Brought to you by Michael and Brian - take a Talk Python course or get Brian's pytest book

Transcript #263: It’s time to stop using Python 3.6

Return to episode page view on github
Recorded on Wednesday, Dec 15, 2021.

00:00 Hello, and welcome to python bytes, where we deliver Python news and headlines directly to your earbuds. This is Episode 263, recorded December 15 2021. And I'm Brian Dawkins.

00:12 I'm Michael Kennedy. And I've always had value. Welcome lies.

00:15 Before we jump jump in, could you tell us who you are?

00:20 Absolutely. So first of all, thank you so much for having me. Thank you for the invite. And so my name is Les Scott value. And I'm a developer advocate for Quinn, sage. And I also do a little bit of voluntary work for Python, Ireland and a few other Python things around it. This fear, nice. Oh, that sounds

00:41 really fun. The the company work for I'm not familiar with it. What do you guys do there? It sounds a little bit like maybe quant finance, maybe some ml stuff? Yeah, so

00:51 we do everything. So quon site is a consultancy company. But we do so basically our CEO is one of the main guys behind NumPy. And yeah, basically do consultancy and everything you need.

01:10 Yeah. Sounds fun. Brian Eno whilst it's fun. What is from websites? Yeah, yeah. And if you think about websites, what, what web framework in Python is used more than Django, flask, maybe maybe flask, I think the right right on the boundary. But certainly Django is at the top. And I hear so many stories from people who say they got into Python, not because they love Python, but because they wanted to do Django. And I even had a guest recently described themselves as a Django developer, who learned Python, because they just wanted, they came for the Django and they stayed for Python, which is cool. So Django has been on a bit of a tear lately in terms of its speed. So I actually went back and looked, if you look at the release for Django, one that was in May 2010. I think it came out before them. But that's as far as the Release history goes back in dates. But so one point it was in 2010, seven years later, 2.0 came out in 2017. It seems like that just happened? Time's flying. And then in 2023, years after two was three, and then now we have Django 4.0. So it's going seven years, three years, one years. You know, who knows?

02:23 Should we get like five in March? Yeah, exactly.

02:26 Maybe, maybe, but it's, it's cool. Django four is out. It's not a super huge release in terms of what's covered. But some of the highlights over there include, I think I mentioned this that it was coming. But now it is here, the new Redis Cache back in. So there have been previously ways to plug in or use Redis as a cash back end inside of Django. But now it's just you just use Django as caching implementation. And you tell it by the way, here's the connection string to Redis. And that happens. So that's pretty cool, right? Yeah. Another thing that Django does for you is it will render forms and stuff based on various things like models and whatnot. And so they've changed how that works to ease customizations of forms and form sets and airless, they are now rendered using the template engine so you have more control over how forms and stuff look and some changes to do with the timezone as well. It's now using pythons timezone, so I guess it used a different one before, I never really paid that much attention to which timezone it used. But so with release a four 3.2 is now reached the end of mainstream support, which is interesting, analyze what you're going to talk about later, actually, this is relevant as well, right and know, the thing you're covering talks about Django and versions and upgrades, and so on. So that's it. Django, three, two is a Long Term Support release. So we'll receive security fixes until April 24. But there's no more features. Coming to three, two, all the new features and improvements and whatnot are going into four. Oh, so that's pretty cool. And let's see, we go over the release notes. It now supports only python three, eight to 310, which I think is pretty cool. That's interesting. Yeah, that's that's No, no messing around. Right? They're like, nope. We spent too long supporting to seven. We're not doing that anymore, right?

04:20 Yeah, I think most most frameworks are now supporting two anymore.

04:24 There's a lot still supporting three seven, though. So it's interesting, the three sevens out as well.

04:29 Yeah, well, they've got the 321 that still supports that if you want to kind of be on the slow burn, see what else? There's a few things. I'm going to go through it. I guess one more highlight maybe is you can create composite indexes really easily with the unique constraints. So you can have a uniqueness constraint that has the first name and the last name. So you could have the same first name, or the same last name as somebody in the database, but not the same first and last name. That's pretty interesting. They upgraded the password hash or to script I have no idea what the script password word hacker is, but it's more secure than the PB KDF. To hashing algorithm, you never want those to be too easy, because if you can brute force guess them, that's bad news. However, if you want to be using this better password hashing, you have to enable it, because it requires open SSL 1.1 or higher on the system. And they don't assume that you have that, right. So you've got to basically do some work to make that happen. And then there's a bunch of things about what was added what was deprecated. And again, sort of leaning ahead. There's some backwards, incompatible changes, things that are breaking changes. And there's also deprecation of some features that were not previously deprecated. So you want to be on top of that, as well. So Django four, yeah, we're gonna get five more and get Django five in March or something, I'm guessing. Right, right. Yeah, I think so.

05:53 Take a moment to just say thank you for the amazing documentation that Django has, like all over. It's so good, like, I'm a newbie. And every time I open, I don't really use Django that much. But every time I open the documentation, like sometimes I actually use their documentation to just check stuff about the web development, because it's just so so good. So thank you very much. mundaneness of Jayco recommendation, because it's really, really good.

06:19 Indeed, indeed, Sam Morley on the audience says, I'm always impressed by how much Jane Django managed to cram in each release, indeed. And Mark Pender says, howdy all from Ireland. Hello, Don. Cool, cool. All right, Brian, what do you got?

06:35 I got Python minifier. Actually, so this was, um, this was a suggestion from Lance Ryan Smith. So thanks, Lance for sending it up. But he also sent some reasons. My first reaction was, we don't need a minifier for Python, what's up? Everyone, this isn't Java or something. So but he he gave a couple reasons, the docs for minifier have have this this sort of convoluted reason, apparently AWS CloudFormation. I don't know any of the details of this. But AWS CloudFormation templates can have AWS lambda functions, source code embedded in them, but only if they're 4k or less. So a small amount of code. So that's one of the reasons why I wrote this package. Lance, the person centered in said, his reason for using it is Adafruit boards, which is a cool idea. I didn't think about that with with, like, you know, Adafruit boards or circuit Python, you, you've got less space to work with. So minifying, your code might be a good idea. That's pretty cool. decent idea. So what does this do? It's this this, like, there's an example on the page of just normal Python code. It's maybe not the best Python code, but normal ish. And then it replaces it with like, you know, replaces the variable names with A, B, C, things like that. Your some of your typical renaming things. So it has like a whole bunch of different techniques that it uses, I'm going to go to docs has a combines imports. So instead of on multiple lines, you just combine them all together, saves a little space, removes passes, which is interesting, it removes them to just assigns it to to zero. In a function. That's interesting. I didn't know you could do that. Hoist literals. That's an interesting thing. And that's just iffy if you've got a literal that's a bunch of different places. It just defines a variable and defines it at the top. Kind of interesting.

08:42 uses a lot of semicolons. That's wild.

08:44 Yeah. Remove annotations. So type annotations, you probably don't need at runtime for something like this. You can remove them local renaming a whole bunch of stuff to in, you know, renaming Global's and literals. And sometimes you like if it's an API, or if something else is using it, you don't want to rename the Global's? Because those are, those are the API. So you, you can turn any or all of this stuff off. I guess you wouldn't turn all of it off, because why would you use it, but you can turn off stuff that doesn't work. So I would suggest, if you're using minify, test your code, of course, and remove what you need. And I actually for something like a circuit Python and stuff like this, this might be an interesting idea. And I'm curious, let

09:31 me put out another idea about where it may be useful. Okay, go back to the example. So just that code sample you had? Yeah. So if you look at it, one of the things you often have to do, and I'm not suggesting this is really a good idea, but it could be applied this way. One of the things you have to do if you want to ship your Python code around to be used with places is to share your source code, right? And sure, you could send a P YC file, but it's basically the same thing, right? So what about If you go in here and run this, again, something that you want just a little bit more obfuscation, you don't want people poking around it. That definitely looks less easy to read to me. Yeah. I mean, it could go farther, right? It could rename, rename, like create certain, and whatnot. But maybe those are like standard library things. But certainly if you're trying to obfuscate your code as well, there could be some sort of use case there. Although it's not to property skated. So

10:25 yeah, seems like there was a Java thing. I don't even know if they do that anymore. obfuscators. But,

10:31 yeah, I don't know, I haven't been in that world for a long time, either. It might help.

10:35 Also, if you're playing golf, you know, coding golf. You know, just just write one of these.

10:42 Yeah, indeed.

10:43 What is coding goals?

10:44 sound sounds like a thing that blacks should have. Maybe?

10:49 That's a terrible idea.

10:50 Yeah, I don't know what coding golf is either. Really? Okay.

10:54 So you have like a cutting I

10:55 just started the driving range. I don't actually do any more things with golf. So I'm not.

11:00 Coding golf is like the lowest scores the best, right? And golf. So it's a coding challenges that you solve with the minimal characters. So minimal lines of code, minimal, minimal characters. And it's, uh, yeah, that's what cutting golf is.

11:17 So you just show the Zen of Python out of the window. And

11:21 it's not easy to read code. But okay. Got it.

11:28 Sounds fair. May the best man when the best person when sorry?

11:33 Indeed, yeah. Also, one of the things it does is that it doesn't advertise is it throws away all your spaces and replaces them with tabs. And,

11:43 Oh, interesting. Yeah, it does look very tab filled in the well, it makes

11:46 sense, you know, for for spaces versus one tab to the Forex reduction right there. So

11:51 yep. Ah, Sam says, Guys, you're, you're in for a treat code, golf Stack Exchange is fascinating.

12:00 I can only imagine.

12:04 Indeed. Alright. Well, your topic is up next, is the one I was alluding to earlier talking about Django and support for old things and so on.

12:13 Yes, yes, indeed, I think it's a waste for the tip as well. So then this is it's time to stop using Python 3.6. So in one week, and one day, Python is dropping support for Python 3.6. So there's not going to be any more releases after that. So basically, well, you should update by Don. If you are using Ubuntu, then you can say, well, I don't really have to update right now because well, we want to has longtime support. But he doesn't necessarily work like that. Because well, the Python Dev team is not going to support your Python 3.6 anymore, which basically, exactly, yeah,

13:06 that's what we were just talking about with Django Right? Like, just because you might be on an LTS version of Ubuntu that will still let you use three, six, well, you're gonna have to give up all the new libraries likes so long to Django 4.0, and probably fast API and other things, right.

13:20 Yes, exactly. So you have your dependencies that are going to need to be updated anyhow. So you should update. But then I have a question. So nobody here. I looked around when we were preparing the notes for the show. I looked around, and I tried to because I'm using 3.7. So I'm still okay. But I was looking, I wanted to try the tree 10 new stuff, because I listened to a few podcasts ago, and you're talking about the wonders of Python 310. And I was like, Okay, so let's update. But then I couldn't find the best way to update from three, seven, or let's say, three, six, to 310. I saw some people saying that it would be better to just update gradually. So go from 36373839. And then 310. Because you could fix the dependencies easier like that. But then some other people just say just go straight to the version you watch, and then just deal with the problems when you get there. Just rip the

14:19 band aid off. Yeah. Yeah,

14:21 I'm with Brian to go as far ahead as you can and then see if it works.

14:26 Alright, so just just go 310 straightaway. Okay.

14:30 Cool. That's what I would say. But the question is still open. How do you do that? Right. It depends, I think on what OS you're on. For example, on Ubuntu three nine is really about as far as you're gonna get without some jumping around. Like that's the latest python three that it'll give you on Mac. You'll have to so you got to install something, but you could download the installer from You could homebrew it. You could do other things. You could do pi envy like Brandon brainer. audiences just got started playing Wii, it makes this kind of thing trivial. True, except for I can't get it to work on my Mac, maybe it's an M one thing or an apple silicone thing, but it just won't install anything. So it's, it's not trivial for me. But when it works, you can just say pi, pi and V, give me three, six, you can be very specific, like, give me pi, Python 311, RC two, one that way. And it'll just it'll put them all side by side. So I may, what do you think, Brian?

15:28 I think I'm on PI EMV now. But it's because I test a lot of a lot of a lot of things. For normal people that have an application, and they just want to upgrade. I say unless you're on Ubuntu, or Linux. I say just go to and download the latest one, and install it. And works on Windows and Mac. Usually, on Windows. There's the Windows installer, you can go to the Windows Store that works. But, but the one works, too. So usually,

16:03 yeah, right. Yeah. And see, because I'll try and I'll let you know how it goes on Twitter. Or for what? It's because I drew the question on on Twitter. And then I got a bunch of people saying, Oh, don't go through 10. Yes. It's not going to production go through nine. If people just say no, just rip the band aid as you did my Yeah. So

16:23 okay. The Aachen, Aachen doctrine.

16:26 I mean, I only support little tiny projects, though. So, in Python, I support big things in C++, but I would run your tests, you know, you know, upgrade, run the test, make sure everything works.

16:40 Yeah, oh, by zero conversations, got a whole bunch stuff going off in the audience here. Avara says NumPy is dropping support for three seven sometime this month. So that should push the data science community community to update and then also on Ubuntu, you can install the dead snakes PPA, and you'll get now versions of the latest version of Python. Okay, that's addressed. Yeah,

17:02 yeah, I saw that. That's next EPA? Yes, indeed. And I saw that in Ubuntu that's really easy to deal with. But still, you can find the tutorial saying go gradually and then just go straight in. So

17:15 yeah, so Sam says just compile from source every time. That's what I do. That's what I'm doing in production. But I'm doing homebrew on my Mac. Alright, maybe, maybe that's enough. How to get the latest version of Python. But you're gonna make a comment about Java. Is that right?

17:31 Oh, yes. Yes, that's true. So um, because I saw, I was doing a little bit of research on this. And then there was a little bit of a discussion of the third party, the third party libraries and frameworks that will drop support for Drupal six dots on and off, as LV just mentioned. So then, I saw on Twitter. Someone mentioning, let me put it here. Bed, like using the Java the new lock for J. Problem. Let's let's put it like that. So bad? Yeah. So using it as an example. For help, like, you should upgrade your version, the version of the programming language is using, and they talk about? Yeah, so they, they say that you should upgrade as soon as you can.

18:28 Yeah, what an interesting example they gave, because this log for Shell thing that I'm gonna actually talk about a little bit later. But the problem is you have to upgrade log for J to a patched version, the patched version only works on Java eight. So if you've been dragging your feet, in a sense and staying on an old version of Java, well, now all of a sudden, it's not just replace a library, it's completely upgraded the Java you're running on. And if you're dragging your feet that hard, there's probably some kind of reason that it's a pain and not well maintained or something. And so instead of just going, Oh, we got a quick fix this problem because it's super, a super big deal. It's now all of a sudden, you've got to do a major upgrade when you weren't planning on it. Right? That's bad.

19:07 And, and then you have to have this mean, oh, this

19:11 was your next task. This is from the squid game. Your next task is to figure out which applications in your organization is using log for J. 10 minutes. Oh, that's good. I mean,

19:30 yes. So then I think, Michael, it's, you know, it is

19:34 is awesome. Well, yeah. Thanks for highlighting that article. That's a good one. Buy it tomorrow. Trauer. Turning, turning char char turning. Yes. Okay, so what do I got next here are us, not Django, but something fun. We just had what was probably the most contentious Formula One season in 10 years at least, and one of the most wild Once for sure, the championship was decided on the final lap of the final race. Like literally the two people were contending for it, Hamilton and Verstappen, they were literally tied on points going into the final one. So and the final move was done the final lap. So I wanted to highlight this article here called how to visualize the Formula One championship in Python using the air gas API and seaborne. So for people who are in data science, I know if you're learning it, one of the challenges I have of learning those tools is I don't have a great professional need for them. I don't don't use that kind of stuff to analyze data that I work with that frequently. So my chance to learn seaborne, for example, it's pretty limited. So finding some example or some fun project you can do, that turns out to be super important. So I thought I'd pull this up as something people could do, to learn to play with this kind of data. Now, if you're not yet into this stuff, check out the drive to survive season three, I think I got the wrong link here. But I put the trailer to it in the show notes. So Netflix had a great series that is really good for people to just sort of get into it. And also, there's like a eight minute highlight of the last race, which was absolutely crazy. But what I want to talk about is some cool stuff that Jasper just goes by Jasper no last name over a medium. So introduces this thing called the air gas API, which if you go over there, it's looking a little old school, but not very, how do you say not very restful, for example. So for example, you can come over and we could get, like details about the third race of the 2008 season by just going api f1 2008. Three, and it's gonna come back with well, a series of tables, which is not necessarily that useful. And I thought the way you get the JSON, you might do like an accept application slash JSON type and not HTML or something. But no, you you say three dot JSON. And that gives you the API there. So that's pretty cool. And you come through here. And basically, they talk about how to use pandas, NumPy, as seaborne and that API to just build some cool graphs that actually show you the position of all the drivers across the entire season, right? So if you want to build this picture, you see right at the top of the article, and play around with that data from that that API, then this is the way to do it. Oh, one other thing that's pretty interesting from this article that I had no idea about, is over on pi pi. We have fast f1 as a package, which is a wrapper library for f1 data and telemetry API's with additional data processing capabilities. That's pretty cool. Yeah, so you go down here, and like, they'll show you how to build this really cool graph of like lap by lap. The times the various drivers you can see in the beginning, like there's all sorts of chaos, because there's people jockeying for position, the cars are heavy, they're full fuel, so they go slower, you sort of see as, as things spread out, as the cars lighten up and stuff, because they burn off 100 kilograms of fuel, then they all kind of get faster and better time. So you can get like cool graphs and exploration of all this stuff here. And the way you do it is really interesting, as you just go over to this fast f1. And you enable the cache because it downloads some stuff, you don't have to download it twice. You can say, give me the season, this Grand Prix, give me the race details, load up the laps, and then you can start just working with the data. And that's really interesting way. So if I was in the data science, and I wanted to learn some stuff, this might be a really cool real world data set that you can play with. What do you think?

23:42 I like it? I think I might actually try to know more about Formula One just so that I can talk with Anthony more.

23:48 Exactly. And I think Sean's a big fan. Yeah, indeed. As am I these days? It's a lot of fun. It was really a cool season this year. And yeah, check out the highlights from the last race it was absolutely off the hook was it what do you what do you think of in terms of a data science project here? Data science

24:07 project a wonderful like especially if you actually life that's I have no knowledge enough what actually worked for a company that was like the I think that the founders of the company were in love with f1 and that's how they got together to found the company. And I got to talk to them in like a circle when specific circumstances like Oh, you like f1 That's awesome. I know nothing about it. So please enlighten me

24:38 you're interested check out the Netflix drive to survive series. That's that's the easy way in it's lots of drama and not like the boring sort of 30 minutes in between the things that actually happen.

24:49 What some of the people from the US don't understand is that they can turn into directions. That's odd.

24:55 so odd. However, Brian, just before we're off this the US Grand Prix for the first time, I think was the most attended race ever, certainly for f1. But maybe they had 400,000 attendees in Austin, Texas this year. Well, that's. So apparently it's becoming a thing like soccer became a thing in the US when it didn't used to be. And now it is. I think this is as well. Alright. Alvaro also says, interesting about interested in libraries last week, I found duck dB. Super interesting for data science as well. Yeah, definitely. We've only touched on that a little bit. But yeah, it's a great one.

25:28 Yeah. Depth DB is like a new database. Like, I know, cockroach dB.

25:33 A different but I believe it has integration with like pandas and stuff. If I if I recall correctly, the thinks I have to have to look it up. But yeah, cool. I'll do some real time follow up. But Brian, okay. Tell us about in in B dime in B

25:48 dime. So a another listener suggestion, Henrik Twinsburg. Cool. Last name. He's he said, we recently covered jute or JIT. Jupyter. Notebook. Yeah. Jupyter. Notebook. Terminal viewer. We covered that in episode 258. He's correct. But he said, Hey, you should check out MB dime. So because it's been around for a long time, and it does something similar. So I definitely did. And I think this is a really cool, a cool set of tools. So we've got, not only does it do an MB show, which does is

26:24 right, that's the jute equivalent of the NB show, which is cool.

26:27 Yeah. But it's, this is a set of tools that is around the needs for diffing and merging notebooks. So like, if you're keeping notebooks in a Git repo, you'll have to do things like this. And so one of the it's got a bunch of tools, it's got diff, it's got merge, it's got diff web, so you can have a rich rendered diff, no diff of the notebook, and in B merge web, so web three way web based merge of notebook tools. This just looks really cool. And I definitely think it's worth checking out if you if you work with notebooks and work with teams, you need to do things like this. So Oh, yeah. So

27:06 it's great. Yeah, defeat in merging notebooks is tricky. For sure. Because the actual on disk representation is basically a JSON document, and it embeds the output in there as well. Right? So if you ran it against live data, and you got some output, and you run it again, of course, that's going to be different. But that's, you know, straight get that's a merge conflict. Right.

27:28 Yeah. I'd be interested to know how they deal with that and look through this, but you probably looks

27:34 like it understands the cells, and then just the cells or something along those? Probably. So yeah, there's typical. Yeah, the survey one speaks for the recommendation as well. Alright, guys, you're up next?

27:46 Yes. So, uh, we found that out. So first of all, this is a recommendation from friedlin. He works as a software developer at Red Hat. So thank you very much for the suggestion. And and this is project dots. So basically, and this is an open source cloud based Python dependency resolver. So we all know that Pi Pi, just set just launched a new dependency resolver.

28:19 Yeah, that was a big deal over some breaking changes to pip and stuff like that. But yes,

28:23 and Well, Joe, the first stone who never had a dependency resolving issues with PIP, he spent so much time like, okay, so it's not these libraries? Is that what? No, it's not, this version is anyway. So these project tasks basically comes to solve this issue. And it uses reinforcement learning to solve this dependency issues. So basically, from what I understood it, it's a smarter Pip. So basically, it uses a few inputs from the developer, such as like, the speed of the execution of the code, and if there wasn't any, any errors, and your Hydra version, etc.

29:10 Yeah, you it's not just what version do you want, like greater than 2.1, you can say, I would like one that's relatively stable, or I would prefer security over recency, or something along those lines. So there's a lot of different inputs to this machine learning model that then will give you the result of like pip install, I think,

29:29 yes. And then he pre computes this, this whole dependency information and puts in a database, and then just keeps track on it out of it. And then the logs that result from like actually installing your dependencies of that environment. Then I use Su, go into as input into that reinforcement learning algorithm. And they use that then to create future resolutions. So basically just make the whole process of dependency resolving much faster anyway. Much easier. Yeah, it sounds like a great thing. And I tried testing. But well, I got, I got into a little bit of an issue with my Western versions. I was like, Oh, well, I've dealt with this later.

30:15 Yeah, exactly. Can you scroll down to the code sample where it's talking about tmos, or themost? I don't remember that term, exactly. It's a little further down. It's like a code call out. Keep going. A little bit right there. So yeah, so the way you can use it as you pip install this themost thing, then you configure environment, and then you add dependencies with some suggested version, like approximately flask, one, and then you ask it to advise you on your current setup, and it'll, it'll go through, and it actually analyzes the code and does a whole bunch of stuff, and then it will even, it'll give you some information, I don't remember exactly all the details of what it would suggest about, it'll give you information about the various dependencies that you have installed, and so on. So and also give you

31:01 suggestions on like hardware and OS versions that you should be using. And yeah, it's, it's, it's quite March, I thought was quite interesting. And it's in beta phase. So if everyone, anyone who's listening would like to try it, and then maybe just give some feedback back to red hat there, they'll be very, very, very happy to hear from the community as well, because it's an open source project. So please, collaborate? Yeah,

31:27 check it out. It looks like it might have something to do with OpenStack. And their whole cloud story over there as well, although I don't believe it explicitly said it was ostensibly to be tied to it, but it seems maybe motivated by that as well. So yeah, cool. That's a good one. Interesting, Brian, some real time feedback here. So we covered this article efficient sequel with on pandas with duck dB. And the one of the cool things you could do is create a panda's data frame, and then do select queries on top of the data frame. It's pretty cool. Yeah. So for example, remember, you have like a local variable, and you say the name of local variable and the query it like, reaches into the call stack and grabs that out of the context and then works with it. So yeah. Anyway, this is one of the data sciency things. Yep. Fine. Brian, is that it for all of our items? I think it is. Yeah, I think you might be right. The extra if you got any.

32:25 I do actually nice timing for today. So pragmatic bookshelf, the the publishers of the piteous book, they're running a sale. Actually 12 Days of Christmas sale. So every every day is something different. You don't know what it is. I don't know what it is. But today, my my book is part of it. So it's nice. Enter a promo code and you get 5050 50% off $50 spend. So the other order a couple books, because they're not that expensive. But anyway, it's pretty cool.

32:57 Cool. Yeah. Hopefully that does. Well, guys, how about you got anything extra? You want to give a quick shout out to our here?

33:03 Oh, yes, of course. So I am volunteer for Python eyelid. Python has a speaker's coaching session happening on the 22nd of January. So it's basically we offering for people that would like to be a pro on giving talks. Were offering a workshop, it's the entire day. And you need to say that you need to just like give us your words that you're going to give us a talk as like a practice thing. But it's quite a it's a very interesting workshopping. And if you would like to be part of it, just go into the Ireland, and it's the 22nd of January.

33:51 Yeah, that's a cool service, I guess you would call it a cool option for speakers, because speaking is one of those things that really can open doors and help get you connected. But it's also super stressful. The very first time you do it is in front of the audience. And it's being broadcast. And

34:06 also like the tips on how to put a talk together because there is that anxiety as well as like I have a talk but I don't know if my my the thing that I want to talk about is a good thing. Or I don't know if my slides are good. I don't know if I know how to actually convey the message. So we would love to help you with that. And I will be the one giving the workshop there is a proper person there that's been that has experienced on doing that. So yeah, it's it's their workshop, though. And it's a it's a great workshop. Yeah. Nice. And then I have a few other extras though. Can I Can I just go on?

34:44 Yeah, cover as many as you want.

34:47 Cool. So then I also found I don't know how many newbies we have listening to us today. But for people that are talking a lot about data science as well. There's a bunch of data scientists and Are people that don't really know how to deal with debt? And even for me as a person, my personal experience with gifts initially was, oh,

35:10 yeah, I committed twice. What if to do that? I just want to commit it. It's what's this push about?

35:17 And then what do you mean? Where am I? I have here in front of my computer. Yeah. So if you want to learn get there is this website called Learning branching dot j That gives you a step by step with a visual manual for how to actually get good data. So you have like lessons. So you can click on the Lessons, and then it gives you like an explanation with some best practices, and that gives you snippets of code as well. So you have like a thing that moves? It's, yeah, it's quite like straightforward. And it's quite interesting. I don't know what happened here. My computer thing stopped working on. Yeah. Anyhow. So it's very interesting. And it's a very visual way of learning yet. So if you're struggling with Git, and you don't have time to read the book, actually, first thing, read the book, chapter. I think chapter 10 of the gates book is the most important one, it teaches the main things that you need to know. But if you don't have time to do that, then you feel the train a little bit. With a GUI. Just this is the most straightforward thing that I found around.

36:36 Yeah, that's cool. I like how it's like a little fake shell.

36:40 Yes. If everything was working, I could show you the like you have. So you do. You click here. And it's like, it's very GUI based. But then as soon as you get out of this thing, you need to train to pass the face because it's kind of like a game. Okay, then you need to type it to like, Oh,

36:56 I see. So it has you do some kind of branch thing, or checkout and that it watches to make sure that say the branch was created or something?

37:04 Yes. Yeah. It's like you have a check. Um, it's, it's quite interesting. And it's like, good for me. Yeah.

37:12 Nice.

37:14 The, if we could take now I get, I don't know what's going on. I'm sorry. But it's no worries. It looks cool. It's a good suggestion. People can check that out in the show notes. The Yeah, so yeah, the visuals. This is the one so you can you can type, let's say git commit. And it's you, you can see what happens. And it tells you so Okay, so you get a commit, this is it, this is what happens. And then you can go back to the instructions, if you don't get it, it's quite interesting. And there's disclose the extras. So I started coding with Python, for a very short period of time, and then I switched when I started it, I switched to Java. And then I did a few years of Java. And then I went back into Python. But then when I went back into Python, I was like, Well, I know Java now. And what's going on? What what is this language that is not verbose at all, and you can do whatever you want with it. How do you how do

38:13 you? What's happening? Exactly?

38:16 What's the story? And I struggled a lot to find a straightforward tutorial and a straightforward manual to tell me so this is the comparison. This is what Titan does, the Java doesn't do. Or this is how to do things in Python. And this is actually the things that Java does the comparison and blah, blah, blah. So Ben, and I found this real Python article that was just just been published, maybe a few weeks ago, I wish was around when I started, but it was

38:46 five days old or seven days old or something. So

38:49 yes, yes. So he tells you like, very straight in a very straightforward way, the differences in the similarities between the two languages, and talks about the Python data types and talks a little bit about as well, that there's no Python, and how we do things in Python and how we did things, Java, and the standard library. And then comments, so I was about seven tutorials and liquidation. So it's very, very, very interesting. If you started with Python coming from my Java background.

39:24 Yeah, that's cool. I think using your existing skills to level up is a much better way. Like I would know, I wouldn't know how to talk to a database. I can do that in Java. How do I do that in Python? Oh, I see. Okay, now I got it, right. Yes. Cool. Cool. All right. I got a few extras, as all everyone may imagine, first, a quick follow up for people who are getting started with Git, and you want some more help consider using Oh, my Z shell. Why? Because if you go into a git repository here, and you type git, you can hit Tab, it'll give you all the top level features of Git. So like branch clone, check out, commit, whatever. So if you type git branch and hit Tab, though, it'll actually list give you tab, autocomplete, and errata, complete for all the existing branches, for example, and stuff. So if you're having a hard time on the terminal, and you want some help, you can just do Z shell, and it'll actually give you like, super deep autocomplete on the terminal, even into, say, your project structure, your repo structure. That's cool. Don't go without that. But for my actual things, I gave a talk at flask con. So that talk is up, which is really cool. It was on HTML, and flask and Jinja partials and things like that. So people can check that out. That's good. Brian, I've talked about why Firefox is awesome. And people should be using it more and not letting it fade into oblivion. As everyone thinks Chromium is the the core that we should all be building on. And they just came out with a really cool idea called RL blocks that would be applicable to other browsers as well. So one of the problems with web browsers is they, they accept all sorts of input from random strangers on the internet, which is generally not a good idea for security, right. And it's not just the browser, it's the plugins. So you've got things like the ogg format, or wolf is a font parsing library and all these different things that you might need to run inside the browser. But you really get them from somewhere else, right? So for example, if there's a problem with say, the OG parser, you wrote an Ogg file, and, you know, the browser gets hacked into, and there's things they've been doing to try to

41:39 restrict that with, like sandboxes and stuff. So this thing, this, this thing, I'll just give a quick shout out to our blocks. What they're doing is insane. As somebody who does a little C++, tell me what you think about this. So what they do is they use the LLVM, or no Clang, here, these Clang, and they take these libraries like OG, they compile them to WebAssembly. And then there's another thing called Web assembly to C, and they compile it back to C, and then they compile it into the system as if they hadn't done anything to it. Which sounds weird, right? Why would you do that? But what it does is it strips out a bunch of intermediate steps that where viruses could live, and uses web assembly to like put those checks as part of the system and then put it back into C. Okay, yeah. So anyway, this is, uh, this is a pretty wild thing that they came up with. So just worth a quick, check it out. And then, as you mentioned, this log for J thing. Yes, we're all going to be suffering from this for so long. This is so bad. So it turned out that log for J. The problem with log for j is, let me let me describe this in Python terms and just see what y'all think. So log for J has this ability to parse the the strings you put into the logs. So I want to log out a message. But instead of actually getting a user like save, instead of going into the code and getting, say, the machine name, or the IP address that I'm on, I can put like a little symbol in the log file and log for J will go, oh, what you need is you want me to say, pull in the IP address locally, and then write that in the log. That's maybe okay. They also have this ability to run code that they don't know you. I mean, you did some Java, they know I have this ability to run code, not in the local class library, but on a remote machine somewhere else out on the internet. Yeah, called was it J and di JD, and I don't always swipe the order. Well, it turns out, you can put the JT and I run code symbol into your log file. And then the log message will result in running code from anywhere on the internet in the process of your things trying to log and it can come from anywhere it is so bad if it's in a header file, if it's in the URL, if it's in the email address, where you expect an email address you put in like dollar bracket J and di colon some path to the virus. Literally the attempt to say this user this email address failed the login results in running the virus. It's anything that you may ever log user agents like you name it, run virus remotely. In this process, anything you might want to log in, you're typically logging bad input so you can log attempts to hack your system. There were like 850,000 Hack attempts within the first couple like day or two of this it just it's going to be not good. Which made me think of just a quick little fun comment here of an XKCD that someone put on Twitter after this because it's all about this walk for J that's not really funded so all modern digital infrastructure is like this Jenga tower and then at the very bottom it's a project some random person in Nebraska has been thanklessly Maintaining since 2003 Pull that out. It all comes down here that's the world we live in. Yeah,

44:55 yeah. Especially because there there was this this this thing this was metal tweeter of it just blaming the developers about it and some other people to show up as well. They haven't been getting paid for all the work that they're doing and everybody Yeah, the application all throughout. So

45:14 there's certainly a conversation to be hard about how much energy and time should these large companies be putting into supporting open source stuff, right. And it's, there's so many little things like log for j, that nobody feels like they're using sure their web framework might use it, but they don't actually want to use it just happens to be what their web framework shows, but they are built on top of it as their learning. I'm sure there are many sleepless nights on this. I don't know. Not good. As a Java person. What do you think about this?

45:48 As a representative of all Java,

45:52 no pressure, right, no pressure whatsoever. I can say, as someone that has worked for open source for a while No. Dead, there is a big discussion to be had on that. But there's also a big discussion to be had on how do we want open source to be sustained from now on, because the way that it's going is not sustainable when we all know which, and we have big companies. And we don't need to do we don't even need to mean the big companies, when we have really big companies they have have been using an AI starting out to do open source projects simply because it's good for business. Because it gets people hooked into what they're doing. And then well, you're going to have to use our open source packet now. And that's us taking the market. But we need open source feel at ease a tiny bit more sustainable, because the way it's going it's not. It's not good for anyone.

46:52 Yeah. I guess one final thought on this. This was not a bug that was found. This was a feature that was used in a way that people didn't expect. I can expand variables. I can run remote code, I can run expanded remote code. Oops. Alright. But let's bring it back to Python with a joke. What do you guys think? Yeah. All right. Guys, you got the first joke?

47:13 Yes. So um, we were talking about rich environments, and how much fun it is to set up Python and use all your virtual environments, because you have well files, it depends and condors and everything else, and how much everyone always complains about having to set up their environment before installing Python. So I found this. So apparently, this would be society if you didn't have to use virtual instance, now pick up Python packages. It would be wonderful.

47:43 Let me try to describe this for the world who is just listening. It's like the most idealistic futuristic view of the world we've got like mana rails and there's just shining silver spaceships zooming through the sky. And and it just looks like oh, yeah, here's the perfect future. We all dream but we were supposed to have

48:05 Yes, but everyone, everyone types by DOD, everyone knows by DOD, but don't have to use visual aids to install their packages. Imagine?

48:14 Are you telling me that virtual environments denied this from us?

48:17 No, this is the reason why we can't have these things is because people don't learn virtual environments, that spaceship has its own environment. The house over a Nikon a version? Yeah, because of its variant.

48:30 That's a good way to look at it. Brian, I like it.

48:34 Right always brings the other side of the things where it's like, the donor perspective. It's wonderful. Thank you, Brian. Yeah, thanks.

48:41 Right. All right. The joke as a joke I was gonna cover is actually that Jenga tower already showed. So I'll just leave it at that. One real quick bit of follow up here. Because I think this will be helpful to people Jeremy page says, if you are on Bash is set as the shell, the package bash, bash, Completion will also allow Git command tags, branches and cetera to autocomplete.

49:01 And I never read a book. I just like, I think I read an article that's like the 10 git commands you need. And I've been good since. So. Yeah.

49:12 Oh, yeah. Okay, Mr. Waste kids.

49:17 Exactly. Brian, it says, You don't need virtual environments. If you just set up a new virtual machine for every project. That's true.

49:23 Yeah. Docker will save the world.

49:25 That's right. I agree. We could have the same picture with Docker but they'd all just be cubes just bought

49:30 cubes. Yeah. Like, yeah. Packing containers, shipping containers everywhere.

49:38 There's also pragmatic. Exactly the pragmatic Mario says I click buttons on vs. Code.

49:45 Go GUI.

49:48 Click. Hi, Brian. You want to take us out of here?

49:51 Yeah, sure. Let's thanks everybody for showing up for the show and was really a lot of fun. Thanks, guys. For late Sorry, ladies. For showing up it's been great i everyone

50:02 thank you thank you for listening thank you for the insight again it was a pleasure

Back to show page