Brought to you by Michael and Brian - take a Talk Python course or get Brian's pytest book


Transcript #228: Supreme Court decides API copyright battle

Return to episode page view on github
Recorded on Wednesday, Apr 7, 2021.

00:00 - Hello and welcome to Python Bytes where we deliver Python news and headlines directly to your earbuds.

00:05 This is episode 228, recorded April 7th, 2021.

00:09 I'm Michael Kennedy.

00:10 - And I'm Brian Aitken.

00:12 - And I'm Guy Royce.

00:13 - Hey Guy, welcome.

00:14 Special guest Guy Royce here to be part of the show this week.

00:18 - Thanks for having me.

00:19 - It's exciting.

00:19 - I know that's what they all say, right?

00:21 (laughing)

00:22 - It's great to have you here though.

00:24 You know, we met on a panel at the Python web conference And we recently had Calvin Hendricks Parker here from, who was organizing that as well.

00:33 So, you know, a little bit, a little more Python web conference going on.

00:36 - Yeah, it was a good event.

00:38 - Absolutely.

00:39 You want to tell folks a bit about yourself before we jump into the topics?

00:42 - Yeah, sure.

00:42 You can see my name right here on the screen, but for those listening to the podcast, my name's Guy.

00:47 Yes, it's my real name.

00:48 I sometimes get asked if it's short for something.

00:51 It's not in fact short for Guy Thalamu.

00:54 It's actually just my name, Guy.

00:56 I work for Redis Labs, I'm a developer advocate there.

00:59 And I've been doing developer relations type of work for, you know, I've been paid to do it for about five years, been doing it unpaid, as an unpaid just fan of doing community things for about 10 years on top of that.

01:12 So a lot of different tech stacks.

01:14 I'm not really a Python person by trade.

01:17 I tend to spend more time in the vile, vile JavaScript space but I know a little--

01:23 - The other very popular language these days.

01:25 - It is, but I know a lot of different things.

01:29 I'm a bit of a generalist, so I do Python as well.

01:31 - How do you enjoy being a developer evangelist?

01:34 It seems like a really fun job.

01:35 - It's, well, I like to joke that the best thing about being a developer advocate is that it lets me monetize my narcissism.

01:41 But the reality of it is, I mean, it's actually a lot more work than you would think.

01:48 It is fun, but there's a lot of challenge there.

01:52 You know, I spend a lot of my time making content, advocating with the product group for, you know, the ways that we should change Redis and our clients and that kind of stuff.

02:00 And also going out and speaking at events.

02:03 This obviously has been a very weird year for that.

02:06 - Yeah, it has.

02:07 - But you know, that's a lot to balance.

02:10 It's actually kind of a lot of hats to wear.

02:12 And there's a degree where we're being a generalist is very useful.

02:15 Like today I'm spending a lot of time working on a .NET course, helping someone out with that because I've got some .NET experience.

02:22 but then I'm doing stuff in JavaScript and then, oh, let's look at graph databases.

02:27 I'm just looking at different things all the time.

02:28 - And you got dragged to this Python podcast as well.

02:31 - Yeah, and then someone thinks I know Python and put me on this podcast.

02:34 - Hey, you got a couple of good items to talk about.

02:35 I think that'd be good.

02:36 (Brian laughs)

02:37 All right, well, cool.

02:39 Welcome, Brian.

02:40 You wanna kick us off here?

02:41 - I can't believe it's already March, April.

02:43 I was gonna say it's already March, it's April.

02:44 - You were saying it's almost March and it's actually blown out, so.

02:46 - Yeah, yeah, yeah.

02:47 (Brian laughs)

02:48 So here's an article called how to make awesome Python package, how to make an awesome Python package in 2021.

02:56 And this is, I really love this article because it's kind of my workflow.

03:01 I've just never written it down.

03:03 And so I'm really grateful for Anton for writing it down.

03:07 I'm also grateful to John Mitchell on Twitter to post that so that I could see it.

03:12 So it's great, I really love it.

03:14 Anyway, well, so what is this?

03:16 It isn't about how to make an awesome package.

03:19 It's all of the extra stuff.

03:20 the workflow. So he starts and he starts just like at the basics, just stubbing a package.

03:26 And I really actually really like that this is this is where you start. So the start was in using just grabbing a directory and stubbing it out and then having an a dunder init file and a an initial file that just does like has one function you can call just so that it's something there. And it actually throws a not implemented yet exception, which is, that's a great thing to throw, right? And then, pardon the birds. Anyway. >> Brian's recording from Hawaii. He didn't like the forest. So it's fine. >> Yeah, he's got a virtual background to make it look more mundane. >> More tropical birds. Yeah, yeah. So then using flit to package it up, and then go ahead and publish, not publish for real, publish to the test PyPI repository, which I love this workflow of if you're going to plan on sharing something, just go ahead and do this right away.

04:23 The one thing missing there is go ahead and check the real PyPI to make sure your project name isn't taken already, or else the test might work, but your real one won't.

04:34 So adding that in is a good step.

04:36 But then I'm blown away at some of the Python packages that are still available, like secure, right? I mean, that's not available now. But there was a thing that got got to just call it call itself secure. Like a couple years ago. How is that still a thing? Right? Oh, my God. Yeah.

04:50 So one of the one of the tricks with doing the test pipe, you know, though, is getting your is getting the pipe IRC. Correct. So it talks about how to do that. And then publishing using split publish.

05:05 And then adding more detail, like now you actually have to implement it. So an implementation of something and then push to the real repository. And then everything else is like extras. Then he lists them as appendices almost, like adding a readme and a changelog. And then linters and testing. You should maybe test earlier than this. But setting up talks and make files and cloud building and the whole gamut. So this is a really great comprehensive article. And you can, what I like is you can start at the beginning and if you're not even publishing publicly, if you're just publishing in-house, this still makes sense up to a certain point. So this is great.

05:49 Yeah, it looks like really good advice. I love having a well-structured projects where, you know, if I have a problem or there's something I want to do, I know right where to go. I don't need to go through all the coders. Like here's the 50 lines of code that could possibly be about this.

06:01 Let me go find it and get started.

06:03 Guy, what do you think?

06:04 - Yeah.

06:05 I like that it's an awesome Python package and it's not about the contents, it's about the stuff around it.

06:11 Right, this is the kind of stuff that is just, noobs need this, right?

06:15 - Yeah.

06:15 - It's just, these are exactly the sorts of resources I like to find.

06:19 It's the, here's the canonical way to do this thing well.

06:21 - Right, and a lot of times the tutorials are like, well, create the one file and that's what you do.

06:26 And then off you go.

06:26 And I feel like that kind of leads people down the wrong path a lot of times.

06:29 So yeah, love it.

06:31 All right, well, I think I got the next one here, Brian.

06:34 - Okay.

06:35 - KubeStriker, as in Kubernetes.

06:38 So this is a security tool for anyone who is running or being a tenant on a Kubernetes cluster.

06:45 So it's really fast way to audit an existing Kubernetes clusters for best practices.

06:51 And like all beautiful repositories, it has an animated GIF, so you don't have to read anything.

06:56 You just watch it for a little like, oh, this is what it does.

06:58 That's kind of cool.

06:59 Maybe I'll use this.

07:00 - Yes, we love that.

07:01 - For those who are listening, there's an animated GIF on the screen right now.

07:04 - That's right, absolutely.

07:06 - You should totally see it, it's amazing.

07:08 - Yeah, guy, I mean, sometimes we cover, there'll be like UI frameworks, like, oh, we built this whole UI framework where you do this thing, and there's like no screenshot or no way to see what it looks like.

07:16 You're like, well, if it's about the UI, we should probably see some pictures.

07:19 So Brian and I are always on a bit of a kick about this.

07:22 - Yeah.

07:23 - Yeah, so it performs a bunch of in-depth analysis self-hosted Kubernetes on Amazon EKS, Azure EKS, I suspect pretty much you name it, the EKS.

07:32 It'll do it.

07:33 Let's see if I can find where it talks about the things that it does.

07:37 Yeah, so it scans your infrastructure, like I said.

07:41 It checks for various services and open ports, tells you if they should or shouldn't be open.

07:48 It looks for insecure things or read-write, or you can even set it up to be read-only and it can check, you know, give it like lower permissions and it'll still do that.

07:56 It'll look for misconfigured IAM settings, identity from Azure, sorry, AWS, misconfigured containers, pod security policies, network policies, and extra privileges, all that kind of stuff.

08:08 So running containers is pretty easy.

08:11 Running containers in Kubernetes is pretty easy.

08:14 Running a Kubernetes cluster, not easy.

08:17 There's a lot going on if you're the one running the Kubernetes cluster.

08:20 And so here's a really nice tool that you just point at your cluster and say, "How am I doing?" I give it a quick check to see if anything's wrong.

08:27 - Yeah.

08:28 - Yeah.

08:29 - This is exciting.

08:29 - Yeah, thanks.

08:30 You guys, a guy, you do anything with Kubernetes or Docker, things like that?

08:34 - I do basic developer things that developers tend to do with Docker.

08:38 Containerization isn't necessarily my jam.

08:40 I mean, you know, I certainly will spin up a Redis instance, for example, using Docker or something like that, because that's super convenient.

08:47 But beyond using some basic Docker compose, I don't do much of anything.

08:51 - Yeah, same here.

08:52 I feel like every time I start to work with it, I go, this is really neat, but it feels like I'm just moving code complexity to DevOps complexity and I'm better at code than I'm at DevOps.

09:01 So let me not do that.

09:02 >> You got to write it down somewhere, right?

09:04 >> Yeah.

09:05 >> At the end of the day.

09:07 >> Exactly, exactly.

09:08 All right.

09:09 So, Guy, you got this next one here.

09:10 This is something I'm pretty excited about.

09:12 I'm a big fan of the possibility of WebAssembly.

09:15 Sounds like you are as well.

09:18 >> Yeah, I'm an enormous fan of WebAssembly.

09:19 And I mean, there's a couple reasons for that.

09:22 Some of it is that it kind of reminds me of the early days, like in the '80s when I was learning programming, I got into 6502 assembly language.

09:30 So that low-level, machine-level coding has got a nostalgic joy to it.

09:37 And so WebAssembly has drawn me in.

09:40 If you don't know much about WebAssembly, just to put context around it, WebAssembly is bytecode for the browser.

09:45 That's where it started.

09:46 The idea is you can take some code, write it in C or Rust or some higher-level compiled and then you get a bunch of byte code, a binary file that can be downloaded and run from the browser.

09:56 So that's WebAssembly in 30 seconds.

09:58 - Yeah, people have done really crazy stuff with things like asm.js, where they're like, oh, let's take some code and send it over to some fancy JavaScript that then we'll compile it in Java.

10:08 And there's just all this wild stuff that you can do.

10:10 And it's really, really impressive.

10:12 But this is like, you know, if you're gonna do that, let's make this an actual thing that's actually expected to be this runtime, with this low level runtime.

10:21 Yeah, it's cool.

10:22 - Well, and it turns out it's actually a lot more performant too.

10:24 I mean, I've seen benchmarks say as much as 20% faster all the way up to 20 times faster, but regardless, they always say faster, which is good.

10:33 - And smaller probably, coming down as binary bits and probably loads faster, doesn't have to jet it when it gets there.

10:38 - Well, and it's just another file that could be served from the file server, so, or from the web server.

10:43 So it can be cached and all the other things that you would do with any web content.

10:46 So lots of advantages and optimizations to be had.

10:49 - Right, so what's this thing that you're telling us?

10:51 - So WasmTime, it says, "Hey, we built this bytecode for the browser." WasmTime said, "You know, what if we put the bytecode "wherever we want it?" And so in much the way that Node brought JavaScript to the server side, WasmTime brings WebAssembly to the server side by adding I/O capabilities and by adding a command line tool that can run it, by adding run times that you can load up in other languages.

11:19 So Wasm time, it's simplest just as you've got a WebAssembly module and you say Wasm time space in that module on the command line, and it just runs it and does whatever it does.

11:29 - Fantastic, and there's different languages supported, right?

11:32 - Right, so, and this isn't language support from a take that language and compile it to WebAssembly.

11:37 This is take WebAssembly modules and run it in those environments.

11:40 So in Rust, Python, Go, .NET, and in C, although it's not listed here on the screen, there are run times that you can load up, load a WebAssembly module from whatever, read it from the file system, read it out of whatever, right?

11:55 And instantiate that WebAssembly module and run it.

11:57 And so--

11:58 - Yeah, so if I found like a cool library, it happened to be written in Rust, and it has a WebAssembly version, I could then use that in Python.

12:06 - Absolutely.

12:07 - Without much effort.

12:08 - I've actually done WebAssembly text format, which is the assembly language to go with WebAssembly.

12:14 I've used that to compile simple modules and just like add numbers and stuff like that.

12:18 And then loaded that up from Python code and I actually even run it inside of Redis.

12:23 But yeah, so now all of a sudden it brings that those compiled chunks of code that are really just data.

12:30 You can hand them around any way you want and bring them into all these different platforms.

12:35 That's pretty cool.

12:36 - Yeah, this is really neat.

12:37 Brian, what do you think?

12:39 - Just the intermediate part to where you can have a group of people, like, even if it's not some third party package, it's just within one company that can write in whatever language they want to write in, and then have an intermediate language that you can, you can glue it all together down the pipeline.

12:58 I think that just makes people more efficient.

13:00 I'd like to see that, that sort of take off.

13:01 I think it's a neat, neat place to go.

13:03 - Yeah, Guy, could I use this to say, if I had like a .NET library, a Go library, and a Rust library, and I was writing in Python, could I bring those all together to interoperate with this thing?

13:13 In theory, I mean, there's a lot of work involved to do that.

13:17 And there are limitations.

13:19 Out of the box WebAssembly, just like out of the box JavaScript, didn't have any kind of I/O, because you don't need I/O in a browser.

13:27 You have fetch, right?

13:29 That's all the I/O you get.

13:30 WebAssembly is the same way, but WasmTime supports the WASI standard.

13:37 All these things start with W, they're actually kind of hard to say.

13:40 And what I see is the WebAssembly systems interface, which gives you a file IO and will eventually give us network IO.

13:50 Right now it will support reading and writing sockets, but it won't support opening a socket, which is tantalizingly frustrating.

13:57 That extra ability, though, that actually kind of scares me a little bit.

14:01 I'm concerned about the security part, since you're grabbing some binary blob, or it's a WebAssembly blob, it's still not human readable.

14:10 So how do I know it's not going to be a virus or something like that?

14:14 Yeah, that's actually a totally legitimate concern.

14:17 It honestly echoes the same concerns that we had with Node.js when it first came out. It's like, because in the browser, it's all nice and neat and sandboxed, right?

14:27 And as soon as JavaScript escaped the browser and got under your server side, everyone's like, "Well, but we can pull JavaScript code and call you Val on it from anywhere." Like, well, yeah, you could.

14:36 And so it's the same. I think we end up in the same situation where it's got the same caveats once we go there.

14:42 I guess the advice is don't run strange code.

14:47 Right. Yeah.

14:50 But these are particularly like a JavaScript, you can look at it and say, "Oh, I see what's going here." And I suppose if it's minified, that's not that easy. But with WebAssembly, it's actually just bytes. And it's even harder. It's even more opaque.

15:03 Yeah.

15:03 Yeah. There's so much stuff going on in the supply chain space now, right?

15:08 IPI, there was the PHP itself got a backdoor put into it, but luckily never got into any of their releases.

15:16 But yeah, I mean, it's a good concern, Brian, or a valid, certainly.

15:20 >> It is.

15:20 >> It's still cool.

15:21 >> Yeah, absolutely.

15:23 You know what else is cool, Brian?

15:24 >> What?

15:25 >> This episode is brought to you by you and me this time.

15:27 So all of the cool things we're doing, I want to tell people if they want to take some Python courses, they can check out talkpython.fm and just click on "Courses".

15:34 We've got a bunch of new ones and About to release a brand new free course that people will be able to check out as well.

15:41 Probably I'll be able to talk about that next time, but it's on the data science side and that'll be a lot of fun.

15:45 Then people want to test things, they should probably test it with pytest so they can check out your book as well.

15:51 >> Yeah, that'd be great.

15:52 >> You guys are the best sponsors.

15:54 >> Thanks.

15:56 >> Yeah. I can't wait to get back to conferences so I can get back to handing out stickers and stuff.

16:00 That was so fun.

16:01 >> That'd be great.

16:02 >> Yeah, I know. Imagine that with other people. So crazy.

16:05 Yeah, I hand them to myself, but you know.

16:08 I'm a risk of becoming agoraphobic at this point. Yeah, yeah, absolutely.

16:14 So I wanted to talk about something cool that Anthony shot put together so he I just saw about this. I think don't you use dependabot?

16:25 I oh yeah, my my Monday morning means go ahead and like close 20 PRS and about four of them are conflicting with dependabot.

16:34 where Dependabot was the other PR that also did the PR that I conflict with.

16:38 So, yeah, I've got this special relationship, but I'm still very glad to have it there because it's fantastic to know there's a security problem for this thing. Fix it now.

16:46 That's really good to know.

16:47 Yeah, so, okay, so I probably am a bad one to introduce the Dependabot side.

16:52 So this is, we're actually talking about Dependalotbot, but Dependabot, if people haven't heard it like the 90 times we've talked about it, - Yes.

17:01 - Tell me what it does, it goes out and checks to--

17:05 - So it looks at, it supports different languages.

17:07 The Python world, that means, if it sees a requirements.txt, or it sees like a pyproject.toml or whatever, it will look in there for pinned versions.

17:17 If they're not pinned, it will pin it to the current version and then submit that change to the requirements.txt as a PR.

17:24 - Yeah.

17:24 - If they are there and it sees there's a new version of that library, it will do a PR, and in the PR it'll say things like, here's the change log and all the commits since the last time you used this library.

17:35 Here's the release notes around this library.

17:37 Click this button to apply the new, you know, upgrade your pinning.

17:41 So, you know, requests equal equal something higher than it is currently automatically to your system.

17:47 So that's the job of Dependabot.

17:49 The thing, the complaint is that if I've got a requirements.txt file with 30 packages in it, and 10 of them change, I get 10 PRs instead of one PR with 10 changes.

18:02 Yeah, it's anyway. - Oh, okay.

18:03 - Yeah, and they conflict with each other 'cause they're all right by each other.

18:06 And as you accept them, they start to get merge requests, you gotta, or merge conflicts, you gotta resolve.

18:12 And anyway, that's this deal, but that's what it does.

18:15 - So this depend a lot bot is a bot that looks at all of this and decides, and you create a list to say, some of my dependencies can be automatically figured out.

18:28 And then like say talks, so you're not, you're using talks, but you're not really using it.

18:34 You're using it to test and stuff.

18:36 You're not using it for everything.

18:37 So like, that's an example and the depend a lot bot makes sure that the PR request from dependent bot, if it passes the tests, it goes ahead and merges it.

18:51 So that's really all it does.

18:53 And I think that's cool to just, because that's what I would do.

18:56 If I got one of those PR requests, I would make sure it all works fine.

18:59 And then probably in some of them, I would probably just push through if I trust the where it comes from and stuff.

19:05 - Yeah, exactly.

19:06 It's a well-known package.

19:07 The chances are it's gonna be fine, right?

19:09 Like Bodo from AWS, there's fine to take it.

19:13 - Yeah, and especially the tools around your project or you're only using a little part of something.

19:18 As long as your tests pass, it's probably gonna be fine.

19:21 Things like updating Django, you may wanna have some more manual procedures for that, but something, some minor thing, like I'm only using a fraction of a package, go ahead and update it and see if the test pass.

19:35 - Yeah, exactly.

19:36 I totally agree.

19:37 Guy, if OneSpace has more dependencies than Python, it's gotta be JavaScript.

19:41 - (laughs) Ain't that the truth?

19:43 Yeah.

19:45 You know, my interaction would depend about, the vast majority of my repos online sample codes to go with talks and videos and that kind of stuff. And I always get Dependabot notifications for, "Hey, this project that you did a year and a half ago that you forgot about." That tends to be my interaction with Dependabot. I could see how something like this would be very useful. I don't know that, I don't know, it might be something I could use to just, I have to think about those old packages anymore. It seems like this could be really helpful.

20:11 Yeah, exactly.

20:11 I do like that the guy's, the developer's name is Tony Bologna. That's a fantastic username, by the way.

20:18 Yeah, he's he's been on the show. He's a great friend of the show.

20:21 Yeah, it's a good.

20:21 I don't I've I've never met him. I just think that's really funny. Kudos.

20:25 Yeah, this is really cool. I want to check this. I definitely think I'm putting this but this I'll probably do it like, for example, things like talks and pytest and my testing tools and the linters and stuff like that.

20:37 I definitely want to just update those like and try. And if it doesn't, if I'm always going to to update those if there's a new one and everything passes.

20:48 >> Yeah. Just roll it back, it doesn't work.

20:50 Yeah, and tangentially related, Dean out there says he can't seem to be able to pip install -e.bracket extra, but then he quickly posted his own little fix that, "Oh, in Z shell, you got to escape the brackets." Anyone else that is trying to do that?

21:04 That's great. But yeah, well done on this, Tony, Anthony.

21:08 This could be a dream.

21:11 If this works the way I see it working, I will be so happy.

21:15 My Mondays won't be like, well, here's the next hour emerging PRS and resolving its own self-complex.

21:20 So I'm excited.

21:21 Very cool.

21:22 All right.

21:22 Well, what is the next one?

21:24 I want to take us a little bit, like take a step back just a little bit.

21:28 From low level tech and talk about the Supreme court of the United States.

21:33 Brian.

21:33 I'm I want to talk about this too.

21:35 I also want to take you back to the early two thousands.

21:38 I mean, this is like early days in my programming career, honestly, but here Here we are with a ruling about something that happened in the early 2000s.

21:46 And what it is, is that way, way back, Sun created Java, Google, where they created, I actually, whoever created Android, I think before Google bought them, created Android and said, you know what would be cool is if we could program this with Java and use the API of Java.

22:03 So the common way, so like write files and open sockets, all that kind of stuff.

22:07 which may get exactly what the Java runtime libraries do, but they did not actually take Java.

22:15 They actually re-implemented it from scratch.

22:17 So none of the runtime details had anything to do with Java, but the API, the way you talk to it, looked just like the Java base class library, data library.

22:26 So Oracle buys Java.

22:28 Oracle thinks, "That's not super cool.

22:30 "We want part of that action." Sues Google for copyright infringement by using the Java APIs.

22:37 So then this throws a huge uncertainty into the space of basically all these libraries, right?

22:44 What if I want to create a new web framework and the way it works is a little bit like Flask but it turns out that Flask copyrighted, you know, the way it uses decorators, you know, app.route or whatever, and then I get sued.

22:56 That seems, I don't know, that seems weird, right?

22:58 Yeah.

22:59 So does this mean that...

23:00 Yeah, go ahead, Guy.

23:01 So does this mean that this ruling mean that you can't copyright an interface in essence?

23:06 - Yes, well, the ruling's interesting because it didn't actually address the copyright ability of APIs.

23:13 They said potentially they still could be copyrighted, but the use of the API as I described it in the beginning of like, this is the way you talk to it, not the implementation, but the way you speak to the thing, they said that that is fair use.

23:28 So when things are copyrighted, you're allowed to speak about them in limited ways.

23:32 You're not allowed to take a movie and publish it, but you're allowed to take a scene of it and analyze it and maybe have that soundtrack, that 30 second soundtrack or something like that.

23:42 Right, so that'd be fair use.

23:43 And so they said the way in which they're using APIs is like fair use.

23:47 And they talked about the knowledge, having a thing, you might copyright the thing, but having knowledge how to operate the thing that you can't copyright.

23:56 So like knowing how to drive a car, you can't copyright that.

23:59 And so having the API without the implementation is kind of like the knowledge of how to operate the thing that the API goes to, but the API itself is fair use, which is pretty interesting.

24:10 So I guess just to sort of put the bow on it is the Supreme Court ruled that Oracle suit is dismissed.

24:17 They cannot sue Google and it stopped actually a huge wave of lawsuits that would have followed around all sorts of different things for all different sorts of people.

24:27 So I think I'm happy with this.

24:29 - I think I am too, actually.

24:31 I mean, if I were to sum up everything I just heard, what I heard is reverse engineering is fair use.

24:36 - Yes, that sounds about right.

24:38 - So for example, - It feels like the Twitter version of this ruling.

24:41 - Yeah.

24:42 You know, the example that came to mind for me, and this is the thing, this exact example that was in the lawsuit, it seems really clear to me that it shouldn't really, I don't think that should be a thing.

24:53 But on the other hand, you know, AWS was hosting, like reselling the open source free version of MongoDB as a service without paying any money to the MongoDB folks who actually created and maintained it, they changed their license. And so what AWS did was kept the API for MongoDB identical, but re-implemented the database server in their own version.

25:17 I feel like that's a real interesting example. That's a little more close to the edge.

25:20 It's like, well, here's an open source project that built something neat.

25:23 Here's somebody who was literally running it and taking profits off of it exactly.

25:28 And then they sort of changed it to this mode.

25:31 And now it's okay.

25:32 And I think it probably is okay.

25:34 Although I feel like Redis could get itself into the same situation, probably, unless the license already explicitly says that you can't do that.

25:43 - The only licenses we have that specifically explicit that are the ones for the modules, which extend it, extend Redis.

25:52 Redis itself is open source.

25:53 And so, and Amazon does have an implementation of Redis that they sell.

25:58 Okay, yeah.

25:59 Tal out there in the live stream says, you know, another example would be AWS could sue all the other places like Linode and DigitalOcean and stuff that offer S3 compatible storage.

26:12 That's such a good point.

26:13 Yeah, right? Like they both, both Linode and DigitalOcean have something that's like, like S3.

26:20 And you literally can talk to it with a Boto3 API because it on the surface it is S3.

26:25 And so there's another example of something that is spared being destroyed.

26:29 Yeah, in the courts.

26:31 I hope this holds up. I really want APIs to be something that you can't copyright.

26:37 I think this is it. I think this is it.

26:39 I mean, this it actually Google won and then it was overturned by a higher court and then Google won again.

26:46 Then it was overturned by a higher court and it like literally worked its way all the way to the Supreme Court.

26:50 and then this is it. And the Supreme Court operates so much on prior rulings and precedent and stuff that it's very unlikely that it could be changed at this point.

27:01 And the entire story of Java is just riddled with these gross lawsuits. And I just have to shake my head about it. It really would be nice if it had a nicer history. I think people would be trashing Java a lot less at this point.

27:19 Yeah we come up with other reasons it wouldn't be a problem. Ben Thompson from Strategory had a really interesting analysis taking apart what the Supreme Court said one of the things they focused on was the the meaning and the essence of copyrights like the reason to have copyrights is so that somebody might invest 10 years in something that could easily be copied copied but doesn't yet exist and sort of drive innovation and they talked a lot about the Supreme Court talked about.

27:46 does this application of copyright actually benefit or restrict innovation?

27:51 And it was interesting that they were actually thinking of those terms, not just like, well, what is the legal definition of copyright?

27:56 But they're like, this would be very harmful to so many people if it went the other way.

28:00 And so we got to consider that as well.

28:02 And let's see, Dean says, so Java lost this close case, I guess the case is now public static void.

28:09 It's final.

28:11 Yeah.

28:14 Exactly, exactly.

28:17 Cool. All right.

28:17 >> Apparently we don't have a Supreme Court factory.

28:19 So, you know.

28:20 >> Yeah. We got an iSupremeCourt and the Supreme Court factory generates iSupremeCourt implementations.

28:27 >> We got a Supreme Court factory manager.

28:29 >> Yeah.

28:29 >> Oh, gosh.

28:30 Yeah. That's, no, I don't know.

28:33 That's going a bit down, too far, too far down.

28:36 >> It's a bridge too far, isn't it?

28:38 >> It definitely is.

28:39 It definitely is. All right.

28:41 Guy, you got the last one here.

28:43 I'm not sure I pulled it up.

28:44 Let me make sure I got it pulled up here.

28:47 Here we go.

28:47 Yeah, so you already talked about how you work for Redis.

28:51 And machine learning is absolutely front and center in the Python world.

28:56 And you guys are doing some interesting stuff there.

28:57 You want to tell us about it?

28:58 - Yeah, so I sort of mentioned this earlier, but it's kind of a good segue is Redis has modules, which are, you know, things you can use.

29:07 They're like plugins to extend what Redis can do.

29:08 So you can, there's like a module that's a graph database.

29:10 And so now, boom, we got some new types and some new functionality.

29:14 We can do graph databases or time series or whatever.

29:17 And one of the modules that's Redis Lab, and this is part of Redis, it's standard.

29:22 Anyone can create a module.

29:24 There are lots of open source ones out there.

29:26 Redis Labs has a few that we've created.

29:28 One of those is Redis AI.

29:30 And Redis AI turns Redis into a model server.

29:34 So the idea is that I can take the binary output of a model in whether it's TensorFlow or whether it's PyTorch or whether it's an ONNX model.

29:44 And for those who don't know what ONNX is, that's the Open Neural Network Exchange, which is a standard Microsoft put together for models.

29:51 So it's sort of like a universal model standard.

29:54 And just like in XKCD, it's like, there's too many standards, we need a new one to bring these all together.

30:01 ONNX has created yet another standard.

30:03 - Yeah, exactly.

30:05 - This is what always happens, right?

30:07 But Redis supports those three model types.

30:09 So you can take an ONNX model, for example, and load it into Redis, and then you can use Redis commands to execute that model.

30:15 And so it provides a nice little abstraction. And the thing that's cool here, I think, is that normally if you want to bring AI into your application as a developer, you got the data science team, they build, they do their thing, they build their models, and you get these binary files out, and then you need to bring them into your application some way.

30:33 And there's a few ways to do that, right? You can just wrap it up in a, you could containerize it and make a little flask app around it, which is a really common solution.

30:42 There are other model servers.

30:44 You can just put it right in your application, but then you have to use Python, which is not a terrible problem.

30:50 It can sometimes be a problem.

30:52 >> If you're not using Python, you might see it as a, "Wait a minute, this is going to be a big change." >> And so the thing that gets me excited about Redis AI, which is kind of not the thing that gets my bosses excited, but it's the thing that gets me excited, is that because we support ONNX, the data science team can build their model convert it to ONNX and they sort of have a universal standard.

31:09 So they can pick whatever tech stack they want, as long as they can spit out an ONNX model.

31:13 And then Redis, being Redis, it's got a client for every language under the sun.

31:18 So if you're using Haskell, for example, you know, there's a Redis client for, I don't know that there's a Redis client for Haskell, but I would assume there is.

31:26 It's odds are there is.

31:28 Then you can get to that model from whatever language you're at, regardless of what that data science, you know, how amenable to data science tooling that platform is. And so it creates a nice architectural layer of abstraction. And so that's actually what I think is kind of cool about Redis AI. It just provides that, that abstraction that makes the developers and the data science folks both not have to, well, speak the same language in a lot of ways.

31:53 Yeah, that's really neat. And it sounds to me a lot like what HTTP APIs did previously, right?

31:59 Yeah.

31:59 And if you wanted to talk to something instead of directly, you know, plugging in that library or exchanging some binary data, you like, alright, everybody's going to just agree on JSON.

32:09 Why didn't they agree on dates? But come on, other than that, it's working out just fine.

32:13 We're just going to exchange this and, and that'll be the way we can talk to it. And nobody worries about what language you're using to consume the API. It's like, that's your problem. Hopefully, your language has a nice way to do that. Yeah, it's, it's a similar thing. The other thing it does, which I think is kind of interesting, is that it introduces a new data type. So the models as inputs and outputs take tensors.

32:34 You can put a couple of tensors as input to your model or one or however many you need.

32:37 And then your output will be whatever tensors make sense.

32:40 And a tensor is just a, you know, I don't know, I think the word tensor is, I'm going to say pretentious.

32:46 I'm probably going to anger a lot of people by saying that.

32:50 Because really what a tensor is in practical terms is just a multi-dimensional array.

32:56 You got a tensor that's got a particular shape.

32:59 It's just like, well, this is an array that's 10 by 5 by 3.

33:02 - and it's made up of ints. - That's it?

33:04 And that's all a tensor is.

33:06 And so it sounds all mystical, but it's really just a multidimensional array that's being handed in.

33:10 But because tensors tend to be the things that are put into and taken out of machine learning models, Redis AI has a tensor data type.

33:18 And so you could use that capability in Redis as well.

33:21 If you needed to store multidimensional arrays in Redis, you've got a type that does that now.

33:25 And so even if you didn't care about the data science, the predictive capabilities, the model hosting, that's the word I'm looking for in Redis AI.

33:33 You can still use the tensors for various data storage uses.

33:37 >> Yeah. Okay. Interesting.

33:38 Yeah. So you hijack the data type as well.

33:41 >> Yeah.

33:41 >> This looks really interesting.

33:43 I think people should check it out if they're doing machine learning and sharing their models across different technologies or processes.

33:49 >> I'm obviously excited about it.

33:52 >> I'm excited because I use multidimensional arrays and now I can call myself a data scientist. That's right. Yeah, there you go.

33:59 Awesome. All right, quick follow up before we get to the extras and the joke.

34:06 I'm more of a mad data scientist. Yeah.

34:09 Yeah.

34:09 Student Army captain says, Sorry, I'm late. Doesn't depend upon optionally auto merge if CI passes. Yes, but you got to have CI running on that project. And so like if you've got a guy I have 30, 40 repositories that have courses.

34:26 I don't set up CI for the courses.

34:28 Like what does it even mean to have CI for the courses?

34:30 But I get Dependabot stuff all the time on that because it's checking the repository for the requirements file.

34:36 So sometimes you can get it to auto merge, but there's certainly circumstances where it doesn't.

34:42 If it would just put it in one PR, here's the 10 changes.

34:46 I put that actually as a issue on the Dependabot itself and people upvoted it.

34:50 comment like, yes, this please.

34:52 But apparently not yet.

34:54 Anyway, what Anthony's done is pretty excellent.

34:57 Hi, Brian.

34:57 That's it for all of our main items, right?

34:59 Unless I lost track.

35:00 - Yeah.

35:01 - Got any extras you wanna throw out there?

35:02 - I don't, I've just been working a lot.

35:05 How about you?

35:06 - I got extras.

35:06 I got plenty.

35:07 So recently did a cool episode over on Talk Python about diving into the Git, the .git folder, and like all the internals of what Git does there and what all those pieces mean.

35:16 If you wanna go in there and look and see how, basically understand how Git itself works and then all the storage stuff, like how they all come together.

35:23 And one of the things that got a nice shout out there is git for Windows at gitforwindows.org.

35:28 There's like a special version to install for Git.

35:31 I think this actually might've come from Chris Moffett even, some sort of follow-on conversation or something.

35:36 But wherever it came from, if you're doing Windows and you wanna install Git, this is kind of a cool way to do it as well if you're not doing something like Chocolatey.

35:43 - I use it every day and it's--

35:44 - Git for Windows?

35:45 - Yeah, it's a requirement, yeah.

35:47 - Nice, yeah, very cool.

35:49 JupyterLab 3 is released.

35:51 So this one comes to us from Alan Hansen and thanks for pointing this out.

35:56 It's a little bit old, couple months, but still very cool that JupyterLab 3 is out.

36:01 You can check it out and see all the new changes that come along, including a debugger.

36:06 A debugger, how about that?

36:07 Table of contents, multiple languages, all sorts of cool stuff.

36:11 So this looks like a major release.

36:12 And if people who love JupyterLab should check it out.

36:16 - Won't be too long until it's PyCharm.

36:18 (laughing)

36:19 - Yeah, that's right.

36:20 It's on its way.

36:21 And speaking of PyCharm, I've got some on that.

36:23 Brian Skin also did a follow up to, not the previous episode, maybe the one before that, where we were talking about like, you know, really, it's great that, I think this is when we had Sebastian Ramirez on and we were talking about Google becoming a visionary sponsor of Python, which is great.

36:41 And it's really cool that a couple of companies have done that.

36:43 But then we also pointed out that, you know, Bank of America has like insane amounts of stuff that they depend upon.

36:50 JP Morgan Chase, their core trading engine, some of it is all by like, some of these companies that make huge amounts of money and fundamentally depend upon Python itself, generally don't support Python.

37:02 I don't know the degree to which those two companies do, but you don't see them like at the top of those sponsorship lists.

37:08 And you know, like Google's with something like $300,000 a year.

37:11 Like that's the biggest corporate sponsor in the world.

37:14 Right, couldn't we do more?

37:15 So Brian Skin said, "Hey, I wrote a letter for people." And he shared it where it just said, "As a mere recipient, given the appreciable business value "that we derive from Python and its related scientific tool "in over the last few years, "at no direct cost to the company, "would there be room for Bracket Company "to contribute financially to the 501(c)(3) organizations "that support these tools?

37:40 "Here's a list, here's how." And basically it wrote like a template letter that you can send to your company decision makers to help encourage them to support Python and other open source projects.

37:51 - Yeah, this is great.

37:52 - So, well done, Brian, that was pretty cool.

37:54 All right, Django 3.2 long-term support releases out.

37:57 So if you're on a slow roll with Django, you're ready to roll on the new version.

38:03 So this is something you can safely adopt for the next three years and stay happy, but on a brand new version of Django, so check that out.

38:11 PyCharm, there you go, guy, I told you it would come out.

38:13 PyCharm 2021.1 is out and they've got some really cool stuff in here.

38:19 Really neat things, including the code with me stuff is now out.

38:23 So code with me is I fire up PyCharm or any of the IntelliJ based things.

38:29 And I say, Hey, I would like to say program with Brian.

38:31 Brian, can you help me work on the Python bytes website?

38:33 So I could send you a link and then we would both have like, like Google docs, but in PyCharm, like where we see each other typing, we can follow each other You can debug the code, but it's running on my machine, for example, even as voice call video call built into PyCharm alongside that.

38:47 Really? It's like a Skype client?

38:49 It actually looks like Skype. I couldn't be sure because I haven't tried it yet, but I looked at the UI that you get. It's like a little in a panel. It looks like an embedded Skype.

38:57 Interesting.

38:58 Yeah. Yeah. All right. Well, those are all the extra things for me as well.

39:02 as well. Well, I wanted to bring up so you reminded me of that the Google fund thing that when adding, you know, Google give a PSF a bunch of money. Well, what the PSF is doing with it is they're hiring a developer. So nice. I'll drop the link. So PSF is hiring a developer in residence to support to support CPython. So this is a good thing. Yeah, awesome.

39:25 It's really cool.

39:27 Ding Langsam also says PyCon IL is in a month.

39:32 So yeah, awesome.

39:34 Check that out.

39:35 And then he also asked about, what about the in-browser PyCharm, which we did cover, but that was in some kind of experimental phase.

39:41 I would definitely, if possible, recommend this code with me thing over that.

39:45 'Cause then you get the real PyCharm.

39:46 It just happens to be like this live exchange.

39:49 Where's the other one?

39:50 There's a lot of setup and whatnot.

39:51 And it had the, this is a private, Not necessarily private, but this isn't a beta.

39:56 Don't depend on it sort of way.

39:57 But this is officially this other thing is released.

39:59 Got anything else you want to throw out there for the world, for the listeners while you're here?

40:03 And nothing really comes to mind.

40:06 But thank you. Thanks for having me.

40:07 I see on our schedule we have a joke coming next.

40:10 Is that true?

40:11 We we do have a joke coming next.

40:12 And we actually have two, I believe.

40:14 I'm going to fire up mine first.

40:16 This one I have a joke as well.

40:17 If you don't mind, don't worry, it's safe.

40:19 Yeah, that was perfect.

40:21 All right. So Brian, you're a fan of him, right?

40:24 Yes, OK, so Anthony Shaw, same Anthony Shaw as the depend a lot, but we're just talking about wrote a little one liner that fits nicely in Twitter. Vim colon the original escape room.

40:37 That's an old joke.

40:39 I love it though. I love it. And of course you put it on April 1st 'cause you gotta do something funny then right? Yeah, and how about you got one here? Oh yeah, we just added it. So this this. This is awesome. So the the ancient software development stands for happiness.

40:56 (laughing)

40:58 - Nice.

41:02 Yeah, Dean also just wants to point out that IL is Israel, which I did think that was, but I wasn't 100% sure.

41:08 - I wasn't sure if that was Israel or Illinois.

41:11 - Yeah, yeah, Israel, perfect.

41:13 I would love to go there, but probably not traveling right now.

41:16 - I will get to go there eventually.

41:17 That's actually where Redis Labs is headquartered.

41:20 - Oh, is it?

41:21 Interesting, yeah.

41:21 I've had some really great vacations in Tel Aviv hanging on the beach that I can't wait to get back.

41:25 All right, Guy, how about you?

41:26 - I thought you were excited to go to Illinois.

41:29 - Yes, you know, Chicago would be nice maybe.

41:32 Yeah, nice place.

41:34 - I just can't wait to get to Peoria.

41:35 Yeah.

41:36 - Well, I've spent, actually I've spent a lot of time in Peoria, but I've probably hit my lifetime limit.

41:43 I don't need to go.

41:44 I wouldn't take a vacation there.

41:45 It's a nice place, but I wouldn't go travel to it.

41:48 - Yeah, yeah.

41:49 So my joke is, well, it's for you.

41:53 you all what's a what be a pirates favorite programming language.

41:57 I was favorite programming language.

41:59 See, you ruined it.

42:01 So the way it's supposed to go is I say, what would be a pirates favorite programming language? And you both in simultaneously go are right.

42:13 Are right. Because, oh, yeah.

42:16 And then the response for me is, is I you might think it'd be our I'm 80, but his first love be the C and man, the audience is calling out R should have looked down.

42:29 It's it works great live because, you know, you get an audience, they'll, they'll shout back the answer.

42:33 Yeah.

42:34 And because they just can't help themselves.

42:36 And then you, you surprise them with the, the twist.

42:39 Well, it was a trick question because ours is not a programming language.

42:42 Well, it's been nice talking to you, Brian.

42:49 [LAUGHTER]

42:53 It's not one I would want to work in, honestly.

42:56 I mean, I know it's popular, was popular in data science stack, but it's got one-based arrays.

43:02 I mean, that's right up there with VB6.

43:05 >> I've never even tried it.

43:07 I haven't made anybody mad today, so I needed to fill my quota.

43:12 >> It does have web clients and stuff like that.

43:14 You can build web servers.

43:15 It's a full-fledged language, But I've never done anything more than attend a one hour talk on the language.

43:21 Yeah.

43:21 Yeah.

43:22 I haven't either.

43:22 All right.

43:23 Well, guy, thanks so much for being here with us and Brian, as always, great to get on with you.

43:29 Good to talk.

43:29 Yeah.

43:30 Thanks for having me.

43:30 Yep.

43:31 Thanks.

43:31 Thanks everyone.

43:32 The live stream as well.

43:33 Bye all.

Back to show page