Brought to you by Michael and Brian - take a Talk Python course or get Brian's pytest book


Transcript #227: No more awaiting, async comes to SQLAlchemy

Return to episode page view on github
Recorded on Wednesday, Mar 31, 2021.

00:00 - Hello, and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.

00:05 This is episode 227, recorded March 31st.

00:09 Nice, I'm Brian Okken.

00:11 - I'm Michael Kennedy.

00:12 - I'm Michaela Reyes.

00:13 - Welcome, Michaela.

00:15 So good to have you here.

00:17 - Thanks, Michael and Brian.

00:18 I'm a big fan of both of your shows.

00:22 - Oh, thank you. - Wonderful.

00:23 - Yeah, that's really nice.

00:24 And yeah, it's super cool you could drop in here and be part of this show.

00:27 So before we get on, maybe just tell folks about yourself.

00:30 - What do I do?

00:31 I'm a software developer for more than 10 years.

00:36 And then I'm also an organizer of the Python community in the Philippines.

00:42 So yeah, that's about it.

00:44 - Nice. - Yeah.

00:45 - Should we jump in?

00:46 - Let's jump in.

00:46 - All right.

00:47 Well, the other day I was on Twitter.

00:50 I, sorry, I made myself laugh.

00:54 So Ned Backhelder.

00:57 put out a comment, said a public service announcement, please do not remove old versions from PyPI because it just causes work for people that have to go find your old versions on GitHub.

01:10 PyPI has a yank feature that you should use instead.

01:13 And I didn't know about this yank feature.

01:15 - I didn't know about it either.

01:16 I thought you just have to live with leaving it there or you take it away and cause trouble.

01:20 - Yeah, so this is pretty cool.

01:23 What it does is, and I should have had a screenshot this up, but basically in PyPI, when you go in, you go in and log into your account and you go to one of your, your, the, the package that you want to take a version down from.

01:35 And when you go, actually, if you go to try to delete it, it'll pop up a comment that says, Hey, maybe you should yank this instead of deleting.

01:43 And this, apparently this just came out like last year or a year before I can't remember, but it's not terribly old and I missed it.

01:50 Yanking is about the same thing.

01:52 So yanking leaves it there, but it doesn't automatically grab that version, even if it's within a range that you've specified.

02:02 The only way PyPI will grab that version is if you specifically have that exact version specified to grab.

02:11 And that way, if somebody has a pinned version to just that version, if it's gone, they just won't download anything.

02:18 So that's not nice.

02:18 - Yeah, it's just gonna crash and their Docker thing won't build their system won't install or whatever something bad right? Yeah but and then I also wanted to link to Doug Heldman article about so you've released a broken package what do you do now and his recommendation is just relax it happens just push it out again fix it and push it out and so I generally I don't know if I've ever thought of the need to yank because most people probably won't pin the bad version unless they know it works for them.

02:53 So I guess I wouldn't worry about it too much.

02:55 - It's interesting.

02:56 I guess this is new as well.

02:57 This is from May of 2019, this Yank feature, according to the PEP at least, something around that timeframe.

03:03 So it's pretty new, but it definitely seems like a good feature.

03:06 Kayla, have you heard of this?

03:07 - I also haven't pushed anything on PyPI yet.

03:11 Just internal packages.

03:14 - Yeah, yeah.

03:14 Then you just tell people, "Oh, this is broken.

03:16 don't use that one.

03:17 (laughs)

03:18 Yeah, if you put it on PyPI, then, you know, someone pip installs, pip freezes it, they've got it.

03:23 So I guess it depends how popular a package is.

03:25 But even if you have an unpopular one, you know, you've got just a thousand downloads a day or something, or that's still a very high likelihood that someone's gonna grab it.

03:35 - I just pushed up something recently.

03:37 I was excited that it got up to like 24 downloads a day.

03:40 - No, I mean, that's good.

03:41 I think, well, I have nothing, I have nothing that scale.

03:44 I'm thinking, you know, if you're doing Flask or Django or Pandas and you push a bad thing, like you're gonna hear about it for a long time.

03:51 It's gonna be a high stress event.

03:53 Whereas opposed to like the stuff that I have up there, no one would notice as long as I got to it pretty quick.

03:58 - I'll stick one of mine up in the extra section at the end.

04:02 - Okay. - Yeah, perfect.

04:03 - Yeah, I was about to ask.

04:05 - So SQLAlchemy, maybe you guys have heard of this.

04:09 I think it's about something to do with databases, something like that.

04:12 - Yeah.

04:12 SQLAlchemy obviously is the most popular ORM for talking to databases without writing raw SQL, which I think for the most part, this is the way you should be doing it, right?

04:21 You should be programming with so many things, just change the connection string and it works.

04:24 It doesn't matter what underlying operating or underlying database you're talking to, it'll figure it out, mostly.

04:29 We'll get to that.

04:30 But big news, Mike Bayer has been working super hard to get SQLAlchemy 1.4 out.

04:37 And does it say here?

04:38 It says this is a ton of work that they put into over, I believe this is months of work.

04:44 And I think it came out last week, but we didn't have time to cover it.

04:47 So here it is.

04:48 And this is notable, not just because, oh, look, at some point releasing, there's a few things, but there's a bunch of big changes for people that know about SQLAlchemy.

04:55 For example, this is the first one that is moving towards SQLAlchemy 2.0, which is a big change of the APIs and things like that.

05:03 So it introduces a bunch of new APIs, especially around async and await.

05:07 So this is the first SQLAlchemy that natively supports without some kind of external patching thing.

05:12 Natively supports using the ORM to talk to the database using async and await, allow you to plug into things like FastAPI and other places in a real scalable way.

05:22 So that's pretty cool.

05:23 And yeah, the fact that it's moving on to this 2.0 style is pretty interesting.

05:28 So yeah, big news, right?

05:29 - Yeah. - Yeah, cool.

05:31 And there's a lot of changes around working with the ORM towards this new API.

05:37 So it used to be you would create a session and then you would say session.query of the class you want to query, and then like filter and order by and all that kind of stuff.

05:45 And that stuff is gone, not removed, but it's not the new style and it's not the styles that supports async and await.

05:51 So I'm pulling up here this doc that shows the before and after.

05:56 So if you wanted to get all the users, you used to say session.query of user all.

06:00 Now what you do is use this combination of select statements and then executing them.

06:05 I believe this comes out of the core of SQLAlchemy.

06:08 there's a way to do the core queries and then the ORM queries, and I think it's leaning more on the way that the core work.

06:13 So now you would say session.execute, selective user, and there's a few more steps for some reason, then you gotta say .scalers.all.

06:21 You don't do that, what you get back is like a bunch of tuples, where some part of the tuple on each entry is the thing you were looking for, I believe.

06:28 So it's not super different, but it is not even close to the same.

06:32 So that's something that people should look at.

06:36 Let's see if I can find the async support here.

06:38 I'll just show you one thing that you also, I wanna point out, I said, normally you can just change what database you talk to.

06:44 If you're doing the async API, you have to be more specific about it.

06:47 For example, if you just try to talk to SQLite, it'll crash and says, "The SQLite driver doesn't support async." Sorry, you can no longer use, you can't use that API to talk to SQLite.

06:56 But what you can do from this little, I'm taking from one of my classes, is you can use a different connection string.

07:03 This is from my second FastAPI course.

07:06 You can say SQLite plus AIO SQLite and say, I want to use the AIO SQLite driver, not the plain SQLite driver for my async connection.

07:16 Right? - Wow.

07:17 - Yeah.

07:17 So if you do that, then you're back to good.

07:19 - That's cool. - Things go, yeah.

07:20 Things go as you would expect, which is really cool.

07:22 And then you've got to do things different instead of creating an engine, you've got to create an async engine.

07:26 The way you work with the session object is now with the async with block.

07:30 There's a lot of interesting, like slight variations going on, But basically it's really cool that you can now do SQLite, or sorry, SQLAlchemy and SQLite, I guess, but especially SQLAlchemy against the databases using the ORM in an async and await-friendly way.

07:45 That's the big news.

07:46 - That's really cool.

07:47 - Yeah.

07:48 - I actually think that changes to the ORM are kinda neat.

07:51 - Yeah, no, I'm not saying I dislike them.

07:53 You're not just gonna be able to put in a wait in front of what you used to do.

07:55 It's a different API.

07:57 You gotta kinda go through and figure it out.

07:59 But it's fine, it's good.

08:00 I'm really happy to see it.

08:01 - Okay, do you do anything with the SQLAlchemy?

08:04 - Yeah, it looks the new query style is more understandable, I guess, but I'm just worried about those who are using the old version in production.

08:14 - Yeah, I don't know if it's gonna go away in SQLAlchemy 2.

08:18 I'm not sure what the story is there, what the future plans are, but if you wanna take advantage of the async and await stuff, you've gotta go do new things, but there's not gonna be a lot of old code.

08:27 I mean, there's gonna be no old code doing the old async way, 'cause it just wasn't supported at all, right?

08:32 So it should be okay.

08:33 Yeah, all right, well, that's that for that one.

08:35 And I think you're up next, right?

08:37 On your item.

08:38 - I found this Django tenants package back in 2017.

08:43 And then I was just surprised that it's still being maintained when I looked at it.

08:51 And so it's a multi-tenancy implementation for Django, typically used for SaaS websites.

08:59 So it's like, what's a good use case?

09:03 Let's say you have a restaurant with franchise and then you have different branches for each location.

09:10 Then you can have, for example, your main web app is mywebsite.com and then you can have, let's say, makati.mywebsite.com or branch2.mywebsite.com.

09:28 It uses PostgreSQL schemas.

09:33 So for each tenant, it has a different, it will use a different schema for each tenant.

09:43 - Okay, cool.

09:44 Yeah, this is really neat because that is such a big challenge.

09:47 I know people that have sites that they build that their customer wants to log in, multiple logins for them, and when they go in there, they wanna see their data, but you don't want to have a copy of the website for everyone.

09:59 You want to have one website that you maintain, and it's always filtered to what company are you in?

10:04 You get to see the data related to that company, that account, as someone else comes in.

10:08 This is super cool.

10:10 >> Yeah. It's the data leaks can cost you lawsuits.

10:14 >> Yeah. I mean, you could do it yourself.

10:16 Every single query you could say, whatever the query is, and your company ID equals or account ID equals whatever it is.

10:24 but if you forget one time, you're in the news in a bad way.

10:27 >> Yeah.

10:28 >> Yeah.

10:30 >> This is very cool. I was always curious about how people, I mean, I'm sure there's other ways too, but I was curious about how people would do that to build this house off of Django.

10:39 >> It's interesting and it's based on domains.

10:41 Like tenant1.domain.com, tenant2.domain.com and so on.

10:46 >> Yeah.

10:47 >> I like it. I mean, if you're doing Django stuff, it seems like it makes a lot of sense.

10:52 And this goes down to the actual Django ORM models, right?

10:57 - Yeah.

10:58 - Yeah, cool.

10:59 Well, I don't have any use case for this.

11:01 I don't think right now, but I can certainly see that a lot of people out there would.

11:05 I mean, like I said, if you've got a group of people associated with one customer and another group of people associated with another customer and you wanna make sure that only their data is all kind of shared, but not overly shared, then this is a cool use case.

11:18 Yeah, nice.

11:19 Well, that's a really good find.

11:20 Yeah. - Cool.

11:20 - Awesome, awesome.

11:21 - All right.

11:22 - All right, Brian, you ready to commit?

11:24 - Oh.

11:25 (laughing)

11:26 - Race condition, race condition.

11:28 - Yeah, yeah, so you've, I think we've talked about pre-commit, I'm pretty sure we have.

11:34 - Definitely talked about pre-commit hooks in the small, but not necessarily in the framework style, I don't know.

11:40 - Yeah, so pre-commit, well, this is the documentation for pre-commit, the normal pre-commit everybody knows and loves, and if you don't know it and love it, you should probably check it out, because I wanted to bring up a couple of things.

11:52 One of them is that it's a lot more than just, so I get, I'm along with a lot of other people ran across pre-commit with things like, I wanna remember to run black and, you know, I know I'm gonna run my tests, so I may as well just check, make sure that all the tests pass before I check stuff in, and maybe I'll run the linter and just go ahead and run black over something and then I don't have to worry about it too much.

12:18 things like that before you commit.

12:20 And that's where the pre-commit got its name.

12:22 But there's a lot more hooks than pre-commit, than commit or the pre-commit hook.

12:26 With the pre-commit tool, you can hook into pre-merge and post-merge and all sorts of entry points around version control.

12:35 So it's a very powerful tool.

12:36 And there's a thing when people build up a whole bunch of tooling around it, and you can also get best in class little hook snippets from other people to plug into it, which is really great.

12:49 But if I'm sharing it across a whole bunch of different projects, I kind of have to copy that into all the repos, but you don't really have to anymore because now there's a pre-commit CI.

13:00 So it's a continuous integration type version like a lot of other, like, I don't know, like Travis used to be or something or other sort of CI tools.

13:11 This is another CI tool chain that you can use and it'll run, you can set up a pre-commit hooks and run it over a project.

13:20 And then one of the nice things about it is you can, you can have a whole bunch of different things set up and configured and run it against multiple projects and have that just set up in a different place.

13:31 So this is a really, really kind of a cool tool.

13:34 And I've been trying it out on a couple of projects.

13:37 So.

13:38 - Yeah, so we have pre-commit, pre-commit framework, which lets you use pre-commit hooks.

13:44 There's a lot of layers, it's like turtles all the way down.

13:46 You can have pre-commit hooks for Git, but they might be written in all different languages like Node or Rust or Python or whatever, and getting those installed and running can be a pain.

13:56 So there's the pre-commit framework, which lets you not worry about that stuff and just run all these pre-commit hooks from different sources.

14:02 This is another thing on top of that.

14:04 This is the pre-commit continuous integration service.

14:07 So if people have heard of pre-commit before, this is like extra new stuff that Anthony Sotili's been working on, right?

14:13 - Yeah, yeah, and he's been doing this on the side for a little while to try to, it's a, it's believe it's, well, I've signed up with, through GitHub and I think it's free for open source projects.

14:24 I don't know the details, but yeah, anyway, I think it's a neat idea.

14:29 I occasionally get, so one of the things that's nice about it, obviously I'm gonna run pre-commit the hooks, but if somebody merges something into my code, they can choose not to do that and do a merge request.

14:41 And this allows all those hooks to run on all the merger quests.

14:45 >> I'm a big fan of putting stuff in CI because I've seen so many scenarios where people are, some of the people on the team are really excited about this and really want to work with it.

14:56 And other people, they don't even want to be bothered to figure out what it is.

14:59 But they're in attention to, it means the builds break and other stuff goes wrong for the people who are trying to keep, I don't know, the linter happy, the unit test running or whatever it is, right?

15:11 And so if you were relying upon pre-commit hooks, this means that everybody gets their pre-commit hooks and stuff run and validated, not just the people who didn't ignore them or whatever.

15:23 - Yeah, like one example is just like Black, for instance.

15:27 If you like to run Black over your stuff before you check it in, you can just not even see it before people do it.

15:33 And one of the nice things about this is that it can create a new merge request.

15:38 So one of the things it'll do is if somebody does a pull request or merge request, whatever, against your project, and you want this stuff run, like for instance, some of them will actually change your code.

15:48 Black's one that changes your code.

15:50 So this takes the old merge request, runs black on it, and then creates a new merge request with the changes.

15:56 So that's nice.

15:56 - Yeah, cool.

15:58 Okay, are you using any pre-commit hooks or anything like that with your teams?

16:02 - No, I'm just aware of black, but when Brian explained it, It's similar to it, although it's something that you put on GitHub, did I understand it right?

16:15 Or whatever your--

16:17 - The continuous integration version, the one we're just covering does, you can put it on GitHub, but the, and pre-commit works with GitHub projects as well, but it's something you run locally, so you have it, it's run by Git pre-commit hooks, or triggering the hooks that you can configure, >> Yeah, it's turtles all the way down.

16:39 >> Yeah. So Brian, I don't know if you have any awareness to this or not, but I'll ask you anyway. Just tell me if you don't know.

16:46 Would it still make sense to put the pre-commit framework locally and have it try to do it locally before it happens in GitHub?

16:53 So maybe you get a better, more immediate feedback on it, or just depend on the one on the CI server?

16:58 >> Of course, I do. Because I want to catch it before I push it up for my own stuff.

17:04 But if somebody wants to do a pull request, I don't even want to look at their code if it doesn't pass.

17:11 I mean, it might be a cool idea, but it's a lot of work if somebody pushes something and all the tests are broken and whatever.

17:22 - And then in worst case, you don't want to go back and say, "Oh, I'll accept your PR, "but you have to go and run black against it, "and then I'll accept it." Like just make it automatic.

17:29 - Yeah, just make it automatic.

17:31 - Yeah, yeah, super cool.

17:32 All right, the next one here comes to us from David Smit.

17:36 And he, like many of our listeners, is very helpful, sends in things periodically.

17:41 He says, "Hey, I happened across this thing "at sneak, S-N-Y-K dot IO." And I'm not sure how new this is, but it's quite neat.

17:49 So over here we have the Sneak Package Advisor.

17:53 And it's not just for Python, it's for many of the things, I guess three of the things at the moment, NPM, HiPI, and Docker.

18:00 And what you can do is you can go over here, I'll just focus on PyPI for now.

18:04 And you can put in packages, like they have Django there listed, so let's put Django in and see what happens.

18:09 And it will tell you what is the package health score?

18:12 What is the security story?

18:14 Have there been issues?

18:15 Have they been fixed?

18:16 How often is this being worked on?

18:18 So many times people who are new to Python, or even not new to Python, but new to an area, like, you know what, I wanna start using async and await with an ORM.

18:27 What are my options?

18:27 I've been using SQLAlchemy, and imagine it didn't get as update, I gotta switch to something else.

18:31 What are my choices?

18:32 Here's four.

18:33 How do I know which one of those four is still alive, healthy, et cetera, et cetera.

18:38 So you come in here and you can see some information about it.

18:42 I'm going to say that this is not necessarily the best.

18:47 Let me see if I can find Django without.

18:49 One of the things I'm seeing that makes me kind of wonder, I clicked on maybe the wrong one.

18:54 I clicked on a specific version and it said it was not very popular.

18:57 I'm like, that can't be right for Django.

18:58 (laughing)

19:00 It's an unpopular package.

19:01 So it tells you things like what is the popularity?

19:04 And for Django, so this is a key ecosystem project, like too big to fail, sort of.

19:08 What is its maintenance story?

19:10 It's healthy.

19:11 Does it have known security concerns?

19:13 No.

19:14 Is this community active or whatever?

19:15 And then also it's cool, it has, you might also look at these other packages, like Django's getting 97, Flask, it shows right there.

19:22 Flask is a 93 out of a hundred in its score.

19:24 And you could open it up and see why.

19:25 There's a bunch of graphs around here as well.

19:27 you can see like the commit frequency, the open issues, open PRs, when was the last commit, GitHub forks, all sorts of stuff around here.

19:37 So number of contributors, go down there and see that.

19:40 Actually the community shows like the recent people, does it have a code of conduct that it could discover, right?

19:45 Is it have funding, does it have a contributing doc?

19:48 What were the recent security issues?

19:51 All sorts of stuff, you know, and I'm not gonna go through all of it, but there's a bunch of cool things you can just pull up about other packages and compare them against each other.

19:58 You can pull up like Flask if you want and see that side by side and so on.

20:02 So what do you guys think? - Neat.

20:03 - Yeah, cool, right?

20:04 - Yeah, I think it's neat.

20:05 - It's similar to django-packages.org.

20:09 Oh, yeah, django-packages.org.

20:11 - Which is, like you said, a similar idea, but just for like-- - Yeah, for Django.

20:16 - Like an off layer for Django or a special admin back end for Django.

20:20 But this is more like for the whole community.

20:23 - Yeah, for the whole Python.

20:25 - Oh, or it supports other languages too, right?

20:28 - Yeah, this, sorta, it supports Node and Docker, right?

20:33 So yeah, I think the idea is probably that more stuff is coming along, but I do like this, you know, if everything else being equal and you can't decide, put two projects in here and see what it says, right?

20:43 You can see, like to me, one of the big warning signs of an open source project is if there's a bunch of PRs that are like six months old, nobody's even bothered to respond, You know, somebody has gone to the effort of, I've actually tried to improve this.

20:57 I've done the work, I've written the tests.

20:58 Here it is, will you just accept it or tell me what else I gotta do?

21:02 And they're not even willing to respond.

21:03 Like that is a huge red flag.

21:05 And that kind of stuff will come up here as well.

21:07 And hey, Anthony Shaw out there in the live stream, is if you sign up with your GitHub creds, Snyk will check your project requirements.txt for you and raise PRs if there's security issues.

21:18 Yeah. - Oh, nice.

21:19 - And if you use PyCharm, the PyCharm security extension, It has sneak is integrated in.

21:24 Oh, and Anthony, who makes that a PyCharm security extension?

21:28 Is that a, that's right.

21:29 Anthony does that one.

21:30 Awesome.

21:33 Yeah, that's really good work, Anthony.

21:35 Thanks for the, that extra information as well.

21:37 So you can just search a project on there.

21:39 Yeah.

21:39 Put me on the spot and search my, cards.

21:42 What is it?

21:43 No.

21:43 Pytest dash check.

21:44 A Pytest check.

21:45 Gotcha.

21:46 Oh, let's see what we get.

21:48 What are we going to get?

21:49 Oh, yeah.

21:51 You're doing pretty good.

21:52 - Dude, you got a 65.

21:53 I mean, look, you were recognized.

21:56 Look at this.

21:57 And you're sustainable with no known security issues.

21:59 Like I'm saying, this is the same bad, man.

22:01 I mean, there are fewer committers than Django to be fair, but still.

22:07 (laughing)

22:07 - Yeah.

22:08 - Still, it's quite good, right?

22:09 - But I'm surprised that there's 10 contributors.

22:11 This is just something that I, it's pretty good.

22:14 It's probably my oldest package, so that's.

22:16 - Okay, no, this is pretty good.

22:17 I mean, it has no known security issues.

22:19 That's pretty good.

22:20 - And you could even embed a little package health score if you wanted to, right?

22:23 - Well, let's figure out how I can get it up.

22:26 (laughing)

22:27 - Yeah, get that into the 90s and then embed it.

22:29 - Get up in the 90s.

22:30 - How about that?

22:31 Perfect, fantastic.

22:32 All right, who's next?

22:34 I guess, Gela, you're next, so there you go.

22:38 Tell us about this one.

22:39 - So this one has been contributed by one of the shows on Twitter, fans.

22:49 And then when I first looked at it, I thought it's just another tool that tries to do away with JavaScript.

22:59 But then when I tried it out, I guess I kind of had an appreciation for it because it can be used for, yeah, I imagine for hobby projects, like for people who, oh wait, let me just explain what it's for.

23:16 It allows you to build simple applications or browser-based GUI applications without the need to write HTML and JavaScript.

23:25 So it has input and output modules.

23:28 It's also based on Tornado when I check the requirements.

23:32 - Oh, that's really cool.

23:34 So if you were gonna write a script, just a terminal CLI type application, and it would ask questions like, input, what is your height in centimeters?

23:44 Input, what is your weight?

23:45 And it would convert that to a float, then you would print out the information.

23:49 So this has really similar stuff, like the input doesn't come from the built-in one, it comes from pywebio.input.

23:57 And that'll actually create a text box.

23:59 And because you say the type, you'll even get validation, like, oh, this has to be a number.

24:03 That's pretty neat.

24:05 - Yeah, I think it can be used for hobby projects, like for people who know how to write Python code, but don't want to write HTML and JavaScript.

24:13 And it also as a teaching tool for, let's say, you're teaching kids the concept of input and output and don't want them to just use the terminal.

24:26 - Yeah, you know, it's really interesting.

24:28 My daughter wanted to learn Python and get into programming and stuff.

24:32 And I tried to show her stuff in the terminal and she was just, "No, uninteresting." And then we started playing with Anvil, which has a similar, like really simple way to just get like graphical stuff on the screen.

24:43 And she was all about it.

24:44 She played with it for hours, creating little apps and quizzes for people and stuff.

24:48 And it doesn't seem like a big difference, but that visual aspect, I think it's pretty big.

24:53 I think people are, you know, it makes a big difference.

24:56 - Yeah.

24:57 - Yeah, I was, so I probably use something like this for maybe build scripts, for instance, used by a team.

25:04 So sometimes you have like, you know, just a few questions you need to ask somebody and you can do that easily on a web form or something like that.

25:10 but if it's like a script that you're running on the command line, and some people don't want to run to have interactive command line.

25:18 I don't understand that actually personally, but there's definitely people on my team that will not voluntarily run a command line script.

25:27 - Yeah, absolutely.

25:28 And it looks like it integrates into existing web frameworks, which is cool.

25:32 But it also, the way it runs, it looks like you might be able to actually patch it up with PyInstaller and just go here, double click this, and it'll come up with something.

25:40 - Yeah. - Yeah.

25:41 - Yeah, pretty neat.

25:42 - The only limitation I see is that when once you want to style the HTML code, but that's far, way far in the future.

25:52 I mean, if it wants you--

25:54 - Probably gotta do CSS or something like that, right?

25:56 Yeah, cool, that's a good pick, very nice.

25:58 - Thanks to the contributor on Twitter.

26:01 - Yeah, absolutely.

26:02 All right, that's it for me, Brian.

26:04 You got anything else?

26:06 - Well, I had teased about just saying that, Well, we already talked about pytest check a little bit.

26:11 So the new package that I just put up last week, I guess, I went ahead and, so I misunderstood, there's a package called pytest poo, which is a brilliant package that I thought, I had it wrong.

26:30 I thought it put little like poo emojis for failed tests.

26:35 Turns out it didn't.

26:36 What it does is you had to mark a test with poo and then it just showed those whether it passed or failed.

26:46 And I said, well, I thought, well, we kind of need a distinguisher.

26:49 So also I don't think I could get my team to use poo emojis.

26:53 So I created pytest Yuck 'cause I'm a kid of the Mr. Yuck generation, I guess.

27:00 And so what it does is you mark a test with yuck And if it passes, you get a green queasy face.

27:09 And if it fails, it actually throws up.

27:12 So this is a new and it's a download stats are the only day that recorded was 24 downloads.

27:22 - That's actually pretty good for its first day.

27:24 I'm gonna say that's good.

27:26 - It was probably all me.

27:27 But, and then, I don't know, a month ago or so, I did pytest source pass, which just allows you to specify import paths so that your test can find your code.

27:38 And then as we already showed, pytest check is the one that's been out for years.

27:43 It just allows multiple failures.

27:44 So those are my packages.

27:46 - No, those are really cool.

27:47 And you've been busy.

27:49 - Yeah.

27:50 - I'll try the yuck package later.

27:55 - Nice.

27:55 All right, I got a few real quick things to throw out there at the end here as well.

27:58 Marco Gorelli sent over this project he's working on called absolutify imports.

28:04 So if you've got a package that's using relative imports and you would rather to convert it over.

28:09 So all the, you know, dot and, you know, from dot or from dot dot, whatever import something and turn those into absolute imports.

28:17 It's like one line.

28:18 To me, it's a little bit like Flint, run that against your project that turns all the string formatting to f-strings.

28:23 This will do that, but for the imports, take them from relative to absolute.

28:27 So that might be helpful.

28:28 People got some code to migrate and they want to do it like this.

28:30 And then I noticed Anthony Shaw was in the audience, but I was already going to cover this Anthony.

28:35 Last week, Kelly, who said, "Oh, I want to talk to you about Beanie, the MongoDB ORM." She's like, "Oh, I thought you were talking about Beanie Babies." And then somebody threw out that Anthony Shaw should make a Beanie Baby plugin.

28:49 And it looks like he's already made a Beanie Baby bear.

28:52 Isn't that amazing?

28:54 He hit this up like the same day.

28:55 Well done, Anthony.

28:56 Thanks for keeping it interactive.

28:59 - That's awesome.

29:00 - Yeah, that's good.

29:00 - Yeah, yeah, cool.

29:01 And we talked about supply chain issues and hacks and whatnot.

29:05 Well, this one should take people's breath away.

29:07 Like, I mean, you were like, oh, you don't wanna install from this other install source rather than from like main source on python.org or whatever I was talking about the other day, right?

29:18 I'm like, I'm building from source at this point.

29:19 This is driving me crazy.

29:20 Well, PHP didn't wanna use GitHub.

29:23 They wanted to have their own like sort of GitHub-like thing with their own authentication and all that kind of stuff.

29:28 Well, somebody broke into that and literally put a backdoor into PHP itself.

29:33 Think about that.

29:35 79% of the websites in the world run on PHP and the runtime itself had a backdoor in it.

29:42 - Just for a little while, but yeah.

29:44 - Yeah, I mean, just for a little while.

29:45 Like, so there's, we can even cut a little bit of a diff here in this Ars Technica article I'm linking to, like, excuse me, what does this line do?

29:54 This line executes PHP code from within the user agent if the string, if the user agent includes zero DM.

30:02 So you just put your user, you just put the hack you wanna run in your user agent and do a request to the server and off it goes.

30:08 - That's nuts.

30:09 - That's not good.

30:10 So thankfully that's not Python.

30:12 And then this one, this one was you, Michaela, right?

30:15 - Yeah.

30:16 It's the last day. - Yeah, tell us about this last day.

30:18 - It's the last day of the March membership drive for the PSF.

30:23 I mean, they said that you can be a member any time of the year, but it's the last day for their 2000 goal member for March.

30:33 - Yeah, super cool.

30:35 Hopefully they're doing well over here.

30:37 Yeah, see?

30:38 Yeah, so people, please be part of that if you want to be great to support them that way.

30:44 All right.

30:45 - And I got to say, Michael, thanks for bringing up Flint.

30:48 I was actually forgot about that and I need it.

30:50 And for anybody- - I love Flint.

30:51 - F-L-Y-N-T, love it.

30:53 - Yes, Y-N-T, I was Googling it for a while until I found it, nice.

30:57 - Yeah, I've turned that loose on some, most of the Python code I have to live with and any frequency I have to go back to, it's like, just find all the strings and make them F-strings, then I'll go look at it.

31:06 Lovely, I love it.

31:07 - Okay.

31:08 - All right, speaking of love and stuff, how about a joke?

31:09 - I'd love one.

31:10 - All right, so this one comes not to us, but was found, and Ricardo Ferreria put this out on Twitter.

31:18 So I thought this would be fun.

31:19 Like we've talked about comments before, we've even had those jokes where it's like all about the comments, right?

31:23 It's all the crazy things people put in their comments, like, you know, hash, I really need to find a better job type of comments.

31:30 So this one is more visual.

31:31 I know some people are more visual and commenting what they're doing.

31:34 So, Brian, this is like a, like a smart speaker or like a, like a, some kind of conference phone and on the phone, it's got some buttons and they have little icons, like a mute microphone, like a phone number one to like, maybe they place the call up down volumes have like louder volume, less loud volume.

31:51 Maybe describe the comments for our listeners.

31:53 Well, there's dashed lines to go to each button with like a manual or something, right?

31:58 With it, with like the, the same icon that's on the device just next to it.

32:04 Just, yeah, exactly.

32:06 This is like just the, the, you know, slash slash or hash or whatever of the, you know, logger logger equals new logger was the comment, you know, hash - Yeah.

32:16 - This is the same, but for documenting the user interface.

32:21 - Yeah, that's definitely like the, you know, string user comment, the user.

32:26 - Exactly.

32:27 - Things like that.

32:28 - Exactly.

32:29 Beautiful.

32:30 - Nice.

32:30 - Yeah.

32:31 - Well, super fun to be us about Python again with you this week.

32:34 - As always.

32:35 - Thanks, Michaela, for joining us.

32:36 - Thanks, Brian and Michael.

32:38 - Yeah, it was really great to have you here.

32:39 Thanks for coming.

32:41 Good to see you. - Lots of fun.

32:41 - As always, Brian.

32:42 - Bye.

32:43 - Bye. - Bye, guys.

32:44 - Thank you for listening to Python Bytes.

32:45 Follow the show on Twitter via @pythonbytes, that's Python Bytes as in B-Y-T-E-S.

32:51 And get the full show notes at pythonbytes.fm.

32:54 If you have a news item you want featured, just visit pythonbytes.fm and send it our way.

32:59 We're always on the lookout for sharing something cool.

33:01 On behalf of myself and Brian Auchin, this is Michael Kennedy.

33:04 Thank you for listening and sharing this podcast with your friends and colleagues.

Back to show page