Transcript #278: Multi-tenant Python applications
Return to episode page view on github00:00 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
00:05 This is episode 278, recorded April 6th, 2022.
00:10 I'm Michael Kennedy.
00:11 And I'm Brian Aiken.
00:13 And I'm Vucile Mbogo.
00:14 Welcome, Vucile. It's really great to have you here.
00:17 You know, I'm really excited and I feel honored to be here. So thanks for the opportunity.
00:22 Yeah, it's going to be great to share some Python news with you.
00:24 Now, before we jump into all those things, tell us a bit about yourself.
00:28 What do you do? What are you into?
00:30 Firstly, I'd like to say I'm still relatively early on in my career, and I'm from Zimbabwe.
00:36 And we have a small but growing Python community here.
00:39 And for a long time, I didn't have any community.
00:43 So podcasts like your Talk Python podcast was the only way I got to connect with community members.
00:49 So it's really great to be here.
00:51 But on the question about me, I'm a software developer.
00:56 I work in the back end, I work for a company called ideation.ai.
01:00 It's a health tech startup that's building information systems that help clinicians manage patients and hospitals better.
01:09 So I work mostly on APIs and microservices using Python, Django, Postgres mostly.
01:15 That sounds like a really fun project.
01:17 And we know that healthcare needs help in automation and modernization.
01:22 So thanks. That's awesome.
01:24 Yeah, very cool.
01:25 All right, Brian, should we kick it off?
01:27 Yeah, sure.
01:28 When you talk about getting drunk or what is this?
01:30 Getting dunked.
01:31 Oh, sorry. I must have misread that.
01:32 So this was just announced a few days ago from Darren Burns.
01:38 He's the engineer that's helping William, is it Will?
01:45 Will, with the rich and everything.
01:48 The rich empire.
01:50 Yeah. So this is just really cool because I often want to do...
01:55 The dunk, he released dunk.
01:57 So dunk is a prettier get diff tool.
02:02 And it uses rich and it's just a command line tool and it's beautiful.
02:09 So you just install it and then you do a get diff on something, it could be one file or it could be, it's usually a commit, right?
02:18 So you do a diff of whatever you have now or other stuff.
02:22 and it just instead of doing the weird, like the hard to read command line.
02:26 >> The plus minus plus.
02:27 >> Yeah.
02:28 >> Yeah, that thing.
02:29 >> It's got these nice colors with rich of what was added, what was green for added, red for taken out, and the line numbers.
02:40 It's beautiful. It's still a work in progress, but I'm using it already. It's just great.
02:45 >> This is fantastic. When I first looked at this, I thought it was like a GUI window that was showing, but no, that's just the terminal.
02:52 >> Yeah. It's pretty cool.
02:55 >> It's something you'd expect in a text editor, right?
02:58 >> Yeah, definitely.
03:00 Some text editors have something that like this nice, but just on the command line, it's super cool.
03:05 One of my first questions with it was, sometimes I have a lot of diff stuff, so does this have a pager?
03:11 The answer from Darren was, it does not have a pager, but you can use less-R.
03:20 I don't know what the R does, but anyway.
03:22 If you pipe get diff to dunk and then pipe it to less-r, you've got a diff with a pager.
03:29 That works for me. I'll just alias that to something.
03:31 >> Yeah, that's really cool.
03:33 >> Anyway, pretty quick, pretty short topic.
03:36 But for people that are looking at get diffs a lot, this is a super handy thing to look at.
03:42 >> Yeah, this is neat. I usually do a lot of my diffs in PyCharm and it actually looks real similar to that UI.
03:47 Ussile, what about you?
03:49 How do you see your diffs?
03:51 - Yeah, I do most of my coding in Visual Studio Code and I use the Visual Studio GIF viewer for that.
03:57 Same, it's pretty similar to this.
04:00 - Nice, yeah, this looks great, I think.
04:02 Very nice.
04:03 - The good job, Joe.
04:04 - Yeah, very nice one.
04:05 How about we start with some memes?
04:07 So we all heard about Log4J and my favorite one was the take on the XKCD about little Bobby Tables, the little little little Jindy we call it or something like that, I can't remember.
04:23 But you know, all the jokes aside, like, you know, here's Homer Simpson, zero days without log4j CVE.
04:30 Maybe the best one was that, this guy right here, this guy, he looks like he's probably about 75 or retiring, says, "Upgrading log4j three times wasn't that stressful," says Dave, 28 years old.
04:45 But in all seriousness, like, is there a log for pi?
04:48 Like, is this something that we should consider?
04:49 And my first thought was, yeah, no, we're good.
04:52 Like, we don't have this stupid, like, remote method invocation where you can inject, like, a function call as a string inside of your log message.
05:02 - Oh, no.
05:03 - But here's Ari Bovenberg, who wrote an article that says, yeah, it's not anywhere near as severe as that, but there are some things you should consider.
05:11 And so, for your consideration, I present this article and some ideas.
05:14 So it says, look, here's the basics of logging.
05:17 And this is using Python's built-in logger.
05:19 I'm a fan of Logbook and Loguru and the sort of higher level, nicer things.
05:25 But nonetheless, here's the basics, right?
05:27 So you can log, like say, logger.info or trace or whatever, and then put out a message like, "Hello world," there's no injection there.
05:35 You can also do this thing, which is really the crux of the problem across the board, is you can say, here's a formatted string and the data that formats it.
05:45 So you can put in, the problem with log4j was even if the string was fully evaluated as user input or something, you take some user input and you fully validate it, it still could have, it'll still get like reinterpreted for these remote, like trying to find, you know, what machine am I running on?
06:01 Or am I production or debug?
06:02 Like, let me go call this function and find out or just call it to hack you.
06:06 But, so the Python version doesn't have that, but you can do this like format string and pass this context variable thing, like pass a data structure in.
06:15 And in that case, some bad stuff can actually happen here.
06:19 Right?
06:20 So that's fine.
06:21 So what about, what if I wrote my, as my name instead of, or my message, instead of hello, I wrote hello, quote, backslash, and info main user, Alice commented something else.
06:34 And you would, you pass that over.
06:35 And what you would end up with is a log message that was supposed to be one line that ends up like two.
06:40 So that could cause some confusion, right?
06:43 That might be problematic.
06:44 It's not gonna result you in being hacked.
06:46 But there's more like denial of service type of thing.
06:50 So like one thing you could say is, well, just don't use backslash n, like take those out.
06:53 But there are all sorts of freaky Unicode ways to like restructure similar meanings and stuff.
07:00 So another one has to do with formatting.
07:03 So if you're logging in some information and it's just a regular F string, that's probably fine.
07:09 But if what you're logging into the F string, you can later get evaluated again, passing this like data structure, asking the logger to fill out the format string.
07:20 Then you can pass interesting stuff.
07:22 One of the more interesting ones was, you could say percent, parenthesis, variable name, close parenthesis, 9999999999s.
07:33 And what that'll do is it'll pad the username with a gigabyte of white space and then try to have you write it to the log file.
07:39 [laughter]
07:40 >> Okay.
07:42 >> So that's bad, right?
07:44 >> Right, yeah.
07:46 >> You could also do things if you knew the data structure that was being passed in to fill out the log string, you could sort of try to reach out and get variable names out of it by putting a formatted string in there.
07:58 And if you marry that with the huge piece of text, that'll make the login really slow.
08:05 So you could put in like different things And if you see, oh, this message actually makes the request really slow.
08:10 You could infer that maybe that data is actually in the variable being passed over, so then you could try to get it to write it to a file if you have say file access, but not other types of access.
08:20 Anyway.
08:20 So there's a bunch of things.
08:21 So basically the long story short is don't mix like F string formatting along with passing more data to the log file.
08:29 Kind of one or the other, because the logger knows how to look for some of these things in when it takes the data and puts it in the format, but it doesn't do that for the original string.
08:38 So, careful about mix and match.
08:40 Final thing, there's actually, and it's been included in a pep, and there's a discussion on discuss.python.org, and there's actually a pretty interesting discussion with a bunch of core devs there.
08:49 So you can see, that's maybe a better follow up there.
08:52 But pretty interesting.
08:54 There's no log for py, but there doesn't mean you can just completely go crazy with unverified user input.
09:01 - You should trust your users though.
09:03 - I know.
09:05 Why not? They're so friendly and considerate.
09:08 - Yeah, why not?
09:09 - The real ones are.
09:10 - You know, when this log4j vulnerability came out and I realized that it wasn't really a big problem in Python, I didn't pay any attention to it.
09:19 And now I'm actually shocked that you could do a denial of service attack using that.
09:24 - Yeah, exactly.
09:24 I think that's what it basically becomes is, there's two aspects.
09:28 One is you can sort of crush the server by having it write so much data.
09:32 The other that they pointed out here was, If your goal is to try to obscure regular hacking, if you could wreck the log file with so much data that it's really difficult for people to parse the log file, you might be able to hide yourself a little bit better for longer.
09:47 So anyway, there's some interesting stuff there.
09:49 All right.
09:50 We see they over to you.
09:51 Yep.
09:52 Thanks.
09:52 If you're building a software as a service platform in Python and Django, there are a few things to think about, you know, like the architecture you're what type of database you're going to use, whether you use a single database or multiple databases, and all these things.
10:08 So while I was getting ready for this call, I found this book.
10:12 It's called "Building Multi-Tenant Applications with Django." And it's by an author that you've actually covered on the show.
10:18 It's a company, I think, called Agilent.
10:22 So this book is free, it's open source.
10:23 Anyone's free to read it, download it.
10:26 And it goes through the different approaches that you'd have to follow.
10:30 I mean, the different architecture designs that you should consider when building software as a service or multi-tenant applications.
10:36 And so one of the things they cover here is email where you're using queries to isolate the data.
10:43 Something like Postgres emails can do that.
10:46 This book goes over the different approaches you can use to build multi-tenancy apps, right?
10:51 And then it also covers some third-party packages that you can install that help do a lot of the boilerplate code for you.
10:59 That's really nice. Because I've considered this, it'd be so great if you're doing some sort of software as a service type thing where you have people log in and you want like that group just to see all their all their data and all their records and stuff. But it's so scary because if you just forget the where clause on just one on just one, they get everybody's data, which is really bad, right? And so this is really cool.
11:21 Yeah, this is.
11:22 So the book covers things like using HTTP headers or subdomains and in the request to identify different tenants, and how you do that, how you capture that using middleware Django.
11:36 That's cool. So some of the middleware is Django multi tenant, Django tenant schemas, or Django DB multi tenant, not a ton of variation in the name there, but it's still pretty cool, right? And some of them use schemas, and some of them use isolated databases, right?
11:53 Yeah.
11:54 Nice.
11:55 So it will all depend on what your tolerance for cost is and database management.
12:01 So if you don't mind having a database for each client, you could do that.
12:04 And then you'd have to do migrations on each database, wherever you make updates to the application.
12:09 Or if you just want to have a single shared database, you can do that and isolate using schemas.
12:13 Yeah.
12:14 I hadn't thought about having to migrate every separate database.
12:17 But yeah, that's a ton of work.
12:19 The deployment all of a sudden looks really rough, doesn't it?
12:21 Yeah.
12:22 - True isolation there.
12:23 - Yeah, exactly.
12:24 There's no way you're gonna make a mistake there.
12:27 Do you guys do anything like this with your healthcare products?
12:30 - Yeah, we use one of these approaches.
12:32 I can't tell you which one, but we use, our software is a software, what do you call it?
12:39 Software as a service.
12:40 We have a number of clients.
12:42 They need to have a central login, like the single application that they can all log in and view only their data.
12:48 And we can't have information from one client leaking over into another.
12:51 - Yeah, cool.
12:52 All right, well, really neat.
12:53 I'm sure that'll be super valuable to people indeed.
12:56 - Yeah.
12:57 - Now, Brian, before we move on, how about I tell you about our sponsor?
13:01 Once again, Microsoft is here, so let's hear from them before we carry on.
13:04 This episode of Python Bytes is brought to you by Microsoft for Startups Founders Hub.
13:10 Starting a business is hard.
13:11 By some estimates, over 90% of startups will go out of business in just their first year.
13:16 With that in mind, Microsoft for Startups set out to understand what startups need to be successful and to create a digital platform to help them overcome those challenges.
13:25 Microsoft for Startups Founders Hub was born.
13:28 Founders Hub provides all founders at any stage with free resources to solve their startup challenges.
13:35 The platform provides technology benefits, access to expert guidance and skilled resources, mentorship and networking connections, and much more.
13:43 Unlike others in the industry, Microsoft for Startups Founders Hub doesn't require startups to be investor-backed or third-party validated to participate.
13:52 Founders Hub is truly open to all.
13:55 So what do you get if you join them?
13:56 You speed up your development with free access to GitHub and Microsoft Cloud computing resources and the ability to unlock more credits over time.
14:05 To help your startup innovate, Founders Hub is partnering with innovative companies like OpenAI, a global leader in AI research and development to provide exclusive benefits and discounts.
14:14 Through Microsoft for Startups Founders Hub, Becoming a founder is no longer about who you know.
14:19 You'll have access to their mentorship network, giving you a pool of hundreds of mentors across a range of disciplines and areas like idea validation, fundraising, management and coaching, sales and marketing, as well as specific technical stress points.
14:33 You'll be able to book a one-on-one meeting with the mentors, many of whom are former founders themselves.
14:38 Make your idea a reality today with the critical support you'll get from Founders Hub.
14:43 To join the program, just visit pythonbytes.fm/foundershub, all one word, the link's in your show notes.
14:49 Thank you to Microsoft for supporting the show.
14:52 This is a topic that has been very interesting to me, sort of this memory story around Python lists.
14:59 - Yeah.
15:00 - And I'm looking forward to this one you got to share.
15:02 - So I was interested, this is, we're gonna present an article called Preallocated Lists in Python by Redouan Delawar, I think.
15:10 Anyway, I've thought about this before, because one of the things that happens with when you allocate a list in Python, if it's empty, it's not really empty.
15:21 There's some data there already.
15:22 And one of the first things the article talks about is this data structure that a C struct that Python uses to store basically the info about the list.
15:31 But it's still space, but it's, you know, it's still, it's empty supposedly.
15:35 And then when you, and normally you kind of just append to it, so you, or one way to add things to a list is to just append one thing after another.
15:45 And what Python does, it's kind of a neat algorithm, is it allocates more than it needs.
15:51 So if you add like five things or six things or something and there's not enough space, it'll, and I don't remember the real algorithm, but it chunks a bigger portion.
16:02 And then if you run out of space again, you get more space added to it.
16:06 - Right, 'cause the last thing you wanna do is reallocate one byte at a time and copy the whole list as you're adding a thousand items, that would be super bad.
16:15 - Right, so this article talks about three different ways.
16:18 Like let's say if you know, you know you're gonna have 10,000 elements in a list.
16:23 And in this example, it's just counting, you know, zero through, you know, 9,999, and filling it into the list.
16:32 But there's, that's, I think that that's irrelevant.
16:36 It's the same sort of work for each kind of list, but it takes three kinds.
16:41 Well, the first kind is starting with an empty list and just appending every time.
16:44 And that seems like it would be slow, but it's actually not that bad.
16:49 The other two ways are to preallocate.
16:51 And I'm like, how would you preallocate?
16:53 But his technique was to take like none and assign your list none times 10,000.
17:03 So you got a 10,000 element list of nones.
17:06 That's fine.
17:07 And then...
17:08 >> Long as it's not a valid value, you're fine.
17:10 Yeah, and then the other the third way was to take.
17:19 Let's see where is it is to do a list comprehension and do and just assign your list the list comprehension and then put a for loop for I in range 10,000 in the middle of it.
17:32 And in this case, if you weren't really just counting to a 10,000 and doing something else, it would be a similar sort of thing if you'd have a for loop to fill this in.
17:42 And I actually had no guesses as to what would be fastest.
17:46 So the final say when he was doing timing on this was that the append method actually was the slowest, but not terrible. It's pretty efficient.
17:59 And the pre allocate method it shaved so we had 499 microseconds on his machine and then 321 on the pre allocate.
18:10 So that's not even half as I mean it's not an order of magnitude but it is faster and the list comprehension was 225.
18:18 So that was about half it was about twice as fast as the append was to use the list comprehension and list comprehension is actually the most readable of the three I think so.
18:29 It's just sort of a, I guess, it's an interesting article to look at like how to discuss like how this allocating and allocating extra memory happens with append.
18:42 But it also is interesting that the preallocate, it seems like that would be the fast, one of the faster ones and it's not. So interesting.
18:51 I wonder if I don't think the list has this.
18:56 I know in other languages it does.
18:58 When you create the list empty, you can say I would like to initialize you with this capacity.
19:03 >> Yeah.
19:03 >> Right? If it was like a built-in way to say when you allocate your inner C level array pointers, make it this big to start with, but still fill into it before you start your growing algorithm.
19:14 >> Yeah.
19:15 >> Maybe that'd be a cool PEP for some of the containers if it's not there.
19:18 But yeah, I think it's natural that the list comprehension is fastest.
19:21 And also it means you don't end up with a weird programming model where you have a list, it's length is one thing, but that's not what you should actually work with.
19:29 I think that's probably not worth it except for extreme cases.
19:33 - A couple of things that I found interesting about this that I'd like to pursue a little further is it didn't talk about memory space.
19:40 So one of the benefits of pre-allocating is you're not allocating more than you need, but I don't know if you're not allocating.
19:46 I don't know what the Python algorithm is.
19:49 But the, so I'd like to see this with space.
19:55 So how much memory is being used by the three methods?
19:58 The other thing that would be interesting to see is to throw NumPy in the mix because I know NumPy has some more efficient.
20:06 I mean, it's a completely different beast, but still.
20:09 >> You work at homogeneous data, that's numbers or something or strings.
20:12 Yeah. What do you think about this?
20:13 Do you have to worry about these little details?
20:16 Are you guys under heavy performance pressure?
20:19 No, not right now, at least.
20:21 I've never had to think about C-level things.
20:24 And I'm actually taken aback that so much goes into allocating stuff to a list, because in Python, allocating stuff to a list is just create a list and put stuff in there.
20:33 So this is eye-opening to me.
20:36 Yeah, it's pretty cool. It's not like C where you have to pre-allocate it and then fill it out or something funky like that.
20:43 So Will McGugan is saying, "I think the list comprehension will pre-allocate because the range object has a dunder length int method that reports its size.
20:52 And so I think maybe the time saving we're getting is that we're not filling it in with nuns to begin with, but actually filling it in with the data we want.
21:02 - Okay, yeah, good to know.
21:03 Thank you, Will.
21:04 I've more than once had a, not argument, but a disagreement where somebody said, "But you need to show me because," and it's, "Oh, you have a for loop "and you just append to the list." That's the same as the list comprehension.
21:17 They're doing the same thing.
21:19 The outcome, the final result is the same, but the information that Python has to work with is more, much like, we'll say here, it can take all the information it has to work with and say, oh look, it's going to be this long as we loop, and you're gonna just add stuff to the list, not use it in other interesting ways.
21:33 So just go and jam on it, right?
21:36 - Yeah. - Yeah.
21:37 All right, speaking of working with some data, let me tell you about this cool project called Mockaroo.
21:44 You guys familiar with this?
21:46 - No. - No?
21:46 - No.
21:47 - So here's the story.
21:48 Imagine you needed some data and you want this for testing or this could be testing like unit testing.
21:56 This could be development.
21:58 Like one of the big problems with UI apps is having something to display just so that it fills it out.
22:05 If I'm gonna like fill out a webpage and I say I wanna work on the CSS of this table or the CSS of this list, if there's nothing in the list, what are you gonna do, right?
22:15 So you want to have some realistic data to work with.
22:18 So this mockery is this free thing that has all these different types of data that you can work with.
22:23 So I can come over here and just say, I want some data and I want it in a CSV format or SQL table or Firebase or Excel or XML, or my favorite probably is JSON.
22:36 And then you can say, all right, well, I'm gonna have an ID here.
22:38 We have like a customer table.
22:39 So ID, first name, last name, but it has also things like gender.
22:42 And one of the types you can pick is gender.
22:45 So it has all these well-known data types.
22:48 So if I go and type in, I want a gender, not only will it say male, female or something, it gives you like a list.
22:53 So I can have gender written out as female, male, or non-binary.
22:57 I could have gender abbreviated as M or F or just binary.
23:01 So you can have like lots of control.
23:03 So if I wanted to like, you say auto or car, what do I got to type?
23:07 I got a car.
23:07 You can do like car makes, models, registration numbers, all of these things.
23:13 So you can say this one is a gender abbreviated and like you fill it out.
23:17 Then you can just say, generate me this data exactly like you want and then download it in whatever format.
23:23 Like I said, CSV, SQL, insert statements, JSON, Excel, isn't that cool?
23:29 - That is pretty cool.
23:29 - So I've used this more than once.
23:31 - I can see a use case for this already.
23:34 - Awesome, yeah, right?
23:36 - Yeah, yeah.
23:37 I kind of liked the first option when you're selecting the gender type, having it be animal names, that'd be fun.
23:46 - Yeah, I mean, there's all these, there's all these, that's crazy.
23:49 There's all these different data formats.
23:51 So you've got like cars, what else we got here?
23:56 Credit cards, GUIDs, ISBNs for books, numbers on a normal distribution, passwords.
24:03 - Even MongoDB object IDs, that's cool.
24:05 - Oh, that is pretty cool, yeah.
24:06 - Yeah, so you have e-commerce stuff, money, stock market symbols, locations, healthcare.
24:14 We'll see how they have at that.
24:16 You got your drug companies, your NHS numbers and all those different things.
24:20 Oh, it's 'cause I'm searching for car.
24:22 Why is car keep showing up?
24:24 - Animal common names, yeah.
24:25 - Yes, you could have a wombat or a jungle kangaroo.
24:29 I mean, these are all so fun, right?
24:30 - Yeah.
24:31 - So these are all super neat.
24:33 You can get up to like a thousand rows for free and then I think you have to pay if you need more than that.
24:37 And then a follow on, I believe this is from the same company, full disclosure, these guys sponsored TalkBython, but I wanted to talk about this even before.
24:44 So they have this thing, the service called Tonic, that you can then point at your production database and it'll do things like generate me something that looks exactly like production data, but doesn't have any personally identifiable information so that I can give it to the developers to test with real looking data, with real variations from our clients, but is sort of safe.
25:08 Like if they lose their laptop or whatever, or they just leave it open, it's not going to destroy something, right?
25:13 >> Yeah, that's pretty cool.
25:14 >> Yeah. So you basically connect it to your database, and then it will go along and create data that looks more like what you actually have instead of just this mockery data.
25:27 So pretty neat. Anyway, if you need to do some testing, you need to generate big data, not just for like pytest testing, but also UI development and just something to work with.
25:37 These are both good options.
25:38 - Very cool.
25:39 - Yeah, cool, cool.
25:40 Sam out in the audience says, "This is fantastic." I agree.
25:43 And Will says, "Yeah, super useful.
25:45 "I could see even using this for testing development "of rich and textual out there." So very cool.
25:51 All right, Vusile, off to you, last one.
25:54 - All right, so this is a fun project that a good friend of mine, Daniele Procida, made.
25:59 He's demoed it at a couple of conferences.
26:01 It's called the BrachioGraph.
26:04 The goal for this project is to make a pen plotter powered by Python and make it as cheap as possible using common things you can find in the house.
26:12 So it's a plotter.
26:14 It uses a Raspberry Pi, an ice cream stick, and a clothespin to draw, and a pencil, of course.
26:20 So it's got Python code that turns an image into, I think it's called a raster.
26:29 It rasterizes an image into points, coordinates on a piece of paper.
26:34 I could have used this yesterday.
26:35 Oh my gosh, this is great.
26:36 Yeah.
26:37 So I don't know if I can play video here, but it looks pretty cool when it's actually printing out or plotting out an image.
26:45 Let me see if I can get it to work here.
26:47 But it has a motor that then does everything and it can draw very basic images.
26:54 It's a fun project that you can work on it.
26:57 And it costs, I mean, the setup for this costs less than 50 US dollars.
27:03 And it's a pretty, pretty fun project.
27:05 Oh, I would have gotten an A in art class if I had this.
27:07 No, I love it.
27:10 This is really neat.
27:11 People should definitely play the video and watch it because it's fascinating.
27:14 Yeah, yeah, yeah.
27:15 The website has all like a how-to guides and documentation on how to build this.
27:21 what things you need, sources to the software and everything.
27:26 And it's also an open source project that anyone can contribute to if you're interested.
27:30 This is really neat. One of the things I like about simple things like this is they're great projects to start kids with because it's very real and physical.
27:40 Yeah, I was thinking this would be awesome in a teaching scenario as well.
27:44 Cool. All right, this is a great one. I love it. Very neat to do with Python and stuff.
27:49 All right. Well, I think that's it for our main items.
27:52 Brian, do you got anything you'd like to share?
27:54 >> We covered last week that the Python issues were migrating to GitHub and it might be on April Fool's Day and it was not.
28:04 So next plan looks like April 8th.
28:07 Next, one more week.
28:09 >> If we keep talking about it, it's never going to happen.
28:12 >> Like a watch pot sort of a thing?
28:14 >> Exactly. Yes.
28:15 >> Well, I'm waiting for it to happen. I want it to happen.
28:18 I know that the transformation will be completed that point right.
28:22 So next week we won't cover it at all unless it's already happened but if it's delayed again we won't cover it again until that.
28:28 Exactly we're not getting roped into this three times.
28:31 Okay.
28:31 We see anything else you want to give a shout out to.
28:34 Yeah yeah just one thing is a project that I found recently it's a cold thunder client it's an alternative video code extension and it's lightweight you download it and.
28:45 - Oh, nice. - Scroll it and listen a second.
28:47 And you can get started sending requests.
28:50 And it has lists set up then, Postman.
28:52 - Right. - It doesn't need any...
28:54 It's like, it's easy to install.
28:56 Yeah, so if you were testing APIs, like constructed JSON thing, put this header in, you want to call it.
29:01 Yeah, ThunderClient for VS Code. Very nice.
29:04 - Yeah. - Thunder, Thunder.
29:05 If you're using VS Code.
29:07 [laughing]
29:08 - Nice. - Exactly, yeah.
29:09 You'd go, you'd just switch tabs, you know, instead of switching applications.
29:13 So that shaves a few micros like exactly.
29:16 That's cool.
29:17 I love it.
29:18 All right.
29:19 Nice.
29:19 I've got just a one thing I believe today.
29:22 This is really short.
29:23 I've spoken about ngrok at ngrok.com before, but how it's really cool for exposing.
29:28 If you're like wanting to expose an API to the outside world that you're developing, or you'd need to debug it.
29:34 I've used this for like webhooks.
29:35 So this company, when I need to integrate with their webhook, so I need them to call this, but it's not working.
29:41 and so I want like a breakpoint on my machine, but how do they get to my machine?
29:46 Just run ngrok and it'll tunnel it right through the firewalls using SSH reverse tunnels.
29:51 That's all good.
29:52 What I discovered working on yet another integration project was that there's actually this super rich inspector that I think people haven't noticed in there.
30:01 If you fire up an ngrok thing and then you go to look host 4040, every request comes through.
30:06 You can see the summary, the HTTP headers, the cookies, the response, the status codes, the duration, all that.
30:14 If you're using ngrok for that sort of use case, be sure to check out this like live web view that lets you dive into, it's almost like the dev tools, the network tab of the dev tools, but for just people coming in rather than you consuming stuff, so it's pretty cool.
30:29 That's neat.
30:29 Are you guys ready for a joke?
30:32 Yes.
30:33 Shall we finish it off?
30:34 Finish out with a joke.
30:37 You may have heard recently that the Microsoft source code for Bing was got by the Lazarus group.
30:44 And people thought this was some folks in like Brazil or somewhere in South America.
30:49 It turns out it was a bunch of British teenagers.
30:52 One of them had like 14 million dollars in Bitcoin, whatever.
30:57 So they had gotten a hold of some of the Windows and Bing source code, I believe it was.
31:02 And they were like, "Oh my gosh, is this going to reveal a bunch of zero days?" because people can go through the source code.
31:07 Well, we don't do that much Windows, at least on the server in Python.
31:11 There's some, but not as much.
31:13 But we use a lot of Linux, right?
31:14 For all the Talk Python, Python Bytes stuff, we've got like a fleet of eight Linux servers.
31:19 Now, Brian, when I saw this headline, I really began to worry that maybe some vulnerabilities to be discovered or some kind of problem would happen here.
31:28 So the headline is, Linus Torvalds confirms the Lapsus breach after hackers publish the Linux kernel source code to the internet.
31:37 Okay.
31:40 In a blog post on Tuesday, published hours after the Lapsus posted a torrent file containing partial source code from the Linux kernel, the geek man himself revealed that his branch was cloned by the hacking group, granting attackers unlimited power too. The article stops there.
31:58 Oh, man.
32:00 How many times do you have to read?
32:01 Exactly. I think being open source, it's probably okay.
32:07 Yeah.
32:09 Yeah.
32:11 Oh no, it's published the source.
32:13 They published the source to Linux.
32:15 What are we going to do?
32:17 Always us.
32:19 The programming humor just never stops.
32:21 I love it.
32:23 So they published the Bing source code?
32:25 I think they got some of the Bing source code.
32:27 Maybe Cortana.
32:29 I can't remember exactly what it was, but it was some of these services, and I think the Windows source code as well.
32:34 - I was surprised, so I don't pay too much attention to the blog traffic stuff, but I was looking the other day after I'd put up a bunch of the transcripts for testing code, I was curious how much was getting hit, and for pythontest.com, I'm getting more traffic from Bing than from Google, which is--
32:53 - How interesting. - Interesting.
32:55 - All of a sudden, Bing's pretty awesome, isn't it?
32:58 (laughing)
32:59 - Sure, well it's got nice pictures, I'll tell you that.
33:03 It's got nice background pictures.
33:04 - It does, actually in terms of beauty, it's really nice.
33:07 And you know, I end up using DuckDuckGo.
33:10 So when I'm using DuckDuckGo, I know they've got a ton of different sources, but one of the sources they use for data, I believe is also Bing.
33:17 And yeah, it's all right.
33:19 - It's all right.
33:20 - It's all right.
33:21 (laughing)
33:22 Well, Vuceli, it was really great to have you here with us.
33:25 And Brian. - Definitely.
33:27 Yeah, the pleasure was mine.
33:28 It's great to have a chat with you as always.
33:30 >> All right.
33:31 >> Bye everyone.
33:32 >> Talk to you next week. Bye. Cheers.