for some vulnerability, like a known thing. And just make sure you don't put those known things in front of the internet.

18:02 Yeah, and I should say, Actually, there There used to be a site called pony checkup, that as though you could put in your URL, and would automatically just test a lot of this for you. It's actually someone has taken that over from the original maintainer. So it's now DJ checkup, slash pony. So you can type in your URL and check. That's kind of a good way, if you're a beginner, if you're not sure. There's nothing like going to a web page and seeing security issues in your site or others to kind of scare you into doing something. Yeah,

18:28 yeah, for sure. Awesome. Well, I'm glad you cover those. And Carlton, it seems like the one that you got is a bit of a similar

18:35 topic, actually. So I want to so I've been thinking about God, I think it must be Jango chat every week, we seem to have a guest on and we end up talking about deployment. And this massively complicated wills has gone through a whole list of things. And that's only the tip of the iceberg kindness kind of thing. And the thing that I got thinking about was that there is this deployment gap. So I imagine someone finishing the Django tutorial, finishing the rest framework tutorial, or finishing wills Django for beginners book. And then How on earth did they get their app online? And it's like, you know, unless you're going to dedicate a week or two weeks full time researching and prior trying and following tutorials online, it's like this, this chasm, we can't do it. And so platforms as a service, like Heroku, or app service, or App Engine, or digitalocean, have got their new one, like a great starting point, because they're kind of easy, but in a way, they're for me, they're kind of cul de sac, you go into them, you get to the end, and then you kind of have to go back out again when you want to do something more advanced. But then on the other hand, you've got this Do It Yourself option of provisioning servers and setting up firewalls and virtual private clouds. And it's just it's way too much. It's It's scary, right? And then you read some blog posts saying we've got to do it with micro services, or you've got to do it with this container orchestration platform. And no, no, it's too much for me. So I've been thinking about this and trying to come up with a story of my own for it and which I'm launching next year, it's gonna be called button it's gonna be a little tool that just wraps it up and tries to make take some of the fastest Out of deployment. So that's not ready to go yet, but I wanted to mention it because it ties into what we're always talking about. And you can sign up for early updates on the btn dot dev button dot dev btn dot Dev. So that's my topic.

20:12 That's a great topic. I think. I personally struggled through this, right, I started out trying to run my websites and Python on some pass. place that was very simple and easy to get started. But there's just there's ton of downtime and things weren't working the way that I was really, exactly, you know, hoping. And I ended up having to do a lot of things anyway. And so I finally bit the bullet and figured out, how do you run micro whiskey safely? How do you keep these things up? How do you do zero downtime deployment? How do you do continuous? So there's just so many,

20:42 and how do you keep that updated? Right? How is it so you're okay, you get it set up, and it's fine. But then six months later, there's a security patch, which you don't quite know how to apply without bringing your whole site down and rebuilding server. It's like, how do you deal with those problems? They're not something you can learn quickly or easily? Yeah,

20:58 absolutely. Brian, you got to deploy things I have before.

21:01 And that's why I don't anymore. Very,

21:05 very wise.

21:06 Yeah. Last time, we talked about digital oceans new past service, you're like, I'm all about this, like, yeah, like, is for me. So you did your own, like Python bytes. And talk Python. You did those applications, right? Talk Python talk by the chain and like 10 other like little API's and stuff that I'm running all those? Yeah,

21:24 right. So I've done I mean, I've built websites before, like, in the way past, like, decades ago. And then when I wanted to do a podcast, I did a Python. The testing code started out as a as just part of my blog, and it was like, on WordPress or something like that. Now, I will go with a fireside thing. And I don't, I mean, firesides a good service. But it's not. I mean, it's not ideal. It doesn't, it isn't perfect, but I don't have to think about it. What I want to do is podcasting. I don't want to maintain a website. So there's a lot of things where we do need to build these custom websites. And I'm glad that there's some attention given to this. Because, yes, you can learn how to do a Django website. But going from there to a live site is horrifying. So

22:10 I literally just spent an hour this morning, maybe an hour and a half before, like up to 10 minutes before we started recording, deploying my first fast API endpoint, through G unicorn, unicorn behind nginx. And all that stuff. And a lot of it was the same. But that's the first time I've done it with you via corn. And the settings are a little bit different than say micro whiskey. So I can run this basic stuff. And I kind of lived in that world of like I got what is the config key to make sure the config settings that make sure that it runs the different user not root again, in this server and just like you just go through all the things and having that like really automated would be great.

22:45 Oh, yeah, I mean, the other day, my site went down for half an hour. And it turned out to be the DNS in the end. But I never thought that DNS would go down how often. So I log into the server, and I'm checking the application server, that's fine. So I check the local nginx instance, that's fine. I checked the load balancer, that spine, there it is, it's the DNS. And then by the time I've worked this out, the DNS comes back up and the site's back up. And what I want to do is put all that fully automated, you know, so I just run the diagnostics and it goes green, green, green, green, green, red.

23:14 There's the problem. Okay, fine. That's awesome. Let me know anything about that. I'm excited. 21

23:19 BGN. Okay. Oh,

23:21 yeah. Well, and Colton, I think your cul de sac analogy, which I haven't heard you say before? That's exactly right. Yeah. Because it sounds like, Oh, this will solve my problems. And then you learn everything, and then you kind of come back with a different problem. I mean, part of the problem with doing server stuff, I think, is that it's, it feels good to an engineering mind, right? It feels good to be like, you know, drive manual and tweak things, but then you've lost weeks of time, and your app looks the same. And, you know, so there is a danger there in terms of, I feel like you kind of need to do it once or twice and then be like, okay, okay, I'll just have like, I'll just have Carlton handle it for me. Like, I trust him more than

23:56 this is the bio media, right? This is between the the sort of the platform of service, which perhaps doesn't cover all your knee cases. And then the over engineered, you know, I'm using container orchestration for a Microsoft thing, and I've only got one server and 1000 hits a month, right. It's, you know,

23:56 there's a middle way between AWS will never be bothered to make it friendly to small people, because they don't care. I mean, they have this, you know, big clients. So yeah,

23:56 yeah, very cool. I also like the cul de sac thing. See, you think it's an on ramp, but it's really cool to say, yeah,

23:56 just an infinite loop of,

23:56 well, that's the thing, especially somebody who's in that deployment gap scenario that I talked about, they go down the platform of service route, because that's the only thing they can do. But at the end, they're like trapped there, and I want to do more, but I've got to go all the way back down here to learn this other stuff, which is so hard, and so scary and so overwhelming. Yeah.

23:56 Well, I want to talk about something that's easy. And well, it's sort of easy. It's contributing to other people's open source projects. That's no easy.

23:56 Heading Carlton's here

23:56 No, I'm really excited about this topic. So

23:56 I ran across a thing called all contributors. And actually, I, we talked about NB QA before. And that's where I got this idea because they use this tool called, or this service called all contributors. And it's sort of a service, but also just a spec. So I'm just going to read it says this, all contributors is a specification for recognizing contributors to an open source project in a way that rewards each and every contribution, not just code. The basic idea is to use the project README, to recognize the contributors of members of a project community ideas, like there's a lot more stuff going on than just code. There's things like documentation, design, writing examples, doing maintenance, writing plugins for things, doing podcasts, giving talks and all that stuff. And be cool to recognize all these people. So they've got this spec for kind of how to do that. But then there's there's even more, there's a there's a cool emoji key, which I love.

23:56 I love the emoji key part. It's so friendly.

23:56 Yeah. So it has recommended emojis to use for your contributors list. That includes things like a cute little laptop, computer for code, a little thing for documentation, design examples, all the sort of things you'd want with like fairly good, you don't have to think them up, they set them up for you. So it's nice, but they also have like this bot that you can attach to your GitHub repo. So you can just add comments into somebody's pull request or something to say, hey, all contributors, please add this person to the contributors list or something. And it just does it. So okay, that's super cool.

23:56 We're looking into that with Django. A few weeks ago, I've been reading I was reading well was reading other people were reading the working in public book I, for the life of me, I can't remember the author's name this moment. But the Nina I think, okay, egg ball. But it mentioned this all contributors thing. And one thing, we've got it with Django, we've got a massive contributor base. But we kind of only historically recognized that the sort of 30 or so people that were in Django core. And then over the course, the last couple of years, we've kind of tried to restructure the governance. And we've managed to do all of that. And now we're in a position where we want to try and recognize all the other people that we translate the docs into however many languages that that translation team gets virtually no recognition. There's recognize them. There's Yes, there's code commits, but there's also all the people that help triage and review the tickets and review the pull requests. And you know, those people need recognition. There's the people who organize all the Django cons, those people need recognition, we really want to find show that like Django isn't just, you know, I committed to Django, Django. It's the whole ecosystem. So I think this all contributors thing is great tool. You said you're reading the working in public book by would you recommend it? Is it good? Yeah, it was amazing. But like, just the first few chapters, it's just like describing Django to a tee. It's like, Oh, yeah, this is the challenge we face every single day, like, a couple of years ago at Django con in San Diego, I gave a talk about your webring framework need you and I put up a graph of contributors. And in the first chapter, this exact same graph, I mean, it's got different numbers, and it's for a different repo, but it's the same power law shape, it's the same problem. It's like, this isn't just Django. It's every open source project out there. It's got the same issues, and it's the same dynamic, do you grow in on yourself and get smaller and more enclosed? Or do you open out to the community and welcome contributions and find a way of doing it? And if you can, you can survive and thrive flourish? And if you can't, well, you're wither and die?

23:56 Yeah. I mean, I literally took screenshots of the book, because I was like, Carlton, you should read this. He's like, and he's like, okay, okay, it's exactly my thing. And this all contributors is so relevant, because the most Carlton mentioned at Jango, we're changing around, what Django core refers to. And I literally have a huge spreadsheet with all the various people we're trying to categorize, that this would fit in perfectly for. So I'm gonna look potentially use this. And it has a GitHub bot, which is fantastic.

23:56 Yeah, what can be done manually? And, you know, five minutes can be automated in an hour. So

23:56 that's right.

23:56 Well, Michael, what are you gonna finish this up with? Well,

23:56 you know, I want to keep us on the move, don't sit still, you know, Rolling Stone gathers no moss sort of thing. So pandas is a super popular library in data science, right. And there's a bunch of visualizations. One way to work with geospatial data is with geo pandas, which is cool. So there's a library called moving pandas. And the idea is, if you give locations plus time, you can map all sorts of interesting things and analyze all sorts of interesting things. It's cool, right? And this project, as it should, it has a bunch of animated GIFs. So

23:56 yeah, that's what we need you to

23:56 tell exactly what it's about. Right? Get in there. So it provides trajectory data structures and functions for analysis and visualization. It started out as this cue GIS plugin, but they decided it made more sense to just be its own thing. So it's its own thing. to basically it takes geopandas Geo Data frames with timestamp points. It converts them into moving pandas trajectory collections, and your property such as speed and direction. You can turn continuous observations into trips, like, I was here for a really long time. And then I went to the store, I was there for a while, and then I came back, right? Like that kind of stuff, I think it'll aggregate them into flow maps. So instead of going exactly from here to here, you can say here are the nodes where I spend time in the past, I take between them, almost like graph theory type of stuff, and work with it is super straightforward. So you can just go create a panda's data frame, pass up a geometry and time, and you convert it to a geo DataFrame. And then you just say, give me the directory and you can plot it. And that's it. Like, incredibly simple. Isn't

23:56 there websites really good? I was just clicking on it. Because to see the animated GIFs and whatnot?

23:56 Well, it seems like I would that would overlap with so I mean, Django is a big framework, there's a whole geo Django area, which, Carlton I have discussed, I mean, that the ORM, or the two parts of Django, I kind of don't really know, to be honest. But they're very powerful. And people use them. So cool.

23:56 You can also get like graphs of Penny derived data. So like speed over time, rather than just position you can you get these other analysis in there. And, you know, I see lots of interesting places, you know, I had, I'm getting replicable on Python to talk about how they're using Python in on the race teams for simulations and stuff. Like those types of analysis. They seem so perfect. go spend a day the track, collect a bunch of data, throw into these types of things and look at the curves and whatnot.

23:56 Yeah, and pandas is almost like the kind of data transfer format now. I mean, yeah. So absolutely, to be able to integrate this sounds super useful. And it

23:56 looks cool. Awesome. Well, that's the last item. Brian, got any extra stuff you want to share with people?

23:56 Just working and plugging along? Yeah, I bet you I do have a few things.

23:56 First of all, I was talking to Hugo bound Anderson from coiled and yes, hey, when is the transcript from our recent show going to be out in like, I don't really have transcripts at the moment, the company that was working with the generate them, stop generating, stop doing that kind of stuff. And I haven't figured out what to do. He's like, Oh, you should check out Like, yeah, but isn't that like for your phone? And like, you can have conversation, that's cool. But, but what I realized is I can upload files to that our old episodes, it'll convert it to mostly correct transcripts, like pretty good, actually, you know, it'll get like AWS right, and things like that. And we use it on just wrote, yeah, do I just wrote some automation to turn that in transcript? So I added, like, half a year worth of transcripts back, which means that feeds our search engine, so search should be better as well, and stuff like that.

23:56 Yeah, I think it was a top the top one, I think Wes boss was also asking something, and I was tweeting with him saying, Yeah, otter, I think, when I checked is by far the best one. It's not really designed for transcripts. It's designed, I think, for like meetings and groups, but yeah, works. We've been using it for a year.

23:56 Yeah, that's awesome. You guys like it? It's been good.

23:56 Yeah, as you say, it's, I mean, it's the most accurate out there. And usually, it gets almost everything, you can kind of have custom things like AWS, if it gets it wrong. And yeah, I mean, usually I run it through and give it a quick scan, maybe there's a couple things to switch. But yeah,

23:56 it's a no brainer. It's got like a nice editor that like plays and highlights the words, you are actually going to stop and edit them. I also have automation, like for my courses, I have automation through AWS, elastic, transcribe or just transcribe whatever it's called to generate those and then hand them off to people. But auto is looking nice. I'm not sure if I'd switch the course, though. But anyway, we have a bunch of transcripts, right?

23:56 Yeah. So I've never really done I started doing testing code transcripts. But I was I was actually just paying somebody to do it. And it was getting expensive. So yeah,

23:56 let's check this out, too, as well check it out. It's the SEO that really matters. I think that's like the feature. Because, exactly.

23:56 That's why I first created it. And I thought, okay, I'll make them searchable. So people can also get some value out of but my original reason for doing it was like, instead of having three paragraphs of content for an hour conversation, let's have the real conversation right there. But then,

23:56 you know, someone will find that and that'll be useful, but and you know, there'll be like, Oh, this is, you know, even if it's barely transcribed. This is roughly one look for listen to the episode. Right,

23:56 right. Yeah, let me listen. Here's the timestamp and they can get some value. So hopefully, yeah, that's that's the idea. Nice. All right. Also, I'd switch from Google to try to live in Duck Duck go land just using Duck Duck go.

23:56 Oh, join us. Yeah.

23:56 Yeah. Are you guys doing it? are you

23:56 liking I've been there for three, three years exclusively? Oh,

23:56 god. I'm still on Google. But I did install the piehole this week. So you know.

23:56 Oh, yeah. Yeah. Yeah. swings around a bit. Because like I see your DuckDuckGo usage and I got to raise your I hope. This is what I have to deal with guys.

23:56 I so far, I'm liking it. I mean, I've been using Firefox with all sorts of privacy stuff for a long time. But I figured just one more thing. I just want to point out if you're trying to be like slightly less connected to Google, they have Google Takeout Or if you just want to backup, right? If you use Google Drive and you sync your Google stuff, it'll give you just a link to the spreadsheet or whatever on Google gives me if you use Google Takeout, it'll actually convert like, say, your spreadsheets to excel. So you actually have them. Anyway. So that's part of that. And like I said, I got to deploy my first fast API app today, basically, and I'm just, I'm really enjoying it. I feel like it's bringing in a lot of these ideas. I'm hoping maybe you guys could comment super quick on this. It brings in some of these new ideas into the web space, like async. And await stuff feels super natural. You don't have to do anything to make it work. The type annotations mean things. I just feel like there's a lot of interesting there a modern Python stuff coming together here, like what's your Django perspective? Well,

23:56 so fast API is built on top of starlet and which is by Tom Christie, who's Django rest framework creator. So from the async side, that's what we're trying to build into Django now. And we have async views in 3.1. And, you know, we're working on the ORM. Next, and then from there, it will spread out. So there's a PR came in this week about the cache layer. So they'll be using third party async cash back ends, for Django soonish, the an async, free fully MVC framework like style, it's always going to be out there, you know, it's going to be ahead of where Django is. But we'll we'll wrap it up and give it that nice Django feel where you define your class based views and all these things. We're not there yet. But that's where we're aiming for. Then the other thing that fast API brings out, which is quite exciting is pi downtek. Which is the Yeah, the type hinting used for the serializers. And for the for the validation. That's kind of really cool. And at the moment, we don't have a story there with Django. We've got Django forms, we've got rest framework serializers, doing the same kind of thing. But we've got our eye on that. And we'll see how it

23:56 goes. You guys are definitely thinking about these things. It's very exciting.

23:56 Yeah, I mean, but what's really nice about the current, particularly the ASCII world where all kinds of ASCII is the standard is there's amount of interoperability in that you can kind of nest your as gaps inside each other and wrap winter wares around them. And it's just another ASCII app. And so, actually, there's a lot of interesting things. So it's really rich and fertile time for Django, web frameworks.

23:56 Yeah. Awesome. I don't have anything to add, Carlton, I defer to Carlton other than it's sort of wild that, you know, I mean, from time we've known about starlet that fast API is better known than starlet is a little strange to me. But it makes sense because Thompson busy rebuilding everything in a sink the last couple years, kind of

23:56 thing. Also, the thing is that people touch fast API, they just live on top of like they live on the shoulders of starlight, but they touch fat

23:56 API, right. I know. Exactly.

23:56 Yeah. Yeah. All right, Brian, I put in two jokes that we can offer up today.

23:56 Let's shout out to some of the stuff that will encourage when you're doing the first Well, yeah,

23:56 absolutely. Okay, well, we just I'd say listen to Jango chat, which is at Jango That's our podcast. It's fortnightly. Now that's a fancy British word there for you. Check out wills tutorials and books at Learn And then yet sign up for the early updates on bottom, which is a btn dot there just did super Welcome aboard. You'll be subscribed to number three, I think.

23:56 Get up a page before we go on the podcast because he's been telling you about button for a year and

23:56 yeah, it looks good. It looks like a signup form right now. Well, yeah.

23:56 But yeah, 2021 it's coming. Nice.

23:56 Yeah. Okay. No joke. Thank you. Thank you for getting us back on track, Brian. So you've heard about give a person a fish versus teach him to fish. There's a programmer version. Did you know that though? Yeah. If you give a person a program, you can frustrate them for a day. But if you teach them to program, you can frustrate it for a lifetime.

23:56 Yeah.

23:56 Yes, definitely.

23:56 Unless what Brian

23:56 unless you teach them to test at the same time.

23:56 Very good. Exactly. And speaking of fast API, here's a a joke that I just saw that's relevant, that sort of similar to one put out by Sebastian Ramirez from fast API. So somebody just failed a job interview. And the verdict was delivered like this. I'm sorry, we're looking for someone aged 22 to 26, with 30 years of experience with flask or Django.

23:56 Yay. What did he tweet about? Someone was looking for five years of fast API. And he was like, exactly,

23:56 exactly. He's like, well, as the creator of fast API, I would not qualify you for your job. Having done only 1.5 years of it. Yeah.

23:56 Yeah. Well, I don't think people realize that it's so new. I mean, it's it's kind of taken over very quickly, but it's hasn't been around for very long. Yeah. So yeah,

23:56 it's pretty interesting. Anyway, guys.

23:56 Yeah. Thanks for joining us.

23:56 Yeah. No, thank you. It's been really cool chat. Really enjoyed it. Yeah,

23:56 exactly. And have you here Carlton will, right.

23:56 Bye. Bye. Bye. Thank you for listening to Python bytes. Follow the show on twitter at Python bytes. That's Python bytes as in be yts and get the full show notes at Python bytes at FM. If you have a news item you want featured just visit by thumb and send it our way. We're always on the lookout for sharing something cool. This is Brian Aachen and on behalf of myself and Michael Kennedy, thank you for listening and sharing this podcasts with your friends and colleagues.

Back to show page